last executing test programs: 6.680701772s ago: executing program 3 (id=827): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)={0x14, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1, 0x0, 0x0, 0x8040}, 0x0) 6.679246468s ago: executing program 3 (id=829): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='rpm_return_int\x00', r0}, 0x18) r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200)) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100), 0x140300, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a000000000005001d"], 0x44}}, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = dup(r5) ioctl$UI_ABS_SETUP(r6, 0x401c5504, &(0x7f0000000000)={0x2f, {0x0, 0x0, 0x10000007}}) r7 = socket$inet_udp(0x2, 0x2, 0x0) close(r7) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005fff000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0092000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) splice(r3, 0x0, r7, 0x0, 0x4ffe2, 0x0) getsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000140), &(0x7f0000000180)=0xe) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 5.783111237s ago: executing program 3 (id=832): prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x1d, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b6000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 5.782937457s ago: executing program 3 (id=833): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)={0x10, 0x2b, 0x1}, 0x10}], 0x1, 0x0, 0x0, 0x8040}, 0x0) 5.774237477s ago: executing program 3 (id=835): setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000019340), 0x0, 0x0) read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r4, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) rename(&(0x7f0000000280)='./file0/../file0/file0/file0\x00', 0x0) read$FUSE(r4, &(0x7f000000e280)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r4, &(0x7f0000000180)={0x50, 0x0, r5}, 0x50) syz_fuse_handle_req(r4, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449edefba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f0addfe56d75fd66786a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dccc5a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdc8eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24ef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a00", 0x2000, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90}, 0x0, 0x0, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) 4.250482852s ago: executing program 1 (id=853): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_MODIFY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20008884}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) symlink(0x0, &(0x7f0000000000)='./file0\x00') write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x52) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYBLOB=',wfdVo=', @ANYRESHEX, @ANYBLOB=',noextend,\x00', @ANYRESHEX]) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x80000) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000066715e1900000000", @ANYRES32=0x1, @ANYBLOB="0400"/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000020000000000000000000000000080000000050000000000"], 0x48) syz_clone3(&(0x7f0000000000)={0x2c3108400, 0x0, 0x0, 0x0, {0x91}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000380), 0xc1100, 0x0) sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000c40)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB], 0x3c}}, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x84, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffeb4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r4, 0x40047459, &(0x7f0000000100)=0xa70410b) 4.13907519s ago: executing program 1 (id=855): socket$inet_udp(0x2, 0x2, 0x0) userfaultfd(0x1) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x260942, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, 0x0) pwritev(r1, &(0x7f00000001c0)=[{&(0x7f00000004c0)="00214717a70700000000030600710a5e31163ceb9d04712000000005000000182ce0ab6d000041a15be2d9d13cd1cb0c238e61cfd6a5d7cd0eaa50e027db032ddbfe85e53b87eb950a45000000000000", 0x50}], 0x1, 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x9, 0x8, 0x0, "e9"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x60}, 0x1, 0x7}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r5) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r6 = inotify_init1(0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f0000000140)={0x0, 0x0}) r8 = syz_open_procfs(r7, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000180)=0x2000000) 2.828215613s ago: executing program 0 (id=861): mkdirat(0xffffffffffffff9c, &(0x7f0000004380)='./file0\x00', 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_open_dev$MSR(&(0x7f0000000200), 0x8, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000200), 0x8, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) syz_emit_ethernet(0x86, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x3, 0x2, 0x0, 0x0, {0x0, 0x6, "d80002", 0x0, 0x11, 0x0, @private1, @mcast2, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x2f}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) mount$cgroup(0x0, &(0x7f0000004a80)='./file0\x00', &(0x7f0000004ac0), 0x800000, &(0x7f0000000080)={[{@none}]}) 2.771014642s ago: executing program 0 (id=862): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780"], 0x6c}}, 0x0) (fail_nth: 2) 2.682553162s ago: executing program 0 (id=863): socket(0x0, 0x4, 0x7) add_key$user(0x0, &(0x7f0000000000), 0x0, 0x0, 0xfffffffffffffffe) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) socket$nl_rdma(0x10, 0x3, 0x14) syz_emit_vhci(0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x100010, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00'}) syz_emit_vhci(&(0x7f0000000880)=ANY=[@ANYBLOB], 0xd) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="030f0404000000000000001620"], 0x7) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x8}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, 0x0) ioctl$sock_netdev_private(r0, 0x89f9, &(0x7f0000000080)="9e0e7b6d00") r2 = openat$vcsu(0xffffff9c, &(0x7f0000001780), 0x200400, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0xffffffff, 0x0, 0x0, [{}, {0x91}, {0x0, 0xfc}, {}, {0x0, 0x0, 0x80}, {}, {}, {0xfc, 0x0, 0x80}, {}, {0x0, 0x1, 0x1e}, {0x0, 0x0, 0x0, '\x00', 0x40}, {}, {0x0, 0xff}, {0x9}, {0x0, 0xfe}, {0x0, 0x4}, {0x0, 0x18}, {0x80, 0x7}, {0x8}, {}, {0x0, 0x4, 0x0, '\x00', 0x4}]}}) 2.530870658s ago: executing program 0 (id=864): r0 = socket$inet6(0xa, 0x6, 0x0) listen(r0, 0x101) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, 0x0) creat(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)=ANY=[]) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) connect$bt_sco(r1, 0x0, 0x0) 2.483380524s ago: executing program 0 (id=865): r0 = add_key$user(&(0x7f0000000240), &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000200)="1d", 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000000740)="69bf05d40ff7e03db3ddca537c6c5612321b25d32064e9ed643d462211406432e87c4d40383939ab8276bfc0294ba021d1ccf9b6b32d1b6c9e8c9737ca2d08305301693ef20a414ca24bed3736d182271d197fc2146a9f55070f3f31155b9081ecbd0fcc0296c88eac143394a776955e8a075194717757c9e085976cac66fd4c5bc83183df2db8205863d7f803e302420e7fc5315861803024f921932a49a4283f6a7d8ab2cbd629e984582467fd6ca63598d554677517903644dc2ef01f8dec", 0xc0, 0xffffffffffffffff) r2 = socket$rds(0x15, 0x5, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000800)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) setsockopt$inet_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4) sendmmsg$inet(r3, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r3, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x0, 0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x105, 0x40001032, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) ptrace(0x10, r4) r5 = socket$packet(0x11, 0x2, 0x300) ptrace(0x8, r4) io_submit(0x0, 0x0, 0x0) rt_tgsigqueueinfo(r4, 0xffffffffffffffff, 0x7, &(0x7f0000000580)={0x5, 0x735, 0x7}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000640)={0x0, r3}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x10, &(0x7f0000000ac0)=ANY=[@ANYRES16=r5, @ANYBLOB="e5f2eb8b0c639340df177edb2e5b1eacd07ade40086501187a39fe124624fab3ed8eb3ba9a382cd3da6e796a56f35e3a883b366b1c3cf3667b1795ef9d6752256fa275b0a71cc23ec4a37a99e671e3fdf7058ea9e4771bc39127afc70526b2651b8ea2d26206d52dda9f33d0251264d4bb", @ANYBLOB="0000000000000000b70200000300000085000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7", @ANYRES8=r1, @ANYRES8=r0, @ANYBLOB="e03c4cb5824960ac8e7263a1a850a1121fb34cb9ca834ea1b7c33c8ee74c24083f2b1df1ca7374f86759a8f1da030cc1e45d17e1fb3fd4b8f624fe3b9f1d0deb25d53c1d1679401329dbe9e83f949e118dd9218bf81af358702434", @ANYRES64=r3], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) utime(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)={0x9, 0x3}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 2.140266585s ago: executing program 1 (id=867): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="130000001800dd8d000000000000000002000000ff"], 0x1c}}, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'wlan1\x00', {0x2, 0x4e22, @rand_addr=0x64010102}}) mount$9p_fd(0x0, &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none}, 0x8) shutdown(0xffffffffffffffff, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f00000004c0)=""/68, 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000018000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000088000000060a010400000000000000000100000008000b4000000000600004802c0001800c000100636f756e746572001c0002800c00014000000000000000000c0002400000000000000076240001800b0001007470726f7879000014000280080002400000000008000140000000b30c00018007000100727400000900010073797a30"], 0xfc}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[@ANYRESHEX=r2], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r5, 0x18000000000002a0, 0x10, 0x0, &(0x7f0000000000)="5aee41dea43e63a3f75e64fb7ff20700", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/73, 0x0}) r6 = openat$snapshot(0xffffff9c, &(0x7f0000002080), 0x0, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r6, 0x3302) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1) 1.350595717s ago: executing program 2 (id=868): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) recvfrom(0xffffffffffffffff, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) write$UHID_GET_REPORT_REPLY(0xffffffffffffffff, &(0x7f00000000c0)={0xa, {0x0, 0x3}}, 0xa) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmsg$AUDIT_ADD_RULE(r1, 0x0, 0x4000041) sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) (fail_nth: 2) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="02c90012000e000500"], 0x17) r3 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r3, 0xc0585609, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r1) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(0x0, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0xd0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000280)={'wlan1\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 1.349479991s ago: executing program 3 (id=837): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0x2}, 0x10}}, 0x0) (fail_nth: 2) 1.226800998s ago: executing program 0 (id=869): r0 = syz_open_dev$video(&(0x7f0000000000), 0x40002338, 0x2000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0) write$vga_arbiter(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='lock io'], 0xc) r2 = epoll_create(0xb398) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000140)={0x10000000}) write$vga_arbiter(r1, &(0x7f0000000280)=ANY=[@ANYBLOB='unlock io'], 0xe) ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f00000000c0)={0x0, 0xa, 0x4, 0x71000, 0x1, {0x77359400}, {0x3, 0x1, 0xf3, 0x1, 0x9, 0x7, "e16f6d8d"}, 0x7, 0x4, {}, 0xffffffff}) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b64, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc600400037a0a601a00070282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0) r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lblcr\x00'}, 0x2c) keyctl$search(0xa, r4, &(0x7f0000000200)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, r4) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r7 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r7, 0xc0585605, &(0x7f0000000040)={0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x9, 0xd, 0x1, 0xa3e2fa656b48a287}}) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r8, 0x84, 0x12, &(0x7f0000000080)=0x1, 0x4) r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="9201000000000040fcffffffffffffff00010902240001000000000904000001030000000921000000012207000905810300c65a0000"], 0x0) syz_usb_control_io$hid(r9, 0x0, 0x0) syz_usb_control_io(r9, &(0x7f0000000200)={0x18, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r8, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r8, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) writev(r8, &(0x7f0000000540), 0x0) r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='task\x00') 1.139889209s ago: executing program 1 (id=870): socket(0x2a, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$vim2m(0x0, 0x0, 0x2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x0) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000007bc0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_PMKSA(r1, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) openat$sequencer(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$key(0xf, 0x3, 0x2) socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="0c0001"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x24000014) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 1.139339474s ago: executing program 2 (id=871): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYRES16=r2, @ANYRES32=r2, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8000011}, 0x0) r3 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/53, 0x35}, {&(0x7f0000006180)=""/137, 0x89}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/91, 0x5b}], 0x1, 0x0) r4 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$isdn(r4, &(0x7f0000000280)={0x22, 0x9, 0x9, 0x0, 0x1}, 0x6) lseek(r4, 0x851, 0xf5ff) ptrace(0x4206, 0x0) prctl$PR_SET_THP_DISABLE(0x42, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000000c0)={'veth1_to_team\x00', &(0x7f0000000480)=@ethtool_per_queue_op={0x4b, 0xe, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xa8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8001, 0x3]}}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dmmidi(&(0x7f0000000200), 0x2, 0x0) syz_open_dev$cec(0x0, 0x0, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write$binfmt_script(r5, &(0x7f00000000c0)={'#! ', './file0'}, 0xf000) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="28000e00800000000802110000010802110000010802110000000000000000000000000064000000080026006c09000008000c006400000008000d"], 0x5c}}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000cc0)}], 0x1) r6 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r6, 0x40045702, &(0x7f0000000000)) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000500000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008bd6000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='jbd2_handle_stats\x00', r8}, 0x10) r9 = syz_open_procfs(0x0, &(0x7f0000000180)='net/raw6\x00') fchdir(r9) 239.16863ms ago: executing program 2 (id=872): r0 = syz_open_dev$vim2m(&(0x7f0000000440), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x4}) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405668, &(0x7f0000000100)={0x1, 0x3, 0x2}) 238.892767ms ago: executing program 1 (id=873): r0 = syz_open_dev$vim2m(&(0x7f0000000440), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x4}) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405668, &(0x7f0000000100)={0x1, 0x3, 0x2}) (fail_nth: 2) 236.412735ms ago: executing program 2 (id=874): openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x98}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000000)='ro\x00', 0x0, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000580)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f00000000c0)={0x9, "f2942c0a261a118844"}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x80}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = inotify_init1(0x0) inotify_add_watch(r4, &(0x7f0000000280)='.\x00', 0x5200042c) mknod(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) r6 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) sendmsg$NL80211_CMD_FLUSH_PMKSA(r5, &(0x7f0000000a80)={&(0x7f0000000980), 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00f825bd7000fbdbdf251762e6b3"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4000) ftruncate(r7, 0x2000009) sendfile(r6, r7, 0x0, 0x6) r8 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) vmsplice(r8, &(0x7f0000000940)=[{&(0x7f0000000680)="e6d3ede3b5a568ffc81e4d584832ff026cf9f047766e745c8103bfc3bc829309bc0439e8ffdaa8ed7e3cf50811d57851ae6c3caa282ab7aab673fd14e46d630f81da67fd5ff08072d66e11fbaea86182d4d5c9d4fd77c19e6b055af3c5ce5df82a89c69698", 0x65}, {&(0x7f0000000700)="543399bb89e971f9d0b19d8640feb3b905a6aabe54d00c5b3e080e616f3fff165fddf4b75f5ce580ac2cd9f185f227ce413395449bba2e0425c2b739bd2633d6376e0b292c600be8a010e8222740f9a0af08a71960dd1ec972828b9b9b6fe683a03a6b49fe29a19a43c4b1a0aaccba07b457862dcaf755de30c8183750135d4e1eac22c086ae1a8c01fe2b63b55f462d3437c735eafa987b18c8c0174c8453381f5a355eae1f85ced91fc9fe93db4a93305f95d9df919a1c837c19980876dedd441b8fcf53a415876b017320809eca586e8a5df4729bd64825fa8eaf90045e8f90b6196108c58cf2a58e14771fd0dc03b500aa1c247119", 0xf7}, {&(0x7f00000008c0)="363607308667993354edcb2e4f9b3fcd9c7a07c0128dfc62110052a9cffda5c74286a3007657f8d8bc3656159e59b44db344a22d66abfef32581875f608498107f26d1788adb4570162b2f998de63d", 0x4f}], 0x3, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x54, 0x0, &(0x7f00000003c0)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000340)={@fda={0x66646185, 0x8, 0x1, 0x26}, @ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/83, 0x53, 0x2, 0x34}, @ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/124, 0x7c, 0x1, 0x28}}, &(0x7f0000000240)={0x0, 0x20, 0x48}}, 0xb68c134f756f2269}, @decrefs={0x40046307, 0x1}], 0x79, 0x0, &(0x7f0000000600)="77cc53b3a63f9547b64be09cc4b53e8cea0f4e12e07c89022bd026ab3aa86940670b9fbb75e71873e2940dd85435a2ae960fcf0c88cc13e3c162e941fee121272478a61b7bac0a38696bdcc88f5aa7e0b565da17a2a32f23cdf0a660054f7dc7000a3102f9abed1243953cbca342651561586cec7cec87336b"}) r9 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000001c0)={0x0, 0xae9, &(0x7f0000000240), 0x0}) ioctl$KVM_RUN(r9, 0xae80, 0x0) 139.955421ms ago: executing program 1 (id=875): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r1, 0x400443c8, 0x20000002) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_tcp_buf(r3, 0x6, 0x58, &(0x7f00000007c0)=""/4096, &(0x7f0000000040)=0x1000) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004000)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x4}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x10000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xb}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_ROLE={0x8, 0x4, 0x2}]}}}]}, 0x38}}, 0x0) read$FUSE(r5, &(0x7f00000077c0)={0x2020, 0x0, 0x0}, 0x2020) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_handle_req(r5, &(0x7f0000004140)="c4cbdcb161144db21d240ce493c386117138ab789dc80e4157081dddbebf2fa9cf5a218707cf9f40c33cd811c5aee19e05c5697b2c5c538dd8691aa6ed60b2daf8a25db53f03d9ac183f53ce49488913b0fa326c4922137bdc9d87ededdf17a7eca426a1dfba925f4b49b7768d5d997244ff460cf9623602324fa7a3b1e61856df902832bfca938bbec09e63f845d110cc88e11002f41e4bc7d0004e4afd086d784f89f4b84dfce621b845db8590ccc04358f72ccdeee7d0926999d4eea2d18170f156a39b6cfa72968114f29ff156555c14815e53ff1663a062513d470b374ddc70bea32a37723d7f0abd324820561c2904375319f2e25ca3659f9754aced8b4940afafde6a62e3e4dcd61837a9aa47e4c5ce14ca3f54f46fc4726dcc4eecc47cc68099cda31a9cfcfe77585b2cc783c96d7ebd5b3335fb12eee05fe117497c13a361dfa0a5588340d28ae52f8e35b1a5c8f56b1d49a0f857f267bef12da134787ad03ff4db32b7c21e409c65becbc2feafbe06ac1426340b6b1385c753ad902099c6fd8bdac4170daa9729535661197e7a960cbe0bb36bef2a954a7b20306dca5582d3500bb9cf8322a447c2b1e886ef92748a4d7674ed598438764f376858da9ec9eb13e7691b080a01ee9d6065d39a9cc5b9dbb6dac04408be74866c5dbf411eac41dbdf5a47c9dbf68284aed34812834007e489569ce1f9c81e59cd6f96eef38ca847eee428d0d61c762a3ed2cd601814d110c24edd7295d3efb192685dd4260a3dd04ef44566b455a180d433d0d0966a440803c15aafff16482b3dfb1333564276310da8f67d58715f6216bbf340df7f1341b4f30aa165de6f78f3154722dd746e09e557e1505f0f457db05d4a04d29b5746c47b737bfff7516113a069c8c31839320968b30d7486b97327058888c3f77c3d8eb4702f4dfd66729bdf74c978ac0255e01f2e478cb182385a37d8596f7b23b30a9d191bccd91ad41f4a5acaeed98083b0ac7720a82cdc50008ff9b6982fb3febd9a61d25dfcb2d4b5b74463c3ce85846f419980e36bb7b9577d2947222faf36fa2b2218c929407f8d1c4c979b77f854e170775526d44daf268db2eee5205a972ebe76916aaa0a18fbbf43bfb7bbaf3e0b35e45e878872e108e7c47255845e3ce7b294a8b8f29dacb8210f408e3a947c7a4041656d325e68815a24176aa95c68146a4c5c1cf0c50c4fa10534ef8e5d7da498d8e7777e1618223bf90cf1f13ead5ed9c6a6c2cddb946974d910846b69fa60607871f258537d29976ad64781746d68047ba1edd367d1bca3192ceaa397229512f543b9322df5a74d853dbfe4ca4cf5d97621af4ba3b0d98faf522aaf70ffe5c260385b683fd9a0e2490a89f58594aae4b8e3332ef330fe90b0927d96ba8ec3d4a80c6a86500936ce35bff9cf8d9138da31c3152ee6d7eac5477fc9f67fbbf0c9ae45bc10ebf168140bde0b26c56fc9cfc9fb8d9c2384177e6751b8d03441014ac7819258486a7dce5adf8571976619cb79ec1cfb0edf3fc728e31f975f3d972e7b6f9e3a774c8001339381961e1ed216213a2d8c8b2bd7174917a413f14a4c3c3b2278921a04de1d021d48c19f20cb810a6eba672fa980800f20172ec18da1a3407bfc634eafc73945707ac9736cbcba1077883b8391783dcbc019bdb282165e81d3134c367e8db0e4f9abfde44c15a0b35b2228ab210aee6f62b22deeafa3d72ad530f4c8540d239382ee81f5357a583d602facca537a09aa0c23c3288ffd5df12d69eda21b3586197389f9d349423404f60ad0f8ece9aa98ae6cfc246eb06622be759866410ec31eb7fbeda98a5809e47a1fd7e50b3cc2dffab78baa751b40ef72276aec2314103400816ccff1dc631c257e452dfd22c2321dae0af606a8b24b5d58d4b5665c680f4b12cfcd5968b9464599deba0468cc98cf0a7aeaff8e496b480f7b3bb2b88a062e38ffab1f09c3cea5cd82aa15c321dcbad9f800aa55b0df92f62d48389045f264a4756aa83f364cf86d991006d0d77ad3aa0f45eeacfd1f7ea9e6a404ec9c55366a7626c7ec62ba9ec3d858851f92e4d488097b88e5ed882bd93941cd5c04fa6054f1db4c896a7deca30c8831c9e73318ee577c5695f3ca30b8832af4ebe4e0f28e9730909378ffde01d1bf5ebe4fb20316211b695b3877be2838c6a0396ee8589336481a482688d209184840d1be1548676cec8e4db94140e35eb185ee86cc68f03d20545ad32323a11b9aeab4c4a2b2963cfa92c6846f87abce4e63cc57822ced3c9b2ee1d976608c3eaba02ba4e8d941928abe2216fe035685d0221974aaa4f5d0e9b3cf5845f9e432ff523020dbbfff6c41ad69d04460fe15ed28e41d01622b705e1a75cf9dfc8e050c87ffb92812fb03b302d7bba5eb33e4e59007046afb69c92d1705ce384d0a35127c1c35b4f94a5bc0730328843331dedd36a321b02d952829470af05b439308e2c14e6c25128f157e7df0c9e57950f1bc506b0e58aee162c43911a66a526c3c14a232b6a5faaf411946ef154c122b374f4c0fa3495e01fb6e31090f9399e6d459d18ea8d19a8681e6ecf172fcb8c6d26c5663654104ca5ca167e68b1971edaeb22b8f9993f02c18cc1eb24c018d114336d071cd372cab69853dc6ca7a7958a4ba380e6506ee2912ab4b950397ecf9f280ba634a5ce4c6eb1de3c707911ddb3c910de5f86f62309f4505f4beca6d63d156146265205c2cce5e1d1086f6c2a62b130feb173bb06c217706cdc02cf5d0436b69f00f043be1c95d1bbb1e013fcaede94d5ca0d3757654c8bc60701747c845e7cb062364ecf9f57bc936d1cd52b5dcf4a05780db892596d27ef7e9825270db40720741d0c987fabebeb33cc2521261f88c27e6e102be27507136312413391040013f87ed0f70d50806a8aab310eb83bd6edff377d2687d83531e923a6cd228a2b6d68909258b62cd6f566f5f9fc54f04353e977d2f5c46b3375ab1bcd2f417a39d0f708b21875ca86096b12b025ed1a2f41f24d14e4ec7d3e0753e88a3b21e44f3a6f6bd9924722cf4721dd5a104423351787993c350b3796b9c0848757c8cc17f93b2615f9f50f3a0d918e26b88fdbc0ad90517b799266124a2800ea191f58fe0676d4328ec085058e04321b8347be4970ed9e846ce6b877f32ba2257c49a1002c20744c8455f089714a66afb7ac89818ece2e363583aa3e59a7b32cc67a204d8be59e207fa83b0474e95e510577d63402b2f53cccd3bfc967a5927f537f8f1009192e24bcbec3e553f6f7e2e494b8d5d36f481376b31480b2e2ddde4eec8b960908f200dfa92c48d437ad5ce75b4e9f022fb9b993a0adfbd393ce8b09181a06f4397455f92207fc4ddc503280e08bad554b56b3b62a0a29875e3c45639ad1db1986983d349bdf8ddef08d76f780cf0d39c7791441a0a5e1d676ed59c73719996b6ba7d5d20f21a60f6b67935242eb8511926a28d776c6fa5ecdaa5f3afbecd2dd81132c3201e6328ef1dfa66464c2d9d456d5b6d3a9854e55c77301babb43547e16abdae31ec4e4f87c4d8fd9355a8f6fa316974688b64fd56df13cecdd0dcfa7d0d3f0f32b657b46c903ed9f77bb1f0f0f9094f29728a7e087a8ab554c3e7534f306b35962a57b8b47b98f1e320464ea0640858a094a89fc657b64774301794819ae07a2de7fb7fddfc7f92c0e26911e16c1945a3cc11bc77c6cd46a9b627f132f3c42393f9c892f9fc8ffb11890ec856259a0486e391b6f601d93c394f09fa5c41c5db116aa64b4229f3afd9f61cfda50f3ceb50cd10176f2a75a9971ac2c65ca69c1da6e77ab58dc60e9aec77a7d72e34ead9a4d3297511b2886e4dc7ccc8c2a44829e920cc055717dc03c551b3ed52aa5f818af4ffd96677c1ac848b40d494030680df668dc6023118345dde06aec1752d0d62ab57eb58cf3a558a55d53ca85c9009c55b2b3e15394a9bcb89dbb60095c4d83693dbfa347a32cfce875c195d3421f65779cb6ac22a33be31395af52c38763aa01daa8973d7d25c8cf4230855e52d4db8a82cbd453052300f0c49037665fe39b4d0cc95fb10c8e735c5bb276bc37414c954145f515dd624c30cf6522186c0925f909042eb21f2c6f403899f5a387166f0c539d12675302288c6ac40eede78300d5a76d5781f0ee2789357ac8dc51c367d145b549245f9ea5e810ae5c1f840d72785a5b4f176769f1c8ce6eb6f74947cf92498073a15db9677079d207d2ddfaaca8cb842e91b6d16b1e2034b57d57da83e82d1efe13ee739b8755edc4b2548218b3e84f435d8ce8ca6f675bd693ed34eff7c0b4da2d1055e8442a7ee634ae9087634011718ba2dfa5999b7b4c73358e5f699bcca172fe0791bfc24a286b9a15c8eab5e27e2f245de7367803c60eae7a726ef6d314e4bd466b235ea1e39bf5995d91da6839c59fe2001ec07c610b57530f00c84392639e9c062e6b6ac2074129d8754d21dd9dc132be8ab6046828cbb56bcb64845bd8313d6e73a512903639111fb9964ff28dcbca5539f5a2edbcf58a61808d954d1f7b2cfc4e1a53819a60bc0038ed1d21a5f8ba2a085723dd9861cd4d1f0189fb0817287282a553d1009781a608bdb8f09135114e58102f9614209f01571d8fb6bdccb460dcde0a85a93c0cd764e99401a57e77f537b3bbb83e843ef0905f311ba4373ba034dcea3f25318772129f11c002a405226500a6993ab73d328433a592ff4bef24b0d87095e26b4e2d9f5722242d9dc65045bd0b8a58d3a80c31b726159fb26a3bd7a1642b18ef749527ddbc50188a15fbb8771927acac91ff1055bbbbce7f4caaadda2075cd58eabc4cc06b9b35909b847beff14e0426a691652be94480c9b446442a08d7ff9c65c74663fbb1c90e0a0ca0a42a70e30b14aba2756aa307b0dccb19ca3d193d9090d76e49ed46599dee794800810fc8dbbd51418ed2330f1844faf97d894c39a187b64613304c0a247668ab2c9b076826f68e0995c01043935dadb92c1f1d7da73164a8c46501b79be43da647a6d6e76c93ee2d1a32b85134146015e61fdb4c4c06b74aeb9e58831e38f47ea383d1786d0129cba302c32dbc1b75ac370889673563e60e18523749c0a70d54f58dfdfdbcff265aae45460291294da62381cdeeeafc5be470fa7392787cd9932377f8085dcf7c55ecb7d9706e725a26375d4dd64d23f54f31c7376e9e14e646191693ab4ba844580961ee893d225b56b6086cd819ff9157579a1878deb0eace57f007866a1ec4be1988e07f1f692d5b5287c6668c68a6761abf2032f9b0fb8b863b487090afa19fb1ec50e4f5a41ce4a2c29840e2a4229e735c7ff431c6cfa10de5a207ef1d531aca6f188d4782fa0dcdccd1307946a01449885dec0de887a36c09dc130808b1e24e11748cd4883247f9d93147936cdccb3a4bd8a10b5e2cb749b3b84d098915b8d4d6966fab80bb99c2749468fa1309d7749393f83f0a6385dbdd2ca9f646baf38dcf00040e3183db5f7b2729fa94541feebfeab48a96610161dbc0521ddb8cab259caebade28a1a68d62ad399fcfe20b77bcca8d7590d75accc097f5138fb828e4c4c6835db2d5bec6bef90ee97937ab8a3d8f8c4f9d680852406140802621588d6d39dae30a889c227318e6faff46a27a69917a850b21a4647a3463088b78fc21c68daf8fa46ec5bc0bf8915b4cec620b4d11e1707a100ce5f0d6cef784195e87c7dd39a8781af9b9e5d54e7da653b7168c38268744339e383ebfec4524f9258eec901ec8c90251d075476ca3df770bdf946b127b5dd042c909920cf4f4be5b9d7d4ae0f606579a3085ed59c4cfcf38f910e0cae6043be834c9dcbb6f881c9fa794d73755ecb39f94e95ac3eb5aff8f689f76abf83bd7cb82265293cdd8b17e42a7011ed8faac47213d180c58c52668498e1fbce3d297552a6edb0a3ab99b851e4ada7698eb3d1e534637cd58f98dc07b2c1e873a5b07cb3cb4acb5fe1fc3e5f0d04020a59d439b9a202f5c3cdc1aa243010fa247bcadbc141a8b66b67755236a53da0fecdf215901b2507196fdcabac359251bb475ea77ec5fb74449afa4e5c3f9d65f03cbc0d61542c8f0be88eb70e8a030bbfa934672e9c16c3f5d42647d3006fb478fb49f8625fea53c44fb9b03d4af2f99dfb454888d28e5e81c457f38e8207950c698328315614a84b1279331a81d617cb7b5a7658fe28dcc6717ea9998019e284dd01209a505fa55f20fac56280580e51fed801fa970fc52dc9d4d3d90dd2c5b242a73d1a4b37df6009aa3fbba1b581c7cf5a1e60ad97a21956e8dfb4eeffdbb4daf6c69c9ced7d52d44911028a23319810c6108eb8ff02e0413fd1b8f8b201cb8be36674663dea74a522fb295eb94dab716aea5776a724d27b987404ef1bbeddaf9533b1eb1541b369882dcd024d15f90b429fe2999a763f14f26bf7f89ec72de9a24b136e55ea0bd714b2f23537625ec7bd4232676834916efd168de127b13c6832f68f602a8672e93e4dee6c1718052b16904005a61adb7cde7bcca525eaf3e3e8a009475ba3124f8b77a760a01e9dad6951873ec203208da761b09854719f4d2af514b55210b72cadef125d028257c717e4a4854e24f7afb252b42c81449be223f6084f0eda03253a91cd20bff97a9047d4cdb46c072eacee64169050c4e12d49fe26be8234ee164a7771c2faad3cf8987a123a67a376d39e448a50fd998f6349c05f24653db88f39355bb063728489089b89d98f7ac800bc06259a70a6dc5635dcfd29f76cb024e21c0ce6ebeafb0624e8d99f9bb8ed4c21d9117baab7a3addd28d445157005d8f0fa1db9e1116dde6656165d39b5cb081674bff73842bb330077e4345d2b02531822479edc4b2d0743f338381796ede83b75f22c0d15e5f840a6ab650cbf8ab8278bb15ff7e131528a676504bb9f3d0c9ee8b645c5915b5abbcaa6b4cdceecaf44b6ecb3a3141ad3b559922b7948e4dd7380ef82117b7ea1bf79448fd81273b15ff09da6251e40e02aabc897ad8f9e5a18c913d4b6cb63fdb8782ae25cb819a7df09e5eda71c403ca3a2fd4f9b48a66cbfe4f88ba57f8b3d1932ca72e0c7c4709900c4e25e4f97676544576ee992078d6213422d7515b52cc722e7c0b8f084723f78a8db1b37763774958995cb10c39804960a0cc29fc4f2ccc084c61ded8d375d246435ac42c76abe6be1d448f5b144a9a9f2d0baad9c5044dabd5447ae5aed033fd27844e4b3251d57ed8b582fa79ac71d11635cb9fbc23af5df4d7acaff76150977404106212897224046db4cd37c231f844f2724cad49d9dd5bbeec77752bf901deea72458189ded320fe95f3ce9c6d1981365e07c4dca44babcb1ec31232b62ed079a16a69432ff7eeaaab48f522c2c96c2911901298134f2233bbfde2ad1c029b4f35379cc4f3fb7ede67d45c1098fa23a5e476a6a32b757505f5274535cd241fb0dfd46a222bdb71896d87676c34e2d4627f931ba5e6e936648edb8411f2f340227efa5fc0095d653c7e79c73d65608f99ffd64c0369a540bc9ba270d10765905b9fe985d6cdffbec6993c12b7be87462ce3ba5112b1d8f46110184eb7a055a55423f37a4ebcdb44dce0fae17f429d9421f203ae9011b80e5f8095489b7d403fc4d57c01fab13957a0667172150268421f7e5b4fe516c6855b6e124c47641d866609403312bb4fb0f70bacf8dc77f8756306357598f81228f3aebb2550b0d70755f92e7c040027cd1529fd46d981e8efb1c800ee73bdd658ba9346db6dedd8b8da3c36c8c90e738aec379cc7c128806ee454eae3597f5f385bbd22c8977f543454e781b1fc4c4e2d198442fe8d44c5452778c9e061b664c902b0a89d66760f5526467da5c65260540f5e747d10a3204eace8aed5e752b78330ce08f7b7cbb43b016e03a076233eaef546f27e6f10801fe84453cb1903652dbb32d045a2c40cbd2b266a30a56838c79d9198ee7ffbd32cf6bf76bfec7d28e6d3d5282ee909c04f57a9658ae7f8bb04cf6bba2591fc2e0c59c12498de02fd9b268939e7445b45c3163bf4f726a3241b04b6726cd6d69119213fde4480be90843bdcba7d2cc99f8cc3ae48875b17d0d7bbfe2867a721d70cd2e5a5521b62050f69b5215e977105ed0013ea8a60a7b2340d77db090d5622db2b26e98092a65a227753bcc8c0d2f76ad139e674b23ca05dce4f8bcf25b0f08a926cbc5e5637e8194bdca685a4ac253ee691d20d0069a50f645ba5cb502fe23866c66905b90584a4000d311199134e7f73e47573d9e2c185fb051a2980b1ef5a2f8804a6cbfba834941c8c384b832030ffccbe75e6f484ee9b32aa4c7a85986f2cce3200178e9e9d566915bad1733bf5abf11f46c949e265554d9c658459995a4f3de568e49d39679071dc9b2cf78c79ac3356fb56ddc1b42462abe1a5db9162b6d09d17a90f97853b1d053a0d2c7bf54d14aa2d015bf36d7536ce29bfca6dc18ed74cd8a9032630685146b3d4f751abd24ef7a00344b9b565eb2736610fc3156b5b63cfa1372d1da21fc4127d1adc98e47b69fc3be257412e144c8930c9586a7106af8f7cd455a3fc8974dc7ffcb85683c0d8b06e7e050d43491370178d9bd706e77055cae6b26fa2bb2713a938d8bc749d8f22042c9060eb9cd5023a197222d46ec7cef3291b1d331ddda198e4e64441b13a00f31a28b1c8e71b197d00d857a9b9ad203c4bbd97af33c000b289daceb59a64086287e2adebdad6266e01c1d8de5ac6f69970dd13236e45542148949ac842ee6b9c133c3ebe92e04babad0774be000e600ecbfb7cf704b85eb5a288bc991111327fd1c73526c40b8525d05972a4c3d4969a2a32d742ad55b7338019c56ae45234d16407f59c1276d8aff303bb6d06e7c5b300efe03eafc27b81a6d2d95150428a62c54221d4148c9af90e340dc8b2bfeabacc66932dd8917952d0461c08b99e0a974dac119214e12c0e46f98b3c2912f412637d7eb26497baf11d7a9bfae171e0fd7d2acfe78dc43479dc0403e35e1e21d86e4f17c49855a5e53184536ccae379fb9376e96cbedcf362997f88b0fe0f8048eb23749e7f7ccfb5a24fbee98bc6bd99e15b21e3450f2020a4b241852ea02d1df72be2bb2cfc7f49ac8145bd53de90d96af6c8284d87c61610a2b422ccf9aa674457d05b4acb3bdedbedf7317c75e55483ba86bf914132e44e11a58acb2138c10e6f2d9e3c7eecf851c60563c40a9de08c9f9814ef02ea00ccea68f3504d36c21adba86778bd93d03c6cbffeb4024e9374c50452ea917847131989a9ee67fb8a0a5a7d4ed95e89c77503812272dfb146be39ebc9ec025133c091c4e35592470dbd7e0462e8d8b6135fe2dbda23d92648dc18e359e99b08cab432d5f75eb113282a9accefab90315f4674f87f5d5a5a043faf7d3c0111866f3d9c055a1c4a504e51477362d19b5cf01aeff34999be7e0e4de876bdb1ef845d5189469669e181a45c410ddd1a68b868f95126ef1440b459be68078f903f3688cbdf55a48512c1c9f48839e605ef20bafc64f4655ccdfcc4900620b76654484ca72397b0ee9cb231121b59ca8fa203cccf0cc74ffed393b0a3bc5af87462dcfeca3aa4503acaa41ebdafb2f65a333422a567a2bbd1cbe95a0e498a3b57b46940e7b12abffd24010a9ee1cc090b39471adfdfa29abb10d7dd513f71314a6e745a20e7a854f71979eb79857c892f9335d14d860cb9458a73ab15a31a26e9c188b9171b5fd2c1f98c3728bc57832c552caf9d8d842649e913e86a4c6ee16c36994f83543dab2f3815267ac2cd45dd7a7456b559a4cef816d19dfa62e99853fd99a3f9a62c1c5c8dc0e18bbcaaeb556ce0a1c7ed7438185adf0ecf1c288b914ed2846d0d44850d362912a8d62c9fd53614681d1f3c10880f1e6540ede4f8c2f941ba2a7515e274ed06e7f8049490342609ea8c561d2377ac26939c340eaec9afc2a88f0091e5f02be18aec967787e4f3bc79700ff7f82edba40f1575c7f07e204944d5598a7fb58c232db1de94c4f68383353eeef2a735d28884b515a16d5a4e1d853c756a7dbbe3e1e63c8eddbdb03766d620265b7c5f94f9f67b11aa5b8c09a3f2bba6895cf68c5c8e76be1a82d48d91b525d70a13d5009cf0fc3d1f421494ac3fc91737629e35732e42e79b483ff60e0e431476b07ae07ec350569cb9482ebe34f88a4cfa613f149f1c0ed5c2710a00f996d5805ff582d6ad0a6f0684765e3794e4add4d2e92b72f9998c0bc42bd2ae28f9657c91ef573a58c216023db16ba552041279485ad85d7facc450b6841ff96caa1dcebf90f2eb54c06eb2468fc8735b63d2fc7705094072e49a1119077208cc09a5efa636a475aff2f41607b71b7c7848c5b47d1af0a5a8875f6bcdef9eeb45b9c9cee74da250c323d2960b194ed03a68d69fd133e813aaa01ee0210f5e0adc91f3c559415fa485a2977752208d262100d486863703b3b7963e08049eb03c496a5e625b18efd65ad7f0f962373dce79765086f747e61b2be2c8461a7b5bbf7c1f7bb1f2837602d46db428e5a6b4403ef5fb697dc9f4cbf858dcdfbc5c7df00bbaf5338274d4ea3a422635bf83f9b32804e6a8425971ba0f5961e232e9a30dc51278d41ecc0d13dd46087d680ab522217d3700abd9f48db51b9f5bdfb825c26aabb8e1615f3c7647e2966ca4a42dc3f312c63a1b4d61e467017b4a07b3607a4b48e81b14d1e4080f9f1d25b267da0675c95e3afcdc5fb71e762f93eb4dcb83999784e63c7c3965e6867c482ec7315905cadfbc43c4448a48c7b872ca3123295c8075fa078d6a8bafdeaebda9c0c20689ed23e9b57532ea811c1a1f6c45dd06962108ccb561eb12c93d6e3e8634e80511a2e4ce17e74c0d98297cc5fff5ca730d5868f7bcd9c06ad0418425906898d0ebf179e96de6655c4f534b71d91d0d8a70654177c912c3eb470a03386bc60070abb234523a0ed16350e86cb91a3d25aee8ff0f0a8d52e662b64c68a3f6c795e2c6ec59eb62543f2b56c4e140ad6e18c36535f3e78b9c48c7de0bb848a40e665abae4e8a342a073db9256b858ddbeb5275ac893262f9e140efed6180fc065eaf55ee92dbaf43044dda19b9ae1518505f30fdb45e02a4416b87924885d4556e32d97bc00cd4114c9a912bad722dc4ec0ae0313898f4d36afa95ab78a0f0282b48e8d3f8cfd0f00cded7049ffc7c52bd99e003fdcca2059eae2dd752211c677c2455f6bd575e7a60783aa18993c1e25103dcedb61cc0bba480f217abf87df3ec5f4dbe3e83a3b94ed6b1aef21a524fe736572efb6d33acd8afafed6ca9d9266432e9b44fbd7aeccc67b71750207c72c0249db0a149f7b19e52c4b51e1cee0480b9f1539860642636e02557e82832f527701f2329e4c6ed85703991aedc6f751be57b960af61b170584120baeb74a521fe7215b0287b28178aae2db88c77ecc761ed2c4170e57f9158236850b84ae96363b017d7bd4c86f1442223ba0902ec16a7377046dbe1ca1ec1cbd4088068057b295dc9409d722c8d9b119ba9177bd70a02b3c0c00", 0x2046, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000}}}, 0x0, 0x0, 0x0, 0x0}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x123780, 0x0) ioctl$TUNDETACHFILTER(r8, 0x401054d6, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000080)) write$FUSE_INIT(r5, &(0x7f0000000200)={0x50, 0x0, r7, {0x7, 0x1f}}, 0x50) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x20, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_gd=@TCA_ACT_TAB={0x4}]}, 0x20}}, 0x0) 408.101µs ago: executing program 2 (id=876): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000500)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000003c0)={r2, 0x6, 0x1, 'L'}, 0x9) 0s ago: executing program 2 (id=877): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x12, 0x3, &(0x7f0000000440)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x34, r1, 0x1, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8}]}, 0x34}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) accept4(r6, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$9p_virtio(&(0x7f0000000440), &(0x7f0000000480)='./bus\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r7, &(0x7f0000000000)=[{&(0x7f0000000cc0)}], 0x1) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001500010028bd7000fbdbdf250a010100000000000000000000000000fe8000000000000000000000000000aa4e1d04014e2100080a0080003c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b76b6e77120000000a0010000000000000000000cb8870070000002a9f2e88dd5f421f2656201c7a017417fca4df7df982e590c201ae9fdf904be376f3ba6a6b0d4192dee03c1280b651d807dd1d984f47bce961e3d54c66d50e01259827765de24824055751f1c994e21d00ac9a24961a"], 0x5c}, 0x1, 0xe, 0x0, 0x4044080}, 0x4010) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): comm="syz.0.537" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 121.649520][ T39] audit: type=1400 audit(1728860018.213:448): avc: denied { write } for pid=7241 comm="syz.0.540" name="ip_tables_matches" dev="proc" ino=4026533238 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 121.713388][ T7243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.540'. [ 121.724831][ T12] IPVS: stop unused estimator thread 0... [ 121.839073][ T39] audit: type=1400 audit(1728860018.403:449): avc: denied { write } for pid=7245 comm="syz.0.541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 121.845270][ T39] audit: type=1400 audit(1728860018.403:450): avc: denied { nlmsg_read } for pid=7245 comm="syz.0.541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 121.959089][ T7248] fuse: Bad value for 'fd' [ 121.963779][ T39] audit: type=1400 audit(1728860018.523:451): avc: denied { read } for pid=7245 comm="syz.0.541" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 121.971943][ T39] audit: type=1400 audit(1728860018.523:452): avc: denied { open } for pid=7245 comm="syz.0.541" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 122.279026][ T7235] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 122.280924][ T7235] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 122.286166][ T7235] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 122.340114][ T39] audit: type=1400 audit(1728860018.903:453): avc: denied { read } for pid=7256 comm="syz.3.544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 122.349816][ T5342] Bluetooth: hci5: unexpected event 0x09 length: 10 > 3 [ 122.350161][ T5342] Bluetooth: hci5: SCO packet for unknown connection handle 1039 [ 122.476529][ T7258] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 122.591305][ T7267] netlink: 'syz.2.549': attribute type 1 has an invalid length. [ 122.591336][ T7267] netlink: 67 bytes leftover after parsing attributes in process `syz.2.549'. [ 122.610226][ T39] audit: type=1326 audit(1728860019.173:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7266 comm="syz.2.549" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0748d7dff9 code=0x0 [ 122.715311][ T39] audit: type=1400 audit(1728860019.273:455): avc: denied { watch } for pid=7266 comm="syz.2.549" path="/22/bus" dev="tmpfs" ino=131 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 122.876544][ T39] audit: type=1400 audit(1728860019.443:456): avc: denied { unmount } for pid=5332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 123.196036][ T5428] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 123.238428][ T5342] Bluetooth: hci4: unexpected event 0x09 length: 10 > 3 [ 123.238649][ T5342] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 123.289180][ T7285] input: syz0 as /devices/virtual/input/input49 [ 123.297549][ T7285] input: failed to attach handler leds to device input49, error: -6 [ 123.358638][ T5428] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 123.361854][ T5428] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.364491][ T5428] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 123.367941][ T5428] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.373785][ T5428] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 123.377684][ T5428] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 123.380408][ T5428] usb 8-1: Product: syz [ 123.381902][ T5428] usb 8-1: Manufacturer: syz [ 123.402101][ T5428] cdc_wdm 8-1:1.0: skipping garbage [ 123.403579][ T5428] cdc_wdm 8-1:1.0: skipping garbage [ 123.411349][ T5428] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 123.413362][ T5428] cdc_wdm 8-1:1.0: Unknown control protocol [ 123.464192][ T7287] 9pnet_fd: Insufficient options for proto=fd [ 123.536817][ T7292] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 123.585148][ T7288] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 123.587178][ T7288] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 123.589010][ T7288] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 123.599598][ T5428] usb 8-1: USB disconnect, device number 9 [ 124.757456][ T7314] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 124.907621][ T5342] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 124.909700][ T5342] Bluetooth: hci4: SCO packet for unknown connection handle 200 [ 124.923526][ T7321] capability: warning: `syz.2.567' uses 32-bit capabilities (legacy support in use) [ 124.981388][ T5342] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 125.253405][ T7330] capability: warning: `syz.3.569' uses deprecated v2 capabilities in a way that may be insecure [ 125.526116][ T5342] Bluetooth: hci1: command 0x040f tx timeout [ 125.609961][ T5342] Bluetooth: hci5: command 0x0405 tx timeout [ 125.609998][ T5339] Bluetooth: hci4: command 0x0419 tx timeout [ 125.686122][ T5344] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 125.773277][ T7341] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=7341 comm=syz.2.573 [ 125.846148][ T5344] usb 8-1: Using ep0 maxpacket: 8 [ 125.851265][ T5344] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 125.853401][ T5344] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 125.855931][ T5344] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 125.858568][ T5344] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 125.861083][ T5344] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 125.864393][ T5344] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 125.867092][ T5344] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.930355][ T7349] tipc: Enabling of bearer rejected, failed to enable media [ 125.977074][ T7346] netlink: 'syz.0.575': attribute type 1 has an invalid length. [ 125.979372][ T7346] netlink: 9116 bytes leftover after parsing attributes in process `syz.0.575'. [ 125.981770][ T7346] netlink: 'syz.0.575': attribute type 2 has an invalid length. [ 125.983803][ T7346] netlink: 177 bytes leftover after parsing attributes in process `syz.0.575'. [ 126.072520][ T5344] usb 8-1: usb_control_msg returned -32 [ 126.073981][ T5344] usbtmc 8-1:16.0: can't read capabilities [ 126.424310][ T39] kauditd_printk_skb: 52 callbacks suppressed [ 126.424326][ T39] audit: type=1400 audit(1728860022.983:509): avc: denied { write } for pid=7329 comm="syz.3.569" name="usbtmc0" dev="devtmpfs" ino=2568 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 126.427006][ T7331] usbtmc 8-1:16.0: INITIATE_ABORT_BULK_OUT returned 0 [ 126.725099][ T7364] FAULT_INJECTION: forcing a failure. [ 126.725099][ T7364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.730202][ T7364] CPU: 2 UID: 0 PID: 7364 Comm: syz.2.582 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 126.733968][ T7364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 126.737933][ T7364] Call Trace: [ 126.739174][ T7364] [ 126.740319][ T7364] dump_stack_lvl+0x16c/0x1f0 [ 126.742125][ T7364] should_fail_ex+0x497/0x5b0 [ 126.743954][ T7364] _copy_from_user+0x30/0xf0 [ 126.745794][ T7364] move_addr_to_kernel+0x68/0x160 [ 126.747682][ T7364] __copy_msghdr+0x386/0x470 [ 126.749613][ T7364] copy_msghdr_from_user+0xc2/0x160 [ 126.751529][ T7364] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 126.753659][ T7364] ? __pfx___lock_acquire+0x10/0x10 [ 126.755536][ T7364] ___sys_sendmsg+0xff/0x1e0 [ 126.757221][ T7364] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.759143][ T7364] ? lock_acquire+0x2f/0xb0 [ 126.760825][ T7364] ? __fget_files+0x40/0x3f0 [ 126.762609][ T7364] ? fdget+0x176/0x210 [ 126.764166][ T7364] __sys_sendmmsg+0x1a1/0x450 [ 126.765974][ T7364] ? __pfx___sys_sendmmsg+0x10/0x10 [ 126.767887][ T7364] ? vfs_write+0x14d/0x1140 [ 126.769562][ T7364] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 126.771699][ T7364] ? fput+0x30/0x390 [ 126.773132][ T7364] ? ksys_write+0x1ad/0x260 [ 126.774830][ T7364] ? __pfx_ksys_write+0x10/0x10 [ 126.776731][ T7364] __x64_sys_sendmmsg+0x9c/0x100 [ 126.778698][ T7364] ? lockdep_hardirqs_on+0x7c/0x110 [ 126.780785][ T7364] do_syscall_64+0xcd/0x250 [ 126.782518][ T7364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.784735][ T7364] RIP: 0033:0x7f0748d7dff9 [ 126.786375][ T7364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.793230][ T7364] RSP: 002b:00007f0749c18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 126.796234][ T7364] RAX: ffffffffffffffda RBX: 00007f0748f35f80 RCX: 00007f0748d7dff9 [ 126.799065][ T7364] RDX: 0000000000000002 RSI: 0000000020000c80 RDI: 0000000000000003 [ 126.801861][ T7364] RBP: 00007f0749c18090 R08: 0000000000000000 R09: 0000000000000000 [ 126.804758][ T7364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.807844][ T7364] R13: 0000000000000000 R14: 00007f0748f35f80 R15: 00007fffe905a888 [ 126.810952][ T7364] [ 126.892562][ T7356] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.894783][ T7356] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 126.899484][ T7356] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 126.970197][ T5339] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 126.975693][ T5339] Bluetooth: hci5: SCO packet for unknown connection handle 200 [ 127.029009][ T5339] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 127.133831][ T8] usb 8-1: USB disconnect, device number 10 [ 127.192829][ T7384] binder: BINDER_SET_CONTEXT_MGR bad uid 3327 != 0 [ 127.194679][ T7384] binder: 7382:7384 ioctl 40046207 0 returned -1 [ 127.199035][ T39] audit: type=1400 audit(1728860023.763:510): avc: denied { read } for pid=7382 comm="syz.3.588" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 127.324670][ T7393] input: syz0 as /devices/virtual/input/input52 [ 127.456715][ T7397] block nbd1: NBD_DISCONNECT [ 127.463160][ T7395] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64000 sclass=netlink_route_socket pid=7395 comm=syz.1.591 [ 127.650264][ T39] audit: type=1400 audit(1728860024.213:511): avc: denied { ioctl } for pid=7400 comm="syz.1.593" path="/dev/ptp0" dev="devtmpfs" ino=713 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 127.793875][ T7405] netlink: 20 bytes leftover after parsing attributes in process `syz.2.594'. [ 127.798078][ T39] audit: type=1400 audit(1728860024.363:512): avc: denied { map } for pid=7404 comm="syz.2.594" path="socket:[17941]" dev="sockfs" ino=17941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 127.805240][ T39] audit: type=1400 audit(1728860024.363:513): avc: denied { accept } for pid=7404 comm="syz.2.594" path="socket:[17941]" dev="sockfs" ino=17941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 127.812790][ T39] audit: type=1400 audit(1728860024.373:514): avc: denied { append } for pid=7404 comm="syz.2.594" name="nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 127.830501][ T39] audit: type=1400 audit(1728860024.383:515): avc: denied { unmount } for pid=6890 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 127.882537][ T39] audit: type=1400 audit(1728860024.443:516): avc: denied { getopt } for pid=7411 comm="syz.2.597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 127.912763][ C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 127.972747][ T7418] Process accounting resumed [ 128.031634][ T7421] input: syz0 as /devices/virtual/input/input53 [ 128.166381][ T65] Bluetooth: hci1: command 0x040f tx timeout [ 128.183807][ T7434] FAULT_INJECTION: forcing a failure. [ 128.183807][ T7434] name failslab, interval 1, probability 0, space 0, times 0 [ 128.187778][ T7434] CPU: 2 UID: 0 PID: 7434 Comm: syz.1.604 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 128.190500][ T7434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.193233][ T7434] Call Trace: [ 128.194119][ T7434] [ 128.194920][ T7434] dump_stack_lvl+0x16c/0x1f0 [ 128.196215][ T7434] should_fail_ex+0x497/0x5b0 [ 128.197625][ T7434] ? fs_reclaim_acquire+0xae/0x150 [ 128.198966][ T7434] should_failslab+0xc2/0x120 [ 128.200191][ T7434] kmem_cache_alloc_node_noprof+0x71/0x310 [ 128.201699][ T7434] ? __alloc_skb+0x2b1/0x380 [ 128.202924][ T7434] __alloc_skb+0x2b1/0x380 [ 128.204092][ T7434] ? __pfx___alloc_skb+0x10/0x10 [ 128.205382][ T7434] ? selinux_socket_getpeersec_dgram+0x1a5/0x370 [ 128.207143][ T7434] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 128.208873][ T7434] netlink_alloc_large_skb+0x69/0x130 [ 128.210318][ T7434] netlink_sendmsg+0x689/0xd70 [ 128.211587][ T7434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 128.212966][ T7434] ? __import_iovec+0x1fd/0x6e0 [ 128.214252][ T7434] ____sys_sendmsg+0xaaf/0xc90 [ 128.215508][ T7434] ? copy_msghdr_from_user+0x10b/0x160 [ 128.216919][ T7434] ? __pfx_____sys_sendmsg+0x10/0x10 [ 128.218300][ T7434] ? __pfx___lock_acquire+0x10/0x10 [ 128.219660][ T7434] ___sys_sendmsg+0x135/0x1e0 [ 128.220890][ T7434] ? __pfx____sys_sendmsg+0x10/0x10 [ 128.222263][ T7434] ? lock_acquire+0x2f/0xb0 [ 128.223453][ T7434] ? __fget_files+0x40/0x3f0 [ 128.224674][ T7434] ? fdget+0x176/0x210 [ 128.225750][ T7434] __sys_sendmsg+0x117/0x1f0 [ 128.227008][ T7434] ? __pfx___sys_sendmsg+0x10/0x10 [ 128.228339][ T7434] ? __fget_files+0x244/0x3f0 [ 128.229578][ T7434] do_syscall_64+0xcd/0x250 [ 128.230774][ T7434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.232307][ T7434] RIP: 0033:0x7fcc2b17dff9 [ 128.233470][ T7434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.238373][ T7434] RSP: 002b:00007fcc2beea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 128.240506][ T7434] RAX: ffffffffffffffda RBX: 00007fcc2b335f80 RCX: 00007fcc2b17dff9 [ 128.242547][ T7434] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 128.244565][ T7434] RBP: 00007fcc2beea090 R08: 0000000000000000 R09: 0000000000000000 [ 128.246592][ T7434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.248676][ T7434] R13: 0000000000000000 R14: 00007fcc2b335f80 R15: 00007ffe8fdc5158 [ 128.250711][ T7434] [ 128.271073][ T65] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 128.273694][ T65] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 128.282518][ T39] audit: type=1400 audit(1728860024.843:517): avc: denied { append } for pid=7436 comm="syz.2.605" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 128.315925][ T65] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 128.459836][ T7449] FAULT_INJECTION: forcing a failure. [ 128.459836][ T7449] name failslab, interval 1, probability 0, space 0, times 0 [ 128.464176][ T7449] CPU: 2 UID: 0 PID: 7449 Comm: syz.1.609 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 128.467885][ T7449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.471607][ T7449] Call Trace: [ 128.472700][ T7449] [ 128.473744][ T7449] dump_stack_lvl+0x16c/0x1f0 [ 128.475428][ T7449] should_fail_ex+0x497/0x5b0 [ 128.477067][ T7449] ? fs_reclaim_acquire+0xae/0x150 [ 128.478851][ T7449] should_failslab+0xc2/0x120 [ 128.480496][ T7449] __kmalloc_noprof+0xcb/0x400 [ 128.482169][ T7449] ? d_absolute_path+0x137/0x1b0 [ 128.483930][ T7449] tomoyo_encode2+0x100/0x3e0 [ 128.485592][ T7449] tomoyo_encode+0x29/0x50 [ 128.487178][ T7449] tomoyo_realpath_from_path+0x19d/0x720 [ 128.489146][ T7449] tomoyo_path_number_perm+0x245/0x590 [ 128.491064][ T7449] ? tomoyo_path_number_perm+0x232/0x590 [ 128.493036][ T7449] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 128.495157][ T7449] ? trace_lock_acquire+0x14a/0x1d0 [ 128.496988][ T7449] ? lock_acquire+0x2f/0xb0 [ 128.498591][ T7449] ? __fget_files+0x40/0x3f0 [ 128.500218][ T7449] ? __fget_files+0x244/0x3f0 [ 128.501878][ T7449] security_file_ioctl+0x9b/0x240 [ 128.503662][ T7449] __x64_sys_ioctl+0xbb/0x220 [ 128.505329][ T7449] do_syscall_64+0xcd/0x250 [ 128.506933][ T7449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.508980][ T7449] RIP: 0033:0x7fcc2b17dff9 [ 128.510516][ T7449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.517075][ T7449] RSP: 002b:00007fcc2beea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.519954][ T7449] RAX: ffffffffffffffda RBX: 00007fcc2b335f80 RCX: 00007fcc2b17dff9 [ 128.522705][ T7449] RDX: 0000000020000100 RSI: 0000000040047457 RDI: 0000000000000004 [ 128.525347][ T7449] RBP: 00007fcc2beea090 R08: 0000000000000000 R09: 0000000000000000 [ 128.528055][ T7449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.530852][ T7449] R13: 0000000000000000 R14: 00007fcc2b335f80 R15: 00007ffe8fdc5158 [ 128.533586][ T7449] [ 128.539092][ T7449] ERROR: Out of memory at tomoyo_realpath_from_path. [ 128.732433][ T39] audit: type=1400 audit(1728860025.293:518): avc: denied { getopt } for pid=7436 comm="syz.2.605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 128.967187][ T65] Bluetooth: hci4: command 0x0419 tx timeout [ 128.968879][ T5342] Bluetooth: hci5: command 0x0405 tx timeout [ 129.057307][ T7462] lo: entered allmulticast mode [ 129.066614][ T7462] tunl0: entered allmulticast mode [ 129.070509][ T7462] gre0: entered allmulticast mode [ 129.086314][ T7462] gretap0: entered allmulticast mode [ 129.088303][ T7467] netlink: 4 bytes leftover after parsing attributes in process `syz.1.617'. [ 129.092860][ T7462] erspan0: entered allmulticast mode [ 129.102495][ T7462] ip_vti0: entered allmulticast mode [ 129.109601][ T7462] ip6_vti0: entered allmulticast mode [ 129.119993][ T7462] sit0: entered allmulticast mode [ 129.124945][ T7462] ip6tnl0: entered allmulticast mode [ 129.131858][ T7462] ip6gre0: entered allmulticast mode [ 129.138677][ T7462] syz_tun: entered allmulticast mode [ 129.141699][ T7462] ip6gretap0: entered allmulticast mode [ 129.146400][ T7462] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.149293][ T7462] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.152115][ T7462] bridge0: entered allmulticast mode [ 129.159973][ T7462] vcan0: entered allmulticast mode [ 129.166231][ T7462] bond0: entered allmulticast mode [ 129.168079][ T7462] bond_slave_0: entered allmulticast mode [ 129.170065][ T7462] bond_slave_1: entered allmulticast mode [ 129.176775][ T7462] team0: entered allmulticast mode [ 129.178610][ T7462] team_slave_0: entered allmulticast mode [ 129.180592][ T7462] team_slave_1: entered allmulticast mode [ 129.187322][ T7462] dummy0: entered allmulticast mode [ 129.191679][ T7462] nlmon0: entered allmulticast mode [ 129.194809][ T7462] caif0: entered allmulticast mode [ 129.197295][ T7462] batadv0: entered allmulticast mode [ 129.201370][ T7462] vxcan0: entered allmulticast mode [ 129.205437][ T7462] vxcan1: entered allmulticast mode [ 129.209376][ T7462] veth0: entered allmulticast mode [ 129.213369][ T7462] veth1: entered allmulticast mode [ 129.221441][ T7462] wg0: entered allmulticast mode [ 129.225761][ T7462] wg1: entered allmulticast mode [ 129.229261][ T7462] wg2: entered allmulticast mode [ 129.232537][ T7462] veth0_to_bridge: entered allmulticast mode [ 129.239680][ T7462] veth1_to_bridge: entered allmulticast mode [ 129.253069][ T7462] veth0_to_bond: entered allmulticast mode [ 129.260434][ T7462] veth1_to_bond: entered allmulticast mode [ 129.269010][ T7462] veth0_to_team: entered allmulticast mode [ 129.280229][ T7462] veth1_to_team: entered allmulticast mode [ 129.296182][ T7462] veth0_to_batadv: entered allmulticast mode [ 129.300003][ T7462] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 129.305689][ T7462] batadv_slave_0: entered allmulticast mode [ 129.315106][ T7462] veth1_to_batadv: entered allmulticast mode [ 129.321000][ T7462] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 129.327253][ T7462] batadv_slave_1: entered allmulticast mode [ 129.335186][ T7462] xfrm0: entered allmulticast mode [ 129.340450][ T7462] veth0_to_hsr: entered allmulticast mode [ 129.348755][ T7462] hsr_slave_0: entered allmulticast mode [ 129.363581][ T7462] veth1_to_hsr: entered allmulticast mode [ 129.366734][ T7462] hsr_slave_1: entered allmulticast mode [ 129.377055][ T7462] hsr0: entered allmulticast mode [ 129.383771][ T7462] veth1_virt_wifi: entered allmulticast mode [ 129.389128][ T7462] veth0_virt_wifi: entered allmulticast mode [ 129.399105][ T7462] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 129.403401][ T7462] veth1_vlan: entered allmulticast mode [ 129.413597][ T7462] veth0_vlan: entered allmulticast mode [ 129.437982][ T7462] vlan0: entered allmulticast mode [ 129.439686][ T7462] vlan1: entered allmulticast mode [ 129.443223][ T7462] macvlan0: entered allmulticast mode [ 129.450615][ T7462] macvlan1: entered allmulticast mode [ 129.458374][ T7462] ipvlan0: entered allmulticast mode [ 129.460558][ T7462] ipvlan1: entered allmulticast mode [ 129.468103][ T7462] veth1_macvtap: entered allmulticast mode [ 129.482274][ T7462] veth0_macvtap: entered allmulticast mode [ 129.491998][ T7462] macsec0: entered allmulticast mode [ 129.500459][ T7462] geneve0: entered allmulticast mode [ 129.510767][ T7462] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.516040][ T7462] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.518460][ T7462] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.521892][ T7462] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.525246][ T7462] geneve1: entered allmulticast mode [ 129.535656][ T7462] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 129.550603][ T7462] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 129.555758][ T7462] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 129.561275][ T7462] netdevsim netdevsim0 netdevsim3: entered allmulticast mode [ 129.590495][ T7462] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 129.607779][ T7462] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 129.651029][ T7479] netlink: 28 bytes leftover after parsing attributes in process `syz.3.620'. [ 129.939233][ T7497] mmap: syz.1.626 (7497) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 130.019938][ T7501] afs: Unknown parameter 'd' [ 130.022631][ T7501] evm: overlay not supported [ 130.040807][ T5339] Bluetooth: hci5: SCO packet for unknown connection handle 200 [ 130.093278][ T5339] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 130.227484][ T7519] FAULT_INJECTION: forcing a failure. [ 130.227484][ T7519] name failslab, interval 1, probability 0, space 0, times 0 [ 130.231859][ T7519] CPU: 2 UID: 0 PID: 7519 Comm: syz.3.635 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 130.235436][ T7519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.239294][ T7519] Call Trace: [ 130.240326][ T7519] [ 130.241206][ T7519] dump_stack_lvl+0x16c/0x1f0 [ 130.242845][ T7519] should_fail_ex+0x497/0x5b0 [ 130.244071][ T7519] ? fs_reclaim_acquire+0xae/0x150 [ 130.245547][ T7519] should_failslab+0xc2/0x120 [ 130.247244][ T7519] __kmalloc_noprof+0xcb/0x400 [ 130.248954][ T7519] tomoyo_encode2+0x100/0x3e0 [ 130.250713][ T7519] tomoyo_encode+0x29/0x50 [ 130.252247][ T7519] tomoyo_realpath_from_path+0x19d/0x720 [ 130.254243][ T7519] ? tomoyo_path_number_perm+0x232/0x590 [ 130.256306][ T7519] tomoyo_path_number_perm+0x245/0x590 [ 130.258434][ T7519] ? tomoyo_path_number_perm+0x232/0x590 [ 130.260485][ T7519] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 130.262691][ T7519] ? trace_lock_acquire+0x14a/0x1d0 [ 130.264581][ T7519] ? lock_acquire+0x2f/0xb0 [ 130.266180][ T7519] ? __fget_files+0x40/0x3f0 [ 130.267767][ T7519] ? __fget_files+0x244/0x3f0 [ 130.269001][ T7519] security_file_ioctl+0x9b/0x240 [ 130.270297][ T7519] __x64_sys_ioctl+0xbb/0x220 [ 130.271858][ T7519] do_syscall_64+0xcd/0x250 [ 130.273479][ T7519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.275463][ T7519] RIP: 0033:0x7fbaacb7dff9 [ 130.277005][ T7519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.283520][ T7519] RSP: 002b:00007fbaad90f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 130.286385][ T7519] RAX: ffffffffffffffda RBX: 00007fbaacd35f80 RCX: 00007fbaacb7dff9 [ 130.288898][ T7519] RDX: 0000000020000140 RSI: 0000000000005412 RDI: 0000000000000004 [ 130.291734][ T7519] RBP: 00007fbaad90f090 R08: 0000000000000000 R09: 0000000000000000 [ 130.294263][ T7519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.296328][ T7519] R13: 0000000000000000 R14: 00007fbaacd35f80 R15: 00007ffd62406698 [ 130.299065][ T7519] [ 130.301479][ T7519] ERROR: Out of memory at tomoyo_realpath_from_path. [ 130.405285][ T7525] FAULT_INJECTION: forcing a failure. [ 130.405285][ T7525] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 130.413935][ T7525] CPU: 2 UID: 0 PID: 7525 Comm: syz.3.638 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 130.417453][ T7525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.421321][ T7525] Call Trace: [ 130.422573][ T7525] [ 130.423596][ T7525] dump_stack_lvl+0x16c/0x1f0 [ 130.425238][ T7525] should_fail_ex+0x497/0x5b0 [ 130.426962][ T7525] _copy_to_user+0x30/0xc0 [ 130.428592][ T7525] simple_read_from_buffer+0xd0/0x160 [ 130.430512][ T7525] proc_fail_nth_read+0x198/0x270 [ 130.432196][ T7525] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 130.434157][ T7525] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 130.436218][ T7525] vfs_read+0x1ce/0xbd0 [ 130.437568][ T7525] ? __fget_files+0x23a/0x3f0 [ 130.438962][ T7525] ? fdget_pos+0x24c/0x360 [ 130.440240][ T7525] ? __pfx_lock_release+0x10/0x10 [ 130.441756][ T7525] ? trace_lock_acquire+0x14a/0x1d0 [ 130.443302][ T7525] ? __pfx_vfs_read+0x10/0x10 [ 130.444656][ T7525] ? __pfx___mutex_lock+0x10/0x10 [ 130.446210][ T7525] ? __fget_files+0x244/0x3f0 [ 130.447609][ T7525] ksys_read+0x12f/0x260 [ 130.448821][ T7525] ? __pfx_ksys_read+0x10/0x10 [ 130.450213][ T7525] do_syscall_64+0xcd/0x250 [ 130.451611][ T7525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.453088][ T7525] RIP: 0033:0x7fbaacb7ca3c [ 130.454366][ T7525] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 130.460448][ T7525] RSP: 002b:00007fbaad90f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 130.462664][ T7525] RAX: ffffffffffffffda RBX: 00007fbaacd35f80 RCX: 00007fbaacb7ca3c [ 130.464634][ T7525] RDX: 000000000000000f RSI: 00007fbaad90f0a0 RDI: 0000000000000003 [ 130.466659][ T7525] RBP: 00007fbaad90f090 R08: 0000000000000000 R09: 0000000000000000 [ 130.469439][ T7525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.472216][ T7525] R13: 0000000000000001 R14: 00007fbaacd35f80 R15: 00007ffd62406698 [ 130.475024][ T7525] [ 130.586580][ T7531] random: crng reseeded on system resumption [ 131.046115][ T5339] Bluetooth: hci5: command 0x0405 tx timeout [ 131.176173][ T5344] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 131.328769][ T5344] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 131.331762][ T5344] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 131.335456][ T5344] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 131.339009][ T5344] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.345105][ T7548] FAULT_INJECTION: forcing a failure. [ 131.345105][ T7548] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.345243][ T5344] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 131.348513][ T7548] CPU: 1 UID: 0 PID: 7548 Comm: syz.2.646 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 131.348529][ T7548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 131.348535][ T7548] Call Trace: [ 131.348540][ T7548] [ 131.348544][ T7548] dump_stack_lvl+0x16c/0x1f0 [ 131.348563][ T7548] should_fail_ex+0x497/0x5b0 [ 131.348580][ T7548] _copy_from_iter+0x2a1/0x1540 [ 131.351937][ T5344] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 131.354354][ T7548] ? __pfx__copy_from_iter+0x10/0x10 [ 131.354370][ T7548] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 131.358317][ T5344] usb 8-1: Product: syz [ 131.358719][ T7548] ? tun_build_skb.constprop.0+0x1b8/0x1120 [ 131.359700][ T5344] usb 8-1: Manufacturer: syz [ 131.360666][ T7548] ? __pfx_lock_release+0x10/0x10 [ 131.360679][ T7548] ? trace_lock_acquire+0x14a/0x1d0 [ 131.367492][ T5344] cdc_wdm 8-1:1.0: skipping garbage [ 131.368404][ T7548] ? __pfx_lock_release+0x10/0x10 [ 131.368419][ T7548] copy_page_from_iter+0xa5/0x120 [ 131.368433][ T7548] tun_build_skb.constprop.0+0x294/0x1120 [ 131.371721][ T5344] cdc_wdm 8-1:1.0: skipping garbage [ 131.372666][ T7548] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 131.372691][ T7548] ? __pfx___lock_acquire+0x10/0x10 [ 131.372708][ T7548] ? __pfx_mark_lock+0x10/0x10 [ 131.375408][ T5344] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 131.375721][ T7548] ? __pfx_mark_lock+0x10/0x10 [ 131.375737][ T7548] ? __lock_acquire+0xbdd/0x3ce0 [ 131.375749][ T7548] tun_get_user+0x872/0x3d80 [ 131.375764][ T7548] ? find_held_lock+0x2d/0x110 [ 131.377625][ T5344] cdc_wdm 8-1:1.0: Unknown control protocol [ 131.379243][ T7548] ? __pfx_tun_get_user+0x10/0x10 [ 131.379269][ T7548] ? find_held_lock+0x2d/0x110 [ 131.399039][ T7548] ? __pfx_lock_release+0x10/0x10 [ 131.400784][ T7548] tun_chr_write_iter+0xdc/0x210 [ 131.402024][ T7548] vfs_write+0x6b5/0x1140 [ 131.403144][ T7548] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 131.404494][ T7548] ? trace_lock_acquire+0x14a/0x1d0 [ 131.405772][ T7548] ? __pfx_vfs_write+0x10/0x10 [ 131.407022][ T7548] ? __fget_files+0x40/0x3f0 [ 131.408191][ T7548] ksys_write+0x12f/0x260 [ 131.409254][ T7548] ? __pfx_ksys_write+0x10/0x10 [ 131.410502][ T7548] do_syscall_64+0xcd/0x250 [ 131.411668][ T7548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.413094][ T7548] RIP: 0033:0x7f0748d7cadf [ 131.414169][ T7548] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 131.419778][ T7548] RSP: 002b:00007f0749c18000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 131.422735][ T7548] RAX: ffffffffffffffda RBX: 00007f0748f35f80 RCX: 00007f0748d7cadf [ 131.425286][ T7548] RDX: 000000000000004e RSI: 0000000020000280 RDI: 00000000000000c8 [ 131.427319][ T7548] RBP: 00007f0749c18090 R08: 0000000000000000 R09: 0000000000000000 [ 131.429335][ T7548] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001 [ 131.431396][ T7548] R13: 0000000000000000 R14: 00007f0748f35f80 R15: 00007fffe905a888 [ 131.433426][ T7548] [ 131.434277][ C1] vkms_vblank_simulate: vblank timer overrun [ 131.468506][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 131.468522][ T39] audit: type=1326 audit(1728860028.033:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.477258][ T39] audit: type=1326 audit(1728860028.033:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.484671][ T39] audit: type=1326 audit(1728860028.033:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.493688][ T39] audit: type=1326 audit(1728860028.033:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.501520][ T39] audit: type=1326 audit(1728860028.033:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.507510][ T7550] netlink: 'syz.2.647': attribute type 10 has an invalid length. [ 131.511835][ T5339] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 131.515301][ T39] audit: type=1326 audit(1728860028.043:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.523063][ T39] audit: type=1326 audit(1728860028.043:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.530937][ T39] audit: type=1326 audit(1728860028.043:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.538901][ T39] audit: type=1326 audit(1728860028.043:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.546604][ T39] audit: type=1326 audit(1728860028.043:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.2.647" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0748d7dff9 code=0x7ffc0000 [ 131.578999][ T5344] usb 8-1: USB disconnect, device number 11 [ 131.677079][ T7556] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 132.193918][ T7569] fuse: Unknown parameter '' [ 132.658897][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.660642][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.702469][ T7575] Invalid option length (1047906) for dns_resolver key [ 132.937636][ T7578] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 133.084188][ T7582] FAULT_INJECTION: forcing a failure. [ 133.084188][ T7582] name failslab, interval 1, probability 0, space 0, times 0 [ 133.084217][ T7582] CPU: 2 UID: 0 PID: 7582 Comm: syz.0.659 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 133.084239][ T7582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.084250][ T7582] Call Trace: [ 133.084257][ T7582] [ 133.084265][ T7582] dump_stack_lvl+0x16c/0x1f0 [ 133.084301][ T7582] should_fail_ex+0x497/0x5b0 [ 133.084329][ T7582] ? fs_reclaim_acquire+0xae/0x150 [ 133.084350][ T7582] should_failslab+0xc2/0x120 [ 133.084374][ T7582] __kmalloc_noprof+0xcb/0x400 [ 133.084395][ T7582] ? d_absolute_path+0x137/0x1b0 [ 133.084418][ T7582] tomoyo_encode2+0x100/0x3e0 [ 133.084442][ T7582] tomoyo_encode+0x29/0x50 [ 133.084462][ T7582] tomoyo_realpath_from_path+0x19d/0x720 [ 133.084490][ T7582] tomoyo_path_number_perm+0x245/0x590 [ 133.084515][ T7582] ? tomoyo_path_number_perm+0x232/0x590 [ 133.084543][ T7582] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 133.084592][ T7582] ? trace_lock_acquire+0x14a/0x1d0 [ 133.084623][ T7582] ? lock_acquire+0x2f/0xb0 [ 133.084640][ T7582] ? __fget_files+0x40/0x3f0 [ 133.084670][ T7582] ? __fget_files+0x244/0x3f0 [ 133.084700][ T7582] security_file_ioctl+0x9b/0x240 [ 133.084722][ T7582] __x64_sys_ioctl+0xbb/0x220 [ 133.084760][ T7582] do_syscall_64+0xcd/0x250 [ 133.084789][ T7582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.084812][ T7582] RIP: 0033:0x7fc6f037dff9 [ 133.084828][ T7582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.084846][ T7582] RSP: 002b:00007fc6f117a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 133.084866][ T7582] RAX: ffffffffffffffda RBX: 00007fc6f0535f80 RCX: 00007fc6f037dff9 [ 133.084879][ T7582] RDX: 0000000020000040 RSI: 00000000400454d4 RDI: 0000000000000003 [ 133.084891][ T7582] RBP: 00007fc6f117a090 R08: 0000000000000000 R09: 0000000000000000 [ 133.084903][ T7582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.084915][ T7582] R13: 0000000000000000 R14: 00007fc6f0535f80 R15: 00007ffdb08236c8 [ 133.084940][ T7582] [ 133.085104][ T7582] ERROR: Out of memory at tomoyo_realpath_from_path. [ 133.126146][ T5339] Bluetooth: hci5: command 0x0405 tx timeout [ 133.464511][ T5339] Bluetooth: hci1: unexpected event 0x09 length: 10 > 3 [ 133.464541][ T5339] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 133.624738][ T7601] FAULT_INJECTION: forcing a failure. [ 133.624738][ T7601] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.631903][ T7601] CPU: 3 UID: 0 PID: 7601 Comm: syz.3.666 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 133.635434][ T7601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.639546][ T7601] Call Trace: [ 133.640808][ T7601] [ 133.641884][ T7601] dump_stack_lvl+0x16c/0x1f0 [ 133.643705][ T7601] should_fail_ex+0x497/0x5b0 [ 133.645506][ T7601] _copy_from_user+0x30/0xf0 [ 133.647308][ T7601] copy_msghdr_from_user+0x99/0x160 [ 133.649351][ T7601] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 133.651567][ T7601] ? find_held_lock+0x2d/0x110 [ 133.653342][ T7601] ___sys_recvmsg+0xdc/0x1a0 [ 133.655143][ T7601] ? __pfx____sys_recvmsg+0x10/0x10 [ 133.657281][ T7601] ? lock_acquire+0x2f/0xb0 [ 133.659028][ T7601] ? fdget+0x176/0x210 [ 133.660582][ T7601] do_recvmmsg+0x2ba/0x750 [ 133.662300][ T7601] ? __pfx_do_recvmmsg+0x10/0x10 [ 133.664222][ T7601] ? __might_fault+0xe3/0x190 [ 133.666094][ T7601] ? __might_fault+0xe3/0x190 [ 133.667957][ T7601] ? __pfx_get_timespec64+0x10/0x10 [ 133.669984][ T7601] ? __fget_files+0x244/0x3f0 [ 133.671862][ T7601] __x64_sys_recvmmsg+0x1a6/0x290 [ 133.673801][ T7601] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 133.675832][ T7601] do_syscall_64+0xcd/0x250 [ 133.677571][ T7601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.679957][ T7601] RIP: 0033:0x7fbaacb7dff9 [ 133.681690][ T7601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.687140][ T7601] RSP: 002b:00007fbaad90f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 133.689379][ T7601] RAX: ffffffffffffffda RBX: 00007fbaacd35f80 RCX: 00007fbaacb7dff9 [ 133.691560][ T7601] RDX: 0400000000000ec0 RSI: 0000000020002ec0 RDI: 0000000000000005 [ 133.693693][ T7601] RBP: 00007fbaad90f090 R08: 00000000200001c0 R09: 0000000000000000 [ 133.695793][ T7601] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 133.697974][ T7601] R13: 0000000000000000 R14: 00007fbaacd35f80 R15: 00007ffd62406698 [ 133.700108][ T7601] [ 135.201997][ T7618] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 135.203728][ T7618] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 135.205367][ T7618] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 135.349912][ T5339] Bluetooth: hci1: unexpected event 0x09 length: 10 > 3 [ 135.350158][ T5339] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 135.384558][ T7659] FAULT_INJECTION: forcing a failure. [ 135.384558][ T7659] name failslab, interval 1, probability 0, space 0, times 0 [ 135.391824][ T7659] CPU: 3 UID: 0 PID: 7659 Comm: syz.1.677 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 135.392807][ T7656] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.395433][ T7659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.401110][ T7659] Call Trace: [ 135.402252][ T7659] [ 135.403243][ T7659] dump_stack_lvl+0x16c/0x1f0 [ 135.404882][ T7659] should_fail_ex+0x497/0x5b0 [ 135.406384][ T7659] ? fs_reclaim_acquire+0xae/0x150 [ 135.408142][ T7659] should_failslab+0xc2/0x120 [ 135.409787][ T7659] kmem_cache_alloc_node_noprof+0x71/0x310 [ 135.411823][ T7659] ? __alloc_skb+0x2b1/0x380 [ 135.413449][ T7659] __alloc_skb+0x2b1/0x380 [ 135.414834][ T7659] ? __pfx___alloc_skb+0x10/0x10 [ 135.416542][ T7659] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 135.418796][ T7659] netlink_alloc_large_skb+0x69/0x130 [ 135.420844][ T7659] netlink_sendmsg+0x689/0xd70 [ 135.422641][ T7659] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.424613][ T7659] ? __import_iovec+0x1fd/0x6e0 [ 135.426543][ T7659] ____sys_sendmsg+0xaaf/0xc90 [ 135.428384][ T7659] ? copy_msghdr_from_user+0x10b/0x160 [ 135.430534][ T7659] ? __pfx_____sys_sendmsg+0x10/0x10 [ 135.432457][ T7659] ? __pfx___lock_acquire+0x10/0x10 [ 135.434315][ T7659] ___sys_sendmsg+0x135/0x1e0 [ 135.435938][ T7659] ? __pfx____sys_sendmsg+0x10/0x10 [ 135.437866][ T7659] ? lock_acquire+0x2f/0xb0 [ 135.439469][ T7659] ? __fget_files+0x40/0x3f0 [ 135.441132][ T7659] ? fdget+0x176/0x210 [ 135.442575][ T7659] __sys_sendmmsg+0x1a1/0x450 [ 135.444232][ T7659] ? __pfx___sys_sendmmsg+0x10/0x10 [ 135.446283][ T7659] ? vfs_write+0x14d/0x1140 [ 135.447929][ T7659] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 135.450158][ T7659] ? fput+0x30/0x390 [ 135.452005][ T7659] ? ksys_write+0x1ad/0x260 [ 135.454143][ T7659] ? __pfx_ksys_write+0x10/0x10 [ 135.456456][ T7659] __x64_sys_sendmmsg+0x9c/0x100 [ 135.458640][ T7659] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.460429][ T7659] do_syscall_64+0xcd/0x250 [ 135.462104][ T7659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.464232][ T7659] RIP: 0033:0x7fcc2b17dff9 [ 135.465813][ T7659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.472489][ T7659] RSP: 002b:00007fcc2beea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 135.475063][ T7659] RAX: ffffffffffffffda RBX: 00007fcc2b335f80 RCX: 00007fcc2b17dff9 [ 135.477601][ T7659] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 135.480115][ T7659] RBP: 00007fcc2beea090 R08: 0000000000000000 R09: 0000000000000000 [ 135.482757][ T7659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.485320][ T7659] R13: 0000000000000000 R14: 00007fcc2b335f80 R15: 00007ffe8fdc5158 [ 135.487905][ T7659] [ 135.554530][ T7656] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.756705][ T7671] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 135.856919][ T7673] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 135.925925][ T5342] Bluetooth: hci1: unexpected event 0x09 length: 10 > 3 [ 135.926380][ T5342] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 136.210475][ T7687] FAULT_INJECTION: forcing a failure. [ 136.210475][ T7687] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.217579][ T7687] CPU: 1 UID: 0 PID: 7687 Comm: syz.0.686 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 136.220163][ T7687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 136.222845][ T7687] Call Trace: [ 136.223693][ T7687] [ 136.224453][ T7687] dump_stack_lvl+0x16c/0x1f0 [ 136.225662][ T7687] should_fail_ex+0x497/0x5b0 [ 136.227131][ T7687] _copy_from_user+0x30/0xf0 [ 136.228741][ T7687] move_addr_to_kernel+0x68/0x160 [ 136.230469][ T7687] __copy_msghdr+0x386/0x470 [ 136.232095][ T7687] copy_msghdr_from_user+0xc2/0x160 [ 136.233944][ T7687] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 136.236035][ T7687] ? __pfx___lock_acquire+0x10/0x10 [ 136.237807][ T7687] ___sys_sendmsg+0xff/0x1e0 [ 136.239430][ T7687] ? __pfx____sys_sendmsg+0x10/0x10 [ 136.241281][ T7687] ? lock_acquire+0x2f/0xb0 [ 136.242912][ T7687] ? __fget_files+0x40/0x3f0 [ 136.244539][ T7687] ? fdget+0x176/0x210 [ 136.245965][ T7687] __sys_sendmmsg+0x1a1/0x450 [ 136.247605][ T7687] ? __pfx___sys_sendmmsg+0x10/0x10 [ 136.249399][ T7687] ? vfs_write+0x14d/0x1140 [ 136.251160][ T7687] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 136.253333][ T7687] ? fput+0x30/0x390 [ 136.254744][ T7687] ? ksys_write+0x1ad/0x260 [ 136.256322][ T7687] ? __pfx_ksys_write+0x10/0x10 [ 136.258013][ T7687] __x64_sys_sendmmsg+0x9c/0x100 [ 136.259727][ T7687] ? lockdep_hardirqs_on+0x7c/0x110 [ 136.261543][ T7688] €Â: renamed from bridge_slave_0 [ 136.261670][ T7687] do_syscall_64+0xcd/0x250 [ 136.265019][ T7687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.267098][ T7687] RIP: 0033:0x7fc6f037dff9 [ 136.268675][ T7687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.275161][ T7687] RSP: 002b:00007fc6f117a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 136.278026][ T7687] RAX: ffffffffffffffda RBX: 00007fc6f0535f80 RCX: 00007fc6f037dff9 [ 136.280702][ T7687] RDX: 0000000000000002 RSI: 0000000020003900 RDI: 0000000000000006 [ 136.283428][ T7687] RBP: 00007fc6f117a090 R08: 0000000000000000 R09: 0000000000000000 [ 136.286109][ T7687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.288804][ T7687] R13: 0000000000000000 R14: 00007fc6f0535f80 R15: 00007ffdb08236c8 [ 136.291523][ T7687] [ 136.292662][ C1] vkms_vblank_simulate: vblank timer overrun [ 136.403680][ T7665] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 136.405911][ T7665] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 136.408398][ T7665] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 136.608056][ T7708] €Â: renamed from bridge_slave_0 (while UP) [ 136.631556][ T39] kauditd_printk_skb: 56 callbacks suppressed [ 136.631571][ T39] audit: type=1400 audit(1728925798.197:592): avc: denied { write } for pid=7709 comm="syz.0.695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 136.721570][ T7712] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 136.723492][ T7712] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 136.725090][ T7712] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 137.350994][ T7727] netlink: 16 bytes leftover after parsing attributes in process `syz.1.700'. [ 137.675213][ T5342] Bluetooth: hci5: unexpected event 0x09 length: 10 > 3 [ 137.675523][ T5342] Bluetooth: hci5: SCO packet for unknown connection handle 1039 [ 137.676305][ T56] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 137.826182][ T4767] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 137.833585][ T56] usb 6-1: Using ep0 maxpacket: 8 [ 137.839815][ T56] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 137.843204][ T56] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 137.846929][ T56] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 137.850438][ T56] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 137.855035][ T56] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 137.858573][ T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.979790][ T4767] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 137.982487][ T4767] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.984778][ T4767] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 137.987233][ T4767] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.991613][ T4767] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 137.993909][ T4767] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 137.997837][ T4767] usb 8-1: Product: syz [ 137.998944][ T4767] usb 8-1: Manufacturer: syz [ 138.002198][ T4767] cdc_wdm 8-1:1.0: skipping garbage [ 138.003529][ T4767] cdc_wdm 8-1:1.0: skipping garbage [ 138.006465][ T4767] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 138.008202][ T4767] cdc_wdm 8-1:1.0: Unknown control protocol [ 138.058632][ T7744] FAULT_INJECTION: forcing a failure. [ 138.058632][ T7744] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 138.063306][ T7744] CPU: 3 UID: 0 PID: 7744 Comm: syz.2.706 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 138.067028][ T7744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 138.070793][ T7744] Call Trace: [ 138.072001][ T7744] [ 138.073072][ T7744] dump_stack_lvl+0x16c/0x1f0 [ 138.074797][ T7744] should_fail_ex+0x497/0x5b0 [ 138.076508][ T7744] _copy_from_user+0x30/0xf0 [ 138.078185][ T7744] copy_msghdr_from_user+0x99/0x160 [ 138.080070][ T7744] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 138.082162][ T7744] ? __pfx___lock_acquire+0x10/0x10 [ 138.084051][ T7744] ___sys_sendmsg+0xff/0x1e0 [ 138.085723][ T7744] ? __pfx____sys_sendmsg+0x10/0x10 [ 138.087713][ T7744] ? lock_acquire+0x2f/0xb0 [ 138.089274][ T7744] ? __fget_files+0x40/0x3f0 [ 138.090906][ T7744] ? fdget+0x176/0x210 [ 138.092460][ T7744] __sys_sendmsg+0x117/0x1f0 [ 138.094082][ T7744] ? __pfx___sys_sendmsg+0x10/0x10 [ 138.095890][ T7744] ? __fget_files+0x244/0x3f0 [ 138.097536][ T7744] do_syscall_64+0xcd/0x250 [ 138.099129][ T7744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.101214][ T7744] RIP: 0033:0x7f0748d7dff9 [ 138.102802][ T7744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.109320][ T7744] RSP: 002b:00007f0749c18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.112184][ T7744] RAX: ffffffffffffffda RBX: 00007f0748f35f80 RCX: 00007f0748d7dff9 [ 138.114884][ T7744] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 138.117583][ T7744] RBP: 00007f0749c18090 R08: 0000000000000000 R09: 0000000000000000 [ 138.120287][ T7744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.123034][ T7744] R13: 0000000000000000 R14: 00007f0748f35f80 R15: 00007fffe905a888 [ 138.125762][ T7744] [ 138.139002][ T56] usb 6-1: GET_CAPABILITIES returned 0 [ 138.141011][ T56] usbtmc 6-1:16.0: can't read capabilities [ 138.208161][ T830] usb 8-1: USB disconnect, device number 12 [ 138.332284][ T7733] netlink: 16 bytes leftover after parsing attributes in process `syz.1.702'. [ 138.337478][ T4767] usb 6-1: USB disconnect, device number 6 [ 138.356316][ T39] audit: type=1400 audit(1728925799.927:593): avc: denied { execute } for pid=7754 comm="syz-executor" name="syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 138.363586][ T39] audit: type=1400 audit(1728925799.927:594): avc: denied { execute_no_trans } for pid=7754 comm="syz-executor" path="/syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 138.494443][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 138.499009][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 138.502637][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 138.506055][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 138.509735][ T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 138.512595][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 138.636623][ T7755] chnl_net:caif_netlink_parms(): no params data found [ 138.711702][ T7755] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.714151][ T7755] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.719017][ T7755] bridge_slave_0: entered allmulticast mode [ 138.722211][ T7755] bridge_slave_0: entered promiscuous mode [ 138.725677][ T7755] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.726223][ T65] Bluetooth: hci1: command 0x040f tx timeout [ 138.729380][ T7755] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.732909][ T7755] bridge_slave_1: entered allmulticast mode [ 138.736706][ T7755] bridge_slave_1: entered promiscuous mode [ 138.779577][ T7755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.784876][ T7755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.816275][ T65] Bluetooth: hci5: command 0x0405 tx timeout [ 138.816368][ T5339] Bluetooth: hci4: command 0x0419 tx timeout [ 138.826698][ T7765] binder: 7763:7765 ioctl c0306201 0 returned -14 [ 138.827241][ T7755] team0: Port device team_slave_0 added [ 138.832899][ T7755] team0: Port device team_slave_1 added [ 138.856922][ T7764] binder: 7763:7764 ioctl c0306201 200002c0 returned -14 [ 138.869326][ T7755] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 138.871742][ T7755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.881132][ T7755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 138.886259][ T7755] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 138.888742][ T7755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.898830][ T7755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.038192][ T7755] hsr_slave_0: entered promiscuous mode [ 139.041326][ T7755] hsr_slave_1: entered promiscuous mode [ 139.043700][ T7755] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 139.054012][ T7755] Cannot create hsr debugfs directory [ 139.257756][ T5339] Bluetooth: hci5: unexpected event 0x09 length: 10 > 3 [ 139.257868][ T5339] Bluetooth: hci5: SCO packet for unknown connection handle 1039 [ 139.447624][ T39] audit: type=1400 audit(1728925801.017:595): avc: denied { lock } for pid=7766 comm="syz.1.712" path="socket:[21512]" dev="sockfs" ino=21512 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 140.038153][ T7755] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 140.060414][ T7755] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 140.067651][ T7755] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 140.073137][ T7755] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 140.096685][ T67] bridge_slave_1: left promiscuous mode [ 140.098796][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.104602][ T67] €Â: left promiscuous mode [ 140.107030][ T67] bridge0: port 1(€Â) entered disabled state [ 140.113888][ T7788] input: syz0 as /devices/virtual/input/input59 [ 140.164943][ T39] audit: type=1400 audit(1728925801.727:596): avc: denied { ioctl } for pid=7781 comm="syz.1.716" path="/dev/usbmon0" dev="devtmpfs" ino=721 ioctlcmd=0x9205 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 140.171926][ T39] audit: type=1400 audit(1728925801.727:597): avc: denied { setattr } for pid=7781 comm="syz.1.716" name="pagemap" dev="proc" ino=20773 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 140.252537][ T7799] FAULT_INJECTION: forcing a failure. [ 140.252537][ T7799] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.256522][ T7799] CPU: 3 UID: 0 PID: 7799 Comm: syz.1.720 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 140.260274][ T7799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 140.263930][ T7799] Call Trace: [ 140.265192][ T7799] [ 140.266195][ T7799] dump_stack_lvl+0x16c/0x1f0 [ 140.267941][ T7799] should_fail_ex+0x497/0x5b0 [ 140.269872][ T7799] _copy_to_user+0x30/0xc0 [ 140.271583][ T7799] simple_read_from_buffer+0xd0/0x160 [ 140.273540][ T7799] proc_fail_nth_read+0x198/0x270 [ 140.275432][ T7799] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 140.277510][ T7799] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 140.279455][ T7799] vfs_read+0x1ce/0xbd0 [ 140.281017][ T7799] ? __fget_files+0x23a/0x3f0 [ 140.282768][ T7799] ? fdget_pos+0x24c/0x360 [ 140.284332][ T7799] ? __pfx_lock_release+0x10/0x10 [ 140.286192][ T7799] ? trace_lock_acquire+0x14a/0x1d0 [ 140.288021][ T7799] ? __pfx_vfs_read+0x10/0x10 [ 140.289660][ T7799] ? __pfx___mutex_lock+0x10/0x10 [ 140.291511][ T7799] ? __fget_files+0x244/0x3f0 [ 140.293177][ T7799] ksys_read+0x12f/0x260 [ 140.294656][ T7799] ? __pfx_ksys_read+0x10/0x10 [ 140.296284][ T7799] do_syscall_64+0xcd/0x250 [ 140.297824][ T7799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.299935][ T7799] RIP: 0033:0x7fcc2b17ca3c [ 140.301589][ T7799] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 140.308432][ T7799] RSP: 002b:00007fcc2beea030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 140.311431][ T7799] RAX: ffffffffffffffda RBX: 00007fcc2b335f80 RCX: 00007fcc2b17ca3c [ 140.314253][ T7799] RDX: 000000000000000f RSI: 00007fcc2beea0a0 RDI: 0000000000000004 [ 140.317157][ T7799] RBP: 00007fcc2beea090 R08: 0000000000000000 R09: 0000000000000000 [ 140.319969][ T7799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.323015][ T7799] R13: 0000000000000000 R14: 00007fcc2b335f80 R15: 00007ffe8fdc5158 [ 140.325886][ T7799] [ 140.375713][ T5339] Bluetooth: hci4: unexpected event 0x09 length: 10 > 3 [ 140.375879][ T5339] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 140.432912][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.440029][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 140.443192][ T67] bond0 (unregistering): Released all slaves [ 140.456946][ T7800] netlink: 124 bytes leftover after parsing attributes in process `syz.3.719'. [ 140.464580][ T7807] binder: 7805:7807 ioctl c0306201 0 returned -14 [ 140.478013][ T7806] binder: 7805:7806 ioctl c0306201 200002c0 returned -14 [ 140.532910][ T7800] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 140.535005][ T7800] overlayfs: missing 'lowerdir' [ 140.562779][ T7755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.568694][ T5339] Bluetooth: hci0: command tx timeout [ 140.599868][ T7755] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.633273][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.635150][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.646933][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.648815][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.800525][ T67] hsr_slave_0: left promiscuous mode [ 140.802922][ T67] hsr_slave_1: left promiscuous mode [ 140.807568][ T67] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.810937][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.889389][ T5339] Bluetooth: hci5: command 0x0405 tx timeout [ 141.295692][ T7819] input: syz0 as /devices/virtual/input/input61 [ 141.579635][ T67] team0 (unregistering): Port device team_slave_1 removed [ 141.646182][ T35] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 141.693659][ T67] team0 (unregistering): Port device team_slave_0 removed [ 141.816107][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 141.820086][ T35] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 141.823273][ T35] usb 6-1: config 179 has no interface number 0 [ 141.825464][ T35] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 141.829596][ T35] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 141.833604][ T35] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 141.837703][ T35] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 141.841677][ T35] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 141.846724][ T35] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 141.850009][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.856792][ T7824] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 142.285128][ T39] audit: type=1400 audit(1728925803.847:598): avc: denied { read } for pid=4819 comm="acpid" name="event4" dev="devtmpfs" ino=2606 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 142.293625][ T39] audit: type=1400 audit(1728925803.847:599): avc: denied { open } for pid=4819 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2606 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 142.301092][ T39] audit: type=1400 audit(1728925803.857:600): avc: denied { ioctl } for pid=4819 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2606 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 142.324270][ T830] usb 6-1: USB disconnect, device number 7 [ 142.325501][ C3] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 142.381178][ T5342] Bluetooth: hci4: unexpected event 0x09 length: 10 > 3 [ 142.381464][ T5342] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 142.421380][ T7755] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.439836][ T7755] veth0_vlan: entered promiscuous mode [ 142.443620][ T7755] veth1_vlan: entered promiscuous mode [ 142.455528][ T7755] veth0_macvtap: entered promiscuous mode [ 142.459418][ T7755] veth1_macvtap: entered promiscuous mode [ 142.474113][ T7755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.478042][ T7755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.481058][ T7755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.484566][ T7755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.493905][ T7755] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 142.505489][ T7755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.509241][ T7755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.513912][ T7755] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 142.518925][ T7755] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.521827][ T7755] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.524870][ T7755] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.556638][ T7755] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.591053][ T7845] input: syz0 as /devices/virtual/input/input62 [ 142.656198][ T5342] Bluetooth: hci0: command tx timeout [ 142.780001][ T39] audit: type=1400 audit(1728925804.337:601): avc: denied { write } for pid=7833 comm="syz.2.730" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 142.966818][ T5342] Bluetooth: hci5: command 0x0405 tx timeout [ 142.989892][ T1111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.989912][ T1111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.990849][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.990864][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.188843][ T67] IPVS: stop unused estimator thread 0... [ 143.542289][ T7866] FAULT_INJECTION: forcing a failure. [ 143.542289][ T7866] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.546752][ T7866] CPU: 2 UID: 0 PID: 7866 Comm: syz.2.738 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 143.550429][ T7866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 143.553930][ T7866] Call Trace: [ 143.555116][ T7866] [ 143.556170][ T7866] dump_stack_lvl+0x16c/0x1f0 [ 143.557909][ T7866] should_fail_ex+0x497/0x5b0 [ 143.559542][ T7866] _copy_from_user+0x30/0xf0 [ 143.561026][ T7866] do_sys_poll+0x1d6/0xde0 [ 143.562485][ T7866] ? ctx_flush_and_put.constprop.0+0xa8/0x410 [ 143.564534][ T7866] ? __pfx___lock_acquire+0x10/0x10 [ 143.566490][ T7866] ? __pfx_do_sys_poll+0x10/0x10 [ 143.568249][ T7866] ? find_held_lock+0x2d/0x110 [ 143.569893][ T7866] ? io_handle_tw_list+0x3df/0x540 [ 143.571699][ T7866] ? __pfx_get_signal+0x10/0x10 [ 143.573537][ T7866] ? __pfx_poll_select_finish+0x10/0x10 [ 143.575623][ T7866] ? set_user_sigmask+0x217/0x2a0 [ 143.577388][ T7866] ? __pfx_set_user_sigmask+0x10/0x10 [ 143.579256][ T7866] ? arch_do_signal_or_restart+0x212/0x7e0 [ 143.581115][ T7866] ? __fget_files+0x244/0x3f0 [ 143.582648][ T7866] __x64_sys_ppoll+0x25a/0x2d0 [ 143.584260][ T7866] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 143.585973][ T7866] ? ksys_write+0x1ad/0x260 [ 143.587444][ T7866] ? __pfx_ksys_write+0x10/0x10 [ 143.589010][ T7866] do_syscall_64+0xcd/0x250 [ 143.590560][ T7866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.592601][ T7866] RIP: 0033:0x7f0748d7dff9 [ 143.594078][ T7866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.600871][ T7866] RSP: 002b:00007f0749bf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 143.603622][ T7866] RAX: ffffffffffffffda RBX: 00007f0748f36058 RCX: 00007f0748d7dff9 [ 143.606188][ T7866] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000020000140 [ 143.608816][ T7866] RBP: 00007f0749bf7090 R08: 0000000000000000 R09: 0000000000000000 [ 143.611394][ T7866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.613960][ T7866] R13: 0000000000000000 R14: 00007f0748f36058 R15: 00007fffe905a888 [ 143.616487][ T7866] [ 144.036111][ T39] audit: type=1400 audit(1728925805.597:602): avc: denied { module_request } for pid=7869 comm="syz.0.740" kmod="net-pf-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 144.061635][ T5342] Bluetooth: hci0: unexpected event 0x09 length: 10 > 3 [ 144.139014][ T39] audit: type=1400 audit(1728925805.707:603): avc: denied { create } for pid=7874 comm="syz.1.741" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 144.178178][ T7879] FAULT_INJECTION: forcing a failure. [ 144.178178][ T7879] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.182650][ T7879] CPU: 3 UID: 0 PID: 7879 Comm: syz.0.743 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 144.186121][ T7879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.186581][ T39] audit: type=1400 audit(1728925805.757:604): avc: denied { map } for pid=7874 comm="syz.1.741" path="/dev/sr0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:removable_device_t tclass=blk_file permissive=1 [ 144.189659][ T7879] Call Trace: [ 144.189684][ T7879] [ 144.189692][ T7879] dump_stack_lvl+0x16c/0x1f0 [ 144.189720][ T7879] should_fail_ex+0x497/0x5b0 [ 144.189747][ T7879] _copy_to_user+0x30/0xc0 [ 144.189766][ T7879] simple_read_from_buffer+0xd0/0x160 [ 144.189788][ T7879] proc_fail_nth_read+0x198/0x270 [ 144.189809][ T7879] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 144.189832][ T7879] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 144.189852][ T7879] vfs_read+0x1ce/0xbd0 [ 144.189877][ T7879] ? __fget_files+0x23a/0x3f0 [ 144.189899][ T7879] ? fdget_pos+0x24c/0x360 [ 144.189921][ T7879] ? __pfx_lock_release+0x10/0x10 [ 144.189938][ T7879] ? trace_lock_acquire+0x14a/0x1d0 [ 144.189959][ T7879] ? __pfx_vfs_read+0x10/0x10 [ 144.189980][ T7879] ? __pfx___mutex_lock+0x10/0x10 [ 144.190010][ T7879] ? __fget_files+0x244/0x3f0 [ 144.190038][ T7879] ksys_read+0x12f/0x260 [ 144.190062][ T7879] ? __pfx_ksys_read+0x10/0x10 [ 144.226568][ T7879] do_syscall_64+0xcd/0x250 [ 144.228073][ T7879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.230064][ T7879] RIP: 0033:0x7fcc2317ca3c [ 144.231462][ T7879] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 144.237638][ T7879] RSP: 002b:00007fcc23ecb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 144.240366][ T7879] RAX: ffffffffffffffda RBX: 00007fcc23336058 RCX: 00007fcc2317ca3c [ 144.243050][ T7879] RDX: 000000000000000f RSI: 00007fcc23ecb0a0 RDI: 0000000000000007 [ 144.245705][ T7879] RBP: 00007fcc23ecb090 R08: 0000000000000000 R09: 0000000000000000 [ 144.248235][ T7879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.250798][ T7879] R13: 0000000000000000 R14: 00007fcc23336058 R15: 00007ffdec91d288 [ 144.253395][ T7879] [ 144.303666][ T7874] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 144.367314][ T7881] binder: 7880:7881 ioctl c0306201 200002c0 returned -14 [ 145.046986][ T5342] Bluetooth: hci5: command 0x0405 tx timeout [ 145.216127][ T7850] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 145.330752][ T7892] €Â: renamed from bridge_slave_0 (while UP) [ 145.774900][ T5342] Bluetooth: hci1: unexpected event 0x09 length: 10 > 3 [ 145.774964][ T5342] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 146.190908][ T7910] FAULT_INJECTION: forcing a failure. [ 146.190908][ T7910] name failslab, interval 1, probability 0, space 0, times 0 [ 146.197751][ T7910] CPU: 0 UID: 0 PID: 7910 Comm: syz.0.753 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 146.201052][ T7910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 146.204406][ T7910] Call Trace: [ 146.205487][ T7910] [ 146.206436][ T7910] dump_stack_lvl+0x16c/0x1f0 [ 146.207925][ T7910] should_fail_ex+0x497/0x5b0 [ 146.209410][ T7910] ? fs_reclaim_acquire+0xae/0x150 [ 146.211025][ T7910] should_failslab+0xc2/0x120 [ 146.212632][ T7910] __kmalloc_noprof+0xcb/0x400 [ 146.214161][ T7910] ? d_absolute_path+0x137/0x1b0 [ 146.215777][ T7910] tomoyo_encode2+0x100/0x3e0 [ 146.217317][ T7910] tomoyo_encode+0x29/0x50 [ 146.218762][ T7910] tomoyo_realpath_from_path+0x19d/0x720 [ 146.220595][ T7910] tomoyo_path_number_perm+0x245/0x590 [ 146.222389][ T7910] ? tomoyo_path_number_perm+0x232/0x590 [ 146.224171][ T7910] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 146.226295][ T7910] ? trace_lock_acquire+0x14a/0x1d0 [ 146.227988][ T7910] ? lock_acquire+0x2f/0xb0 [ 146.229466][ T7910] ? __fget_files+0x40/0x3f0 [ 146.230982][ T7910] ? __fget_files+0x244/0x3f0 [ 146.232514][ T7910] security_file_ioctl+0x9b/0x240 [ 146.234130][ T7910] __x64_sys_ioctl+0xbb/0x220 [ 146.235698][ T7910] do_syscall_64+0xcd/0x250 [ 146.237177][ T7910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.239095][ T7910] RIP: 0033:0x7fcc2317dff9 [ 146.240544][ T7910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.246565][ T7910] RSP: 002b:00007fcc23eec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 146.249181][ T7910] RAX: ffffffffffffffda RBX: 00007fcc23335f80 RCX: 00007fcc2317dff9 [ 146.251747][ T7910] RDX: 0000000000000002 RSI: 000000000000540b RDI: 0000000000000004 [ 146.254274][ T7910] RBP: 00007fcc23eec090 R08: 0000000000000000 R09: 0000000000000000 [ 146.256998][ T7910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.259655][ T7910] R13: 0000000000000000 R14: 00007fcc23335f80 R15: 00007ffdec91d288 [ 146.262195][ T7910] [ 146.264811][ T7910] ERROR: Out of memory at tomoyo_realpath_from_path. [ 146.338280][ T7917] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 146.345162][ T7917] CIFS mount error: No usable UNC path provided in device string! [ 146.345162][ T7917] [ 146.354209][ T7917] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 146.359231][ T7917] overlayfs: missing 'lowerdir' [ 146.396744][ T7916] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 146.460539][ T7927] FAULT_INJECTION: forcing a failure. [ 146.460539][ T7927] name failslab, interval 1, probability 0, space 0, times 0 [ 146.464477][ T7927] CPU: 0 UID: 0 PID: 7927 Comm: syz.0.759 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 146.467166][ T7927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 146.469860][ T7927] Call Trace: [ 146.470725][ T7927] [ 146.471478][ T7927] dump_stack_lvl+0x16c/0x1f0 [ 146.472719][ T7927] should_fail_ex+0x497/0x5b0 [ 146.474414][ T7927] ? fs_reclaim_acquire+0xae/0x150 [ 146.475967][ T7927] should_failslab+0xc2/0x120 [ 146.477420][ T7927] kmem_cache_alloc_node_noprof+0x71/0x310 [ 146.479241][ T7927] ? __alloc_skb+0x2b1/0x380 [ 146.480488][ T7927] __alloc_skb+0x2b1/0x380 [ 146.481633][ T7927] ? __pfx___alloc_skb+0x10/0x10 [ 146.482906][ T7927] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 146.484467][ T7927] netlink_alloc_large_skb+0x69/0x130 [ 146.485844][ T7927] netlink_sendmsg+0x689/0xd70 [ 146.487085][ T7927] ? __pfx_netlink_sendmsg+0x10/0x10 [ 146.488391][ T7927] ? __import_iovec+0x1fd/0x6e0 [ 146.489632][ T7927] ____sys_sendmsg+0xaaf/0xc90 [ 146.490871][ T7927] ? copy_msghdr_from_user+0x10b/0x160 [ 146.492314][ T7927] ? __pfx_____sys_sendmsg+0x10/0x10 [ 146.493803][ T39] audit: type=1400 audit(1728925808.027:605): avc: denied { setopt } for pid=7929 comm="syz.2.761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 146.493949][ T7927] ? __pfx___lock_acquire+0x10/0x10 [ 146.501428][ T7930] netlink: 84 bytes leftover after parsing attributes in process `syz.2.761'. [ 146.501489][ T7927] ___sys_sendmsg+0x135/0x1e0 [ 146.505868][ T7927] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.507595][ T7927] ? lock_acquire+0x2f/0xb0 [ 146.508893][ T7927] ? __fget_files+0x40/0x3f0 [ 146.510374][ T7927] ? fdget+0x176/0x210 [ 146.511625][ T7927] __sys_sendmsg+0x117/0x1f0 [ 146.512813][ T7927] ? __pfx___sys_sendmsg+0x10/0x10 [ 146.514097][ T7927] ? __fget_files+0x244/0x3f0 [ 146.515338][ T7927] do_syscall_64+0xcd/0x250 [ 146.516521][ T7927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.518509][ T7927] RIP: 0033:0x7fcc2317dff9 [ 146.520009][ T7927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.525954][ T7927] RSP: 002b:00007fcc23eec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.528069][ T7927] RAX: ffffffffffffffda RBX: 00007fcc23335f80 RCX: 00007fcc2317dff9 [ 146.530063][ T7927] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 146.532063][ T7927] RBP: 00007fcc23eec090 R08: 0000000000000000 R09: 0000000000000000 [ 146.534276][ T7927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.536694][ T7927] R13: 0000000000000000 R14: 00007fcc23335f80 R15: 00007ffdec91d288 [ 146.538773][ T7927] [ 146.542100][ T39] audit: type=1400 audit(1728925808.107:606): avc: denied { setopt } for pid=7931 comm="syz.2.762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 146.542205][ T5342] Bluetooth: hci4: unexpected event 0x09 length: 10 > 3 [ 146.550623][ T5342] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 147.126169][ T5339] Bluetooth: hci5: command 0x0405 tx timeout [ 147.376233][ T7936] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 147.378119][ T7936] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 147.381333][ T7936] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 148.496451][ T7962] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 148.498108][ T7962] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 148.499741][ T7962] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 149.247705][ T7995] netlink: 24 bytes leftover after parsing attributes in process `syz.0.781'. [ 149.513042][ T39] audit: type=1400 audit(1728925811.077:607): avc: denied { setopt } for pid=7996 comm="syz.2.782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 149.766178][ T5342] Bluetooth: hci1: command 0x040f tx timeout [ 150.566259][ T5339] Bluetooth: hci4: command 0x0419 tx timeout [ 150.568579][ T5342] Bluetooth: hci5: command 0x0405 tx timeout [ 150.644540][ T8018] vivid-000: ================= START STATUS ================= [ 150.647426][ T8018] vivid-000: Radio HW Seek Mode: Bounded [ 150.649668][ T8018] vivid-000: Radio Programmable HW Seek: false [ 150.654438][ T8018] vivid-000: RDS Rx I/O Mode: Block I/O [ 150.656802][ T8018] vivid-000: Generate RBDS Instead of RDS: false [ 150.659888][ T8018] vivid-000: RDS Reception: true [ 150.662125][ T8018] vivid-000: RDS Program Type: 0 inactive [ 150.682452][ T8018] vivid-000: RDS PS Name: inactive [ 150.687865][ T8018] vivid-000: RDS Radio Text: inactive [ 150.690054][ T8018] vivid-000: RDS Traffic Announcement: false inactive [ 150.694764][ T8018] vivid-000: RDS Traffic Program: false inactive [ 150.713817][ T8018] vivid-000: RDS Music: false inactive [ 150.716164][ T8018] vivid-000: ================== END STATUS ================== [ 150.765877][ T8023] netlink: 44 bytes leftover after parsing attributes in process `syz.3.788'. [ 150.765922][ T8023] netlink: 47 bytes leftover after parsing attributes in process `syz.3.788'. [ 150.765930][ T8023] netlink: 'syz.3.788': attribute type 5 has an invalid length. [ 150.823210][ T8029] vivid-002: ================= START STATUS ================= [ 150.823224][ T8029] vivid-002: Radio HW Seek Mode: Bounded [ 150.823305][ T8029] vivid-002: Radio Programmable HW Seek: false [ 150.823319][ T8029] vivid-002: RDS Rx I/O Mode: Block I/O [ 150.823388][ T8029] vivid-002: Generate RBDS Instead of RDS: false [ 150.823401][ T8029] vivid-002: RDS Reception: true [ 150.823473][ T8029] vivid-002: RDS Program Type: 0 inactive [ 150.823490][ T8029] vivid-002: RDS PS Name: inactive [ 150.823581][ T8029] vivid-002: RDS Radio Text: inactive [ 150.823663][ T8029] vivid-002: RDS Traffic Announcement: false inactive [ 150.823682][ T8029] vivid-002: RDS Traffic Program: false inactive [ 150.823697][ T8029] vivid-002: RDS Music: false inactive [ 150.823713][ T8029] vivid-002: ================== END STATUS ================== [ 150.836794][ T8007] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 150.836931][ T8007] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 150.837042][ T8007] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 150.850216][ T39] audit: type=1400 audit(1728925812.417:608): avc: denied { bind } for pid=8019 comm="syz.0.789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 150.857118][ T39] audit: type=1400 audit(1728925812.427:609): avc: denied { listen } for pid=8019 comm="syz.0.789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 150.910466][ T39] audit: type=1400 audit(1728925812.437:610): avc: denied { write } for pid=8019 comm="syz.0.789" path="socket:[21420]" dev="sockfs" ino=21420 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 151.856123][ T6782] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 151.896249][ T5344] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 152.048052][ T5344] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 152.051496][ T5344] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.055127][ T5344] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 152.058591][ T5344] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.069636][ T5344] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 152.072830][ T5344] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 152.075591][ T5344] usb 8-1: Product: syz [ 152.078346][ T5344] usb 8-1: Manufacturer: syz [ 152.083068][ T5344] cdc_wdm 8-1:1.0: skipping garbage [ 152.084430][ T5344] cdc_wdm 8-1:1.0: skipping garbage [ 152.086104][ T5342] Bluetooth: hci1: command 0x040f tx timeout [ 152.086330][ T5344] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 152.089674][ T5344] cdc_wdm 8-1:1.0: Unknown control protocol [ 152.186940][ T8051] FAULT_INJECTION: forcing a failure. [ 152.186940][ T8051] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.191551][ T8051] CPU: 2 UID: 0 PID: 8051 Comm: syz.0.796 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 152.195250][ T8051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 152.199034][ T8051] Call Trace: [ 152.200215][ T8051] [ 152.201274][ T8051] dump_stack_lvl+0x16c/0x1f0 [ 152.203054][ T8051] should_fail_ex+0x497/0x5b0 [ 152.204676][ T8051] _copy_from_user+0x30/0xf0 [ 152.206301][ T8051] copy_msghdr_from_user+0x99/0x160 [ 152.208102][ T8051] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 152.210165][ T8051] ? find_held_lock+0x2d/0x110 [ 152.211908][ T8051] ___sys_recvmsg+0xdc/0x1a0 [ 152.213608][ T8051] ? __pfx____sys_recvmsg+0x10/0x10 [ 152.215404][ T8051] ? lock_acquire+0x2f/0xb0 [ 152.216962][ T8051] ? fdget+0x176/0x210 [ 152.218379][ T8051] do_recvmmsg+0x2ba/0x750 [ 152.219922][ T8051] ? __pfx_do_recvmmsg+0x10/0x10 [ 152.221607][ T8051] ? __might_fault+0xe3/0x190 [ 152.223249][ T8051] ? __might_fault+0xe3/0x190 [ 152.224869][ T8051] ? __pfx_get_timespec64+0x10/0x10 [ 152.226791][ T8051] ? __fget_files+0x244/0x3f0 [ 152.227496][ T6782] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 152.228417][ T8051] __x64_sys_recvmmsg+0x1a6/0x290 [ 152.230575][ T6782] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.231853][ T8051] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 152.234381][ T6782] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 152.235765][ T8051] do_syscall_64+0xcd/0x250 [ 152.238111][ T6782] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.239255][ T8051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.243192][ T6782] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 152.243984][ T8051] RIP: 0033:0x7fcc2317dff9 [ 152.246250][ T6782] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 152.247754][ T8051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.249852][ T6782] usb 7-1: Product: syz [ 152.256324][ T8051] RSP: 002b:00007fcc23eec038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 152.256350][ T8051] RAX: ffffffffffffffda RBX: 00007fcc23335f80 RCX: 00007fcc2317dff9 [ 152.256364][ T8051] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003 [ 152.256375][ T8051] RBP: 00007fcc23eec090 R08: 0000000020003700 R09: 0000000000000000 [ 152.256388][ T8051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.256399][ T8051] R13: 0000000000000000 R14: 00007fcc23335f80 R15: 00007ffdec91d288 [ 152.256424][ T8051] [ 152.271442][ T6782] usb 7-1: Manufacturer: syz [ 152.276851][ T6782] cdc_wdm 7-1:1.0: skipping garbage [ 152.278218][ T6782] cdc_wdm 7-1:1.0: skipping garbage [ 152.280230][ T6782] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 152.281707][ T6782] cdc_wdm 7-1:1.0: Unknown control protocol [ 152.288925][ T5344] usb 8-1: USB disconnect, device number 13 [ 152.483480][ T5344] usb 7-1: USB disconnect, device number 10 [ 152.886230][ T5342] Bluetooth: hci5: command 0x0405 tx timeout [ 152.886250][ T5339] Bluetooth: hci4: command 0x0419 tx timeout [ 152.919185][ T8069] binder: 8068:8069 ioctl c0306201 200002c0 returned -14 [ 153.091989][ T8079] FAULT_INJECTION: forcing a failure. [ 153.091989][ T8079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.097992][ T8079] CPU: 3 UID: 0 PID: 8079 Comm: syz.2.806 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 153.101373][ T8079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 153.104818][ T8079] Call Trace: [ 153.105917][ T8079] [ 153.106904][ T8079] dump_stack_lvl+0x16c/0x1f0 [ 153.108458][ T8079] should_fail_ex+0x497/0x5b0 [ 153.110030][ T8079] _copy_from_user+0x30/0xf0 [ 153.111575][ T8079] memdup_user_nul+0x72/0x110 [ 153.113125][ T8079] sel_commit_bools_write+0x13f/0x430 [ 153.114895][ T8079] ? __pfx_sel_commit_bools_write+0x10/0x10 [ 153.116782][ T8079] ? __pfx_sel_commit_bools_write+0x10/0x10 [ 153.118703][ T8079] vfs_write+0x28e/0x1140 [ 153.119806][ T8079] ? __fget_files+0x23a/0x3f0 [ 153.121002][ T8079] ? __pfx_lock_release+0x10/0x10 [ 153.122309][ T8079] ? trace_lock_acquire+0x14a/0x1d0 [ 153.123600][ T8079] ? __pfx_vfs_write+0x10/0x10 [ 153.124851][ T8079] ? lock_acquire+0x2f/0xb0 [ 153.126345][ T8079] ? __fget_files+0x40/0x3f0 [ 153.127860][ T8079] ? __fget_files+0x244/0x3f0 [ 153.129401][ T8079] __x64_sys_pwrite64+0x200/0x260 [ 153.130835][ T8079] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 153.132221][ T8079] do_syscall_64+0xcd/0x250 [ 153.133640][ T8079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.135544][ T8079] RIP: 0033:0x7f0748d7dff9 [ 153.136994][ T8079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.142732][ T8079] RSP: 002b:00007f0749c18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 153.145445][ T8079] RAX: ffffffffffffffda RBX: 00007f0748f35f80 RCX: 00007f0748d7dff9 [ 153.147543][ T8079] RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003 [ 153.149459][ T8079] RBP: 00007f0749c18090 R08: 0000000000000000 R09: 0000000000000000 [ 153.151422][ T8079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.153371][ T8079] R13: 0000000000000000 R14: 00007f0748f35f80 R15: 00007fffe905a888 [ 153.155364][ T8079] [ 153.364430][ T39] audit: type=1400 audit(1728925814.927:611): avc: denied { read } for pid=8084 comm="syz.0.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 153.435667][ T39] audit: type=1400 audit(1728925814.997:612): avc: denied { mounton } for pid=8086 comm="syz.2.809" path="/88/file1" dev="tmpfs" ino=489 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 153.447337][ T39] audit: type=1400 audit(1728925815.017:613): avc: denied { read } for pid=4816 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 153.449676][ T8089] syz.2.809: attempt to access beyond end of device [ 153.449676][ T8089] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 153.453880][ T39] audit: type=1400 audit(1728925815.017:614): avc: denied { search } for pid=4816 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 153.460149][ T8089] (syz.2.809,8089,3):ocfs2_get_sector:1769 ERROR: status = -5 [ 153.463716][ T39] audit: type=1400 audit(1728925815.017:615): avc: denied { append } for pid=4816 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 153.466115][ T8089] (syz.2.809,8089,3):ocfs2_sb_probe:749 ERROR: status = -5 [ 153.472832][ T39] audit: type=1400 audit(1728925815.017:616): avc: denied { open } for pid=4816 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 153.475520][ T8089] (syz.2.809,8089,3):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 153.482817][ T8089] (syz.2.809,8089,3):ocfs2_fill_super:1178 ERROR: status = -5 [ 153.514823][ T8091] syz.2.809: attempt to access beyond end of device [ 153.514823][ T8091] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 153.521979][ T8091] syz.2.809: attempt to access beyond end of device [ 153.521979][ T8091] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 153.528164][ T8091] Mount JFS Failure: -5 [ 153.529730][ T8091] jfs_mount failed w/return code = -5 [ 154.518461][ T39] kauditd_printk_skb: 42 callbacks suppressed [ 154.519918][ T8105] netlink: 32 bytes leftover after parsing attributes in process `syz.2.813'. [ 154.521256][ T39] audit: type=1400 audit(1728925816.087:659): avc: denied { write } for pid=8100 comm="syz.2.813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 154.531762][ T39] audit: type=1400 audit(1728925816.087:660): avc: denied { nlmsg_write } for pid=8100 comm="syz.2.813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 154.568163][ T39] audit: type=1400 audit(1728925816.137:661): avc: denied { sys_module } for pid=8100 comm="syz.2.813" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 154.587832][ T39] audit: type=1400 audit(1728925816.157:662): avc: denied { ioctl } for pid=8098 comm="syz.1.812" path="/dev/raw-gadget" dev="devtmpfs" ino=761 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 154.848459][ T5344] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 154.966066][ T5339] Bluetooth: hci5: command 0x0405 tx timeout [ 155.039525][ T5344] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 155.042172][ T5344] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.045349][ T5344] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 155.049063][ T5344] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.053303][ T5344] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 155.055924][ T5344] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 155.058181][ T5344] usb 6-1: Product: syz [ 155.059283][ T5344] usb 6-1: Manufacturer: syz [ 155.074387][ T5344] cdc_wdm 6-1:1.0: skipping garbage [ 155.075903][ T5344] cdc_wdm 6-1:1.0: skipping garbage [ 155.081323][ T5344] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 155.082916][ T5344] cdc_wdm 6-1:1.0: Unknown control protocol [ 155.209470][ T39] audit: type=1400 audit(1728925816.777:663): avc: denied { unmount } for pid=5332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 155.276313][ T6446] usb 6-1: USB disconnect, device number 8 [ 155.404772][ T39] audit: type=1400 audit(1728925816.967:664): avc: denied { read write } for pid=8110 comm="syz.3.815" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 155.413956][ T39] audit: type=1400 audit(1728925816.967:665): avc: denied { open } for pid=8110 comm="syz.3.815" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 155.426313][ T39] audit: type=1400 audit(1728925816.967:666): avc: denied { ioctl } for pid=8110 comm="syz.3.815" path="/dev/ndctl0" dev="devtmpfs" ino=109 ioctlcmd=0x640a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 155.629230][ T39] audit: type=1400 audit(1728925817.197:667): avc: denied { append } for pid=8112 comm="syz.2.816" name="001" dev="devtmpfs" ino=726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 155.846340][ T39] audit: type=1400 audit(1728925817.417:668): avc: denied { map_read map_write } for pid=8118 comm="syz.1.818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 155.916181][ T8120] binder: 8118:8120 ioctl c0306201 200002c0 returned -14 [ 157.056049][ T5339] Bluetooth: hci5: command 0x0405 tx timeout [ 157.130772][ T8125] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 157.133142][ T8125] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 157.135402][ T8125] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 157.194286][ T8148] usb 2-1: USB disconnect, device number 2 [ 157.287365][ T8154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.829'. [ 157.291027][ T8154] hub 2-0:1.0: USB hub found [ 157.292387][ T8154] hub 2-0:1.0: 6 ports detected [ 157.468106][ T8] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 157.616092][ T5378] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 157.650482][ T8] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 157.653762][ T8] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 157.656859][ T8] usb 2-1: Product: QEMU USB Tablet [ 157.658757][ T8] usb 2-1: Manufacturer: QEMU [ 157.660541][ T8] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 157.683268][ T8] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0004/input/input69 [ 157.761665][ T8] hid-generic 0003:0627:0001.0004: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 157.797319][ T5378] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 157.799588][ T5378] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 157.802203][ T5378] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 157.804499][ T5378] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.808630][ T5378] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 157.811224][ T5378] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 157.813386][ T5378] usb 5-1: Product: syz [ 157.814545][ T5378] usb 5-1: Manufacturer: syz [ 157.817852][ T5378] cdc_wdm 5-1:1.0: skipping garbage [ 157.819277][ T5378] cdc_wdm 5-1:1.0: skipping garbage [ 157.821322][ T5378] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 157.822895][ T5378] cdc_wdm 5-1:1.0: Unknown control protocol [ 158.084503][ T5377] usb 5-1: USB disconnect, device number 10 [ 158.196916][ T8163] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 158.298015][ T5339] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 158.341357][ T5342] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 158.350093][ T5342] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 158.353870][ T5342] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 158.357892][ T5342] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 158.361822][ T5342] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 158.364895][ T5342] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 158.383529][ T8179] netlink: 16 bytes leftover after parsing attributes in process `syz.1.840'. [ 158.406652][ T5342] Bluetooth: hci1: command 0x040f tx timeout [ 158.426778][ T8184] netlink: 'syz.1.841': attribute type 1 has an invalid length. [ 158.426805][ T8184] netlink: 224 bytes leftover after parsing attributes in process `syz.1.841'. [ 158.454591][ T8175] chnl_net:caif_netlink_parms(): no params data found [ 158.465608][ T8189] FAULT_INJECTION: forcing a failure. [ 158.465608][ T8189] name failslab, interval 1, probability 0, space 0, times 0 [ 158.469495][ T8189] CPU: 1 UID: 0 PID: 8189 Comm: syz.1.843 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 158.472241][ T8189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.474982][ T8189] Call Trace: [ 158.475868][ T8189] [ 158.476651][ T8189] dump_stack_lvl+0x16c/0x1f0 [ 158.477949][ T8189] should_fail_ex+0x497/0x5b0 [ 158.479205][ T8189] ? fs_reclaim_acquire+0xae/0x150 [ 158.480560][ T8189] should_failslab+0xc2/0x120 [ 158.481808][ T8189] kmem_cache_alloc_node_noprof+0x71/0x310 [ 158.483355][ T8189] ? __alloc_skb+0x2b1/0x380 [ 158.484681][ T8189] __alloc_skb+0x2b1/0x380 [ 158.486318][ T8189] ? __pfx___alloc_skb+0x10/0x10 [ 158.488096][ T8189] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 158.489982][ T8189] netlink_alloc_large_skb+0x69/0x130 [ 158.491408][ T8189] netlink_sendmsg+0x689/0xd70 [ 158.492680][ T8189] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.494063][ T8189] ? __import_iovec+0x1fd/0x6e0 [ 158.495375][ T8189] ____sys_sendmsg+0xaaf/0xc90 [ 158.496631][ T8189] ? copy_msghdr_from_user+0x10b/0x160 [ 158.498048][ T8189] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.499407][ T8189] ? __pfx___lock_acquire+0x10/0x10 [ 158.500719][ T8189] ___sys_sendmsg+0x135/0x1e0 [ 158.501938][ T8189] ? __pfx____sys_sendmsg+0x10/0x10 [ 158.503270][ T8189] ? lock_acquire+0x2f/0xb0 [ 158.504446][ T8189] ? __fget_files+0x40/0x3f0 [ 158.505651][ T8189] ? fdget+0x176/0x210 [ 158.506726][ T8189] __sys_sendmsg+0x117/0x1f0 [ 158.507941][ T8189] ? __pfx___sys_sendmsg+0x10/0x10 [ 158.509259][ T8189] ? __fget_files+0x244/0x3f0 [ 158.510500][ T8189] do_syscall_64+0xcd/0x250 [ 158.511702][ T8189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.513230][ T8189] RIP: 0033:0x7fcc2b17dff9 [ 158.514423][ T8189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.519625][ T8189] RSP: 002b:00007fcc2beea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.521663][ T8189] RAX: ffffffffffffffda RBX: 00007fcc2b335f80 RCX: 00007fcc2b17dff9 [ 158.523661][ T8189] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 158.525645][ T8189] RBP: 00007fcc2beea090 R08: 0000000000000000 R09: 0000000000000000 [ 158.528104][ T8189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.530152][ T8189] R13: 0000000000000000 R14: 00007fcc2b335f80 R15: 00007ffe8fdc5158 [ 158.532204][ T8189] [ 158.574742][ T8175] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.577111][ T8175] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.579827][ T8175] bridge_slave_0: entered allmulticast mode [ 158.581860][ T8175] bridge_slave_0: entered promiscuous mode [ 158.584569][ T8175] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.588226][ T8175] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.590478][ T8175] bridge_slave_1: entered allmulticast mode [ 158.594859][ T8175] bridge_slave_1: entered promiscuous mode [ 158.608297][ T8195] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 158.630491][ T8175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.638507][ T8175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.660872][ T5342] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 158.707430][ T8175] team0: Port device team_slave_0 added [ 158.714752][ T8175] team0: Port device team_slave_1 added [ 158.746884][ T8175] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.748766][ T8175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.755314][ T8175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.761425][ T8175] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.761537][ T8203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.763199][ T8175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.763214][ T8175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.807021][ T8175] hsr_slave_0: entered promiscuous mode [ 158.810707][ T8175] hsr_slave_1: entered promiscuous mode [ 158.904162][ T8175] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.971073][ T8175] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.048333][ T8175] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.079005][ T8208] netlink: 16 bytes leftover after parsing attributes in process `syz.2.849'. [ 159.144687][ T8175] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.206132][ T5342] Bluetooth: hci5: command 0x0405 tx timeout [ 159.206167][ T5339] Bluetooth: hci4: command 0x0419 tx timeout [ 159.272064][ T8175] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 159.275803][ T8175] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 159.279257][ T8175] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 159.282314][ T8175] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 159.303885][ T8175] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.306426][ T8175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.309015][ T8175] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.311456][ T8175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.345868][ T8175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.354509][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.357797][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.372103][ T8175] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.380743][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.382689][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.392099][ T1103] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.394506][ T1103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.416060][ T8] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 159.423769][ T8175] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 159.426703][ T8175] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.505593][ T8218] FAULT_INJECTION: forcing a failure. [ 159.505593][ T8218] name failslab, interval 1, probability 0, space 0, times 0 [ 159.509661][ T8218] CPU: 3 UID: 0 PID: 8218 Comm: syz.0.852 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 159.513594][ T8218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 159.517649][ T8218] Call Trace: [ 159.519057][ T8218] [ 159.520294][ T8218] dump_stack_lvl+0x16c/0x1f0 [ 159.522660][ T8218] should_fail_ex+0x497/0x5b0 [ 159.524146][ T8218] ? fs_reclaim_acquire+0xae/0x150 [ 159.525505][ T8218] should_failslab+0xc2/0x120 [ 159.527064][ T8218] __kmalloc_noprof+0xcb/0x400 [ 159.528864][ T8218] tomoyo_encode2+0x100/0x3e0 [ 159.530590][ T8218] tomoyo_encode+0x29/0x50 [ 159.532276][ T8218] tomoyo_realpath_from_path+0x19d/0x720 [ 159.534465][ T8218] ? tomoyo_path_number_perm+0x232/0x590 [ 159.536882][ T8218] tomoyo_path_number_perm+0x245/0x590 [ 159.539121][ T8218] ? tomoyo_path_number_perm+0x232/0x590 [ 159.541440][ T8218] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 159.543369][ T8218] ? trace_lock_acquire+0x14a/0x1d0 [ 159.544964][ T8218] ? lock_acquire+0x2f/0xb0 [ 159.546396][ T8218] ? __fget_files+0x40/0x3f0 [ 159.547811][ T8218] ? __fget_files+0x244/0x3f0 [ 159.549261][ T8218] security_file_ioctl+0x9b/0x240 [ 159.550811][ T8218] __x64_sys_ioctl+0xbb/0x220 [ 159.552280][ T8218] do_syscall_64+0xcd/0x250 [ 159.553686][ T8218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.555704][ T8218] RIP: 0033:0x7fcc2317dff9 [ 159.557529][ T8218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.564615][ T8218] RSP: 002b:00007fcc23ecb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 159.567044][ T8218] RAX: ffffffffffffffda RBX: 00007fcc23336058 RCX: 00007fcc2317dff9 [ 159.569277][ T8218] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 159.571610][ T8218] RBP: 00007fcc23ecb090 R08: 0000000000000000 R09: 0000000000000000 [ 159.573915][ T8218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.576290][ T8218] R13: 0000000000000000 R14: 00007fcc23336058 R15: 00007ffdec91d288 [ 159.578849][ T8218] [ 159.588123][ T8218] ERROR: Out of memory at tomoyo_realpath_from_path. [ 159.617629][ T8] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 159.620497][ T8] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 159.623764][ T8] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 159.626431][ T8] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.643875][ T8] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 159.646381][ T8] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 159.648401][ T8] usb 7-1: Product: syz [ 159.649479][ T8] usb 7-1: Manufacturer: syz [ 159.659418][ T8221] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 159.686584][ T8] cdc_wdm 7-1:1.0: skipping garbage [ 159.688536][ T8] cdc_wdm 7-1:1.0: skipping garbage [ 159.705173][ T8] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 159.716386][ T8] cdc_wdm 7-1:1.0: Unknown control protocol [ 159.748331][ T8175] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.763295][ T8230] netlink: 'syz.0.856': attribute type 1 has an invalid length. [ 159.766156][ T8230] netlink: 224 bytes leftover after parsing attributes in process `syz.0.856'. [ 159.795886][ T12] bridge_slave_1: left allmulticast mode [ 159.798770][ T12] bridge_slave_1: left promiscuous mode [ 159.801180][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.806390][ T12] bridge_slave_0: left allmulticast mode [ 159.808101][ T12] bridge_slave_0: left promiscuous mode [ 159.809618][ T39] kauditd_printk_skb: 56 callbacks suppressed [ 159.809628][ T39] audit: type=1400 audit(1728925821.377:725): avc: denied { mounton } for pid=8227 comm="syz.1.855" path="/proc/375/task" dev="proc" ino=23731 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 159.810105][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.811602][ T39] audit: type=1400 audit(1728925821.377:726): avc: denied { mount } for pid=8227 comm="syz.1.855" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 159.879751][ T5378] usb 7-1: USB disconnect, device number 11 [ 160.188224][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.197731][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.204387][ T12] bond0 (unregistering): Released all slaves [ 160.217279][ T12] bond1 (unregistering): Released all slaves [ 160.231502][ T8175] veth0_vlan: entered promiscuous mode [ 160.238037][ T8175] veth1_vlan: entered promiscuous mode [ 160.251782][ T8175] veth0_macvtap: entered promiscuous mode [ 160.257252][ T8175] veth1_macvtap: entered promiscuous mode [ 160.267482][ T8175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.270366][ T8175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.273070][ T8175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.276429][ T8175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.282781][ T8175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.286089][ T8175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.292757][ T8175] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 160.304885][ T8175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.309737][ T8175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.313396][ T8175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.317376][ T8175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.320960][ T8175] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 160.323278][ T12] tipc: Disabling bearer [ 160.330677][ T12] tipc: Left network mode [ 160.335231][ T8175] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.337923][ T8175] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.340198][ T8175] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.342659][ T8175] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.416082][ T65] Bluetooth: hci2: command tx timeout [ 160.608974][ T12] hsr_slave_0: left promiscuous mode [ 160.611052][ T12] hsr_slave_1: left promiscuous mode [ 160.613046][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.615063][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.631323][ T12] veth1_macvtap: left promiscuous mode [ 160.632886][ T12] veth0_macvtap: left promiscuous mode [ 160.634423][ T12] veth1_vlan: left promiscuous mode [ 160.635818][ T12] veth0_vlan: left promiscuous mode [ 160.638580][ T8235] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 160.640881][ T8235] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 160.643122][ T8235] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 160.645223][ T8235] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 160.698001][ T8235] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 161.004038][ T8249] cgroup: Need name or subsystem set [ 161.065421][ T8253] FAULT_INJECTION: forcing a failure. [ 161.065421][ T8253] name failslab, interval 1, probability 0, space 0, times 0 [ 161.069166][ T8253] CPU: 1 UID: 0 PID: 8253 Comm: syz.0.862 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 161.072861][ T8253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.076658][ T8253] Call Trace: [ 161.077846][ T8253] [ 161.078890][ T8253] dump_stack_lvl+0x16c/0x1f0 [ 161.080606][ T8253] should_fail_ex+0x497/0x5b0 [ 161.082469][ T8253] ? fs_reclaim_acquire+0xae/0x150 [ 161.083827][ T8253] should_failslab+0xc2/0x120 [ 161.085090][ T8253] kmem_cache_alloc_node_noprof+0x71/0x310 [ 161.086657][ T8253] ? __alloc_skb+0x2b1/0x380 [ 161.088314][ T8253] __alloc_skb+0x2b1/0x380 [ 161.089807][ T8253] ? __pfx___alloc_skb+0x10/0x10 [ 161.091455][ T8253] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 161.093122][ T8253] netlink_alloc_large_skb+0x69/0x130 [ 161.094890][ T8253] netlink_sendmsg+0x689/0xd70 [ 161.096540][ T8253] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.098282][ T8253] ? __import_iovec+0x1fd/0x6e0 [ 161.100031][ T8253] ____sys_sendmsg+0xaaf/0xc90 [ 161.101645][ T8253] ? copy_msghdr_from_user+0x10b/0x160 [ 161.103389][ T8253] ? __pfx_____sys_sendmsg+0x10/0x10 [ 161.105154][ T8253] ? __pfx___lock_acquire+0x10/0x10 [ 161.106934][ T8253] ___sys_sendmsg+0x135/0x1e0 [ 161.108530][ T8253] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.110275][ T8253] ? lock_acquire+0x2f/0xb0 [ 161.111775][ T8253] ? __fget_files+0x40/0x3f0 [ 161.113298][ T8253] ? fdget+0x176/0x210 [ 161.114689][ T8253] __sys_sendmsg+0x117/0x1f0 [ 161.116194][ T8253] ? __pfx___sys_sendmsg+0x10/0x10 [ 161.117867][ T8253] ? __fget_files+0x244/0x3f0 [ 161.119459][ T8253] do_syscall_64+0xcd/0x250 [ 161.120947][ T8253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.123050][ T8253] RIP: 0033:0x7fcc2317dff9 [ 161.124539][ T8253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.130687][ T8253] RSP: 002b:00007fcc23eec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.133382][ T8253] RAX: ffffffffffffffda RBX: 00007fcc23335f80 RCX: 00007fcc2317dff9 [ 161.135955][ T8253] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 [ 161.138529][ T8253] RBP: 00007fcc23eec090 R08: 0000000000000000 R09: 0000000000000000 [ 161.141096][ T8253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.143689][ T8253] R13: 0000000000000000 R14: 00007fcc23335f80 R15: 00007ffdec91d288 [ 161.146297][ T8253] [ 161.486294][ T39] audit: type=1400 audit(1728925823.047:727): avc: denied { mount } for pid=8262 comm="syz.2.866" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 161.506068][ T39] audit: type=1400 audit(1728925823.067:728): avc: denied { read } for pid=8262 comm="syz.2.866" name="ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 161.605525][ T12] team0 (unregistering): Port device team_slave_1 removed [ 161.626265][ T5344] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 161.689385][ T12] team0 (unregistering): Port device team_slave_0 removed [ 161.783877][ T5344] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 161.786432][ T5344] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.790061][ T5344] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 161.792580][ T5344] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.797563][ T5344] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 161.800649][ T5344] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 161.803348][ T5344] usb 5-1: Product: syz [ 161.805047][ T5344] usb 5-1: Manufacturer: syz [ 161.814442][ T5344] cdc_wdm 5-1:1.0: skipping garbage [ 161.817339][ T5344] cdc_wdm 5-1:1.0: skipping garbage [ 161.819924][ T5344] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 161.822211][ T5344] cdc_wdm 5-1:1.0: Unknown control protocol [ 162.015856][ T5344] usb 5-1: USB disconnect, device number 11 [ 162.364834][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.367760][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.387959][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.390776][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.405557][ T39] audit: type=1400 audit(1728925823.967:729): avc: denied { mounton } for pid=8175 comm="syz-executor" path="/syzkaller.FqDLqF/syz-tmp" dev="sda1" ino=1945 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 162.406230][ T65] Bluetooth: hci4: command 0x0419 tx timeout [ 162.417801][ T39] audit: type=1400 audit(1728925823.967:730): avc: denied { mount } for pid=8175 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 162.425327][ T39] audit: type=1400 audit(1728925823.987:731): avc: denied { mounton } for pid=8175 comm="syz-executor" path="/syzkaller.FqDLqF/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 162.436892][ T39] audit: type=1400 audit(1728925823.987:732): avc: denied { mounton } for pid=8175 comm="syz-executor" path="/syzkaller.FqDLqF/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=23278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 162.446131][ T39] audit: type=1400 audit(1728925823.987:733): avc: denied { unmount } for pid=8175 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 162.452693][ T39] audit: type=1400 audit(1728925824.007:734): avc: denied { mounton } for pid=8175 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2384 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 162.554117][ T8276] FAULT_INJECTION: forcing a failure. [ 162.554117][ T8276] name failslab, interval 1, probability 0, space 0, times 0 [ 162.559314][ T8276] CPU: 3 UID: 0 PID: 8276 Comm: syz.2.868 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 162.562869][ T8276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 162.566484][ T8276] Call Trace: [ 162.567781][ T8276] [ 162.568914][ T8276] dump_stack_lvl+0x16c/0x1f0 [ 162.570610][ T8276] should_fail_ex+0x497/0x5b0 [ 162.572262][ T8276] ? fs_reclaim_acquire+0xae/0x150 [ 162.573850][ T8276] should_failslab+0xc2/0x120 [ 162.575130][ T8276] kmem_cache_alloc_node_noprof+0x71/0x310 [ 162.576679][ T8276] ? __alloc_skb+0x2b1/0x380 [ 162.578189][ T8276] __alloc_skb+0x2b1/0x380 [ 162.579739][ T8276] ? __pfx___alloc_skb+0x10/0x10 [ 162.581531][ T8276] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 162.583955][ T8276] netlink_alloc_large_skb+0x69/0x130 [ 162.586238][ T8276] netlink_sendmsg+0x689/0xd70 [ 162.587959][ T8276] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.589907][ T8276] ? __import_iovec+0x1fd/0x6e0 [ 162.591673][ T8276] ____sys_sendmsg+0xaaf/0xc90 [ 162.593315][ T8276] ? copy_msghdr_from_user+0x10b/0x160 [ 162.595201][ T8276] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.596988][ T8276] ? __pfx___lock_acquire+0x10/0x10 [ 162.598951][ T8276] ___sys_sendmsg+0x135/0x1e0 [ 162.600632][ T8276] ? __pfx____sys_sendmsg+0x10/0x10 [ 162.602467][ T8276] ? lock_acquire+0x2f/0xb0 [ 162.604174][ T8276] ? __fget_files+0x40/0x3f0 [ 162.605919][ T8276] ? fdget+0x176/0x210 [ 162.607462][ T8276] __sys_sendmsg+0x117/0x1f0 [ 162.609042][ T8279] netlink: 24062 bytes leftover after parsing attributes in process `syz.0.869'. [ 162.609306][ T8276] ? __pfx___sys_sendmsg+0x10/0x10 [ 162.611924][ T8279] netlink: 188348 bytes leftover after parsing attributes in process `syz.0.869'. [ 162.613535][ T8276] ? __fget_files+0x244/0x3f0 [ 162.613565][ T8276] do_syscall_64+0xcd/0x250 [ 162.619171][ T8276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.620909][ T8276] RIP: 0033:0x7f0748d7dff9 [ 162.622341][ T8276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.622780][ T72] IPVS: starting estimator thread 0... [ 162.628571][ T8276] RSP: 002b:00007f0749bf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.628595][ T8276] RAX: ffffffffffffffda RBX: 00007f0748f36058 RCX: 00007f0748d7dff9 [ 162.628603][ T8276] RDX: 0000000025000000 RSI: 0000000020000100 RDI: 0000000000000005 [ 162.628610][ T8276] RBP: 00007f0749bf7090 R08: 0000000000000000 R09: 0000000000000000 [ 162.628616][ T8276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.628623][ T8276] R13: 0000000000000000 R14: 00007f0748f36058 R15: 00007fffe905a888 [ 162.628644][ T8276] [ 162.631406][ T65] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 162.636708][ T8270] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 162.651243][ T8270] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 162.754240][ T8286] netlink: 3 bytes leftover after parsing attributes in process `syz.1.870'. [ 162.757781][ T8286] 0ªX¹¦À: renamed from caif0 [ 162.765531][ T8286] 0ªX¹¦À: entered allmulticast mode [ 162.767660][ T8286] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 162.786276][ T8280] IPVS: using max 34 ests per chain, 81600 per kthread [ 162.916174][ T828] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 163.120630][ T828] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 90, changing to 10 [ 163.123655][ T828] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 50688, setting to 1024 [ 163.129896][ T828] usb 5-1: New USB device found, idVendor=fffc, idProduct=ffff, bcdDevice=ff.ff [ 163.132295][ T828] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 163.134522][ T828] usb 5-1: Product: syz [ 163.135644][ T828] usb 5-1: Manufacturer: syz [ 163.142514][ T828] usb 5-1: config 0 descriptor?? [ 163.587536][ T8292] FAULT_INJECTION: forcing a failure. [ 163.587536][ T8292] name failslab, interval 1, probability 0, space 0, times 0 [ 163.591870][ T8292] CPU: 2 UID: 0 PID: 8292 Comm: syz.1.873 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 163.595337][ T8292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.598936][ T8292] Call Trace: [ 163.600064][ T8292] [ 163.601076][ T8292] dump_stack_lvl+0x16c/0x1f0 [ 163.602679][ T8292] should_fail_ex+0x497/0x5b0 [ 163.604256][ T8292] ? fs_reclaim_acquire+0xae/0x150 [ 163.605980][ T8292] should_failslab+0xc2/0x120 [ 163.607597][ T8292] __kmalloc_noprof+0xcb/0x400 [ 163.609222][ T8292] ? d_absolute_path+0x137/0x1b0 [ 163.610925][ T8292] tomoyo_encode2+0x100/0x3e0 [ 163.612510][ T8292] tomoyo_encode+0x29/0x50 [ 163.614029][ T8292] tomoyo_realpath_from_path+0x19d/0x720 [ 163.615935][ T8292] tomoyo_path_number_perm+0x245/0x590 [ 163.618170][ T8292] ? tomoyo_path_number_perm+0x232/0x590 [ 163.620588][ T8292] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 163.622818][ T8292] ? trace_lock_acquire+0x14a/0x1d0 [ 163.624583][ T8292] ? lock_acquire+0x2f/0xb0 [ 163.626103][ T8292] ? __fget_files+0x40/0x3f0 [ 163.627652][ T8292] ? __fget_files+0x244/0x3f0 [ 163.629242][ T8292] security_file_ioctl+0x9b/0x240 [ 163.630915][ T8292] __x64_sys_ioctl+0xbb/0x220 [ 163.632486][ T8292] do_syscall_64+0xcd/0x250 [ 163.634029][ T8292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.635983][ T8292] RIP: 0033:0x7fcc2b17dff9 [ 163.637579][ T8292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.643931][ T8292] RSP: 002b:00007fcc2beea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.646671][ T8292] RAX: ffffffffffffffda RBX: 00007fcc2b335f80 RCX: 00007fcc2b17dff9 [ 163.648728][ T8292] RDX: 0000000020000100 RSI: 00000000c0405668 RDI: 0000000000000003 [ 163.651303][ T8292] RBP: 00007fcc2beea090 R08: 0000000000000000 R09: 0000000000000000 [ 163.653797][ T8292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.656307][ T8292] R13: 0000000000000000 R14: 00007fcc2b335f80 R15: 00007ffe8fdc5158 [ 163.658955][ T8292] [ 163.660086][ C2] vkms_vblank_simulate: vblank timer overrun [ 163.662340][ T8292] ERROR: Out of memory at tomoyo_realpath_from_path. [ 163.929071][ T828] usbhid 5-1:0.0: can't add hid device: -71 [ 163.932390][ T828] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 163.935141][ T828] usb 5-1: USB disconnect, device number 12 [ 163.991846][ T8311] tc_dump_action: action bad kind SYZFAIL: ShmemBuilder: too large output offset size=262144 consumed=389492 (errno 9: Bad file descriptor) [ 164.202399][ T45] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.777617][ T45] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.957891][ T45] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.024798][ T45] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.121489][ T39] kauditd_printk_skb: 25 callbacks suppressed [ 165.121504][ T39] audit: type=1400 audit(1728925826.687:760): avc: denied { read } for pid=5054 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 165.134169][ T45] bridge_slave_1: left allmulticast mode [ 165.135698][ T45] bridge_slave_1: left promiscuous mode [ 165.137320][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.140570][ T45] bridge_slave_0: left allmulticast mode [ 165.142116][ T45] bridge_slave_0: left promiscuous mode [ 165.144543][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.375654][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 165.381224][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.386719][ T45] bond0 (unregistering): Released all slaves [ 165.406635][ T39] audit: type=1400 audit(1728925826.977:761): avc: denied { search } for pid=5054 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 165.413131][ T39] audit: type=1400 audit(1728925826.977:762): avc: denied { read } for pid=5054 comm="dhcpcd" name="n77" dev="tmpfs" ino=3826 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 165.420725][ T39] audit: type=1400 audit(1728925826.977:763): avc: denied { open } for pid=5054 comm="dhcpcd" path="/run/udev/data/n77" dev="tmpfs" ino=3826 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 165.427404][ T39] audit: type=1400 audit(1728925826.977:764): avc: denied { getattr } for pid=5054 comm="dhcpcd" path="/run/udev/data/n77" dev="tmpfs" ino=3826 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 165.444372][ T39] audit: type=1400 audit(1728925827.007:765): avc: denied { read } for pid=8315 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 165.451641][ T39] audit: type=1400 audit(1728925827.007:766): avc: denied { open } for pid=8315 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 165.460519][ T39] audit: type=1400 audit(1728925827.007:767): avc: denied { getattr } for pid=8315 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 165.468862][ T39] audit: type=1400 audit(1728925827.027:768): avc: denied { write } for pid=8314 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1481 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 165.476553][ T39] audit: type=1400 audit(1728925827.027:769): avc: denied { add_name } for pid=8314 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 165.682243][ T45] hsr_slave_0: left promiscuous mode [ 165.685248][ T45] hsr_slave_1: left promiscuous mode [ 165.689119][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.691726][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.694674][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.697256][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.720819][ T45] veth1_macvtap: left promiscuous mode [ 165.722928][ T45] veth0_macvtap: left promiscuous mode [ 165.724507][ T45] veth1_vlan: left promiscuous mode [ 165.726538][ T45] veth0_vlan: left promiscuous mode [ 166.348895][ T45] team0 (unregistering): Port device team_slave_1 removed [ 166.413745][ T45] team0 (unregistering): Port device team_slave_0 removed [ 167.311339][ T45] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.397179][ T45] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.460224][ T45] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.507396][ T45] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.615873][ T45] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.678405][ T45] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.748003][ T45] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.817971][ T45] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.910850][ T45] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.994433][ T45] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.070740][ T45] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.169097][ T45] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.276342][ T45] bridge_slave_1: left allmulticast mode [ 168.277849][ T45] bridge_slave_1: left promiscuous mode [ 168.279339][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.283343][ T45] €Â: left allmulticast mode [ 168.284576][ T45] €Â: left promiscuous mode [ 168.285809][ T45] bridge0: port 1(€Â) entered disabled state [ 168.289815][ T45] bridge_slave_1: left allmulticast mode [ 168.291281][ T45] bridge_slave_1: left promiscuous mode [ 168.292727][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.297775][ T45] €Â: left allmulticast mode [ 168.299610][ T45] €Â: left promiscuous mode [ 168.301284][ T45] bridge0: port 1(€Â) entered disabled state [ 168.882447][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.887013][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.891550][ T45] bond0 (unregistering): Released all slaves [ 168.975276][ T45] bond0 (unregistering): Released all slaves [ 169.052949][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 169.056688][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 169.059908][ T45] bond0 (unregistering): Released all slaves [ 169.721972][ T45] hsr_slave_0: left promiscuous mode [ 169.724526][ T45] hsr_slave_1: left promiscuous mode [ 169.727434][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 169.729961][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 169.733041][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 169.735533][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 169.743366][ T45] hsr_slave_0: left promiscuous mode [ 169.745923][ T45] hsr_slave_1: left promiscuous mode [ 169.751444][ T45] hsr_slave_0: left promiscuous mode [ 169.753813][ T45] hsr_slave_1: left promiscuous mode [ 169.756681][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 169.759220][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 169.762214][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 169.764707][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 169.825300][ T45] veth1_macvtap: left promiscuous mode [ 169.826886][ T45] veth0_macvtap: left promiscuous mode [ 169.828295][ T45] veth1_vlan: left promiscuous mode [ 169.829661][ T45] veth0_vlan: left promiscuous mode [ 169.831817][ T45] veth1_macvtap: left promiscuous mode [ 169.833232][ T45] veth0_macvtap: left promiscuous mode [ 169.834660][ T45] veth1_vlan: left promiscuous mode [ 169.836067][ T45] veth0_vlan: left promiscuous mode [ 169.838325][ T45] veth1_macvtap: left promiscuous mode [ 169.839726][ T45] veth0_macvtap: left promiscuous mode [ 169.841143][ T45] veth1_vlan: left promiscuous mode [ 169.842469][ T45] veth0_vlan: left promiscuous mode [ 170.575563][ T45] team0 (unregistering): Port device team_slave_1 removed [ 170.645218][ T45] team0 (unregistering): Port device team_slave_0 removed [ 172.903369][ T45] team0 (unregistering): Port device team_slave_1 removed [ 172.973436][ T45] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 22:54:20 Registers: info registers vcpu 0 CPU#0 RAX=000000000003ffff RBX=0000000000000000 RCX=ffffc9002e426000 RDX=0000000000040000 RSI=ffffffff88efe102 RDI=0000000000000005 RBP=0000000000000002 RSP=ffffc900037c7ca8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=000000000000c52b R13=0000000000000000 R14=0000000020314b80 R15=0000000000010106 RIP=ffffffff818d82f6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f0749bf76c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fcc2abded58 CR3=000000005cfe4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748f0b488 00007f0748f0b480 00007f0748f0b478 00007f0748f0b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0749a6d100 00007f0748f0b440 00007f0748f00004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748f0b498 00007f0748f0b490 00007f0748f0b488 00007f0748f0b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080000001 RBX=ffff88806a72d2e0 RCX=ffffffff817ef68e RDX=ffff88801dac4880 RSI=ffffffff817ed9f9 RDI=ffff88806a72d2e0 RBP=ffffffff905f6f98 RSP=ffffc90000187dc0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff818d82db RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0749bf6f98 CR3=000000005cfe4000 CR4=00352ef0 DR0=00000000e0002800 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=3683fe823683fe82 3683fe823683fe82 3683fe823683fe82 3683fe823683fe82 3683fe823683fe82 3683fe823683fe82 3683fe823683fe82 3683fe823683fe82 ZMM22=995fda94995fda94 995fda94995fda94 995fda94995fda94 995fda94995fda94 995fda94995fda94 995fda94995fda94 995fda94995fda94 995fda94995fda94 ZMM23=cd098882cd098882 cd098882cd098882 cd098882cd098882 cd098882cd098882 cd098882cd098882 cd098882cd098882 cd098882cd098882 cd098882cd098882 ZMM24=d95ba1dad95ba1da d95ba1dad95ba1da d95ba1dad95ba1da d95ba1dad95ba1da d95ba1dad95ba1da d95ba1dad95ba1da d95ba1dad95ba1da d95ba1dad95ba1da ZMM25=78a1d51178a1d511 78a1d51178a1d511 78a1d51178a1d511 78a1d51178a1d511 78a1d51178a1d511 78a1d51178a1d511 78a1d51178a1d511 78a1d51178a1d511 ZMM26=6da38ae26da38ae2 6da38ae26da38ae2 6da38ae26da38ae2 6da38ae26da38ae2 6da38ae26da38ae2 6da38ae26da38ae2 6da38ae26da38ae2 6da38ae26da38ae2 ZMM27=acc2cbbbacc2cbbb acc2cbbbacc2cbbb acc2cbbbacc2cbbb acc2cbbbacc2cbbb acc2cbbbacc2cbbb acc2cbbbacc2cbbb acc2cbbbacc2cbbb acc2cbbbacc2cbbb ZMM28=00000200000001ff 000001fe000001fd 000001fc000001fb 000001fa000001f9 000001f8000001f7 000001f6000001f5 000001f4000001f3 000001f2000001f1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=a80b0000a80b0000 a80b0000a80b0000 a80b0000a80b0000 a80b0000a80b0000 a80b0000a80b0000 a80b0000a80b0000 a80b0000a80b0000 a80b0000a80b0000 info registers vcpu 2 CPU#2 RAX=0000000000000001 RBX=0000000000000759 RCX=ffffffff8169be5e RDX=fffffbfff2dc4da6 RSI=0000000000000008 RDI=ffffffff96e26d28 RBP=ffffc900000e7a98 RSP=ffffc900000e7950 R8 =0000000000000000 R9 =fffffbfff2dc4da5 R10=ffffffff96e26d2f R11=0000000000000000 R12=ffff88801daa2440 R13=0000000000000004 R14=0000000000000002 R15=1ffff9200001cf32 RIP=ffffffff8169be66 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffec30b1fcc CR3=000000005cfe4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00c2904c565d91ef bec754ea9232cd6d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0748df12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b6abaf376e34b90 df9fae01c290e582 f97ddfa4fc177401 7a1c2056261f425f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a96249aac001de2 94c9f15157052448 e25d762798250004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 474f981ddd07d851 b680123ce0de9241 0d6b6abaf376e34b 90df9fae01c290e5 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=ffff7fffffffffff RBX=ffffffff9aa23088 RCX=ffffffff816b2253 RDX=0000000000000000 RSI=0000000000000004 RDI=ffffffff9aa23088 RBP=0000000000000282 RSP=ffffc90003427a58 R8 =0000000000000000 R9 =fffffbfff20be791 R10=ffffffff905f3c8f R11=0000000000000000 R12=ffff88802f997000 R13=0000000000000003 R14=0000000000000003 R15=ffff88802f997000 RIP=ffffffff81eeeedb RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ff4dee68710 CR3=000000004bdf4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004090001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcc2b1f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcc2b1f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcc2b1f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcc2b1f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcc2b1f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcc2b1f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcc2be6d100 00007fcc2b30b440 00007fcc2b300004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcc2b30b498 00007fcc2b30b490 00007fcc2b30b488 00007fcc2b30b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000