last executing test programs: 1m40.249548431s ago: executing program 0 (id=152): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x2, 0xa, 0xfc, 0x0, 0x2, 0x0, 0x70bd28, 0x25dfdbfe}, 0x10}, 0x1, 0x9000000}, 0x48c0) 1m40.19080774s ago: executing program 0 (id=153): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)={0x34, r1, 0x1, 0x20000, 0x25dfdbfe, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8, 0x9, 0x6837}]}, 0x34}}, 0x4000010) r2 = socket$netlink(0x10, 0x3, 0x8000000004) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) 1m40.189639946s ago: executing program 0 (id=156): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000080)=[0x0], 0x0, 0x0, 0x0, 0x1}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x0, 'queue0\x00', 0x10000}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@getlink={0x34, 0x12, 0x1, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x18400, 0x2004}, [@IFLA_IFNAME={0x14, 0x3, 'bond0\x00'}]}, 0x34}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000180)={0x0, 0x0, {0x2, 0x1}}) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f0000000040)={0x2, r1, 0x4, 0x7, 0x5b45, 0xbb, 0x823, 0x8ae, 0xf81e}) socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_clone3(0x0, 0x0) tgkill(r6, r6, 0x21) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r8, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10) r9 = socket$inet(0x2, 0x801, 0x0) bind$inet(r9, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r9, 0x0, 0xffffffffffffffb5, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) shutdown(r9, 0x1) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) 1m40.068563264s ago: executing program 0 (id=157): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) (async) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./bus\x00', 0x0, 0x325415, 0x0) (async) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./bus\x00', 0x0, 0x325415, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040), 0x50880, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='xen_mmu_flush_tlb_one_user\x00', r0, 0x0, 0x80000001}, 0x18) chdir(&(0x7f00000001c0)='./bus\x00') r1 = creat(&(0x7f0000001200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa) fanotify_init(0xf00, 0x0) (async) r2 = fanotify_init(0xf00, 0x0) fanotify_mark(r2, 0x105, 0x40009975, r1, 0x0) setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x1) 1m40.066532902s ago: executing program 0 (id=159): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="d800c3ff100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044ffc300a80016000a0001400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) 1m39.760837332s ago: executing program 0 (id=160): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40383d03, &(0x7f0000000280)={{0x9, 0x80}, {0x4, 0x7}, 0x1}) r1 = socket$kcm(0x21, 0x2, 0x2) fcntl$setstatus(r1, 0x4, 0x3400) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0xee01, 0xee00}}, '\x00'}) r4 = eventfd(0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000040)=r4, 0x1) sendmsg$kcm(r1, &(0x7f0000000100)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x0, 0x3, 0x0, 0x1, {0xa, 0x4e22, 0x7, @private2, 0xfdfffeff}}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYRESOCT=r3], 0x10b8}, 0x1) 1m39.723822934s ago: executing program 32 (id=160): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40383d03, &(0x7f0000000280)={{0x9, 0x80}, {0x4, 0x7}, 0x1}) r1 = socket$kcm(0x21, 0x2, 0x2) fcntl$setstatus(r1, 0x4, 0x3400) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0xee01, 0xee00}}, '\x00'}) r4 = eventfd(0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000040)=r4, 0x1) sendmsg$kcm(r1, &(0x7f0000000100)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x0, 0x3, 0x0, 0x1, {0xa, 0x4e22, 0x7, @private2, 0xfdfffeff}}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYRESOCT=r3], 0x10b8}, 0x1) 50.228507321s ago: executing program 2 (id=448): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010102000000bf700c0bf0400001020301090224000101fda000090400000103410140092108000201224100090581032000020105"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f00000002c0)="660ffdf50f0866b9920800000f3266b8250000000f23d80f21f86635800000500f23f8c4c229cf26c000f30f7e9200000f2013b8130c8ec8660f38826305440f20c066350b000000440f22c0", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 43.425857632s ago: executing program 2 (id=448): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010102000000bf700c0bf0400001020301090224000101fda000090400000103410140092108000201224100090581032000020105"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f00000002c0)="660ffdf50f0866b9920800000f3266b8250000000f23d80f21f86635800000500f23f8c4c229cf26c000f30f7e9200000f2013b8130c8ec8660f38826305440f20c066350b000000440f22c0", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 36.429000017s ago: executing program 2 (id=448): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010102000000bf700c0bf0400001020301090224000101fda000090400000103410140092108000201224100090581032000020105"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f00000002c0)="660ffdf50f0866b9920800000f3266b8250000000f23d80f21f86635800000500f23f8c4c229cf26c000f30f7e9200000f2013b8130c8ec8660f38826305440f20c066350b000000440f22c0", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 29.467673255s ago: executing program 2 (id=448): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010102000000bf700c0bf0400001020301090224000101fda000090400000103410140092108000201224100090581032000020105"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f00000002c0)="660ffdf50f0866b9920800000f3266b8250000000f23d80f21f86635800000500f23f8c4c229cf26c000f30f7e9200000f2013b8130c8ec8660f38826305440f20c066350b000000440f22c0", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 22.469602827s ago: executing program 2 (id=448): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010102000000bf700c0bf0400001020301090224000101fda000090400000103410140092108000201224100090581032000020105"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f00000002c0)="660ffdf50f0866b9920800000f3266b8250000000f23d80f21f86635800000500f23f8c4c229cf26c000f30f7e9200000f2013b8130c8ec8660f38826305440f20c066350b000000440f22c0", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14.539025681s ago: executing program 2 (id=448): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010102000000bf700c0bf0400001020301090224000101fda000090400000103410140092108000201224100090581032000020105"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f00000002c0)="660ffdf50f0866b9920800000f3266b8250000000f23d80f21f86635800000500f23f8c4c229cf26c000f30f7e9200000f2013b8130c8ec8660f38826305440f20c066350b000000440f22c0", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.69804763s ago: executing program 4 (id=1512): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000040)=0x60, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000340), 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='devpts\x00', 0x10000, &(0x7f0000000180)='max') r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x2}) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000200)=0x0) bind$nfc_llcp(r1, &(0x7f0000000240)={0x27, r3, 0x0, 0x7, 0x23, 0x2, "e854364427dd6ca432f773b22a2f9440c498263ecc9619a70d4b662b105d7fd6427d0eb1749995a252c262dbca44bfc00577fd9b1f55cf9072d17ce5522710", 0xd}, 0x60) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@ccm_128={{0x303}, "384ed5e1f554d425", "a5d1c704e8939a7e01bc8ea9306342da", "4cb9408e", "634b7ca343a13b3d"}, 0x28) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000300)={'veth0_to_batadv\x00', {0x2, 0x4e21, @local}}) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 1.693850015s ago: executing program 4 (id=1513): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r1, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x8, &(0x7f0000003140), &(0x7f0000000040)=0x30) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socket$xdp(0x2c, 0x3, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async) shutdown(r1, 0x0) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x8, &(0x7f0000003140), &(0x7f0000000040)=0x30) (async) 1.449305227s ago: executing program 4 (id=1517): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00') r3 = socket$kcm(0x10, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000080)={0x0, 'macsec0\x00', {0x7}, 0x6}) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f746f5f7465616d", @ANYRESDEC=r2], 0x110}, 0x1, 0x0, 0x0, 0x4831}, 0x20040000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r4) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400000200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r5], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0) 1.03864058s ago: executing program 1 (id=1530): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000001600), 0x1, 0x18f840) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 538.562217ms ago: executing program 4 (id=1531): keyctl$clear(0x3, 0xfffffffffffffffd) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="240000001a0001000000ff7f000000008094"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r2, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) keyctl$setperm(0x5, r2, 0x4020000) r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$clear(0x7, r3) r4 = add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, r3) pipe2$watch_queue(0x0, 0x80) mount$afs(0x0, 0x0, 0x0, 0x14000, &(0x7f000009dfc0)) request_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000100)='\x00', r4) 538.222932ms ago: executing program 4 (id=1532): r0 = syz_io_uring_setup(0x126b, &(0x7f00000006c0)={0x0, 0x72de, 0x0, 0x1}, &(0x7f0000000140), &(0x7f0000000780)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x14, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0x2, &(0x7f0000002d40)={0x0, 0x0, 0x0, 0x0}, 0x20) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000018c0)=[r0]}, 0x1) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000)=0x80000001, 0x8) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000001c0)={0x24, r3, 0x62c21a4ade68aba1, 0x70bd2d, 0x25dfdbfb, {{0x32}, {@val={0x8, 0x1, 0x60}, @val={0xffffffffffffff9c, 0x3, r5}, @void}}}, 0x24}}, 0x40010) 329.073781ms ago: executing program 3 (id=1533): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) r1 = socket(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000280)={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x306, @multicast}, 0x50, {0x2, 0x4e22, @rand_addr=0x64010100}, 'ip6gre0\x00'}) sendto$inet6(r0, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x1}, 0x8) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f0000000c80)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="fd", 0x1}], 0x1}}], 0x1, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f00000002c0)={r4, 0x1}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7c, &(0x7f0000000300)={r4, 0x5}, &(0x7f0000000180)=0x8) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x83, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x75, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4, 0x2}, {"f6dec2510f69e073ec0572766d3351e8794e2988c906544e4105df0c1d1eef07e777f8136f48253abf44f29d4405fcd2387928cdb93f21c1de67bd258420ecb3856c663c750700b523711a863c"}}}}}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = landlock_create_ruleset(&(0x7f0000000140)={0xc000}, 0x18, 0x0) landlock_restrict_self(r7, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000040)={0xffffffffffffffff, 0x1, 0x3, 0x0, 0x7}) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYRES32=r9, @ANYRESDEC=r7], 0x34}, 0x1, 0x0, 0x0, 0x10001}, 0x0) 328.841461ms ago: executing program 1 (id=1534): socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r1, 0x1, 0x3a, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4, 0x0, @loopback}}, {0x12, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) 328.687785ms ago: executing program 4 (id=1535): r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000207f0455c000000000000109022d0001000060020904000407030003000921000007012205000905810300040c0206090503"], 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000004340)={0x0, 0x1f00, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="310300000000000000000900000008000600", @ANYRES32=r1, @ANYBLOB="08000300", @ANYRES64=r3], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x80) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009"], 0x0) syz_usb_disconnect(r0) r4 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='io.latency\x00', 0x2, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="000e57"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x1412, 0x20, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000814}, 0x0) 328.489055ms ago: executing program 3 (id=1536): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x20, 0x13, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x24004050) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'}) r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/attr/keycreate\x00', 0x2, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY(r1, 0x5000940f, &(0x7f0000000800)={{r2}, "27145eeb21348a9c74b1a06c7338f2d0fae0c635e802b7c6ddfc0d74bd14903278f1fe5b6bb1c12f20898277f0fecefef64c83bbc94b2bff4589d67e922655d9dcefafcb4f5d16fabf340ebea97d29bcece56791b7656d897e8c49400f865ebc764bd00ef70fad537d188b83321b255fdbc4118a23a2012ba22f0937711ea7d1b5d36d5082b295f1f9303ac2c79dd608169bec8515ad4b95f67034d4b91a2a12dd6c79c55344974f4435e0f458401cb4d4b7c63045811a0c86e1586e94f0793fc9cfae655dcb6d46bcf8c8ce99b0947c03b134b3e125c1476daf77fef41a8cf67063d7a95088b7fa4e6f55c87b621d176f164b15dcbca9173f05581498e1c9d89576a2963a75c532454920e01d6d84e30d4c657dd23f5cec8022b37270caaffee0f5ec90ce3d9d6d8144c4540f1c840ded8d3df43589f43767889d4d6e57b3a205abd86d38f59476d07e85beb845bb6a703108b99036c100469bb60497d13bf824e91f665738d75de501fce671c2a803038ea997a7060657b215acc81c9345b6a20378d56dc8f10a562bdf940c423ca921aef12bb407c2c6823b6b18379ebcc62d31b86c61724cb276a42db00e6a1e84a32de28f1b910cf9bb42de4d72b705e8d4ec1e86a70c838512b7c9f6cc131534f0fbde8b12e2632a9d19d3ab0c4527634b1d7d177111cb99e8f2621b8dc77b9e4d3c512a7cd406c8b411177b3d48231a4d13a64529f87dd761c109fc5e95a91eb42eed08457eaa765341b57891ec9448528cd617471a7b67baffb1f4cf216ea6570a3297324378f886beab3ffa78a5f645c847065484f1f1017638a7d07d90c78ab6e428c20b61f5981fb7048e6db4e37fce1d29ed1bd336b1e708293d8aa136d9ea1f07680ffeb559f375b9fb02f520f501e91549693527e0348c9dc7ea913c0326bf412099c737932daa71bb611b1999d07a4188cb0182fb90fa1595605ba9ac95c26fd1cffccb3fbfe43d376c2795cf743cd99fc8e48a1246c611699717e1ace5764228a93826b41cee3b1574e4cb075e4b613da7d45c5bd7db9b49e24d3dfe38a393c5bca6c10a1cc61c35b7da590bc701a56f14244bfd950570bb59fcf7d21443ecc7440503b8b92f9eedd8d473ed62934bd3b3c5676f1b0f4f28266997fa8740b83c0961e91632fea60f5b17df0a2eb48320e93dc768dc8627a2188f140d90dd24c3fe9c31f65a8bd1889955263d2c4d1e9e873ea63eb800d4711351c12fe54cf0684a075359655979f4ed88812bc57bee45067d7ff91e4784d58010e2ae32f61f9f3da09db07d82fbf57b8d97e8db94f737b41098b518ec62b677cb8b4ba18a0b774acb481eb19591e6d1597f92cbfb1aa8a92de2cc3ba65600e0702a24790be4e0a62097a0bf0fe2a5af4ebae525bae40b1ab38f5193b1fa7e511e067af8890068006e5698c6f0123905a97b6fb7a40406126f1d6538cdd487543c7d87ee571c377c0edf8ddce27727c141d1e4f19aebf94ac918bb82b0fcb2030cc56ecceea62d37dd628042c71b945089b5b5789fb1c907a34adb794d8b6d8bf9651b5c59315726b1f2d87f57c36fc533dd28b4d6071d40d5fdf30057ea6732b80a552b34939d48fe92e8f43091c1065ca44e06fc940ae4b2c2530a59289b6294e08c5e5dad31bdff033ea55d42fc7a7655aaf5394aa4902fa213e92453788642184dcc03570399a9a8b86d1c7acf6b5a4b5a68cb77264a807d2f26dbd21b8707326ab2d36429a65e86d641f4a259f501652c0d8f554d15cd00cc2c5cd6cc37eb51e1a466da7dd35247bcfc056c5b996bb7d7f43911cb6a8269e793db857395ae5511322776d403ddaedd4a750541aeea0bf1c4c8f6e51b06202653ee4b0f3fa2eeb65a33c39531707e34a9bec57197ce1323b92e2b4e0193393a5bdd10fee28e88ed590c656e6fc8ad67a296834347e5052d1c01c8467c71af87ddef121d6cbd05f26ca09d4b22448eb7239e44c33ba5a56de876084662af6dadf74359b82a9e562b8fbe389d6ccdc9f451b16984b3419e0f41e17d966f8567dfc4cc005a8c8f84e68819fd4940c226fc9fbaadedceac80449beba1de423fe761b8418e8e212d8a30a75833c22e9ed9e289a0cfc0a40933f7e5a0186aa62658a41ec6c9226ad7af98222d2e92edb27e7e4f2852515aced32c759c9e8e8d6c085fa85ebce32725b6596100b15b97b3a11b7d24c256cc1441210c4ccf1f01e6aae983a176e5b2d80e85fda8a89c05b3a6e0353593fb5df98713703e3fde48c0c211e5a33c168f9d480cadba972cbc582cff2a6e1716a75dfd3f925d1277dd8c2ee534771dd87fc56df384383844545cff8b6a5517d45e3da1f68d579ae8153bff1167205147cf0113725b8fa43f24c530af7412d7aa41df53cfcb41884040b6a94342dd1ef47e195cfa687239a448615de637883cc68d6ab738bd90373e1e3eb626538a21dfa5d901ab792e88eadcd427db914a0294eac57c902c3b631875f0f1e43bb23b32548596925592d2d56aaa64fd0260c34499c082a5d16dd1bfc28fc667a3a2a0d894721c9f30cc9f37383624757c232e283d72801e24d926fcdc14e3c8f75040495eff7ef4f47076767e88bcecdd25fb6be618051c1452f5bd6a057fd33d0c02cae6afda2c7a4bbc13308f7dbe1752ffd68147753d46bf8601af2640bfdbb0e1acc5fd6e3066083216558b69785b3ab9ccc28bb731bb7a1e544b75825279b66456764cf3fc2a51eccb58936fa9d02c91e815e325cda187dda6d35dff8b8d8511b938cacdacdb30aff709ee1e4cd9c52066d9834678fc31b8b616f7e93bd649a5a883935c23d95adb5982adf5d9c5974d5d844b46ea228275eb994a821f1eeb022d3241f10b4f65d8cfe63ee44395a536ef73f294d774d228415bd18a29ca03bb50d41da60bbfcfb61182e88b662150906f8514b7b78bd2abe2771f97ddb60ab24f55c8a32777589c549ab6f66c68c710e55391f763940ddb1c9cd62cdbb3a748654396b0274942e5e370e884cefb8f5d5c99b9dc50c818da4a7f38ef261cd33527fc38a1d63df71b1db55041bde49d06aec1071e7b7d362833fc0075ed1ad21f6ba5d011b4da64172308f155b8870db1c24ffe60643b692f358c1ba5554d0d4321865defd38838b399fe005d29faa59cb8173609600aeda88d8437d453c3f79ea02b4677cab135760d1215835391ed1d04e52589ea7b7342f09482be5cf916de1c5f98bea17ac6c29ab0c9faf632f596440d8510bc4dd8a519868f812620b499b408d0edfd4aad7671a3b8b8c1b206c949ba8b56639bf60dd54f380fdff04330364887c031e613bc88b69ffb2928b99e9c14d259cf62da7011448c9a321fa4f9646ae9234cf567e345c701d32f3b76ece125c63b82941b02a873375027719c68f1ceb5590c1d684f1281a4ad6b4a4bfb739a7c56c5b063f3f7319818390d25e764ae3ffb13ecf3aca6bbb9ec5313153d0683aaed2507d021812987c592c489d797712a2bdaaff87d5fc509d9bca74ce3c469fb9a35920e3a62bf3ec038d9dc5161b5856670683d04fe19eeb0308d7dc4612be2783344cf8ac1829467fd09f5449451d922b33b683f9b84042b8e898bfef40084665f28576c95f8af55877c43afce0edb32ebedfccfaf08a4db5bec401a73384e49ea2f03648d698cf48f0a58ae4ddc17af30be77508f824512d5763ea0b4818e72e2b35cff55d238be19152be7d0de06dea8353baa564f29cf30d755936d57ffc1971f1ea83e17512b9d32f7c7c0feccd2fa514b2c8490fe9d7177010bee06866de5dfc94bc73118826476fc9a513b3da4cd1e4cb88ead280581011d0a3af6a5a39020c710497ce8949ffa5b7a819c34d13668edb3926aad55c12222e670514e7bf4f28a42fd97b42ff68fdd74dffc0ad2d82dad2befb301fba4d6e08b1368d301e3a7907000fe8edbca02ace969323d9752975bf392b3d84def0abab89393b13e5d1d6a9dcbb6295a789bccad8552ef57ee98dcf06a9655d94f2c18fbc604183b3dd9968a54e6dcf79f528ae045b9af18fb20a51076a2ecdf857c285c947266022ba40168e41241a10beb555bff4d4030eca875f7af1fcd2ff00fab70f456efc22b80db5531e6d04fefe4710a9b3d44fc0b45968f4bf7cf12dda3fc41814c55306df15e217cbca0de8eb5a7375475c6b754f89b5202662d42ab1d1598af23940c06a88f5dfd1a485b2425fa8174241af299f7030dd74b5018d016e73ca048d8b666516a9526c9bad4c65d8a14b426ab5a995d429cc3a1452079418b500e5c53d0823c21a45d87cb3b09cabd45395263e7edd654362cb9eae1efe040b36d131f629f23b9dd1c1a786b1179e2522abebe8cee569aca62d48fe501c57f911680ec25eafcd23eb0a9568eb22b7e79b14c6b89a47ade94a442970c851d16eb0c2832e25dcbaa66930a0aeae97bc0bdae6d95193d93e39dece93ed02a97ea495b84b3a05843140bef5e7454ac34be7a7fd089dab028508a5dd6c22b3b2ffee442ea862f2b0fa923f9d7eb5e1d3552491e99fc85eee541eea3c2ce7554cc555cb9e2e8a86bb0f8f1253b244658d604e577b5013d424252e6ac26e978327ab968d873e6b211b79f41242876ee4bc8dda73b6c1ad308b27eee2625672c4cc869781a3b93903962a809cedc24a99676dbdc8c4b0021eecff4af52868c4c3c26d4f83bdef5f307b4e79db3154e8adc4a5ac250a1e555cb8cd74b47c96f398d345f53a4783ab37f7898976217048675df395f8e2053c5529728c1f1b2a5fb6493b691e2854d4e3034eade92321e620f32067f1d49bf8579b9be3d1a6b58f9f4a434545060acf337a831ae531643b76cf7446f9b4adca23835347fa14437c481c430857e970bc6b446b3a57039ce627ec610449ef202824fd11f20c5e5b771db4592e6bc849b2729f04d2601e563da60aa2755aafa12d550e1a8a710f26a15550346f93c66782dbe1d9784cc7d75d95da48455a51d70f2f7a747eb38f43b539247095ff4909c87c466d3fbabc604f5e1f3ffbdeee0f2e889d5b4aa70fb1fcfc7ab0f8bff215807c97e2cf1ca9be1b07236a8481d55d08fea0ac2bee8032e1ea1c487fb0a28584ca73522fe15029d3697174814794fd3d310c1145c39a7377ec7002f47bbe1f1d601733c8648bdedaec521d8f0e4466c3a25846b17987d140d424fe573933dac5fa83396da5792d66972d7f65e130fec9a49d2729483e3fb457cec885af0886fc69e0a74e529f8d2eaf0003ee1d1e920af4092da57e80846537f95b21d6dd0d4604dfa38b22bcfcfa0ec9c034154519ed9bb0c8d3a0f3fb58e714bf382da5d9a6b1965ec97068546174a147dc5c9c54128560fa7f55a8fa9b1085c88c73f2c4c9c01a1cb40c324535889e49128f9f1158b6c055577bd793b58c23750b9a0d7885e9881c6d9e5954277a6cc918641015f9a491c64d918b413142b2c9f80bc0307e2468a4ce6e75ff179e67e6bc26724fb60ff262448247d2eeafe0090624f0de00d36b8cbe3395e51cef4a3dcbc93bc03e0a5f5238f0cd50a29d5991914ceda3a74ef0c221f2de608f1579d113514799377eb807edea3c7cc639dd22a9ad74dc26b12e16ad4ab88697124b64b167b434dc25ec7cb6698cff3377da79220671e3851e42b716d8a066a55858515d0672d564e190b37521e83c9c44421f153a10044d681ecbbe05053f62286b5bb8fcdb6ffd2a14de48edc3e4ac8db7a99fc5dd58bf66e09b5182e28f1287819a027b942ae9c6e21c291267a952f"}) r3 = socket$alg(0x26, 0x5, 0x0) r4 = socket$qrtr(0x2a, 0x2, 0x0) keyctl$KEYCTL_MOVE(0xc, 0x0, 0xfffffffffffffff8, 0xfffffffffffffffd, 0x0) ioctl$sock_qrtr_TIOCOUTQ(r4, 0x5411, &(0x7f00000003c0)) bind$alg(r3, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) syz_open_dev$hidraw(&(0x7f0000000040), 0x1, 0x101000) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r3, 0x0, 0x0, 0x400) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r5) sendmsg$alg(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x840}, 0x4040880) socket(0x21, 0x1, 0x200) sendmsg$nl_route_sched(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newchain={0x38, 0x64, 0xf09d2fbf8b68c555, 0x70bd07, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x2}, {0xfff1, 0x2}, {0x9, 0xfff1}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x44801) 328.357968ms ago: executing program 1 (id=1537): openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000080)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) dup(r0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$vsock_stream(0x28, 0x1, 0x0) socket(0x400000000010, 0x3, 0x0) socket(0x400000000010, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r3}, 0x1e) ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x3f000000}) 259.384588ms ago: executing program 3 (id=1538): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r0) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f00000001c0)={0x68, r1, 0x1, 0x70bd67, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x54, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x5}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x39}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x11}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PORT={0x6, 0xa00, 0x115}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20004084}, 0x20008800) 259.169835ms ago: executing program 1 (id=1539): r0 = socket$inet_smc(0x2b, 0x1, 0x0) quotactl_fd$Q_SETINFO(r0, 0xffffffff80000602, 0x0, &(0x7f0000000100)={0x6, 0x80000001, 0x1, 0x2}) symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0xf7d) sendto$inet(r0, 0x0, 0x0, 0x44800, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x8) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e24, 0x2, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0xd8) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x10) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r2, &(0x7f0000000400)="2ec8425d4ce2ef0035", 0x9) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0) 258.614594ms ago: executing program 3 (id=1540): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000001fc0), r0) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x38, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r1}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xe6}, @NBD_ATTR_BACKEND_IDENTIFIER={0x8, 0xa, 'nbd\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4010044) (fail_nth: 42) 167.19201ms ago: executing program 1 (id=1541): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000073d000/0x3000)=nil) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80) r1 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}}) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x0, @multicast2}, 'syz_tun\x00'}) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000004c0)=@v2={0x5, 0x0, 0x12, 0x3ff}, 0x9, 0x1) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) 166.935329ms ago: executing program 1 (id=1542): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000580)={0xc203, 0x240, 0x380, &(0x7f0000000180)=[0x4, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x101, 0x7, 0x10000, 0x100, 0x400000000009004, 0x0, 0x8, 0x5, 0x5, 0x49, 0x1, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x80000000003, 0x2, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0xa, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x1, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x8000000007, 0x400, 0xffffffffffffffff, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x9, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x7, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x8061d, 0x3, 0x8, 0xf6, 0x4, 0x8, 0x10, 0x7, 0xe53e, 0x2b, 0x8, 0x22933b2f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x5, 0x981, 0x2, 0x9, 0xdfd4, 0xfffd, 0x10, 0x5, 0x7, 0x7, 0x4, 0xeb4, 0x0, 0xfffffffffffffffe, 0xb692, 0x5, 0x8, 0x3]}) 89.656µs ago: executing program 3 (id=1543): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)=0x28) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f000000c540)=ANY=[@ANYBLOB="1007000001050500000000000000000002000002540201000300000007000000028204000400170073797a3100000000000000000000000000000000000000000000000000000000eaacd1baca24f58c5901fdde34eb66db78e7ea7c8719f87f02f19ddbd78e56bbd6882f772a8b29bd400f9aca9f41aa49e2495bd46fa9338542787396a8e25d2e0400810002000000e78f0000010040000100000005000000ffffce4400000000461a0000c73d430d03000000ae390000050001000100000004000000060000000200000040000000060002000200000005000000000102000300000009000000001c0600020000004f03000000043d0000000000ff0700000800e000030000007f000000d43308000000000014000000080010000200000000000000ff01ff0702000000020000000600018000000000000000400900070000000000e10200000900fe000100000002000000ff010f000300000062c00000ff0f0800020000000000000006000800000000000000000004000200010000000c000000020000026289c3d11b1d00000900f25c02000000070000000003250701000000e3701ff48700060002000000100000004400070002000000050000000700000000000000070000000001a0000200000081ffffff0002050000000000c60000000900070000000000010000000900050003000000030000000100030000000000fdffffff8003100001000000020000000400530c0100000006000000060006000300000000100000000001000100000005000000060002000100000002000000050002000200000000100000a8020400020000000300000005000800000000000c00000054020100"], 0x710}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) r2 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x400000, 0x21, 0x2}, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r3) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) sendmsg$NL80211_CMD_GET_REG(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, r5, 0xb, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, r4, 0x2, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @void, @val={0xc, 0x99, {0x4b0, 0x31}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000340), r3) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x50, r6, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @SEG6_ATTR_SECRET={0x10, 0x4, [0xffff, 0x0, 0x7f]}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x75}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x9}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) 0s ago: executing program 3 (id=1544): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$pppl2tp(0x18, 0x1, 0x1) recvmmsg(r1, &(0x7f0000006cc0)=[{{0x0, 0x0, 0x0}, 0xc34}], 0x1, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a3000000000080005400000001c"], 0xe0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) kernel console output (not intermixed with test programs): =1541 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 115.008252][ T8785] netlink: 'syz.4.871': attribute type 1 has an invalid length. [ 115.010453][ T8785] netlink: 208 bytes leftover after parsing attributes in process `syz.4.871'. [ 115.049459][ T8792] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 115.054817][ T6304] Bluetooth: hci2: adv larger than maximum supported [ 115.054832][ T6304] Bluetooth: hci2: Malformed LE Event: 0x0d [ 115.081816][ T8792] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 115.084679][ T8792] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 115.442155][ T8767] netdevsim netdevsim2 netdevsim0: renamed from eth2 [ 115.460509][ T8767] netdevsim netdevsim2 netdevsim1: renamed from eth3 [ 115.506479][ T8767] netdevsim netdevsim2 netdevsim2: renamed from eth4 [ 115.537564][ T8767] netdevsim netdevsim2 netdevsim3: renamed from eth5 [ 115.579140][ T8813] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.748526][ T8767] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 115.756865][ T8835] fuse: Unknown parameter 'groupKid' [ 115.760773][ T8767] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 115.769773][ T8767] wireguard: wg0: Could not create IPv4 socket [ 115.774410][ T8767] wireguard: wg1: Could not create IPv4 socket [ 115.781313][ T8767] wireguard: wg2: Could not create IPv4 socket [ 115.792526][ T40] audit: type=1400 audit(1751657840.864:505): avc: denied { connect } for pid=8833 comm="syz.3.889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 115.801098][ T34] hid-generic 0005:10CF:0009.0008: unknown main item tag 0x0 [ 115.812614][ T34] hid-generic 0005:10CF:0009.0008: hidraw1: BLUETOOTH HID v0.09 Device [syz1] on aa:aa:aa:aa:aa:aa [ 115.827095][ T6304] Bluetooth: hci2: adv larger than maximum supported [ 115.827113][ T6304] Bluetooth: hci2: Malformed LE Event: 0x0d [ 115.871801][ T8841] fido_id[8841]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 115.932295][ T8849] netlink: 8 bytes leftover after parsing attributes in process `syz.4.893'. [ 115.942808][ T8847] hfsplus: unable to find HFS+ superblock [ 115.977266][ T8855] netlink: 12 bytes leftover after parsing attributes in process `syz.4.895'. [ 115.996061][ T8852] validate_nla: 1 callbacks suppressed [ 115.996077][ T8852] netlink: 'syz.3.894': attribute type 5 has an invalid length. [ 116.021745][ T8857] SELinux: policydb magic number 0x5978ff8c does not match expected magic number 0xf97cff8c [ 116.025827][ T8857] SELinux: failed to load policy [ 116.029127][ T8857] usb usb8: usbfs: process 8857 (syz.4.896) did not claim interface 0 before use [ 116.032626][ T8857] fuseblk: Unknown parameter '0x0000000000000004' [ 116.037828][ T8859] ipvlan1: entered allmulticast mode [ 116.040210][ T8859] veth0_vlan: entered allmulticast mode [ 116.063730][ T8863] netlink: 8 bytes leftover after parsing attributes in process `syz.4.898'. [ 116.067228][ T8863] netlink: 'syz.4.898': attribute type 30 has an invalid length. [ 116.355819][ T8880] netlink: 'syz.4.905': attribute type 5 has an invalid length. [ 116.397416][ T8890] netlink: 12 bytes leftover after parsing attributes in process `syz.1.908'. [ 116.400875][ T6304] Bluetooth: Unknown LE signaling command 0x1f [ 116.404214][ T6304] Bluetooth: Wrong link type (-22) [ 116.427111][ T40] audit: type=1400 audit(1751657841.504:506): avc: denied { setopt } for pid=8889 comm="syz.1.908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 116.616021][ T40] audit: type=1400 audit(1751657841.684:507): avc: denied { map } for pid=8902 comm="syz.4.913" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 116.617168][ T6304] Bluetooth: hci2: adv larger than maximum supported [ 116.626049][ T6304] Bluetooth: hci2: Malformed LE Event: 0x0d [ 116.627999][ T40] audit: type=1400 audit(1751657841.704:508): avc: denied { call } for pid=8902 comm="syz.4.913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 116.629906][ T8903] kAFS: unparsable volume name [ 116.904598][ T8915] netlink: 20 bytes leftover after parsing attributes in process `syz.3.919'. [ 116.936884][ T40] audit: type=1400 audit(1751657842.014:509): avc: denied { read } for pid=8917 comm="syz.3.921" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 116.938119][ T1175] bond0: (slave bond_slave_1): link status definitely down, disabling slave [ 116.951503][ T1175] bond0: (slave wlan1): link status definitely down, disabling slave [ 117.186143][ T5983] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 117.347056][ T5983] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 117.349877][ T5983] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 117.353142][ T5983] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 117.356222][ T5983] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 117.360022][ T5983] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 117.364780][ T5983] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 117.367817][ T5983] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 117.370655][ T5983] usb 8-1: Product: syz [ 117.372054][ T5983] usb 8-1: Manufacturer: syz [ 117.377824][ T5983] cdc_wdm 8-1:1.0: skipping garbage [ 117.379515][ T5983] cdc_wdm 8-1:1.0: skipping garbage [ 117.383073][ T5983] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 117.385314][ T5983] cdc_wdm 8-1:1.0: Unknown control protocol [ 119.095400][ T8920] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 119.095779][ T6304] Bluetooth: hci2: command 0x0406 tx timeout [ 119.100478][ T8920] Bluetooth: hci2: Opcode 0x0406 failed: -110 [ 119.936577][ T8920] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 119.939840][ T8920] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 119.941805][ T8920] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 119.957587][ T7869] usb 8-1: USB disconnect, device number 18 [ 120.041864][ T40] audit: type=1400 audit(1751657845.114:510): avc: denied { write } for pid=8926 comm="syz.3.923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 120.120996][ T6304] Bluetooth: hci1: adv larger than maximum supported [ 120.121021][ T6304] Bluetooth: hci1: Malformed LE Event: 0x0d [ 120.197946][ T40] audit: type=1400 audit(1751657845.274:511): avc: denied { ioctl } for pid=8947 comm="syz.1.931" path="socket:[32299]" dev="sockfs" ino=32299 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 120.649663][ T8982] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 120.653277][ T8982] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 121.175511][ T6304] Bluetooth: hci3: command 0x0406 tx timeout [ 121.175640][ T63] Bluetooth: hci2: command 0x0406 tx timeout [ 121.485740][ T8990] netlink: 28 bytes leftover after parsing attributes in process `syz.1.936'. [ 121.492432][ T8991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.936'. [ 121.627573][ T6304] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 121.630797][ T6304] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 121.634730][ T6304] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 121.638647][ T6304] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 121.641637][ T6304] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 121.659454][ T9009] Failed to initialize the IGMP autojoin socket (err -2) [ 121.843602][ T9026] netlink: 8 bytes leftover after parsing attributes in process `syz.3.951'. [ 121.850879][ T9026] efs: device does not support 512 byte blocks [ 121.852979][ T9026] device does not support 512 byte blocks [ 121.852979][ T9026] [ 121.975283][ T63] Bluetooth: hci1: command 0x0406 tx timeout [ 122.143140][ T9040] loop6: detected capacity change from 0 to 524287999 [ 122.153406][ T40] audit: type=1400 audit(1751657847.224:512): avc: denied { map } for pid=9039 comm="syz.1.956" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 122.162640][ T40] audit: type=1400 audit(1751657847.234:513): avc: denied { execute } for pid=9039 comm="syz.1.956" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 122.270514][ T9009] netdevsim netdevsim2 netdevsim0: renamed from eth2 [ 122.292092][ T9009] netdevsim netdevsim2 netdevsim1: renamed from eth3 [ 122.313966][ T9009] netdevsim netdevsim2 netdevsim2: renamed from eth4 [ 122.328881][ T9009] netdevsim netdevsim2 netdevsim3: renamed from eth5 [ 122.371327][ T9043] netlink: 4 bytes leftover after parsing attributes in process `syz.4.957'. [ 122.585015][ T9009] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 122.599382][ T9009] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 122.608763][ T9009] wireguard: wg0: Could not create IPv4 socket [ 122.613216][ T9009] wireguard: wg1: Could not create IPv4 socket [ 122.618125][ T9009] wireguard: wg2: Could not create IPv4 socket [ 122.808133][ T9056] netlink: 'syz.3.961': attribute type 5 has an invalid length. [ 123.017079][ T9066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.965'. [ 123.127781][ T9072] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 123.180058][ T9074] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 123.183080][ T9074] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 123.435900][ T9081] loop6: detected capacity change from 0 to 524287999 [ 123.555602][ T9084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.973'. [ 123.646274][ T9088] Bluetooth: hci0: Frame reassembly failed (-84) [ 123.664342][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 123.748022][ T9096] netlink: 8 bytes leftover after parsing attributes in process `syz.4.978'. [ 123.751128][ T9096] netlink: 'syz.4.978': attribute type 30 has an invalid length. [ 123.883302][ T9103] tmpfs: Unknown parameter 'grpquardlimit' [ 123.941565][ T40] audit: type=1400 audit(1751657849.014:514): avc: denied { append } for pid=9108 comm="syz.4.983" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 124.068019][ T6304] Bluetooth: hci1: command 0x0406 tx timeout [ 124.134118][ T9118] netlink: 12 bytes leftover after parsing attributes in process `syz.4.987'. [ 124.181275][ T9121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.185889][ T9121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.234135][ T9121] kvm: emulating exchange as write [ 124.237062][ T9121] ata1.00: invalid cdb length 6 [ 124.412226][ T34] usb 9-1: new full-speed USB device number 8 using dummy_hcd [ 124.567575][ T34] usb 9-1: config 1 has an invalid descriptor of length 103, skipping remainder of the config [ 124.572722][ T34] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 38144, setting to 64 [ 124.577879][ T34] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 124.584472][ T34] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 124.588506][ T34] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 124.591830][ T34] usb 9-1: SerialNumber: syz [ 124.596900][ T9120] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 124.601528][ T34] cdc_ether 9-1:1.0: probe with driver cdc_ether failed with error -22 [ 124.842308][ T9126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.989'. [ 124.867678][ T6097] usb 9-1: USB disconnect, device number 8 [ 125.391578][ T9129] netlink: 'syz.4.990': attribute type 2 has an invalid length. [ 125.449270][ T9133] netlink: 'syz.4.990': attribute type 2 has an invalid length. [ 125.489290][ T40] audit: type=1400 audit(1751657850.564:515): avc: denied { connect } for pid=9135 comm="syz.4.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 125.655367][ T63] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 125.760847][ T40] audit: type=1400 audit(1751657850.834:516): avc: denied { map } for pid=9140 comm="syz.3.993" path="/proc/685/task/686/fd" dev="proc" ino=33410 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 125.785348][ T34] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 125.800593][ T40] audit: type=1400 audit(1751657850.874:517): avc: denied { bind } for pid=9146 comm="syz.3.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 125.809860][ T9148] netlink: 20 bytes leftover after parsing attributes in process `syz.3.996'. [ 125.815838][ T63] Bluetooth: hci2: adv larger than maximum supported [ 125.815860][ T63] Bluetooth: hci2: Malformed LE Event: 0x0d [ 125.938772][ T34] usb 9-1: Using ep0 maxpacket: 32 [ 125.941709][ T34] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.945095][ T34] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.948504][ T34] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 125.951351][ T34] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.959876][ T34] usb 9-1: config 0 descriptor?? [ 126.205688][ T40] audit: type=1400 audit(1751657851.284:518): avc: denied { read write } for pid=9165 comm="syz.3.1004" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 126.209973][ T6097] hid (null): unknown global tag 0xd [ 126.213632][ T40] audit: type=1400 audit(1751657851.284:519): avc: denied { open } for pid=9165 comm="syz.3.1004" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 126.214950][ T6097] hid (null): unknown global tag 0xe [ 126.214962][ T6097] hid (null): unknown global tag 0xe [ 126.214969][ T6097] hid (null): unknown global tag 0xe [ 126.218623][ T6097] hid-generic 0005:0200:0006.0009: unknown global tag 0xd [ 126.233138][ T6097] hid-generic 0005:0200:0006.0009: item 0 1 1 13 parsing failed [ 126.236077][ T6097] hid-generic 0005:0200:0006.0009: probe with driver hid-generic failed with error -22 [ 126.353347][ T9169] misc userio: Begin command sent, but we're already running [ 126.357879][ T9169] afs: Unknown parameter '' [ 126.376181][ T34] savu 0003:1E7D:2D5A.000A: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 126.777473][ T34] usb 9-1: USB disconnect, device number 9 [ 127.240863][ T9190] FAULT_INJECTION: forcing a failure. [ 127.240863][ T9190] name failslab, interval 1, probability 0, space 0, times 0 [ 127.246286][ T9190] CPU: 0 UID: 0 PID: 9190 Comm: syz.1.1014 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 127.246306][ T9190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 127.246314][ T9190] Call Trace: [ 127.246319][ T9190] [ 127.246324][ T9190] dump_stack_lvl+0x16c/0x1f0 [ 127.246349][ T9190] should_fail_ex+0x512/0x640 [ 127.246366][ T9190] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 127.246392][ T9190] should_failslab+0xc2/0x120 [ 127.246419][ T9190] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 127.246439][ T9190] ? __alloc_skb+0x2b2/0x380 [ 127.246465][ T9190] __alloc_skb+0x2b2/0x380 [ 127.246484][ T9190] ? __pfx___alloc_skb+0x10/0x10 [ 127.246508][ T9190] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 127.246527][ T9190] netlink_alloc_large_skb+0x69/0x130 [ 127.246544][ T9190] netlink_sendmsg+0x6a1/0xdd0 [ 127.246565][ T9190] ? __pfx_netlink_sendmsg+0x10/0x10 [ 127.246590][ T9190] sock_write_iter+0x4fc/0x5b0 [ 127.246607][ T9190] ? __pfx_sock_write_iter+0x10/0x10 [ 127.246640][ T9190] ? __pfx_file_has_perm+0x10/0x10 [ 127.246662][ T9190] do_iter_readv_writev+0x657/0x950 [ 127.246684][ T9190] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 127.246705][ T9190] ? selinux_file_permission+0x126/0x660 [ 127.246731][ T9190] ? bpf_lsm_file_permission+0x9/0x10 [ 127.246748][ T9190] ? security_file_permission+0x71/0x210 [ 127.246775][ T9190] ? rw_verify_area+0xcf/0x680 [ 127.246797][ T9190] vfs_writev+0x35f/0xde0 [ 127.246825][ T9190] ? __pfx_vfs_writev+0x10/0x10 [ 127.246862][ T9190] ? __fget_files+0x20e/0x3c0 [ 127.246883][ T9190] ? __fget_files+0x1b0/0x3c0 [ 127.246909][ T9190] ? do_writev+0x28c/0x340 [ 127.246926][ T9190] do_writev+0x28c/0x340 [ 127.246945][ T9190] ? __pfx_do_writev+0x10/0x10 [ 127.246970][ T9190] do_syscall_64+0xcd/0x4c0 [ 127.246996][ T9190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.247014][ T9190] RIP: 0033:0x7fe28e78e929 [ 127.247027][ T9190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.247043][ T9190] RSP: 002b:00007fe28f568038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 127.247058][ T9190] RAX: ffffffffffffffda RBX: 00007fe28e9b5fa0 RCX: 00007fe28e78e929 [ 127.247068][ T9190] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000003 [ 127.247077][ T9190] RBP: 00007fe28f568090 R08: 0000000000000000 R09: 0000000000000000 [ 127.247086][ T9190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.247095][ T9190] R13: 0000000000000000 R14: 00007fe28e9b5fa0 R15: 00007ffce4538df8 [ 127.247118][ T9190] [ 127.348586][ C0] vkms_vblank_simulate: vblank timer overrun [ 127.398345][ T9192] __nla_validate_parse: 2 callbacks suppressed [ 127.398362][ T9192] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1015'. [ 127.541507][ T9214] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1024'. [ 127.544394][ T9214] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1024'. [ 127.548019][ T9215] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1024'. [ 127.551924][ T9215] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1024'. [ 127.561395][ T9214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.566614][ T9214] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.795496][ T34] usb 6-1: new low-speed USB device number 10 using dummy_hcd [ 127.948437][ T34] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 127.951336][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 127.954759][ T34] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 127.958758][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 127.963010][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 127.967629][ T34] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 127.970282][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 127.973829][ T34] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 127.977799][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 127.982101][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 127.987350][ T34] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 127.990355][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 127.994696][ T34] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 127.999596][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 128.004033][ T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 128.011250][ T34] usb 6-1: string descriptor 0 read error: -22 [ 128.014165][ T34] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 128.018737][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.033797][ T34] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 128.215408][ T6304] Bluetooth: hci1: command 0x0406 tx timeout [ 128.577606][ T9222] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1027'. [ 128.612347][ T40] audit: type=1400 audit(1751657853.684:520): avc: denied { getopt } for pid=9224 comm="syz.4.1028" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 128.621064][ T9225] (syz.4.1028,9225,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 128.625516][ T40] audit: type=1400 audit(1751657853.694:521): avc: denied { create } for pid=9224 comm="syz.4.1028" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 128.633334][ T9227] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1029'. [ 128.686220][ T9232] loop6: detected capacity change from 0 to 524287999 [ 128.707009][ T6304] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 128.710973][ T6304] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 128.713803][ T6304] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 128.722725][ T6304] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 128.726179][ T6304] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 128.738937][ T9233] Failed to initialize the IGMP autojoin socket (err -2) [ 128.815789][ T9240] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1033'. [ 129.265562][ T40] audit: type=1400 audit(1751657854.344:522): avc: denied { create } for pid=9241 comm="syz.3.1034" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 129.303591][ T9242] 9pnet: Unknown protocol version 9p200 [ 129.394660][ T9233] netdevsim netdevsim2 netdevsim0: renamed from eth2 [ 129.410205][ T9233] netdevsim netdevsim2 netdevsim1: renamed from eth3 [ 129.428444][ T9233] netdevsim netdevsim2 netdevsim2: renamed from eth4 [ 129.440552][ T9233] netdevsim netdevsim2 netdevsim3: renamed from eth5 [ 129.614486][ T9233] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 129.628222][ T9233] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 129.636724][ T9233] wireguard: wg0: Could not create IPv4 socket [ 129.641240][ T9233] wireguard: wg1: Could not create IPv4 socket [ 129.644830][ T9233] wireguard: wg2: Could not create IPv4 socket [ 130.297653][ T9] usb 6-1: USB disconnect, device number 10 [ 130.302205][ T9268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1043'. [ 130.534126][ T9276] syz.4.1047: vmalloc error: size 3335753728, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 130.540807][ T9276] CPU: 0 UID: 0 PID: 9276 Comm: syz.4.1047 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 130.540835][ T9276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.540844][ T9276] Call Trace: [ 130.540848][ T9276] [ 130.540852][ T9276] dump_stack_lvl+0x16c/0x1f0 [ 130.540873][ T9276] warn_alloc+0x248/0x3a0 [ 130.540890][ T9276] ? __pfx_warn_alloc+0x10/0x10 [ 130.540903][ T9276] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 130.540919][ T9276] ? stack_depot_save_flags+0x3e0/0xa40 [ 130.540938][ T9276] ? kasan_save_stack+0x42/0x60 [ 130.540951][ T9276] ? kasan_save_stack+0x33/0x60 [ 130.540963][ T9276] ? kasan_save_track+0x14/0x30 [ 130.540976][ T9276] ? vb2_vmalloc_alloc+0xf9/0x3f0 [ 130.540988][ T9276] ? __vb2_queue_alloc+0x8c9/0x1280 [ 130.540997][ T9276] ? vb2_core_create_bufs+0x559/0xab0 [ 130.541008][ T9276] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 130.541019][ T9276] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 130.541036][ T9276] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 130.541051][ T9276] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 130.541068][ T9276] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 130.541079][ T9276] vmalloc_user_noprof+0x9e/0xe0 [ 130.541090][ T9276] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 130.541102][ T9276] vb2_vmalloc_alloc+0x135/0x3f0 [ 130.541113][ T9276] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 130.541124][ T9276] __vb2_queue_alloc+0x8c9/0x1280 [ 130.541141][ T9276] vb2_core_create_bufs+0x559/0xab0 [ 130.541182][ T9276] ? __pfx_vb2_core_create_bufs+0x10/0x10 [ 130.541195][ T9276] ? __pfx___mutex_trylock_common+0x10/0x10 [ 130.541208][ T9276] ? __pfx___might_resched+0x10/0x10 [ 130.541224][ T9276] ? rcu_is_watching+0x12/0xc0 [ 130.541241][ T9276] vb2_create_bufs+0x5e8/0x840 [ 130.541260][ T9276] ? __pfx_vb2_create_bufs+0x10/0x10 [ 130.541276][ T9276] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 130.541291][ T9276] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 130.541305][ T9276] v4l_create_bufs+0x156/0x270 [ 130.541320][ T9276] __video_do_ioctl+0xb3d/0xfc0 [ 130.541335][ T9276] ? __might_fault+0xe3/0x190 [ 130.541349][ T9276] ? __pfx___video_do_ioctl+0x10/0x10 [ 130.541367][ T9276] video_usercopy+0x4cd/0x1720 [ 130.541383][ T9276] ? __pfx___video_do_ioctl+0x10/0x10 [ 130.541397][ T9276] ? selinux_kernel_read_file+0xc0/0x130 [ 130.541413][ T9276] ? __pfx_video_usercopy+0x10/0x10 [ 130.541437][ T9276] v4l2_ioctl+0x1bd/0x250 [ 130.541449][ T9276] ? __pfx_v4l2_ioctl+0x10/0x10 [ 130.541463][ T9276] __x64_sys_ioctl+0x18b/0x210 [ 130.541477][ T9276] do_syscall_64+0xcd/0x4c0 [ 130.541493][ T9276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.541505][ T9276] RIP: 0033:0x7f001998e929 [ 130.541514][ T9276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.541524][ T9276] RSP: 002b:00007f001a844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 130.541534][ T9276] RAX: ffffffffffffffda RBX: 00007f0019bb5fa0 RCX: 00007f001998e929 [ 130.541541][ T9276] RDX: 0000200000000040 RSI: 00000000c100565c RDI: 0000000000000003 [ 130.541547][ T9276] RBP: 00007f0019a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 130.541554][ T9276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.541559][ T9276] R13: 0000000000000000 R14: 00007f0019bb5fa0 R15: 00007ffe3d59f3a8 [ 130.541573][ T9276] [ 130.541591][ T9276] Mem-Info: [ 130.567043][ T9278] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1048'. [ 130.569863][ T9276] active_anon:11192 inactive_anon:0 isolated_anon:0 [ 130.569863][ T9276] active_file:3731 inactive_file:50879 isolated_file:0 [ 130.569863][ T9276] unevictable:1768 dirty:231 writeback:0 [ 130.569863][ T9276] slab_reclaimable:13131 slab_unreclaimable:81134 [ 130.569863][ T9276] mapped:25008 shmem:2558 pagetables:1296 [ 130.569863][ T9276] sec_pagetables:313 bounce:0 [ 130.569863][ T9276] kernel_misc_reclaimable:0 [ 130.569863][ T9276] free:442043 free_pcp:15455 free_cma:0 [ 130.575963][ T24] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 130.576992][ T9276] Node 0 active_anon:44768kB inactive_anon:0kB active_file:14924kB inactive_file:203316kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:100032kB dirty:916kB writeback:0kB shmem:6696kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13264kB pagetables:4976kB sec_pagetables:1252kB all_unreclaimable? no Balloon:0kB [ 130.707725][ T9276] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:208kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 130.719251][ T9276] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 130.728276][ T9276] lowmem_reserve[]: 0 1234 1234 1234 1234 [ 130.730114][ T9276] Node 0 DMA32 free:152776kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44776kB inactive_anon:0kB active_file:14924kB inactive_file:203316kB unevictable:3536kB writepending:916kB present:2080628kB managed:1264188kB mlocked:0kB bounce:0kB free_pcp:38480kB local_pcp:26228kB free_cma:0kB [ 130.738477][ T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 130.739968][ T9276] lowmem_reserve[]: 0 0 0 0 0 [ 130.744132][ T24] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 130.745673][ T9276] Node 1 Normal free:1600068kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:3536kB writepending:8kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:23432kB local_pcp:1968kB free_cma:0kB [ 130.745707][ T9276] lowmem_reserve[]: 0 0 0 0 0 [ 130.745726][ T9276] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 130.745801][ T9276] Node 0 DMA32: 1190*4kB (UME) 1004*8kB (UM) 705*16kB (UM) 590*32kB (UME) 336*64kB (UME) 64*128kB (UME) 23*256kB (UME) 13*512kB (UME) 8*1024kB (UME) [ 130.750692][ T24] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 130.759060][ T9276] 7*2048kB (UM) 11*4096kB (UM) = 152776kB [ 130.759084][ T9276] Node 1 Normal: 6*4kB (UE) 14*8kB (UME) [ 130.762150][ T24] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 130.764387][ T9276] 24*16kB [ 130.769128][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.773047][ T9276] (UME) [ 130.774789][ T24] usb 8-1: Product: syz [ 130.776724][ T9276] 24*32kB [ 130.779407][ T24] usb 8-1: Manufacturer: syz [ 130.780386][ T9276] (UME) [ 130.782817][ T24] usb 8-1: SerialNumber: syz [ 130.783739][ T9276] 13*64kB [ 130.788673][ T24] hub 8-1:1.0: bad descriptor, ignoring hub [ 130.790005][ T9276] (UME) [ 130.790972][ T24] hub 8-1:1.0: probe with driver hub failed with error -5 [ 130.792763][ T9276] 12*128kB (UME) 2*256kB (ME) 3*512kB (ME) 3*1024kB (ME) 1*2048kB (E) 388*4096kB (UM) = 1600072kB [ 130.799414][ T9276] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 130.802369][ T9276] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 130.805362][ T9276] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 130.808330][ T9276] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 130.811190][ T9276] 57165 total pagecache pages [ 130.812685][ T9276] 0 pages in swap cache [ 130.814025][ T9276] Free swap = 124996kB [ 130.815426][ T9276] Total swap = 124996kB [ 130.816733][ T9276] 1048443 pages RAM [ 130.817945][ T9276] 0 pages HighMem/MovableOnly [ 130.819431][ T9276] 283067 pages reserved [ 130.820719][ T9276] 0 pages cma reserved [ 130.990819][ T24] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 131.190758][ T40] audit: type=1400 audit(1751657856.264:523): avc: denied { read write } for pid=9269 comm="syz.3.1044" name="lp0" dev="devtmpfs" ino=3052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 131.197880][ T40] audit: type=1400 audit(1751657856.264:524): avc: denied { open } for pid=9269 comm="syz.3.1044" path="/dev/usb/lp0" dev="devtmpfs" ino=3052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 131.297763][ T24] usb 8-1: USB disconnect, device number 19 [ 131.501556][ T9270] usblp0: removed [ 131.584568][ T9285] 9pnet: Unknown protocol version 9p200 [ 131.624688][ T40] audit: type=1400 audit(1751657856.694:525): avc: denied { remount } for pid=9293 comm="syz.1.1053" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 131.646726][ T9299] IPv6: Can't replace route, no match found [ 131.995268][ T24] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 132.146802][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 132.150340][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.153689][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.157961][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 132.162078][ T24] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 132.164883][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.175984][ T24] usb 6-1: config 0 descriptor?? [ 132.581482][ T24] hid (null): report_id 0 is invalid [ 132.590543][ T24] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:0458:5011.000B/input/input17 [ 132.658140][ T24] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:0458:5011.000B/input/input18 [ 132.683729][ T24] kye 0003:0458:5011.000B: input,hiddev0,hidraw1: USB HID v9.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0 [ 132.724678][ T9316] __nla_validate_parse: 2 callbacks suppressed [ 132.724694][ T9316] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1060'. [ 132.846852][ T9319] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1061'. [ 132.849890][ T9319] tipc: Enabling of bearer rejected, failed to enable media [ 132.907476][ T34] usb 6-1: USB disconnect, device number 11 [ 132.907631][ C2] kye 0003:0458:5011.000B: usb_submit_urb(ctrl) failed: -19 [ 133.490925][ T9328] FAULT_INJECTION: forcing a failure. [ 133.490925][ T9328] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.494752][ T219] tipc: Subscription rejected, illegal request [ 133.495059][ T9328] CPU: 2 UID: 0 PID: 9328 Comm: syz.3.1064 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 133.495075][ T9328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.495082][ T9328] Call Trace: [ 133.495086][ T9328] [ 133.495090][ T9328] dump_stack_lvl+0x16c/0x1f0 [ 133.495126][ T9328] should_fail_ex+0x512/0x640 [ 133.495147][ T9328] _copy_to_iter+0x29f/0x16f0 [ 133.495176][ T9328] ? __pfx__copy_to_iter+0x10/0x10 [ 133.495200][ T9328] simple_copy_to_iter+0x46/0x90 [ 133.495213][ T9328] __skb_datagram_iter+0x129/0x900 [ 133.495224][ T9328] ? __pfx_tipc_wait_for_rcvmsg.isra.0+0x10/0x10 [ 133.495241][ T9328] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 133.495252][ T9328] ? kfree_skbmem+0x16c/0x1f0 [ 133.495263][ T9328] ? __pfx_woken_wake_function+0x10/0x10 [ 133.495279][ T9328] skb_copy_datagram_iter+0x40/0x50 [ 133.495292][ T9328] tipc_recvstream+0x3fb/0x970 [ 133.495307][ T9328] ? __pfx_tipc_recvstream+0x10/0x10 [ 133.495322][ T9328] sock_recvmsg+0x1f9/0x250 [ 133.495333][ T9328] __sys_recvfrom+0x203/0x310 [ 133.495351][ T9328] ? __pfx___sys_recvfrom+0x10/0x10 [ 133.495368][ T9328] ? find_held_lock+0x2b/0x80 [ 133.495392][ T9328] __x64_sys_recvfrom+0xe0/0x1c0 [ 133.495404][ T9328] ? do_syscall_64+0x91/0x4c0 [ 133.495419][ T9328] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.495433][ T9328] do_syscall_64+0xcd/0x4c0 [ 133.495449][ T9328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.495459][ T9328] RIP: 0033:0x7f51709906f4 [ 133.495468][ T9328] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 133.495479][ T9328] RSP: 002b:00007f51717e3ed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 133.495489][ T9328] RAX: ffffffffffffffda RBX: 00007f51717e3fc0 RCX: 00007f51709906f4 [ 133.495496][ T9328] RDX: 0000000000001000 RSI: 00007f51717e4010 RDI: 0000000000000003 [ 133.495502][ T9328] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 133.495507][ T9328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 133.495513][ T9328] R13: 00007f51717e3f68 R14: 00007f51717e4010 R15: 0000000000000000 [ 133.495526][ T9328] [ 133.607658][ T9336] nbd: must specify at least one socket [ 133.629174][ T9336] netlink: 'syz.4.1067': attribute type 12 has an invalid length. [ 133.632740][ T9326] 9pnet: Unknown protocol version 9p200 [ 133.668055][ T9339] IPv6: sit1: Disabled Multicast RS [ 133.961425][ T9347] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1071'. [ 134.031779][ T9351] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1073'. [ 135.756348][ T9395] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1093'. [ 135.765441][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 135.769130][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 135.772663][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 135.776394][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 135.778938][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 135.788062][ T40] audit: type=1400 audit(1751657860.864:526): avc: denied { accept } for pid=9394 comm="syz.1.1093" path=0000214E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 135.795393][ T9397] Failed to initialize the IGMP autojoin socket (err -2) [ 135.859367][ T9407] trusted_key: encrypted_key: master key parameter '|4d|m17\4ryƒr]-$aHZ/}-ufQ_ɔzp' is invalid [ 136.046389][ T40] audit: type=1400 audit(1751657861.124:527): avc: denied { setopt } for pid=9417 comm="syz.4.1099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 136.046707][ T9424] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1099'. [ 136.069319][ T9426] FAULT_INJECTION: forcing a failure. [ 136.069319][ T9426] name failslab, interval 1, probability 0, space 0, times 0 [ 136.069338][ T9426] CPU: 1 UID: 0 PID: 9426 Comm: syz.3.1101 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 136.069352][ T9426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 136.069358][ T9426] Call Trace: [ 136.069361][ T9426] [ 136.069366][ T9426] dump_stack_lvl+0x16c/0x1f0 [ 136.069384][ T9426] should_fail_ex+0x512/0x640 [ 136.069399][ T9426] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 136.069413][ T9426] should_failslab+0xc2/0x120 [ 136.069429][ T9426] __kmalloc_cache_noprof+0x6a/0x3e0 [ 136.069441][ T9426] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 136.069457][ T9426] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 136.069470][ T9426] drm_atomic_get_crtc_state+0x171/0x450 [ 136.069489][ T9426] drm_atomic_get_plane_state+0x436/0x590 [ 136.069507][ T9426] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 136.069521][ T9426] ? trace_contention_end+0xdd/0x130 [ 136.069532][ T9426] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 136.069542][ T9426] ? __mutex_lock+0x1ca/0xb90 [ 136.069557][ T9426] ? __mutex_lock+0x1ca/0xb90 [ 136.069579][ T9426] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 136.069605][ T9426] drm_client_modeset_commit_locked+0x14d/0x580 [ 136.069617][ T9426] drm_fb_helper_pan_display+0x32d/0xa40 [ 136.069634][ T9426] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 136.069651][ T9426] fb_pan_display+0x47c/0x7d0 [ 136.069665][ T9426] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 136.069681][ T9426] bit_update_start+0x49/0x1f0 [ 136.069697][ T9426] fbcon_switch+0xbf5/0x14c0 [ 136.069715][ T9426] ? __pfx_fbcon_switch+0x10/0x10 [ 136.069736][ T9426] ? __pfx_bit_cursor+0x10/0x10 [ 136.069750][ T9426] ? fbcon_cursor+0x409/0x5f0 [ 136.069765][ T9426] ? is_console_locked+0x9/0x20 [ 136.069780][ T9426] ? con_is_visible+0x65/0x150 [ 136.069793][ T9426] redraw_screen+0x2c1/0x760 [ 136.069808][ T9426] ? __pfx_redraw_screen+0x10/0x10 [ 136.069825][ T9426] fbcon_do_set_font+0x60d/0x940 [ 136.069844][ T9426] fbcon_set_def_font+0x18b/0x2b0 [ 136.069859][ T9426] con_font_op+0xa52/0xf50 [ 136.069877][ T9426] ? __pfx_con_font_op+0x10/0x10 [ 136.069892][ T9426] ? __might_fault+0xe3/0x190 [ 136.069906][ T9426] ? __might_fault+0xe3/0x190 [ 136.069918][ T9426] ? __might_fault+0x13b/0x190 [ 136.069937][ T9426] vt_ioctl+0x48f/0x30a0 [ 136.069947][ T9426] ? lockdep_hardirqs_on+0x7c/0x110 [ 136.069963][ T9426] ? __pfx_vt_ioctl+0x10/0x10 [ 136.069978][ T9426] ? tomoyo_path_number_perm+0x18d/0x580 [ 136.069994][ T9426] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 136.070008][ T9426] ? do_vfs_ioctl+0x523/0x1a60 [ 136.070019][ T9426] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 136.070032][ T9426] ? tty_jobctrl_ioctl+0x152/0xe00 [ 136.070045][ T9426] ? __pfx_vt_ioctl+0x10/0x10 [ 136.070055][ T9426] tty_ioctl+0x661/0x1640 [ 136.070070][ T9426] ? __pfx_tty_ioctl+0x10/0x10 [ 136.070085][ T9426] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 136.070105][ T9426] ? hook_file_ioctl_common+0x145/0x410 [ 136.070120][ T9426] ? selinux_file_ioctl+0x180/0x270 [ 136.070133][ T9426] ? selinux_file_ioctl+0xb4/0x270 [ 136.070148][ T9426] ? __pfx_tty_ioctl+0x10/0x10 [ 136.070163][ T9426] __x64_sys_ioctl+0x18b/0x210 [ 136.070176][ T9426] do_syscall_64+0xcd/0x4c0 [ 136.070192][ T9426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.070203][ T9426] RIP: 0033:0x7f517098e929 [ 136.070211][ T9426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.070221][ T9426] RSP: 002b:00007f5171806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 136.070231][ T9426] RAX: ffffffffffffffda RBX: 00007f5170bb5fa0 RCX: 00007f517098e929 [ 136.070237][ T9426] RDX: 0000200000000000 RSI: 0000000000004b72 RDI: 0000000000000003 [ 136.070243][ T9426] RBP: 00007f5171806090 R08: 0000000000000000 R09: 0000000000000000 [ 136.070249][ T9426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.070254][ T9426] R13: 0000000000000000 R14: 00007f5170bb5fa0 R15: 00007ffcc188f0f8 [ 136.070267][ T9426] [ 136.097333][ T9418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1099'. [ 136.257823][ T9435] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1102'. [ 136.272174][ T9435] vxlan0: entered promiscuous mode [ 136.362267][ T9397] netdevsim netdevsim2 netdevsim0: renamed from eth2 [ 136.385067][ T9397] netdevsim netdevsim2 netdevsim1: renamed from eth3 [ 136.412533][ T9397] netdevsim netdevsim2 netdevsim2: renamed from eth4 [ 136.430368][ T9397] netdevsim netdevsim2 netdevsim3: renamed from eth5 [ 136.488929][ T9453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.501920][ T6304] Bluetooth: hci2: unexpected event for opcode 0x080f [ 136.505992][ T9453] netlink: 'syz.1.1109': attribute type 10 has an invalid length. [ 136.593739][ T9458] overlay: Bad value for 'workdir' [ 136.611528][ T9397] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 136.621434][ T9397] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 136.628984][ T9397] wireguard: wg0: Could not create IPv4 socket [ 136.633159][ T9397] wireguard: wg1: Could not create IPv4 socket [ 136.637047][ T9397] wireguard: wg2: Could not create IPv4 socket [ 137.129817][ T9471] netlink: 212364 bytes leftover after parsing attributes in process `syz.4.1116'. [ 137.133562][ T9471] openvswitch: netlink: Message has 5 unknown bytes. [ 137.634143][ T40] audit: type=1400 audit(1751657862.704:528): avc: denied { connect } for pid=9479 comm="syz.1.1120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 137.643827][ T40] audit: type=1804 audit(1751657862.704:529): pid=9480 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1120" name="file0" dev="ramfs" ino=37980 res=1 errno=0 [ 137.694271][ T9489] netlink: 'syz.3.1124': attribute type 4 has an invalid length. [ 137.699414][ T9489] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1124'. [ 137.711994][ T9491] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.738466][ T6304] Bluetooth: hci3: adv larger than maximum supported [ 137.738483][ T6304] Bluetooth: hci3: Malformed LE Event: 0x0d [ 137.763072][ T9494] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (8), value rounded to 0 ms [ 137.783220][ T9491] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.918644][ T9491] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.959172][ T9491] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.061055][ T9491] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.069418][ T9491] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.076114][ T9491] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.083553][ T9491] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.272601][ T9498] FAULT_INJECTION: forcing a failure. [ 138.272601][ T9498] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 138.278314][ T9498] CPU: 0 UID: 0 PID: 9498 Comm: syz.3.1127 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 138.278337][ T9498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 138.278353][ T9498] Call Trace: [ 138.278360][ T9498] [ 138.278367][ T9498] dump_stack_lvl+0x16c/0x1f0 [ 138.278397][ T9498] should_fail_ex+0x512/0x640 [ 138.278425][ T9498] should_fail_alloc_page+0xe7/0x130 [ 138.278453][ T9498] prepare_alloc_pages+0x3c2/0x610 [ 138.278477][ T9498] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 138.278512][ T9498] ? stack_trace_save+0x8e/0xc0 [ 138.278537][ T9498] ? __pfx_stack_trace_save+0x10/0x10 [ 138.278560][ T9498] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 138.278586][ T9498] ? check_path.constprop.0+0x24/0x50 [ 138.278620][ T9498] ? lockdep_unlock+0x64/0xe0 [ 138.278640][ T9498] ? __lock_acquire+0x1053/0x1c90 [ 138.278657][ T9498] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 138.278680][ T9498] ? policy_nodemask+0xea/0x4e0 [ 138.278709][ T9498] alloc_pages_mpol+0x1fb/0x550 [ 138.278736][ T9498] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 138.278764][ T9498] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 138.278786][ T9498] alloc_pages_noprof+0x131/0x390 [ 138.278812][ T9498] pte_alloc_one+0x1c/0x3a0 [ 138.278831][ T9498] __handle_mm_fault+0x3a68/0x5490 [ 138.278860][ T9498] ? __pfx___handle_mm_fault+0x10/0x10 [ 138.278878][ T9498] ? __pfx_mt_find+0x10/0x10 [ 138.278920][ T9498] ? find_vma+0xbf/0x140 [ 138.278935][ T9498] ? __pfx_find_vma+0x10/0x10 [ 138.278953][ T9498] handle_mm_fault+0x589/0xd10 [ 138.278976][ T9498] ? __pkru_allows_pkey+0x41/0xb0 [ 138.279004][ T9498] do_user_addr_fault+0x7a6/0x1370 [ 138.279032][ T9498] ? rcu_is_watching+0x12/0xc0 [ 138.279058][ T9498] exc_page_fault+0x5c/0xb0 [ 138.279082][ T9498] asm_exc_page_fault+0x26/0x30 [ 138.279099][ T9498] RIP: 0010:_copy_from_user+0x93/0xd0 [ 138.279124][ T9498] Code: 8e df fc 89 ee 4c 89 ef 48 b8 00 f0 ff ff ff 7f 00 00 48 39 c3 48 0f 47 d8 e8 39 72 46 fd 0f 01 cb 4c 89 ef 48 89 de 48 89 e9 a4 0f 1f 00 49 89 cc 48 89 cb 0f 01 ca 31 ff 48 89 ce e8 b5 89 [ 138.279140][ T9498] RSP: 0018:ffffc90006bafb18 EFLAGS: 00050246 [ 138.279156][ T9498] RAX: 0000000000000001 RBX: 000000110c230000 RCX: 0000000000000020 [ 138.279167][ T9498] RDX: ffffed100c3b9a8c RSI: 000000110c230000 RDI: ffff888061dcd440 [ 138.279178][ T9498] RBP: 0000000000000020 R08: 0000000000000001 R09: ffffed100c3b9a8b [ 138.279188][ T9498] R10: ffff888061dcd45f R11: 0000000000000001 R12: 0000000000000000 [ 138.279198][ T9498] R13: ffff888061dcd440 R14: 0000000000000001 R15: ffffc90006bafd50 [ 138.279223][ T9498] ? _copy_from_user+0x87/0xd0 [ 138.279248][ T9498] ioctl_standard_iw_point+0x513/0xca0 [ 138.279278][ T9498] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 138.279303][ T9498] ? __pfx_ioctl_standard_iw_point+0x10/0x10 [ 138.279330][ T9498] ? wext_handle_ioctl+0x20b/0x2a0 [ 138.279364][ T9498] ? __pfx___mutex_lock+0x10/0x10 [ 138.279395][ T9498] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 138.279417][ T9498] ioctl_standard_call+0x166/0x1d0 [ 138.279443][ T9498] ? __pfx_ioctl_standard_call+0x10/0x10 [ 138.279467][ T9498] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 138.279488][ T9498] wireless_process_ioctl.constprop.0+0x28e/0x3d0 [ 138.279519][ T9498] wext_handle_ioctl+0x226/0x2a0 [ 138.279545][ T9498] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 138.279575][ T9498] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 138.279602][ T9498] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 138.279631][ T9498] sock_ioctl+0x3a1/0x6b0 [ 138.279650][ T9498] ? __pfx_sock_ioctl+0x10/0x10 [ 138.279666][ T9498] ? hook_file_ioctl_common+0x145/0x410 [ 138.279690][ T9498] ? selinux_file_ioctl+0x180/0x270 [ 138.279712][ T9498] ? selinux_file_ioctl+0xb4/0x270 [ 138.279737][ T9498] ? __pfx_sock_ioctl+0x10/0x10 [ 138.279756][ T9498] __x64_sys_ioctl+0x18b/0x210 [ 138.279780][ T9498] do_syscall_64+0xcd/0x4c0 [ 138.279807][ T9498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.279823][ T9498] RIP: 0033:0x7f517098e929 [ 138.279836][ T9498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.279852][ T9498] RSP: 002b:00007f5171806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 138.279867][ T9498] RAX: ffffffffffffffda RBX: 00007f5170bb5fa0 RCX: 00007f517098e929 [ 138.279878][ T9498] RDX: 0000200000000000 RSI: 0000000000008b1a RDI: 0000000000000004 [ 138.279888][ T9498] RBP: 00007f5171806090 R08: 0000000000000000 R09: 0000000000000000 [ 138.279898][ T9498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.279907][ T9498] R13: 0000000000000000 R14: 00007f5170bb5fa0 R15: 00007ffcc188f0f8 [ 138.279932][ T9498] [ 139.320104][ T9518] netlink: 'syz.3.1134': attribute type 1 has an invalid length. [ 139.323580][ T9518] netlink: 208 bytes leftover after parsing attributes in process `syz.3.1134'. [ 139.360003][ T6304] Bluetooth: hci3: Malformed LE Event: 0x0d [ 139.680795][ T40] audit: type=1400 audit(1751657864.754:530): avc: denied { setopt } for pid=9521 comm="syz.1.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 139.684904][ T9522] tipc: Enabling of bearer rejected, already enabled [ 139.826234][ T9527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1138'. [ 139.838745][ T9527] vxlan0: entered promiscuous mode [ 139.944635][ T9533] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1141'. [ 139.973469][ T9533] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1141'. [ 140.200279][ T40] audit: type=1326 audit(1751657865.274:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9537 comm="syz.4.1143" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f001998e929 code=0x7ffc0000 [ 140.209983][ T40] audit: type=1326 audit(1751657865.274:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9537 comm="syz.4.1143" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f001998e929 code=0x7ffc0000 [ 140.220799][ T40] audit: type=1326 audit(1751657865.274:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9537 comm="syz.4.1143" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f001998e929 code=0x7ffc0000 [ 140.228459][ T40] audit: type=1326 audit(1751657865.274:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9537 comm="syz.4.1143" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f001998e929 code=0x7ffc0000 [ 140.237855][ T40] audit: type=1326 audit(1751657865.274:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9537 comm="syz.4.1143" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f001998e929 code=0x7ffc0000 [ 140.247489][ T40] audit: type=1326 audit(1751657865.274:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9537 comm="syz.4.1143" exe="/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f001998e929 code=0x7ffc0000 [ 140.254790][ T40] audit: type=1326 audit(1751657865.274:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9537 comm="syz.4.1143" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f001998e929 code=0x7ffc0000 [ 140.391200][ T9543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1145'. [ 140.394156][ T9543] netlink: 'syz.4.1145': attribute type 30 has an invalid length. [ 140.778254][ T9560] mmap: syz.4.1152 (9560) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 140.797378][ T75] Bluetooth: hci0: Frame reassembly failed (-84) [ 140.799492][ T1175] Bluetooth: hci0: Frame reassembly failed (-84) [ 140.931102][ T9579] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1158'. [ 140.975140][ T9590] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.069175][ T9590] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.078883][ T63] Bluetooth: hci2: Malformed LE Event: 0x0d [ 141.139459][ T9590] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.211744][ T9590] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.322397][ T9590] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.329657][ T9590] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.336593][ T9590] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.343042][ T9590] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.625293][ T59] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 141.785294][ T59] usb 9-1: Using ep0 maxpacket: 8 [ 141.789084][ T59] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 141.792688][ T59] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 141.795963][ T59] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 141.799236][ T59] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 141.803934][ T59] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 141.806887][ T59] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.012211][ T59] usb 9-1: GET_CAPABILITIES returned 0 [ 142.013944][ T59] usbtmc 9-1:16.0: can't read capabilities [ 142.223363][ T9598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.226754][ T9598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.232690][ T34] usb 9-1: USB disconnect, device number 10 [ 142.838194][ T40] kauditd_printk_skb: 39 callbacks suppressed [ 142.838205][ T40] audit: type=1400 audit(1751657867.904:577): avc: denied { map } for pid=9613 comm="syz.1.1173" path="pipe:[6595]" dev="pipefs" ino=6595 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 142.850039][ T9611] bridge0: port 3(veth0_to_bridge) entered blocking state [ 142.852287][ T9611] bridge0: port 3(veth0_to_bridge) entered disabled state [ 142.854538][ T9611] veth0_to_bridge: entered allmulticast mode [ 142.856685][ T63] Bluetooth: hci0: command 0x1003 tx timeout [ 142.860721][ T6304] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 142.862121][ T5952] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 142.867290][ T9611] veth0_to_bridge: entered promiscuous mode [ 142.868260][ T5952] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 142.869192][ T9611] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 142.872398][ T5952] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 142.882501][ T5952] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 142.884930][ T5952] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 142.885483][ T9611] bridge0: port 3(veth0_to_bridge) entered blocking state [ 142.889256][ T9611] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 142.894131][ T40] audit: type=1400 audit(1751657867.964:578): avc: denied { write } for pid=9610 comm="syz.3.1172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 142.938118][ T9619] Failed to initialize the IGMP autojoin socket (err -2) [ 142.986173][ T9614] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1173'. [ 143.042903][ T5947] Bluetooth: hci1: ACL packet too small [ 143.861280][ T40] audit: type=1400 audit(1751657868.934:579): avc: denied { ioctl } for pid=9637 comm="syz.3.1179" path="socket:[36689]" dev="sockfs" ino=36689 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 143.916068][ T9639] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 144.133860][ T9652] misc userio: Can't change port type on an already running userio instance [ 144.163098][ T9652] SELinux: failed to load policy [ 144.351975][ T9657] fuse: root generation should be zero [ 144.397159][ T5947] Bluetooth: hci1: Malformed LE Event: 0x0d [ 144.445736][ T9619] netdevsim netdevsim2 netdevsim0: renamed from eth2 [ 144.456530][ T9619] netdevsim netdevsim2 netdevsim1: renamed from eth3 [ 144.472199][ T9619] netdevsim netdevsim2 netdevsim2: renamed from eth4 [ 144.488968][ T9619] netdevsim netdevsim2 netdevsim3: renamed from eth5 [ 144.538865][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 144.624935][ T9669] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.1190'. [ 144.640154][ T9669] netlink: zone id is out of range [ 144.646408][ T9669] netlink: get zone limit has 8 unknown bytes [ 144.672905][ T9619] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 144.689126][ T9619] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 144.695496][ T9619] wireguard: wg0: Could not create IPv4 socket [ 144.698867][ T9619] wireguard: wg1: Could not create IPv4 socket [ 144.701841][ T9619] wireguard: wg2: Could not create IPv4 socket [ 144.944571][ T9675] netlink: 'syz.4.1192': attribute type 20 has an invalid length. [ 145.130952][ T40] audit: type=1400 audit(1751657870.204:580): avc: denied { execute } for pid=9689 comm="syz.4.1199" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 145.465252][ T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 145.636518][ T9] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 145.639163][ T9] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 145.642565][ T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 145.645452][ T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 145.648741][ T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 145.653551][ T9] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 145.656512][ T9] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 145.659008][ T9] usb 6-1: Product: syz [ 145.660595][ T9] usb 6-1: Manufacturer: syz [ 145.672872][ T9] cdc_wdm 6-1:1.0: skipping garbage [ 145.674550][ T9] cdc_wdm 6-1:1.0: skipping garbage [ 145.680853][ T9] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 145.682806][ T9] cdc_wdm 6-1:1.0: Unknown control protocol [ 145.872999][ T40] audit: type=1400 audit(1751657870.944:581): avc: denied { read write } for pid=9695 comm="syz.1.1202" name="cdc-wdm0" dev="devtmpfs" ino=3098 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 145.880347][ T40] audit: type=1400 audit(1751657870.954:582): avc: denied { open } for pid=9695 comm="syz.1.1202" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3098 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 146.310318][ T9711] netlink: 'syz.3.1208': attribute type 1 has an invalid length. [ 146.599712][ T9696] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.626046][ T9712] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 146.644454][ T9713] veth3: entered promiscuous mode [ 146.648250][ T9713] bond2: (slave veth3): Enslaving as a backup interface with a down link [ 146.675214][ T9716] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1209'. [ 146.678020][ T9716] unsupported nlmsg_type 40 [ 146.681430][ T9716] netlink: 'syz.4.1209': attribute type 1 has an invalid length. [ 146.683797][ T9716] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1209'. [ 146.701784][ T9720] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1211'. [ 146.721989][ T9696] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.780623][ T9696] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.847540][ T9696] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.940887][ T9696] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.955351][ T9] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 146.960770][ T9696] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.970875][ T9696] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.977497][ T9696] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.988927][ T837] usb 6-1: USB disconnect, device number 12 [ 147.115242][ T9] usb 9-1: Using ep0 maxpacket: 16 [ 147.118418][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.122220][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.125411][ T9] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 147.129291][ T9] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 147.131919][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.135992][ T9] usb 9-1: config 0 descriptor?? [ 147.342738][ T40] audit: type=1400 audit(1751657872.414:583): avc: denied { connect } for pid=9721 comm="syz.4.1212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 147.349942][ T40] audit: type=1400 audit(1751657872.424:584): avc: denied { read } for pid=9721 comm="syz.4.1212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 147.357126][ T9722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 147.359872][ T9722] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 147.565566][ T9] HID 045e:07da: Invalid code 65791 type 1 [ 147.569924][ T9] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:045E:07DA.000C/input/input20 [ 147.576387][ T9] microsoft 0003:045E:07DA.000C: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 147.767005][ T9722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 147.770878][ T9722] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.293260][ T24] usb 9-1: USB disconnect, device number 11 [ 148.410956][ T9742] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1217'. [ 148.413761][ T9742] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 148.475458][ T9752] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1223'. [ 148.522468][ T9755] SELinux: ebitmap start bit (2863311360) is beyond the end of the bitmap (320) [ 148.529711][ T9755] SELinux: failed to load policy [ 148.532077][ T40] audit: type=1326 audit(1751657873.604:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9753 comm="syz.1.1225" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe28e78e929 code=0x0 [ 148.557624][ T9758] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1226'. [ 148.884346][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201 [ 149.369650][ T9772] block nbd1: NBD_DISCONNECT [ 149.508616][ T9783] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1234'. [ 149.536131][ T59] IPVS: starting estimator thread 0... [ 149.625348][ T9788] IPVS: using max 30 ests per chain, 72000 per kthread [ 150.752775][ T9795] wireguard: wg2: Could not create IPv4 socket [ 150.807267][ T9801] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1238'. [ 150.858714][ T5952] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 150.862995][ T5952] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 150.866814][ T5952] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 150.870899][ T5952] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 150.874101][ T5952] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 150.891371][ T9802] Failed to initialize the IGMP autojoin socket (err -2) [ 150.926454][ T9813] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1244'. [ 151.006307][ T9807] FAULT_INJECTION: forcing a failure. [ 151.006307][ T9807] name failslab, interval 1, probability 0, space 0, times 0 [ 151.010460][ T9807] CPU: 1 UID: 0 PID: 9807 Comm: syz.1.1242 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 151.010475][ T9807] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 151.010482][ T9807] Call Trace: [ 151.010486][ T9807] [ 151.010490][ T9807] dump_stack_lvl+0x16c/0x1f0 [ 151.010509][ T9807] should_fail_ex+0x512/0x640 [ 151.010523][ T9807] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 151.010540][ T9807] should_failslab+0xc2/0x120 [ 151.010556][ T9807] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 151.010569][ T9807] ? find_held_lock+0x2b/0x80 [ 151.010582][ T9807] ? skb_clone+0x190/0x3f0 [ 151.010599][ T9807] skb_clone+0x190/0x3f0 [ 151.010614][ T9807] netlink_broadcast_filtered+0xb19/0xf10 [ 151.010635][ T9807] ? sprintf+0xcc/0x100 [ 151.010648][ T9807] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 151.010669][ T9807] ? netlink_has_listeners+0x20f/0x430 [ 151.010687][ T9807] netlink_broadcast+0x39/0x50 [ 151.010704][ T9807] kobject_uevent_env+0xc6a/0x1870 [ 151.010718][ T9807] ? blk_mq_unfreeze_queue_nomemrestore+0xd5/0x110 [ 151.010733][ T9807] nbd_set_size+0x5c0/0x730 [ 151.010755][ T9807] ? __pfx_nbd_set_size+0x10/0x10 [ 151.010777][ T9807] ? queue_work_on+0x12a/0x1f0 [ 151.010789][ T9807] ? lockdep_hardirqs_on+0x7c/0x110 [ 151.010805][ T9807] nbd_start_device+0x8d1/0xcd0 [ 151.010824][ T9807] nbd_genl_connect+0x120e/0x1c20 [ 151.010842][ T9807] ? __pfx_nbd_genl_connect+0x10/0x10 [ 151.010860][ T9807] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 151.010873][ T9807] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 151.010889][ T9807] genl_family_rcv_msg_doit+0x206/0x2f0 [ 151.010903][ T9807] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 151.010915][ T9807] ? genl_get_cmd+0x194/0x580 [ 151.010931][ T9807] ? __radix_tree_lookup+0x21f/0x2c0 [ 151.010947][ T9807] genl_rcv_msg+0x55c/0x800 [ 151.010960][ T9807] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.010973][ T9807] ? __pfx_nbd_genl_connect+0x10/0x10 [ 151.010993][ T9807] netlink_rcv_skb+0x155/0x420 [ 151.011003][ T9807] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.011016][ T9807] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 151.011033][ T9807] ? netlink_deliver_tap+0x1ae/0xd30 [ 151.011051][ T9807] genl_rcv+0x28/0x40 [ 151.011061][ T9807] netlink_unicast+0x53d/0x7f0 [ 151.011073][ T9807] ? __pfx_netlink_unicast+0x10/0x10 [ 151.011087][ T9807] netlink_sendmsg+0x8d1/0xdd0 [ 151.011100][ T9807] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.011116][ T9807] ____sys_sendmsg+0xa98/0xc70 [ 151.011127][ T9807] ? copy_msghdr_from_user+0x10a/0x160 [ 151.011142][ T9807] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.011159][ T9807] ___sys_sendmsg+0x134/0x1d0 [ 151.011174][ T9807] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.011191][ T9807] ? __lock_acquire+0x622/0x1c90 [ 151.011218][ T9807] __sys_sendmsg+0x16d/0x220 [ 151.011232][ T9807] ? __pfx___sys_sendmsg+0x10/0x10 [ 151.011256][ T9807] do_syscall_64+0xcd/0x4c0 [ 151.011272][ T9807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.011283][ T9807] RIP: 0033:0x7fe28e78e929 [ 151.011292][ T9807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.011302][ T9807] RSP: 002b:00007fe28f568038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.011313][ T9807] RAX: ffffffffffffffda RBX: 00007fe28e9b5fa0 RCX: 00007fe28e78e929 [ 151.011319][ T9807] RDX: 0000000004010044 RSI: 0000200000000900 RDI: 0000000000000004 [ 151.011325][ T9807] RBP: 00007fe28f568090 R08: 0000000000000000 R09: 0000000000000000 [ 151.011331][ T9807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 151.011337][ T9807] R13: 0000000000000000 R14: 00007fe28e9b5fa0 R15: 00007ffce4538df8 [ 151.011350][ T9807] [ 151.013491][ T5947] block nbd1: Receive control failed (result -32) [ 151.133500][ T9828] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1251'. [ 151.133523][ T9828] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1251'. [ 151.172601][ T9823] FAULT_INJECTION: forcing a failure. [ 151.172601][ T9823] name failslab, interval 1, probability 0, space 0, times 0 [ 151.177684][ T9823] CPU: 2 UID: 0 PID: 9823 Comm: syz.1.1249 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 151.177700][ T9823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 151.177707][ T9823] Call Trace: [ 151.177711][ T9823] [ 151.177715][ T9823] dump_stack_lvl+0x16c/0x1f0 [ 151.177736][ T9823] should_fail_ex+0x512/0x640 [ 151.177750][ T9823] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 151.177766][ T9823] should_failslab+0xc2/0x120 [ 151.177781][ T9823] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 151.177794][ T9823] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 151.177809][ T9823] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 151.177822][ T9823] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 151.177839][ T9823] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 151.177857][ T9823] mmu_topup_memory_caches+0x25/0x170 [ 151.177871][ T9823] kvm_mmu_load+0xd9/0x22a0 [ 151.177884][ T9823] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 151.177895][ T9823] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 151.177906][ T9823] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 151.177919][ T9823] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 151.177930][ T9823] ? __pfx_kvm_mmu_load+0x10/0x10 [ 151.177941][ T9823] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 151.177957][ T9823] ? kvm_check_and_inject_events+0x71c/0x1310 [ 151.177972][ T9823] vcpu_run+0x34eb/0x5500 [ 151.177986][ T9823] ? __lock_acquire+0xb8a/0x1c90 [ 151.177999][ T9823] ? __pfx_vcpu_run+0x10/0x10 [ 151.178014][ T9823] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 151.178026][ T9823] ? __local_bh_enable_ip+0xa4/0x120 [ 151.178042][ T9823] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 151.178055][ T9823] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 151.178071][ T9823] kvm_vcpu_ioctl+0x5eb/0x1690 [ 151.178085][ T9823] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 151.178102][ T9823] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 151.178118][ T9823] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 151.178137][ T9823] ? hook_file_ioctl_common+0x145/0x410 [ 151.178151][ T9823] ? selinux_file_ioctl+0x180/0x270 [ 151.178165][ T9823] ? selinux_file_ioctl+0xb4/0x270 [ 151.178179][ T9823] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 151.178199][ T9823] __x64_sys_ioctl+0x18b/0x210 [ 151.178213][ T9823] do_syscall_64+0xcd/0x4c0 [ 151.178229][ T9823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.178239][ T9823] RIP: 0033:0x7fe28e78e929 [ 151.178248][ T9823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.178258][ T9823] RSP: 002b:00007fe28f568038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 151.178268][ T9823] RAX: ffffffffffffffda RBX: 00007fe28e9b5fa0 RCX: 00007fe28e78e929 [ 151.178275][ T9823] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000003 [ 151.178281][ T9823] RBP: 00007fe28f568090 R08: 0000000000000000 R09: 0000000000000000 [ 151.178286][ T9823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 151.178292][ T9823] R13: 0000000000000000 R14: 00007fe28e9b5fa0 R15: 00007ffce4538df8 [ 151.178305][ T9823] [ 151.302956][ T9828] geneve2: entered promiscuous mode [ 151.304696][ T9828] geneve2: entered allmulticast mode [ 151.466094][ T9848] FAULT_INJECTION: forcing a failure. [ 151.466094][ T9848] name failslab, interval 1, probability 0, space 0, times 0 [ 151.475737][ T9848] CPU: 1 UID: 0 PID: 9848 Comm: syz.3.1257 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 151.475753][ T9848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 151.475760][ T9848] Call Trace: [ 151.475764][ T9848] [ 151.475768][ T9848] dump_stack_lvl+0x16c/0x1f0 [ 151.475786][ T9848] should_fail_ex+0x512/0x640 [ 151.475801][ T9848] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 151.475815][ T9848] should_failslab+0xc2/0x120 [ 151.475831][ T9848] __kmalloc_cache_noprof+0x6a/0x3e0 [ 151.475843][ T9848] ? __nla_parse+0x40/0x60 [ 151.475851][ T9848] ? tcf_action_init_1+0x278/0x6c0 [ 151.475867][ T9848] tcf_action_init_1+0x278/0x6c0 [ 151.475881][ T9848] ? tc_lookup_action_n+0xc9/0xf0 [ 151.475892][ T9848] ? __pfx_tcf_action_init_1+0x10/0x10 [ 151.475905][ T9848] ? __pfx_tc_action_load_ops+0x10/0x10 [ 151.475924][ T9848] ? __nla_parse+0x40/0x60 [ 151.475934][ T9848] tcf_action_init+0x432/0xa50 [ 151.475952][ T9848] ? __pfx_tcf_action_init+0x10/0x10 [ 151.475978][ T9848] ? sched_balance_newidle+0xd17/0x1390 [ 151.476006][ T9848] ? __lock_acquire+0x622/0x1c90 [ 151.476017][ T9848] tcf_action_add+0xee/0x5c0 [ 151.476033][ T9848] ? __pfx_tcf_action_add+0x10/0x10 [ 151.476066][ T9848] ? __nla_parse+0x40/0x60 [ 151.476077][ T9848] tc_ctl_action+0x35b/0x470 [ 151.476091][ T9848] ? __pfx_tc_ctl_action+0x10/0x10 [ 151.476109][ T9848] ? __pfx_tc_ctl_action+0x10/0x10 [ 151.476123][ T9848] rtnetlink_rcv_msg+0x3c6/0xe90 [ 151.476139][ T9848] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 151.476159][ T9848] ? ref_tracker_free+0x37c/0x830 [ 151.476175][ T9848] netlink_rcv_skb+0x155/0x420 [ 151.476192][ T9848] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 151.476208][ T9848] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 151.476223][ T9848] ? netlink_deliver_tap+0x1ae/0xd30 [ 151.476242][ T9848] netlink_unicast+0x53d/0x7f0 [ 151.476254][ T9848] ? __pfx_netlink_unicast+0x10/0x10 [ 151.476268][ T9848] netlink_sendmsg+0x8d1/0xdd0 [ 151.476281][ T9848] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.476296][ T9848] ____sys_sendmsg+0xa98/0xc70 [ 151.476308][ T9848] ? copy_msghdr_from_user+0x10a/0x160 [ 151.476322][ T9848] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.476339][ T9848] ___sys_sendmsg+0x134/0x1d0 [ 151.476354][ T9848] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.476367][ T9848] ? __lock_acquire+0x622/0x1c90 [ 151.476393][ T9848] __sys_sendmsg+0x16d/0x220 [ 151.476420][ T9848] ? __pfx___sys_sendmsg+0x10/0x10 [ 151.476455][ T9848] do_syscall_64+0xcd/0x4c0 [ 151.476473][ T9848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.476484][ T9848] RIP: 0033:0x7f517098e929 [ 151.476493][ T9848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.476504][ T9848] RSP: 002b:00007f5171806038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.476515][ T9848] RAX: ffffffffffffffda RBX: 00007f5170bb5fa0 RCX: 00007f517098e929 [ 151.476521][ T9848] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 151.476527][ T9848] RBP: 00007f5171806090 R08: 0000000000000000 R09: 0000000000000000 [ 151.476533][ T9848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.476539][ T9848] R13: 0000000000000000 R14: 00007f5170bb5fa0 R15: 00007ffcc188f0f8 [ 151.476552][ T9848] [ 151.583828][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.598090][ T9844] /dev/sr0: Can't open blockdev [ 151.631074][ T5952] Bluetooth: hci2: Malformed LE Event: 0x0d [ 151.708908][ T9852] /dev/sr0: Can't open blockdev [ 151.783438][ T40] audit: type=1400 audit(1751657876.854:586): avc: denied { write } for pid=9864 comm="syz.3.1265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 151.807431][ T9802] netdevsim netdevsim2 netdevsim0: renamed from eth2 [ 151.838509][ T9802] netdevsim netdevsim2 netdevsim1: renamed from eth3 [ 151.848836][ T40] audit: type=1400 audit(1751657876.924:587): avc: denied { map } for pid=9872 comm="syz.3.1267" path="/dev/hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 151.852269][ T9802] netdevsim netdevsim2 netdevsim2: renamed from eth4 [ 151.872665][ T9802] netdevsim netdevsim2 netdevsim3: renamed from eth5 [ 151.993563][ T9886] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1270'. [ 152.040686][ T9802] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 152.054016][ T9802] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 152.059586][ T40] audit: type=1400 audit(1751657877.134:588): avc: denied { getopt } for pid=9887 comm="syz.4.1271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 152.060549][ T9802] wireguard: wg0: Could not create IPv4 socket [ 152.069518][ T9802] wireguard: wg1: Could not create IPv4 socket [ 152.072653][ T9802] wireguard: wg2: Could not create IPv4 socket [ 152.099678][ T9898] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1274'. [ 152.174111][ T9908] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1279'. [ 152.177705][ T9908] tipc: Enabling of bearer rejected, failed to enable media [ 152.195110][ T9910] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 152.197152][ T9910] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 152.205586][ T9910] vhci_hcd vhci_hcd.0: Device attached [ 152.209030][ T9910] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(5) [ 152.210848][ T9916] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1281'. [ 152.211076][ T9910] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 152.217408][ T9910] vhci_hcd vhci_hcd.0: Device attached [ 152.220380][ T9911] vhci_hcd: connection closed [ 152.222904][ T9914] vhci_hcd: connection closed [ 152.223538][ T12] vhci_hcd: stop threads [ 152.227772][ T12] vhci_hcd: release socket [ 152.229191][ T12] vhci_hcd: disconnect device [ 152.230751][ T12] vhci_hcd: stop threads [ 152.232088][ T12] vhci_hcd: release socket [ 152.233503][ T12] vhci_hcd: disconnect device [ 152.238670][ T9920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1283'. [ 152.241831][ T9920] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1283'. [ 152.291488][ T5952] Bluetooth: hci2: Malformed LE Event: 0x0d [ 152.333380][ T9929] FAULT_INJECTION: forcing a failure. [ 152.333380][ T9929] name failslab, interval 1, probability 0, space 0, times 0 [ 152.337485][ T9929] CPU: 3 UID: 0 PID: 9929 Comm: syz.3.1285 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 152.337499][ T9929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 152.337506][ T9929] Call Trace: [ 152.337509][ T9929] [ 152.337513][ T9929] dump_stack_lvl+0x16c/0x1f0 [ 152.337532][ T9929] should_fail_ex+0x512/0x640 [ 152.337547][ T9929] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 152.337564][ T9929] should_failslab+0xc2/0x120 [ 152.337581][ T9929] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 152.337594][ T9929] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 152.337610][ T9929] ? kvm_hv_setup_tsc_page+0x29a/0x8d0 [ 152.337623][ T9929] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 152.337640][ T9929] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 152.337659][ T9929] mmu_topup_memory_caches+0x25/0x170 [ 152.337673][ T9929] kvm_mmu_load+0xd9/0x22a0 [ 152.337685][ T9929] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 152.337695][ T9929] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 152.337706][ T9929] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 152.337719][ T9929] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 152.337731][ T9929] ? __pfx_kvm_mmu_load+0x10/0x10 [ 152.337742][ T9929] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 152.337758][ T9929] ? kvm_check_and_inject_events+0x71c/0x1310 [ 152.337773][ T9929] vcpu_run+0x34eb/0x5500 [ 152.337787][ T9929] ? __lock_acquire+0xb8a/0x1c90 [ 152.337800][ T9929] ? __pfx_vcpu_run+0x10/0x10 [ 152.337814][ T9929] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 152.337826][ T9929] ? __local_bh_enable_ip+0xa4/0x120 [ 152.337842][ T9929] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 152.337855][ T9929] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 152.337871][ T9929] kvm_vcpu_ioctl+0x5eb/0x1690 [ 152.337885][ T9929] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 152.337902][ T9929] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 152.337919][ T9929] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 152.337938][ T9929] ? hook_file_ioctl_common+0x145/0x410 [ 152.337952][ T9929] ? selinux_file_ioctl+0x180/0x270 [ 152.337966][ T9929] ? selinux_file_ioctl+0xb4/0x270 [ 152.337980][ T9929] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 152.337994][ T9929] __x64_sys_ioctl+0x18b/0x210 [ 152.338007][ T9929] do_syscall_64+0xcd/0x4c0 [ 152.338024][ T9929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.338035][ T9929] RIP: 0033:0x7f517098e929 [ 152.338043][ T9929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.338053][ T9929] RSP: 002b:00007f51717e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 152.338063][ T9929] RAX: ffffffffffffffda RBX: 00007f5170bb6080 RCX: 00007f517098e929 [ 152.338070][ T9929] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 152.338076][ T9929] RBP: 00007f51717e5090 R08: 0000000000000000 R09: 0000000000000000 [ 152.338081][ T9929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 152.338087][ T9929] R13: 0000000000000001 R14: 00007f5170bb6080 R15: 00007ffcc188f0f8 [ 152.338100][ T9929] [ 152.872581][ T5952] Bluetooth: hci1: adv larger than maximum supported [ 152.872597][ T5952] Bluetooth: hci1: Malformed LE Event: 0x0d [ 152.945300][ T5952] Bluetooth: hci0: command tx timeout [ 152.965119][ T12] tipc: Subscription rejected, illegal request [ 152.965337][ T9946] FAULT_INJECTION: forcing a failure. [ 152.965337][ T9946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.971708][ T9946] CPU: 3 UID: 0 PID: 9946 Comm: syz.3.1293 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 152.971722][ T9946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 152.971729][ T9946] Call Trace: [ 152.971733][ T9946] [ 152.971737][ T9946] dump_stack_lvl+0x16c/0x1f0 [ 152.971756][ T9946] should_fail_ex+0x512/0x640 [ 152.971773][ T9946] _copy_to_iter+0x29f/0x16f0 [ 152.971793][ T9946] ? __pfx__copy_to_iter+0x10/0x10 [ 152.971815][ T9946] simple_copy_to_iter+0x46/0x90 [ 152.971827][ T9946] __skb_datagram_iter+0x129/0x900 [ 152.971838][ T9946] ? __pfx_tipc_wait_for_rcvmsg.isra.0+0x10/0x10 [ 152.971854][ T9946] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 152.971865][ T9946] ? kfree_skbmem+0x16c/0x1f0 [ 152.971877][ T9946] ? __pfx_woken_wake_function+0x10/0x10 [ 152.971893][ T9946] skb_copy_datagram_iter+0x40/0x50 [ 152.971905][ T9946] tipc_recvstream+0x3fb/0x970 [ 152.971920][ T9946] ? __pfx_tipc_recvstream+0x10/0x10 [ 152.971935][ T9946] sock_recvmsg+0x1f9/0x250 [ 152.971946][ T9946] __sys_recvfrom+0x203/0x310 [ 152.971960][ T9946] ? __pfx___sys_recvfrom+0x10/0x10 [ 152.971977][ T9946] ? find_held_lock+0x2b/0x80 [ 152.972000][ T9946] __x64_sys_recvfrom+0xe0/0x1c0 [ 152.972013][ T9946] ? do_syscall_64+0x91/0x4c0 [ 152.972028][ T9946] ? lockdep_hardirqs_on+0x7c/0x110 [ 152.972042][ T9946] do_syscall_64+0xcd/0x4c0 [ 152.972058][ T9946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.972069][ T9946] RIP: 0033:0x7f51709906f4 [ 152.972078][ T9946] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 152.972087][ T9946] RSP: 002b:00007f5171804ed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 152.972097][ T9946] RAX: ffffffffffffffda RBX: 00007f5171804fc0 RCX: 00007f51709906f4 [ 152.972104][ T9946] RDX: 0000000000001000 RSI: 00007f5171805010 RDI: 0000000000000003 [ 152.972110][ T9946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 152.972116][ T9946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 152.972122][ T9946] R13: 00007f5171804f68 R14: 00007f5171805010 R15: 0000000000000000 [ 152.972134][ T9946] [ 153.046616][ T40] audit: type=1400 audit(1751657878.124:589): avc: denied { create } for pid=9953 comm="syz.1.1300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 153.053486][ T40] audit: type=1400 audit(1751657878.124:590): avc: denied { getopt } for pid=9953 comm="syz.1.1300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 153.078937][ T9958] vxcan1: tx address claim with dest, not broadcast [ 153.148092][ T40] audit: type=1400 audit(1751657878.224:591): avc: denied { nlmsg_read } for pid=9966 comm="syz.1.1303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 153.208091][ T9969] Failed to initialize the IGMP autojoin socket (err -2) [ 153.550982][ T9983] veth0_to_bridge: left allmulticast mode [ 153.552825][ T9983] veth0_to_bridge: left promiscuous mode [ 153.554714][ T9983] bridge0: port 3(veth0_to_bridge) entered disabled state [ 153.560172][ T9983] : left allmulticast mode [ 153.561667][ T9983] : left promiscuous mode [ 153.563185][ T9983] bridge0: port 1() entered disabled state [ 153.568671][ T9983] bridge_slave_1: left allmulticast mode [ 153.570599][ T9983] bridge_slave_1: left promiscuous mode [ 153.572362][ T9983] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.579183][ T9983] bond0: (slave bond_slave_0): Releasing backup interface [ 153.583972][ T9983] bond0: (slave bond_slave_1): Releasing backup interface [ 153.593299][ T9984] netlink: 'syz.3.1310': attribute type 10 has an invalid length. [ 153.598326][ T9983] team0: Port device team_slave_0 removed [ 153.602879][ T9983] team0: Port device team_slave_1 removed [ 153.605097][ T9983] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.607869][ T9983] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 153.611143][ T9983] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 153.613487][ T9983] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 153.620106][ T9983] bond0: (slave wlan1): Releasing backup interface [ 153.627713][ T9983] bond2: (slave ip6gretap1): Releasing backup interface [ 153.629886][ T9983] bond2: (slave ip6gretap1): the permanent HWaddr of slave - d2:e2:2c:cf:b8:83 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 153.635392][ T9] usb 9-1: new full-speed USB device number 12 using dummy_hcd [ 153.639562][ T9983] bond2: (slave veth3): Releasing backup interface [ 153.649737][ T12] tipc: Resetting bearer [ 153.653005][ T9984] lo: entered promiscuous mode [ 153.656488][ T9984] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 153.663194][ T9984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.669217][ T9984] bond0: (slave lo): Enslaving as an active interface with an up link [ 153.797560][ T9] usb 9-1: config index 0 descriptor too short (expected 65002, got 27) [ 153.800263][ T9] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 153.805026][ T9] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 153.808113][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.810600][ T9] usb 9-1: Product: syz [ 153.811909][ T9] usb 9-1: Manufacturer: syz [ 153.813379][ T9] usb 9-1: SerialNumber: syz [ 153.817732][ T9977] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 153.848922][ T5952] Bluetooth: hci2: unexpected event 0x2f length: 1017 > 260 [ 153.904070][ T40] audit: type=1400 audit(1751657878.974:592): avc: denied { listen } for pid=9993 comm="syz.3.1313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 153.939924][ T9996] could not open pipe file descriptor [ 154.027008][ T9] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 154.227219][ T40] audit: type=1400 audit(1751657879.304:593): avc: denied { write } for pid=9976 comm="syz.4.1307" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 154.344319][ T9] usb 9-1: USB disconnect, device number 12 [ 154.353596][ T9] usblp0: removed [ 154.412726][T10013] misc userio: Can't change port type on an already running userio instance [ 154.426007][ T40] audit: type=1326 audit(1751657879.504:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10014 comm="syz.4.1323" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f001998e929 code=0x0 [ 154.583965][T10017] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.658066][T10017] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.718837][T10017] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.769066][T10017] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.864703][T10017] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.874885][T10017] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.887958][T10017] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.894620][T10017] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.938486][T10043] FAULT_INJECTION: forcing a failure. [ 154.938486][T10043] name failslab, interval 1, probability 0, space 0, times 0 [ 154.943429][T10043] CPU: 0 UID: 0 PID: 10043 Comm: syz.1.1334 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 154.943453][T10043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 154.943464][T10043] Call Trace: [ 154.943471][T10043] [ 154.943478][T10043] dump_stack_lvl+0x16c/0x1f0 [ 154.943508][T10043] should_fail_ex+0x512/0x640 [ 154.943532][T10043] ? __kvmalloc_node_noprof+0x124/0x620 [ 154.943558][T10043] should_failslab+0xc2/0x120 [ 154.943584][T10043] __kvmalloc_node_noprof+0x137/0x620 [ 154.943605][T10043] ? bpf_opcode_in_insntable+0xc/0x50 [ 154.943629][T10043] ? resolve_pseudo_ldimm64+0x716/0x1a90 [ 154.943654][T10043] ? check_cfg+0x158/0xab0 [ 154.943684][T10043] ? check_cfg+0x158/0xab0 [ 154.943709][T10043] check_cfg+0x158/0xab0 [ 154.943742][T10043] bpf_check+0x64b4/0xbc50 [ 154.943762][T10043] ? __mutex_trylock_common+0xe9/0x250 [ 154.943788][T10043] ? bpf_link_get_curr_or_next+0x150/0x170 [ 154.943820][T10043] ? __pfx_bpf_check+0x10/0x10 [ 154.943865][T10043] ? kasan_save_track+0x14/0x30 [ 154.943886][T10043] ? __kasan_kmalloc+0xaa/0xb0 [ 154.943909][T10043] ? selinux_bpf_prog_load+0x15f/0x1c0 [ 154.943931][T10043] bpf_prog_load+0xe41/0x2490 [ 154.943961][T10043] ? __pfx_bpf_prog_load+0x10/0x10 [ 154.943983][T10043] ? avc_has_perm_noaudit+0x149/0x3b0 [ 154.944018][T10043] ? selinux_bpf+0xde/0x130 [ 154.944035][T10043] ? bpf_lsm_bpf+0x9/0x10 [ 154.944055][T10043] __sys_bpf+0x433c/0x4d80 [ 154.944083][T10043] ? __pfx___sys_bpf+0x10/0x10 [ 154.944107][T10043] ? ksys_write+0x190/0x250 [ 154.944134][T10043] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 154.944174][T10043] ? fput+0x70/0xf0 [ 154.944190][T10043] ? ksys_write+0x1ac/0x250 [ 154.944211][T10043] ? __pfx_ksys_write+0x10/0x10 [ 154.944238][T10043] __x64_sys_bpf+0x78/0xc0 [ 154.944262][T10043] ? lockdep_hardirqs_on+0x7c/0x110 [ 154.944285][T10043] do_syscall_64+0xcd/0x4c0 [ 154.944313][T10043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.944331][T10043] RIP: 0033:0x7fe28e78e929 [ 154.944345][T10043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.944361][T10043] RSP: 002b:00007fe28f568038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 154.944378][T10043] RAX: ffffffffffffffda RBX: 00007fe28e9b5fa0 RCX: 00007fe28e78e929 [ 154.944389][T10043] RDX: 0000000000000094 RSI: 00002000000001c0 RDI: 0000000000000005 [ 154.944404][T10043] RBP: 00007fe28f568090 R08: 0000000000000000 R09: 0000000000000000 [ 154.944414][T10043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 154.944424][T10043] R13: 0000000000000000 R14: 00007fe28e9b5fa0 R15: 00007ffce4538df8 [ 154.944461][T10043] [ 155.533872][ T5952] Bluetooth: hci1: Malformed LE Event: 0x0d [ 155.774269][T10076] netlink: 'syz.1.1348': attribute type 4 has an invalid length. [ 155.778226][T10076] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 155.874480][T10085] netlink: zone id is out of range [ 155.876877][T10085] netlink: zone id is out of range [ 155.879065][T10085] netlink: zone id is out of range [ 155.881274][T10085] netlink: zone id is out of range [ 155.883849][T10085] netlink: zone id is out of range [ 155.886190][T10085] netlink: zone id is out of range [ 155.888464][T10085] netlink: zone id is out of range [ 155.967503][T10091] bridge_slave_0: left allmulticast mode [ 155.969889][T10091] bridge_slave_0: left promiscuous mode [ 155.972448][T10091] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.983447][T10091] bridge_slave_1: left promiscuous mode [ 155.990667][T10091] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.001072][ T40] audit: type=1400 audit(1751657881.074:595): avc: denied { create } for pid=10092 comm="syz.3.1356" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 156.010885][T10091] bond0: (slave bond_slave_0): Releasing backup interface [ 156.012569][T10094] netlink: 'syz.1.1354': attribute type 10 has an invalid length. [ 156.018948][ T40] audit: type=1400 audit(1751657881.094:596): avc: denied { unlink } for pid=5954 comm="syz-executor" name="file0" dev="tmpfs" ino=2200 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 156.028594][T10091] bond0: (slave bond_slave_1): Releasing backup interface [ 156.028683][ T40] audit: type=1400 audit(1751657881.094:597): avc: denied { read write } for pid=5954 comm="syz-executor" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 156.043707][ T40] audit: type=1400 audit(1751657881.094:598): avc: denied { open } for pid=5954 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 156.055733][ T40] audit: type=1400 audit(1751657881.094:599): avc: denied { ioctl } for pid=5954 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 156.073076][T10091] team0: Port device team_slave_0 removed [ 156.077173][T10101] netlink: 'syz.4.1358': attribute type 4 has an invalid length. [ 156.078460][T10091] team0: Port device team_slave_1 removed [ 156.079839][T10101] __nla_validate_parse: 19 callbacks suppressed [ 156.079850][T10101] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1358'. [ 156.081914][T10091] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.089261][T10091] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 156.092343][T10091] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 156.094740][T10091] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 156.102436][T10091] bond0: (slave wlan1): Releasing backup interface [ 156.107754][T10091] bond1: (slave veth3): Releasing active interface [ 156.113623][T10094] lo: entered promiscuous mode [ 156.118023][T10094] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 156.129413][T10094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.133937][T10094] bond0: (slave lo): Enslaving as an active interface with an up link [ 156.213411][T10107] netlink: 'syz.1.1361': attribute type 9 has an invalid length. [ 156.217911][T10107] netlink: 'syz.1.1361': attribute type 9 has an invalid length. [ 156.707210][ T5952] Bluetooth: hci3: unexpected event 0x2f length: 1017 > 260 [ 156.734103][ T40] audit: type=1400 audit(1751657881.804:600): avc: denied { append } for pid=10115 comm="syz.3.1364" name="pmem0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 156.762091][T10120] FAULT_INJECTION: forcing a failure. [ 156.762091][T10120] name failslab, interval 1, probability 0, space 0, times 0 [ 156.767507][T10120] CPU: 2 UID: 0 PID: 10120 Comm: syz.3.1365 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 156.767522][T10120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 156.767529][T10120] Call Trace: [ 156.767533][T10120] [ 156.767537][T10120] dump_stack_lvl+0x16c/0x1f0 [ 156.767559][T10120] should_fail_ex+0x512/0x640 [ 156.767572][T10120] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 156.767588][T10120] should_failslab+0xc2/0x120 [ 156.767604][T10120] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 156.767617][T10120] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 156.767627][T10120] ? ptlock_alloc+0x1f/0x70 [ 156.767641][T10120] ptlock_alloc+0x1f/0x70 [ 156.767652][T10120] pte_alloc_one+0x82/0x3a0 [ 156.767664][T10120] __handle_mm_fault+0x3a68/0x5490 [ 156.767680][T10120] ? __pfx___handle_mm_fault+0x10/0x10 [ 156.767691][T10120] ? __pfx_mt_find+0x10/0x10 [ 156.767715][T10120] ? find_vma+0xbf/0x140 [ 156.767724][T10120] ? __pfx_find_vma+0x10/0x10 [ 156.767734][T10120] handle_mm_fault+0x589/0xd10 [ 156.767747][T10120] ? __pkru_allows_pkey+0x41/0xb0 [ 156.767763][T10120] do_user_addr_fault+0x7a6/0x1370 [ 156.767779][T10120] ? rcu_is_watching+0x12/0xc0 [ 156.767795][T10120] exc_page_fault+0x5c/0xb0 [ 156.767809][T10120] asm_exc_page_fault+0x26/0x30 [ 156.767819][T10120] RIP: 0010:_copy_from_user+0x93/0xd0 [ 156.767834][T10120] Code: 8e df fc 89 ee 4c 89 ef 48 b8 00 f0 ff ff ff 7f 00 00 48 39 c3 48 0f 47 d8 e8 39 72 46 fd 0f 01 cb 4c 89 ef 48 89 de 48 89 e9 a4 0f 1f 00 49 89 cc 48 89 cb 0f 01 ca 31 ff 48 89 ce e8 b5 89 [ 156.767844][T10120] RSP: 0018:ffffc9000329fb18 EFLAGS: 00050246 [ 156.767853][T10120] RAX: 0000000000000001 RBX: 000000110c230000 RCX: 0000000000000020 [ 156.767859][T10120] RDX: ffffed1005753c2c RSI: 000000110c230000 RDI: ffff88802ba9e140 [ 156.767865][T10120] RBP: 0000000000000020 R08: 0000000000000001 R09: ffffed1005753c2b [ 156.767871][T10120] R10: ffff88802ba9e15f R11: 0000000000000001 R12: 0000000000000000 [ 156.767877][T10120] R13: ffff88802ba9e140 R14: 0000000000000001 R15: ffffc9000329fd50 [ 156.767890][T10120] ? _copy_from_user+0x87/0xd0 [ 156.767905][T10120] ioctl_standard_iw_point+0x513/0xca0 [ 156.767922][T10120] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 156.767938][T10120] ? __pfx_ioctl_standard_iw_point+0x10/0x10 [ 156.767954][T10120] ? wext_handle_ioctl+0x20b/0x2a0 [ 156.767970][T10120] ? __pfx___mutex_lock+0x10/0x10 [ 156.767988][T10120] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 156.768001][T10120] ioctl_standard_call+0x166/0x1d0 [ 156.768017][T10120] ? __pfx_ioctl_standard_call+0x10/0x10 [ 156.768032][T10120] ? __pfx_cfg80211_wext_siwessid+0x10/0x10 [ 156.768046][T10120] wireless_process_ioctl.constprop.0+0x28e/0x3d0 [ 156.768064][T10120] wext_handle_ioctl+0x226/0x2a0 [ 156.768080][T10120] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 156.768098][T10120] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 156.768116][T10120] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 156.768133][T10120] sock_ioctl+0x3a1/0x6b0 [ 156.768145][T10120] ? __pfx_sock_ioctl+0x10/0x10 [ 156.768155][T10120] ? hook_file_ioctl_common+0x145/0x410 [ 156.768169][T10120] ? selinux_file_ioctl+0x180/0x270 [ 156.768183][T10120] ? selinux_file_ioctl+0xb4/0x270 [ 156.768202][T10120] ? __pfx_sock_ioctl+0x10/0x10 [ 156.768213][T10120] __x64_sys_ioctl+0x18b/0x210 [ 156.768226][T10120] do_syscall_64+0xcd/0x4c0 [ 156.768242][T10120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.768252][T10120] RIP: 0033:0x7f517098e929 [ 156.768260][T10120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.768269][T10120] RSP: 002b:00007f5171806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.768278][T10120] RAX: ffffffffffffffda RBX: 00007f5170bb5fa0 RCX: 00007f517098e929 [ 156.768284][T10120] RDX: 0000200000000000 RSI: 0000000000008b1a RDI: 0000000000000004 [ 156.768290][T10120] RBP: 00007f5171806090 R08: 0000000000000000 R09: 0000000000000000 [ 156.768296][T10120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.768301][T10120] R13: 0000000000000000 R14: 00007f5170bb5fa0 R15: 00007ffcc188f0f8 [ 156.768314][T10120] [ 156.788397][ T5952] Bluetooth: hci2: adv larger than maximum supported [ 156.906440][ T5952] Bluetooth: hci2: Malformed LE Event: 0x0d [ 156.958765][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1368'. [ 156.963129][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1368'. [ 156.968954][T10126] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 157.014742][T10128] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 157.101327][T10132] netlink: 'syz.4.1372': attribute type 4 has an invalid length. [ 157.103748][T10132] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1372'. [ 157.108030][T10132] net_ratelimit: 4 callbacks suppressed [ 157.108040][T10132] wlan1: mtu less than device minimum [ 157.222447][ T5952] Bluetooth: hci1: unexpected event 0x2f length: 1017 > 260 [ 157.251752][T10140] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1376'. [ 157.303970][ T34] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 157.419598][T10152] netlink: 'syz.1.1380': attribute type 1 has an invalid length. [ 157.422117][T10152] netlink: 'syz.1.1380': attribute type 2 has an invalid length. [ 157.456531][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.460033][ T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.463077][ T34] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 157.467368][ T34] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 157.470235][ T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.474154][ T34] usb 8-1: config 0 descriptor?? [ 157.589480][ T40] audit: type=1400 audit(1751657882.664:601): avc: denied { create } for pid=10161 comm="syz.4.1385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 157.616714][T10165] openvswitch: netlink: Missing key (keys=40, expected=100) [ 157.672053][T10171] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1389'. [ 157.676466][T10171] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1389'. [ 157.684502][T10130] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1371'. [ 157.745303][T10175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1391'. [ 157.902287][T10186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1395'. [ 157.943192][T10188] binder: 10187:10188 ioctl 400c620e 200000001580 returned -22 [ 157.982758][T10191] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 158.008541][ T34] usbhid 8-1:0.0: can't add hid device: -71 [ 158.010678][ T34] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 158.014650][ T34] usb 8-1: USB disconnect, device number 20 [ 158.351670][T10207] tipc: Failed to remove unknown binding: 66,1,1/0:3977986530/3977986532 [ 158.354717][T10207] tipc: Failed to remove unknown binding: 66,1,1/0:3977986530/3977986532 [ 158.510526][T10213] SELinux: security_context_str_to_sid () failed with errno=-22 [ 158.710535][T10233] FAULT_INJECTION: forcing a failure. [ 158.710535][T10233] name failslab, interval 1, probability 0, space 0, times 0 [ 158.714742][T10233] CPU: 0 UID: 0 PID: 10233 Comm: syz.3.1411 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 158.714758][T10233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.714764][T10233] Call Trace: [ 158.714768][T10233] [ 158.714772][T10233] dump_stack_lvl+0x16c/0x1f0 [ 158.714794][T10233] should_fail_ex+0x512/0x640 [ 158.714808][T10233] ? __kvmalloc_node_noprof+0x124/0x620 [ 158.714823][T10233] should_failslab+0xc2/0x120 [ 158.714838][T10233] __kvmalloc_node_noprof+0x137/0x620 [ 158.714850][T10233] ? get_pid_task+0xfc/0x250 [ 158.714861][T10233] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 158.714879][T10233] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 158.714893][T10233] file_tty_write.constprop.0+0x6ef/0x9b0 [ 158.714910][T10233] ? rw_verify_area+0xcf/0x680 [ 158.714923][T10233] vfs_write+0x6c7/0x1150 [ 158.714937][T10233] ? __pfx_tty_write+0x10/0x10 [ 158.714952][T10233] ? __pfx_vfs_write+0x10/0x10 [ 158.714964][T10233] ? find_held_lock+0x2b/0x80 [ 158.714986][T10233] ksys_write+0x12a/0x250 [ 158.714999][T10233] ? __pfx_ksys_write+0x10/0x10 [ 158.715012][T10233] ? fd_install+0x244/0x750 [ 158.715029][T10233] do_syscall_64+0xcd/0x4c0 [ 158.715045][T10233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.715055][T10233] RIP: 0033:0x7f517098e929 [ 158.715064][T10233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.715074][T10233] RSP: 002b:00007f5171806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 158.715084][T10233] RAX: ffffffffffffffda RBX: 00007f5170bb5fa0 RCX: 00007f517098e929 [ 158.715090][T10233] RDX: 0000000000001006 RSI: 0000200000000000 RDI: 0000000000000004 [ 158.715096][T10233] RBP: 00007f5171806090 R08: 0000000000000000 R09: 0000000000000000 [ 158.715102][T10233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.715107][T10233] R13: 0000000000000000 R14: 00007f5170bb5fa0 R15: 00007ffcc188f0f8 [ 158.715121][T10233] [ 159.034653][T10246] Failed to initialize the IGMP autojoin socket (err -2) [ 159.274063][ T40] audit: type=1400 audit(1751657884.344:602): avc: denied { mount } for pid=10256 comm="syz.3.1418" name="/" dev="hugetlbfs" ino=44079 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 159.283599][T10258] ipip0: entered promiscuous mode [ 159.298653][ T40] audit: type=1400 audit(1751657884.374:603): avc: denied { unmount } for pid=5954 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 159.367994][ T6304] Bluetooth: hci3: ISO packet for unknown connection handle 200 [ 159.369319][T10268] netlink: 'syz.3.1421': attribute type 1 has an invalid length. [ 159.664451][ T40] audit: type=1400 audit(1751657884.734:604): avc: denied { lock } for pid=10278 comm="syz.3.1425" path="socket:[41573]" dev="sockfs" ino=41573 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 159.927692][ T40] audit: type=1400 audit(1751657885.004:605): avc: denied { read } for pid=10298 comm="syz.4.1434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 159.975347][ T6304] Bluetooth: hci4: command 0x1003 tx timeout [ 159.979241][ T5952] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 160.069520][T10321] openvswitch: netlink: Message has 8 unknown bytes. [ 160.137927][T10333] 9p: Unknown Cache mode or invalid value fs [ 160.208747][T10343] /dev/nullb0: Can't open blockdev [ 160.352417][T10361] cgroup: Invalid name [ 160.353810][ T40] audit: type=1400 audit(1751657885.424:606): avc: denied { mounton } for pid=10360 comm="syz.1.1456" path="/459/file3" dev="tmpfs" ino=2487 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 160.371743][T10363] netlink: 'syz.4.1453': attribute type 1 has an invalid length. [ 160.403290][T10363] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 160.422613][T10363] veth3: entered promiscuous mode [ 160.426094][T10363] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 160.438658][ T13] tipc: Subscription rejected, illegal request [ 160.471459][ T40] audit: type=1400 audit(1751657885.544:607): avc: denied { module_load } for pid=10367 comm="syz.4.1458" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=system permissive=1 [ 160.474689][T10370] vxcan1: entered promiscuous mode [ 160.476011][T10368] kernel read not supported for file /policy (pid: 10368 comm: syz.4.1458) [ 160.480303][ T40] audit: type=1400 audit(1751657885.544:608): avc: denied { getopt } for pid=10369 comm="syz.1.1459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 160.649310][T10388] mkiss: ax0: crc mode is auto. [ 160.701071][ T40] audit: type=1400 audit(1751657885.774:609): avc: denied { create } for pid=10389 comm="syz.3.1467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 160.752303][T10397] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 161.200772][T10430] __nla_validate_parse: 5 callbacks suppressed [ 161.200789][T10430] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1481'. [ 161.314213][T10438] loop6: detected capacity change from 0 to 524287999 [ 161.771648][T10468] devpts: Bad value for 'max' [ 161.783816][ T40] audit: type=1400 audit(1751657886.854:610): avc: denied { map } for pid=10465 comm="syz.1.1493" path="/482/file0/freezer.parent_freezing" dev="9p" ino=35913960 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 161.977418][T10481] GUP no longer grows the stack in syz.1.1499 (10481): 200000004000-20000000a000 (200000002000) [ 161.981070][T10481] CPU: 3 UID: 0 PID: 10481 Comm: syz.1.1499 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 161.981086][T10481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.981093][T10481] Call Trace: [ 161.981097][T10481] [ 161.981101][T10481] dump_stack_lvl+0x16c/0x1f0 [ 161.981121][T10481] gup_vma_lookup+0x1d2/0x220 [ 161.981145][T10481] __get_user_pages+0x271/0x3b80 [ 161.981162][T10481] ? __pfx___get_user_pages+0x10/0x10 [ 161.981178][T10481] get_user_pages_remote+0x258/0xb20 [ 161.981190][T10481] ? __pfx_mtree_load+0x10/0x10 [ 161.981206][T10481] ? __pfx_get_user_pages_remote+0x10/0x10 [ 161.981224][T10481] __access_remote_vm+0x246/0x810 [ 161.981243][T10481] ? do_raw_spin_lock+0x12c/0x2b0 [ 161.981256][T10481] ? __pfx___access_remote_vm+0x10/0x10 [ 161.981276][T10481] proc_pid_cmdline_read+0x4de/0x900 [ 161.981292][T10481] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 161.981306][T10481] ? rw_verify_area+0xcf/0x680 [ 161.981320][T10481] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 161.981333][T10481] vfs_readv+0x5c1/0x8b0 [ 161.981348][T10481] ? __pfx_vfs_readv+0x10/0x10 [ 161.981361][T10481] ? kmem_cache_free+0x2d1/0x4d0 [ 161.981383][T10481] ? __fget_files+0x20e/0x3c0 [ 161.981401][T10481] ? do_preadv+0x1a6/0x270 [ 161.981412][T10481] do_preadv+0x1a6/0x270 [ 161.981425][T10481] ? __pfx_do_preadv+0x10/0x10 [ 161.981441][T10481] do_syscall_64+0xcd/0x4c0 [ 161.981457][T10481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.981468][T10481] RIP: 0033:0x7fe28e78e929 [ 161.981476][T10481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.981486][T10481] RSP: 002b:00007fe28f568038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 161.981497][T10481] RAX: ffffffffffffffda RBX: 00007fe28e9b5fa0 RCX: 00007fe28e78e929 [ 161.981503][T10481] RDX: 0000000000000001 RSI: 0000200000000680 RDI: 0000000000000006 [ 161.981510][T10481] RBP: 00007fe28e810b39 R08: 00000000fffffff9 R09: 0000000000000000 [ 161.981516][T10481] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000 [ 161.981522][T10481] R13: 0000000000000000 R14: 00007fe28e9b5fa0 R15: 00007ffce4538df8 [ 161.981535][T10481] [ 162.054745][ C3] vkms_vblank_simulate: vblank timer overrun [ 162.118264][T10485] BIDI support in bsg has been removed. [ 162.144047][T10488] netlink: 'syz.1.1502': attribute type 4 has an invalid length. [ 162.171710][T10490] devpts: Bad value for 'max' [ 162.395482][T10508] devpts: Bad value for 'max' [ 162.398399][T10506] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 162.402966][T10506] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 162.407344][T10506] overlayfs: failed to get uuid (497/file1, err=-13); falling back to uuid=null. [ 162.452011][T10512] netlink: 'syz.1.1514': attribute type 9 has an invalid length. [ 162.454581][T10512] netlink: 'syz.1.1514': attribute type 9 has an invalid length. [ 162.670306][T10526] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1518'. [ 162.760468][T10535] FAULT_INJECTION: forcing a failure. [ 162.760468][T10535] name failslab, interval 1, probability 0, space 0, times 0 [ 162.764377][T10535] CPU: 0 UID: 0 PID: 10535 Comm: syz.3.1522 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 162.764392][T10535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 162.764399][T10535] Call Trace: [ 162.764403][T10535] [ 162.764407][T10535] dump_stack_lvl+0x16c/0x1f0 [ 162.764426][T10535] should_fail_ex+0x512/0x640 [ 162.764441][T10535] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 162.764456][T10535] should_failslab+0xc2/0x120 [ 162.764473][T10535] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 162.764487][T10535] ? fput+0x70/0xf0 [ 162.764496][T10535] ? getname_flags.part.0+0x4c/0x550 [ 162.764510][T10535] getname_flags.part.0+0x4c/0x550 [ 162.764523][T10535] __x64_sys_mkdir+0xd8/0x140 [ 162.764538][T10535] do_syscall_64+0xcd/0x4c0 [ 162.764554][T10535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.764565][T10535] RIP: 0033:0x7f517098e929 [ 162.764574][T10535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.764584][T10535] RSP: 002b:00007f5171806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 162.764595][T10535] RAX: ffffffffffffffda RBX: 00007f5170bb5fa0 RCX: 00007f517098e929 [ 162.764601][T10535] RDX: 0000000000000000 RSI: d0939199c36b4d28 RDI: 0000200000000000 [ 162.764607][T10535] RBP: 00007f5171806090 R08: 0000000000000000 R09: 0000000000000000 [ 162.764614][T10535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.764620][T10535] R13: 0000000000000001 R14: 00007f5170bb5fa0 R15: 00007ffcc188f0f8 [ 162.764632][T10535] [ 162.776982][ T40] audit: type=1400 audit(1751657887.854:611): avc: denied { map } for pid=10536 comm="syz.1.1523" path="/dev/video37" dev="devtmpfs" ino=1073 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 162.808578][T10537] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 162.831047][T10537] overlayfs: missing 'lowerdir' [ 162.835369][T10542] vlan1: entered allmulticast mode [ 162.843096][T10542] 9pnet_virtio: no channels available for device syz [ 162.866967][T10537] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1523'. [ 163.007182][T10550] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1527'. [ 163.670465][T10563] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1532'. [ 163.706732][T10545] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 163.709293][T10545] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 163.711721][T10545] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 163.752985][T10569] tipc: Enabling of bearer rejected, already enabled [ 163.782073][T10573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1536'. [ 163.907677][T10583] random: crng reseeded on system resumption [ 163.965873][T10581] FAULT_INJECTION: forcing a failure. [ 163.965873][T10581] name failslab, interval 1, probability 0, space 0, times 0 [ 163.970363][T10581] CPU: 3 UID: 0 PID: 10581 Comm: syz.3.1540 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 163.970379][T10581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.970387][T10581] Call Trace: [ 163.970393][T10581] [ 163.970400][T10581] dump_stack_lvl+0x16c/0x1f0 [ 163.970427][T10581] should_fail_ex+0x512/0x640 [ 163.970452][T10581] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 163.970478][T10581] should_failslab+0xc2/0x120 [ 163.970503][T10581] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 163.970526][T10581] ? nla_strdup+0xc6/0x150 [ 163.970543][T10581] ? __kernfs_new_node+0xd2/0x8e0 [ 163.970560][T10581] __kernfs_new_node+0xd2/0x8e0 [ 163.970577][T10581] ? __pfx___kernfs_new_node+0x10/0x10 [ 163.970591][T10581] ? kasan_save_stack+0x42/0x60 [ 163.970608][T10581] ? find_held_lock+0x2b/0x80 [ 163.970622][T10581] ? kernfs_root+0xee/0x2a0 [ 163.970640][T10581] kernfs_new_node+0x13c/0x1e0 [ 163.970652][T10581] __kernfs_create_file+0x53/0x350 [ 163.970667][T10581] sysfs_add_file_mode_ns+0x207/0x3c0 [ 163.970685][T10581] sysfs_create_file_ns+0x13d/0x1d0 [ 163.970699][T10581] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 163.970713][T10581] ? rcu_is_watching+0x12/0xc0 [ 163.970726][T10581] ? __kmalloc_noprof+0x242/0x510 [ 163.970739][T10581] ? nbd_start_device+0x8d8/0xcd0 [ 163.970757][T10581] device_create_file+0xf2/0x1e0 [ 163.970770][T10581] nbd_genl_connect+0x1373/0x1c20 [ 163.970788][T10581] ? __pfx_nbd_genl_connect+0x10/0x10 [ 163.970807][T10581] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 163.970821][T10581] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 163.970836][T10581] genl_family_rcv_msg_doit+0x206/0x2f0 [ 163.970849][T10581] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 163.970861][T10581] ? genl_get_cmd+0x194/0x580 [ 163.970877][T10581] ? __radix_tree_lookup+0x21f/0x2c0 [ 163.970892][T10581] genl_rcv_msg+0x55c/0x800 [ 163.970906][T10581] ? __pfx_genl_rcv_msg+0x10/0x10 [ 163.970918][T10581] ? __pfx_nbd_genl_connect+0x10/0x10 [ 163.970938][T10581] netlink_rcv_skb+0x155/0x420 [ 163.970948][T10581] ? __pfx_genl_rcv_msg+0x10/0x10 [ 163.970961][T10581] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 163.970977][T10581] ? netlink_deliver_tap+0x1ae/0xd30 [ 163.970995][T10581] genl_rcv+0x28/0x40 [ 163.971005][T10581] netlink_unicast+0x53d/0x7f0 [ 163.971016][T10581] ? __pfx_netlink_unicast+0x10/0x10 [ 163.971031][T10581] netlink_sendmsg+0x8d1/0xdd0 [ 163.971043][T10581] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.971063][T10581] ____sys_sendmsg+0xa98/0xc70 [ 163.971075][T10581] ? copy_msghdr_from_user+0x10a/0x160 [ 163.971089][T10581] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.971106][T10581] ___sys_sendmsg+0x134/0x1d0 [ 163.971121][T10581] ? __pfx____sys_sendmsg+0x10/0x10 [ 163.971134][T10581] ? __lock_acquire+0x622/0x1c90 [ 163.971160][T10581] __sys_sendmsg+0x16d/0x220 [ 163.971175][T10581] ? __pfx___sys_sendmsg+0x10/0x10 [ 163.971198][T10581] do_syscall_64+0xcd/0x4c0 [ 163.971214][T10581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.971224][T10581] RIP: 0033:0x7f517098e929 [ 163.971233][T10581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.971243][T10581] RSP: 002b:00007f5171806038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 163.971254][T10581] RAX: ffffffffffffffda RBX: 00007f5170bb5fa0 RCX: 00007f517098e929 [ 163.971260][T10581] RDX: 0000000004010044 RSI: 0000200000000900 RDI: 0000000000000004 [ 163.971266][T10581] RBP: 00007f5171806090 R08: 0000000000000000 R09: 0000000000000000 [ 163.971272][T10581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 163.971278][T10581] R13: 0000000000000000 R14: 00007f5170bb5fa0 R15: 00007ffcc188f0f8 [ 163.971291][T10581] [ 163.971300][T10581] block nbd2: device_create_file failed for backend! [ 164.025400][ T59] usb 9-1: new full-speed USB device number 13 using dummy_hcd [ 164.028571][ T5952] block nbd2: Receive control failed (result -32) [ 164.060389][T10589] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1543'. [ 164.065155][ T5952] block nbd2: shutting down sockets [ 164.093845][T10591] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1544'. [ 164.110679][ T5952] ================================================================== [ 164.113870][ T5952] BUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 [ 164.116169][ T5952] Write of size 4 at addr ffff88803d2dbc78 by task kworker/u33:4/5952 [ 164.120122][ T5952] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 164.121897][ T5952] CPU: 2 UID: 0 PID: 5952 Comm: kworker/u33:4 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 164.121911][ T5952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.121919][ T5952] Workqueue: nbd2-recv recv_work [ 164.121937][ T5952] Call Trace: [ 164.121941][ T5952] [ 164.121945][ T5952] dump_stack_lvl+0x116/0x1f0 [ 164.121969][ T5952] print_report+0xcd/0x680 [ 164.121984][ T5952] ? __virt_addr_valid+0x81/0x610 [ 164.121996][ T5952] ? __phys_addr+0xe8/0x180 [ 164.122008][ T5952] ? recv_work+0x694/0xa80 [ 164.122021][ T5952] kasan_report+0xe0/0x110 [ 164.122035][ T5952] ? recv_work+0x694/0xa80 [ 164.122050][ T5952] kasan_check_range+0x100/0x1b0 [ 164.122060][ T5952] recv_work+0x694/0xa80 [ 164.122076][ T5952] ? __pfx_recv_work+0x10/0x10 [ 164.122089][ T5952] ? debug_object_deactivate+0x1ec/0x3a0 [ 164.122100][ T5952] ? finish_task_switch.isra.0+0x221/0xc10 [ 164.122116][ T5952] ? rcu_is_watching+0x12/0xc0 [ 164.122130][ T5952] process_one_work+0x9cf/0x1b70 [ 164.122148][ T5952] ? __pfx_process_one_work+0x10/0x10 [ 164.122160][ T5952] ? assign_work+0x1a0/0x250 [ 164.122170][ T5952] worker_thread+0x6c8/0xf10 [ 164.122183][ T5952] ? __pfx_worker_thread+0x10/0x10 [ 164.122194][ T5952] kthread+0x3c2/0x780 [ 164.122204][ T5952] ? __pfx_kthread+0x10/0x10 [ 164.122213][ T5952] ? rcu_is_watching+0x12/0xc0 [ 164.122226][ T5952] ? __pfx_kthread+0x10/0x10 [ 164.122235][ T5952] ret_from_fork+0x5d4/0x6f0 [ 164.122250][ T5952] ? __pfx_kthread+0x10/0x10 [ 164.122259][ T5952] ret_from_fork_asm+0x1a/0x30 [ 164.122274][ T5952] [ 164.122278][ T5952] [ 164.174636][ T5952] Allocated by task 10581: [ 164.176046][ T5952] kasan_save_stack+0x33/0x60 [ 164.177829][ T5952] kasan_save_track+0x14/0x30 [ 164.179338][ T5952] __kasan_kmalloc+0xaa/0xb0 [ 164.180878][ T5952] nbd_alloc_and_init_config+0x97/0x2a0 [ 164.183007][ T5952] nbd_genl_connect+0x490/0x1c20 [ 164.184573][ T5952] genl_family_rcv_msg_doit+0x206/0x2f0 [ 164.186516][ T5952] genl_rcv_msg+0x55c/0x800 [ 164.187954][ T5952] netlink_rcv_skb+0x155/0x420 [ 164.189476][ T5952] genl_rcv+0x28/0x40 [ 164.190747][ T5952] netlink_unicast+0x53d/0x7f0 [ 164.192244][ T5952] netlink_sendmsg+0x8d1/0xdd0 [ 164.193757][ T5952] ____sys_sendmsg+0xa98/0xc70 [ 164.195242][ T5952] ___sys_sendmsg+0x134/0x1d0 [ 164.196954][ T5952] __sys_sendmsg+0x16d/0x220 [ 164.198421][ T5952] do_syscall_64+0xcd/0x4c0 [ 164.199868][ T5952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.201956][ T5952] [ 164.202957][ T5952] Freed by task 5952: [ 164.204221][ T5952] kasan_save_stack+0x33/0x60 [ 164.205719][ T5952] kasan_save_track+0x14/0x30 [ 164.207202][ T5952] kasan_save_free_info+0x3b/0x60 [ 164.209019][ T5952] __kasan_slab_free+0x51/0x70 [ 164.210539][ T5952] kfree+0x2b4/0x4d0 [ 164.211998][ T5952] nbd_config_put+0x3c1/0x750 [ 164.213521][ T5952] recv_work+0x681/0xa80 [ 164.214921][ T5952] process_one_work+0x9cf/0x1b70 [ 164.216674][ T5952] worker_thread+0x6c8/0xf10 [ 164.218155][ T5952] kthread+0x3c2/0x780 [ 164.219634][ T5952] ret_from_fork+0x5d4/0x6f0 [ 164.221138][ T5952] ret_from_fork_asm+0x1a/0x30 [ 164.222658][ T5952] [ 164.223428][ T5952] The buggy address belongs to the object at ffff88803d2dbc00 [ 164.223428][ T5952] which belongs to the cache kmalloc-256 of size 256 [ 164.227953][ T5952] The buggy address is located 120 bytes inside of [ 164.227953][ T5952] freed 256-byte region [ffff88803d2dbc00, ffff88803d2dbd00) [ 164.232192][ T5952] [ 164.232991][ T5952] The buggy address belongs to the physical page: [ 164.234996][ T5952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3d2da [ 164.237690][ T5952] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 164.240567][ T5952] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 164.242921][ T5952] page_type: f5(slab) [ 164.244397][ T5952] raw: 00fff00000000040 ffff88801b842b40 ffffea000119f580 dead000000000002 [ 164.247073][ T5952] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 164.249988][ T5952] head: 00fff00000000040 ffff88801b842b40 ffffea000119f580 dead000000000002 [ 164.252676][ T5952] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 164.255560][ T5952] head: 00fff00000000001 ffffea0000f4b681 00000000ffffffff 00000000ffffffff [ 164.258701][ T5952] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 164.261405][ T5952] page dumped because: kasan: bad access detected [ 164.263410][ T5952] page_owner tracks the page as allocated [ 164.265189][ T5952] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5360, tgid 5360 (udevd), ts 51068588014, free_ts 49800909304 [ 164.271263][ T5952] post_alloc_hook+0x1c0/0x230 [ 164.273042][ T5952] get_page_from_freelist+0x1321/0x3890 [ 164.274796][ T5952] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 164.276889][ T5952] alloc_pages_mpol+0x1fb/0x550 [ 164.278430][ T5952] new_slab+0x23b/0x330 [ 164.279744][ T5952] ___slab_alloc+0xd9c/0x1940 [ 164.281252][ T5952] __slab_alloc.constprop.0+0x56/0xb0 [ 164.282942][ T5952] __kmalloc_noprof+0x2f2/0x510 [ 164.284460][ T5952] security_inode_init_security+0x13f/0x390 [ 164.286316][ T5952] shmem_mknod+0x22e/0x450 [ 164.287720][ T5952] lookup_open.isra.0+0x11d0/0x1580 [ 164.289358][ T5952] path_openat+0x893/0x2cb0 [ 164.290805][ T5952] do_filp_open+0x20b/0x470 [ 164.292241][ T5952] do_sys_openat2+0x11b/0x1d0 [ 164.293752][ T5952] __x64_sys_openat+0x174/0x210 [ 164.295292][ T5952] do_syscall_64+0xcd/0x4c0 [ 164.296764][ T5952] page last free pid 5948 tgid 5948 stack trace: [ 164.298757][ T5952] __free_frozen_pages+0x7fe/0x1180 [ 164.300405][ T5952] qlist_free_all+0x4d/0x120 [ 164.301874][ T5952] kasan_quarantine_reduce+0x195/0x1e0 [ 164.303631][ T5952] __kasan_slab_alloc+0x69/0x90 [ 164.305177][ T5952] __kmalloc_noprof+0x1d4/0x510 [ 164.306732][ T5952] tomoyo_encode2+0x100/0x3e0 [ 164.308223][ T5952] tomoyo_encode+0x29/0x50 [ 164.309641][ T5952] tomoyo_realpath_from_path+0x18f/0x6e0 [ 164.311689][ T5952] tomoyo_path_number_perm+0x245/0x580 [ 164.313471][ T5952] security_file_ioctl+0x9b/0x240 [ 164.315066][ T5952] __x64_sys_ioctl+0xb7/0x210 [ 164.316552][ T5952] do_syscall_64+0xcd/0x4c0 [ 164.317996][ T5952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.319855][ T5952] [ 164.320636][ T5952] Memory state around the buggy address: [ 164.322399][ T5952] ffff88803d2dbb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.324907][ T5952] ffff88803d2dbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.327679][ T5952] >ffff88803d2dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.330433][ T5952] ^ [ 164.332901][ T5952] ffff88803d2dbc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.335602][ T5952] ffff88803d2dbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.338093][ T5952] ================================================================== [ 164.342026][ T5952] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 164.344488][ T5952] CPU: 2 UID: 0 PID: 5952 Comm: kworker/u33:4 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 164.348782][ T5952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.352116][ T5952] Workqueue: nbd2-recv recv_work [ 164.353706][ T5952] Call Trace: [ 164.354789][ T5952] [ 164.355740][ T5952] dump_stack_lvl+0x3d/0x1f0 [ 164.357223][ T5952] panic+0x71c/0x800 [ 164.358472][ T5952] ? __pfx_panic+0x10/0x10 [ 164.359935][ T5952] ? mark_held_locks+0x49/0x80 [ 164.361469][ T5952] ? preempt_schedule_thunk+0x16/0x30 [ 164.363192][ T5952] ? recv_work+0x694/0xa80 [ 164.364613][ T5952] ? preempt_schedule_common+0x44/0xc0 [ 164.366337][ T5952] ? check_panic_on_warn+0x1f/0xb0 [ 164.367940][ T5952] ? recv_work+0x694/0xa80 [ 164.369485][ T5952] check_panic_on_warn+0xab/0xb0 [ 164.371527][ T5952] end_report+0x107/0x170 [ 164.372950][ T5952] kasan_report+0xee/0x110 [ 164.374754][ T5952] ? recv_work+0x694/0xa80 [ 164.376174][ T5952] kasan_check_range+0x100/0x1b0 [ 164.377752][ T5952] recv_work+0x694/0xa80 [ 164.379092][ T5952] ? __pfx_recv_work+0x10/0x10 [ 164.380578][ T5952] ? debug_object_deactivate+0x1ec/0x3a0 [ 164.382347][ T5952] ? finish_task_switch.isra.0+0x221/0xc10 [ 164.384197][ T5952] ? rcu_is_watching+0x12/0xc0 [ 164.385717][ T5952] process_one_work+0x9cf/0x1b70 [ 164.387528][ T5952] ? __pfx_process_one_work+0x10/0x10 [ 164.389456][ T5952] ? assign_work+0x1a0/0x250 [ 164.390937][ T5952] worker_thread+0x6c8/0xf10 [ 164.392647][ T5952] ? __pfx_worker_thread+0x10/0x10 [ 164.394300][ T5952] kthread+0x3c2/0x780 [ 164.395596][ T5952] ? __pfx_kthread+0x10/0x10 [ 164.397065][ T5952] ? rcu_is_watching+0x12/0xc0 [ 164.398850][ T5952] ? __pfx_kthread+0x10/0x10 [ 164.400482][ T5952] ret_from_fork+0x5d4/0x6f0 [ 164.401955][ T5952] ? __pfx_kthread+0x10/0x10 [ 164.403622][ T5952] ret_from_fork_asm+0x1a/0x30 [ 164.405164][ T5952] [ 164.406820][ T5952] Kernel Offset: disabled [ 164.408411][ T5952] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:38:09 Registers: info registers vcpu 0 CPU#0 RAX=ffffea0000e8c348 RBX=0000000000000130 RCX=ffff888064bc6010 RDX=ffff888057e98000 RSI=ffffffff8219ddc0 RDI=ffffea0000ea2148 RBP=ffffea0000ea2140 RSP=ffffc9000343f6a8 R8 =0000000000000004 R9 =00000000000001fd R10=0000000000000130 R11=0000000000000001 R12=dffffc0000000000 R13=ffff888064bc6990 R14=ffffea0000ea2140 R15=0000000000000018 RIP=ffffffff8219de02 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6715000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f5171805f98 CR3=000000000e382000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000001000001 Opmask02=00000000e0000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170b85488 00007f5170b85480 00007f5170b85478 00007f5170b85450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f51716ed100 00007f5170b85440 00007f5170b85458 00007f5170b854a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170b85498 00007f5170b85490 00007f5170b85488 00007f5170b85480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=ffffc9000318f0f8 RCX=ffffc9000318f04c RDX=0000000000000000 RSI=ffffffff8de0c22b RDI=ffff888032472884 RBP=ffffc9000318f188 RSP=ffffc9000318f0f8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=00000000000115ab R12=ffffffff81a78040 R13=ffffc9000318f1b8 R14=0000000000000000 R15=ffff888032472440 RIP=ffffffff8161e40e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6815000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f2fd1ce7d60 CR3=000000000e382000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2fd11856a3 00007f2fd11856a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff58ea10b0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555582eba0ce 0000555582eb9f60 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555582eb5c18 0000555582eb5890 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0002c00302100002 b00303c010001003 1c00000040050008 00000000307a7973 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100100002800401 000000080606015c 8240808080080002 e00300100002d003 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00100002c0030210 0002b00303c01000 10031c0000004005 000800000000307a ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7973000100090000 0000317a64250002 000900000000400a 0008000000070000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000401 0a090000004c0000 0000307a79730001 0009000000070000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855befc5 RDI=ffffffff9b0c52e0 RBP=ffffffff9b0c52a0 RSP=ffffc90003f1f530 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000035393554 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0c52a0 R15=ffffffff855bef60 RIP=ffffffff855befef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6915000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f51716e7d60 CR3=000000003190e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000000001 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffd64ca14b 00007fffd64ca14b ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffd64ca650 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffd64ca650 0000003000000018 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b636f6c62205d32 35393554205b5d35 35313536302e3436 3120205b3e343c00 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6163656662205732 3533355420515735 3531353630243436 3120205134343600 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 74746120676e6973 7261702072657466 61207265766f7466 656c207365747962 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3834203130203938 2034362038642037 6620666620666620 6666203861203163 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2037632038342033 6320313020333720 6666206666203066 203130206433203e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 38343c2035302066 3020383020343220 6334206238206334 2038632039382064 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3420326320393820 6434206163203938 2038342036642039 3820383420376620 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e6f637320333730 313d6f6e69202273 66706d7476656422 3d76656420223733 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=000000000000002e RCX=ffffffff816c980b RDX=000000000000002e RSI=000000000000003f RDI=0000000000000001 RBP=0000000035587c00 RSP=ffffc90003f2f9e8 R8 =0000000000000006 R9 =ffff8880b5587c00 R10=000000000000002e R11=0000000000000001 R12=0000000000000000 R13=0000000000212100 R14=ffffea0000d56180 R15=0000000000000000 RIP=ffffffff81bc1a23 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055556b56d500 ffffffff 00c00000 GS =0000 ffff8880d6a15000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffcc188dbd8 CR3=0000000050c79000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=3a810b1eb6134bdc DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000020081 Opmask01=0000000001000001 Opmask02=00000000e0000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcc188e390 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5170a11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 47414c46585f5346 2074657365720064 656c696166202973 2528746174736c00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 47414c46585f5346 0551405640570041 40494c4443050c56 000d514451564900 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000