last executing test programs: 2.800602624s ago: executing program 2 (id=2516): openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f00000000c0)=0xa0000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x9000, 0x5, 0x5, 0x0, 0x3, 0x3, 0xa, 0xb8, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x5, 0x1, 0x45, 0x3, 0x2, 0x2, 0xff, 0x7, 0x4, 0x6, 0x7f, 0x20c}, {0x1001, 0x27, 0x38, 0x5, 0x84, 0x7, 0x0, 0x50, 0x0, 0x70, 0x5, 0x87, 0x81}], 0xffffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x1000000) 2.640236384s ago: executing program 2 (id=2525): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3f) 2.240934943s ago: executing program 2 (id=2538): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x101, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x40400, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="ed46dc71dabd943afa691dfea9c3fca72679c031fc62d464ba5ac31786aa52de10f73cdd99eb4015f03b64ee1e844e3172be73774667657f0e2be078df30561dd5161293eb2d7e7c6aaa4983577e4027e62160e5020000002452379e81488372a37c3869c2c9e5f6f37a12f86f32e00057ec972341a76716a0e65a4ccb973d449dbb05d78c6ae052ece10a44bc1eb121fc3ab1ee3e41c90410117d710870ad7f8d8a4ea8fedb607750c542d9cf24778761bac74a2268580d7c2f44339eb67c2187f0816518c89568e3137492f1eed60aae17ecc1f0941d6a74140b236efad5a560b832ae1e13520cef75e5197e560cdd4ae5d0620f8a13a06bf89d148533189b9c7be4ef4f3fcf3be1a37efd58dc7c8e6051e81457e0b2766effba640e0a719f38da90a577fe29f514d48b9eab371c8930f3bef65f2c19634ee7d01403b4e2db02a89707285443e00a", @ANYRES16=r2, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f0070687930"], 0x28}}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r1, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x48, 0x0, 0x2, 0x70bd2a, 0x25dfdbfe, {}, [@NLBL_MGMT_A_DOMAIN={0x9, 0x1, 'syz1\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @mcast2}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x8000) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r3) sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)={0x130, r4, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0xdc, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc25b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x96}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x10}, 0x810) 2.09828971s ago: executing program 2 (id=2539): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000010040b7080000000000007b8af8ff00000000b7080000000000107b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f00000001c0)='GPL\x00', 0xa, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000017b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2, 0x4) getsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x85000, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b5aa4"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4={0x3, 0x0, 0x8}]}}, 0x0}, 0x0) r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCSFLAG(r4, 0x4004480f, &(0x7f0000000000)=0x3) close_range(r2, r1, 0x2) getpeername$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) open$dir(&(0x7f00000002c0)='./file0\x00', 0x612602, 0x60) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_usb_connect$cdc_ecm(0x5, 0x74, &(0x7f0000000380)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62, 0x1, 0x1, 0x5, 0xd0, 0x7, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x2, 0x6, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x0, "123d68bf4d"}, {0x5, 0x24, 0x0, 0xf95c}, {0xd, 0x24, 0xf, 0x1, 0x4b71da42, 0x8, 0x2, 0x2}, [@country_functional={0x8, 0x24, 0x7, 0x80, 0x0, [0x9812]}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x9}, @dmm={0x7, 0x24, 0x14, 0x4, 0x6}, @obex={0x5, 0x24, 0x15, 0xeb2c}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x4, 0x3}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x77, 0xd, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xc, 0x22, 0x64}}}}}]}}]}}, &(0x7f00000008c0)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x300, 0x10, 0x2, 0x4, 0xff, 0xf}, 0x10b, &(0x7f0000000600)={0x5, 0xf, 0x10b, 0x4, [@generic={0x33, 0x10, 0x4, "d25623a40fe276b51aa269f3bb40b2a3696ebac281fe73a73fd2041ea55a825cebabb35130b2e1d98e528319fbeee0a1"}, @generic={0x8c, 0x10, 0x4, "ebc3733bb811ac2fa48294a7df59ce4e93d0be6850b344fc86399a5e3a0769284d638a7bc0b353121546060a4d6986f7e41f5b3670f905cd6902cd6275d194547ad7a97120fec53badb41d0e225a9ce8f19eca1300047567c32aba773f2786a359c516530233130030bcaec88d3c7c07204194f7266b8fb53765bf3f4d2c35280acb950a9ba662d9d5"}, @ssp_cap={0x14, 0x10, 0xa, 0x23, 0x2, 0x8, 0xf000, 0x0, [0x3ff0, 0x3fc0]}, @generic={0x33, 0x10, 0xb, "aef5805baf3b97b4575eb8122d99d3cc23e6cf61f15dd1807857e81ccb963cb66ecbe12a9e191b405c33c4c2c6a8c617"}]}, 0x3, [{0xf1, &(0x7f0000000740)=@string={0xf1, 0x3, "cc3343b4652855d1ae734ec78ff46d972302caee17c699601efb2d8a2c763b7ef84b046b247b03a5466ab0833c95f76e703934f05fa348dcd78673784bc5e444a81f52f1790501a66ca54e217cc6ee1482bcbbdb0f4b1ca68c4fb414bac3ce845ae220024e1853b4fcaa516dd951b1eb8fafbed02743965bf50edef6b25c547207ade938f857542e3432f16a8937d2f06b679678a5ff891f5722d9b8c740e30ef8ebd1c06826d807ddb5cb23dea43e12fff7c4458262d0fa7a9d576d0c953d4e99d5ffa896b8e64fbf5b9dc5ff21f7e78fe0c97d6b00ff6b804ae1fdd9370c9c62e9c848979af16154a3cf28b10e72"}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x447}}, {0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x458}}]}) connect$inet(r6, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000200)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f0000000280)=r5) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) ptrace$poke(0x21, r7, 0x0, 0x0) r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x109042, 0x0) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r9, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x51cfa, 0x0, 0x8000008, 0x3, 0xfffffffe, 0x1, 0x0, 0x7cce8c743ee810df}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r9, 0x40505330, &(0x7f0000000680)={0x800000, 0x10001, 0x20000000, 0x1, 0x53e0e4b9, 0x55b}) write$P9_RSTATu(r8, &(0x7f0000000740)=ANY=[@ANYBLOB="330200007d02000005f2000000040000000001000000050000000000000000000000000000000000000000000000000000001b0004"], 0x233) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000900)) syz_open_dev$audion(&(0x7f0000000940), 0x4, 0x0) 1.077138914s ago: executing program 3 (id=2547): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310300000000000000000900000008000600", @ANYRES32=r0, @ANYBLOB="08000300", @ANYRES64=r2], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x80) 1.010939288s ago: executing program 3 (id=2548): syz_emit_ethernet(0x7e, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd60ecff8000481100fe8000000000000000000000000000bbff02000000000000000000000000000100004e220048907804000000000000007d91b3ccaf4c63521df8f969a9a3ef8377d86e2c440fb0558fc99fa615e832d5f00ce4a5807ebb53fbfc8fbe4761a7cfe44dcf957dbdc9466776fdfb4607d3b126e5a3523d485b481366375e6823581c2cf7233dd1f3175d5b499a72a4ee134ca594454ffced852940ff4832129c0b26af9a60f58c533c64c2f0fbc1ebc8a00718dc9b89e881718aefe10311d53bf8c58776eb7f8f4df014f4548029c1c0074974a287a7"], 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=0x0) connect$nfc_raw(0xffffffffffffffff, &(0x7f0000000080)={0x27, r0, 0xffffffffffffffff, 0x5}, 0x10) r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x101200, 0x0) r2 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000100)='mo\x01e\x00', &(0x7f0000000140)='\x00', 0x0) ioctl$CDROM_DISC_STATUS(r1, 0x5327) 1.010615298s ago: executing program 3 (id=2550): socket$pppoe(0x18, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000940)=0x200000000) write$vhost_msg_v2(r0, 0x0, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socket$unix(0x1, 0x3, 0x0) r2 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000300)='#\n$)-.\x02\xcc\xd7\xb2f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\n\x13:\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb|&#\xe9\xa3\'\x91>\x8f\x97\x18\xce\x92\xc9\xa8\x1c\x9d\\C\xfeI%\xae\x8fKHq\x89\x83\xbb\x9dC\xd6Hy\xfao\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n=/o\xf3\x96\xaf\b1\x1b48\bu\x01\xab\x90Q\xe8r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\p\xe9\x8a\xb9\xe495\x12B\x06\xe5\x8f\x83Vb\xf1\xbc\x00E\x1a\x9bH$\x1f^\x9dX\xd0\xca\xcc\xc9\x86\xaa\xd0\x9c\xc0\x82\xabE\xcc{\xcd\xd3\xdb\x97v\x9c\xbd%fN1\xd4[\xa0\x0f\xdd.\x15\xf1)\xd6\xd8\x1cb\xc5\xd9=c\xb5U|+K*\x9f\x01u\xb0\xe4\x98_o\xb5\xdcN\xe3C\x15\x1f\xa91g\x89v\\^\x107N\'r\xa4\xb1tVv\bej\xf8\xa0\xe0\a\xd1\xfb\xa6\x80s\xd5L\x87f\"\xaf\xd2\xe1qc\xde\x03\xd1\xf6\x12\x9c\x11\xe58\xa6&\xa1I\x93\xfa\xed\xe0w\x9eM\xa3\xf2\xe0\xaa\x9d\xbf\xa9\xda|\xaa\xc3\x86$\x835\xca\x88V\x1e\xeb\xda\xe4pW#', 0xfeffffff00000000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r3, &(0x7f0000000540)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000280)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 894.243569ms ago: executing program 1 (id=2553): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bridge0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r1, @ANYBLOB='\x00\x00g\x00\b\x00', @ANYRES32=r2], 0x24}}, 0x0) 800.09476ms ago: executing program 1 (id=2554): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40186f40, &(0x7f0000000440)=0x1f) close_range(r2, r3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lblcr\x00', 0x29, 0x8, 0x11}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'none\x00', 0x3a, 0x0, 0x7f}, 0x2c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) 419.638377ms ago: executing program 2 (id=2556): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)="89000000120081ae08060cdc03a60000001f0002000000006ee2ffca1b1f0000000004c00e72f750375ed08a563319bf9ed720000000d6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100002400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 419.321814ms ago: executing program 1 (id=2557): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@initdev={0xac, 0x1e, 0x3, 0x0}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {0x0, 0x9}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x33}, 0xa, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xe803000000000000) 419.017017ms ago: executing program 2 (id=2558): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)={0x110, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x7}, @WGDEVICE_A_PEERS={0xe0, 0x8, 0x0, 0x1, [{0x58, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x1000}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x34}}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}}]}, {0x48, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xffffffff, @rand_addr=' \x01\x00', 0x3}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}, {0x3c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @loopback}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x110}, 0x1, 0x0, 0x0, 0x4010}, 0x4008020) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x20000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = syz_open_dev$media(&(0x7f0000000040), 0x43, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r4, 0xc0487c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000024c0)=[{}, {}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r3) r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) getsockopt$rose(r7, 0x104, 0x6, &(0x7f0000000340), &(0x7f0000000380)=0x4) sendmsg$DEVLINK_CMD_SB_POOL_SET(r5, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f0000000800)={0x244, r6, 0x400, 0x70bd25, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8001}, {0x6, 0x11, 0x24}, {0x8, 0x13, 0x5}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x40}, {0x8, 0x13, 0x101}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x110}, {0x6, 0x11, 0xfffa}, {0x8, 0x13, 0xda}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0x9}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1ff}, {0x6, 0x11, 0xc8c}, {0x8, 0x13, 0x10001}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x7fff}, {0x8, 0x13, 0x3}, {0x5, 0x14, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x124c}, {0x6, 0x11, 0xfffb}, {0x8, 0x13, 0x8}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x8000}, {0x8, 0x13, 0x5}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x10}, {0x6, 0x11, 0x2cf4}, {0x8, 0x13, 0xa}, {0x5, 0x14, 0x1}}]}, 0x244}, 0x1, 0x0, 0x0, 0x40000}, 0x24044494) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000001580)={r8}) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000500)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r10 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r10, &(0x7f00000001c0)={&(0x7f0000000080)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000240)="a2", 0x1}], 0x1}, 0x0) sendmsg$inet(r10, &(0x7f0000001740)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000280)="0e", 0x1}], 0x1}, 0x0) r11 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb56450000822be3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r12 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f00000102c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8}]}}}]}, 0x3c}}, 0x0) fsconfig$FSCONFIG_SET_STRING(r12, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r12, 0x1, &(0x7f00000000c0)='source', &(0x7f00000001c0)='source', 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r9, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000300)="85e3de50d5b66bd8f1ff08251a6c", 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 170.651352ms ago: executing program 0 (id=2560): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000600028000001294", 0x2e}], 0x1}, 0x0) 110.839559ms ago: executing program 3 (id=2561): r0 = socket(0x10, 0x3, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xc, {"a2e3ad21ed0d52f91b5a090987f70e06d038e7ff7fc6e5539b5b43078b089b3b32376d090890e0878f0e1ac6e7049b3371959b719a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0xfffffff8, 0x0, 0x400}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c00000012009703000000000000000007"], 0x2c}, 0x1, 0xc00e, 0x0, 0x40010}, 0x880) 110.666765ms ago: executing program 1 (id=2562): openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f00000000c0)=0xa0000) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x9000, 0x5, 0x5, 0x0, 0x3, 0x3, 0xa, 0xb8, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x5, 0x1, 0x45, 0x3, 0x2, 0x2, 0xff, 0x7, 0x4, 0x6, 0x7f, 0x20c}, {0x1001, 0x27, 0x38, 0x5, 0x84, 0x7, 0x0, 0x50, 0x0, 0x70, 0x5, 0x87, 0x81}], 0xffffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 110.61488ms ago: executing program 0 (id=2563): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bridge0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r1, @ANYBLOB='\x00\x00g\x00\b\x00\b', @ANYRES32=r2], 0x24}}, 0x0) 109.204598ms ago: executing program 1 (id=2564): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3801000010000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb0000fff7200000010a0000003b00000009055d70b60fa01dbcb3ea502254659f985c6d6e67000e51dd070dc2a9ee65250c4c05088db7d8d2c9faea2b2cfee0c44f5657fbcb7518a06c2d54b8fb396ada9934b975614ea2c632b712b9540a9cb36ec76d2b3f9ea643605d3959af3ed518e643a711e88607323f4adcb630b43eee7309c7bee71ebfb25a99927e4ee5e624d5b601c9b19eabf267f991a4e5a6a5014a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="64010102000000000000000000000000000000006c000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000020000000000000000000000000000000000000000000000000000000004000000000000000000004000000000000000000000000040000000000000000000000000000000000000000a0004010000000000000000480003006465666c61746500"/240], 0x138}, 0x1, 0x0, 0x0, 0x801}, 0x4810) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESOCT=0x0, @ANYRESDEC=r0, @ANYRESOCT=r0, @ANYRES64=r0, @ANYBLOB="15f4e570055193124594d7942b1eb0d0558138047d181c4ac0c52bef3dbaa695aa23f7ba73c5cfeb724d887210d6e15e060741594dff6b8acc229816c5", @ANYRES32=r0, @ANYRES16=r0, @ANYRES64=r0], 0x17) 109.132058ms ago: executing program 3 (id=2565): openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000300)={@broadcast, @broadcast, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "2e5cea", 0x40, 0x3c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, {[@hopopts={0x0, 0x4, '\x00', [@hao={0xc9, 0x10, @private2}, @hao={0xc9, 0x10, @private1}]}], {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x300}}}}}}}}, 0x0) 109.009387ms ago: executing program 0 (id=2566): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) fcntl$setstatus(r0, 0x4, 0x0) dup(r0) syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) copy_file_range(r0, 0x0, r0, &(0x7f0000000040)=0xffffffffffffffef, 0x8007, 0x0) 50.492144ms ago: executing program 1 (id=2567): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) syz_emit_ethernet(0x7a, &(0x7f0000004540)=ANY=[], 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_int(r6, 0x0, 0x18, 0x0, &(0x7f0000000200)) sendmsg$NL80211_CMD_JOIN_IBSS(r3, 0x0, 0x40000) fsopen(&(0x7f0000000000)='tracefs\x00', 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x1, 0x0, 0x8000, 0x40, 0x2, 0x0, 0x2004c7, 0x0, 0xfffffffffffffffe, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7fffffff], 0x80a0000}) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x74, r4, 0x2, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY={0x40, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8}, @NL80211_KEY_MODE={0x5}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "0cf3ad0410988c30e58432590d"}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x5}]}, @NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY={0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x74}, 0x1, 0x0, 0x0, 0x20040880}, 0x24000) ioctl$KVM_RUN(r2, 0xae80, 0x0) r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/timers\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x106f) ioctl$KVM_GET_XSAVE2(r7, 0x9000aecf, &(0x7f0000000000/0x2000)=nil) ioctl$KVM_RUN(r2, 0xae80, 0x0) mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r9 = syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0) ioctl$BLKFLSBUF(r9, 0x1261, &(0x7f0000000080)=0x6) 50.298079ms ago: executing program 0 (id=2568): mount(&(0x7f0000000040)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='efs\x00', 0x208001, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x101bff, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x2) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f00000004c0)={&(0x7f00000000c0)=@nl=@unspec, 0x80, &(0x7f0000000440)=[{&(0x7f00000001c0)="5ee812b5beee16f4275910b021b74531e0a5ad8b97522a4fe6c493903d04316a4998667594cfe6827c50777408664de68562938167f9b66a2a84bc41a2de79bd315ed451ac807f35c66abd4f3506ad36093be72db212ca7cae972c587bca15072c", 0x61}, {&(0x7f0000000240)="42a4624248e21d48dce45824b3d70db3b4779c431ce1afd83a9acba96249faf413418a8b2f9af569aed7898d7b055cfc9fc700c16384273bce62eef5afd635d1cc36d4087e4982b8a88c6106cd503973127ae3d351f76b266a1e5c560ff525daa14e65907a266c31b20842a41cb08c7a378ba0cacbf131a7b1fb612a9584e9a68b91840bfa9d53a31e1e4166ff8488cc261a02c0171124fb5bc02a14c82dc7d64d0255e3a619f53f55ff3f303cd49b4cc5ee794716b978a02bf8de9317d0b886ab02c22faf98ae9669392e5af93037570398c7a501bf17923d78fdbdaf6f4a649e0bd318b93e61bb24919066d97f7991", 0xf0}, {&(0x7f0000000340)="2280e34af70283beafc4a754edb4a037d54e2dadb0725374b7672a848dbb910cc0d87b373a9adeadf5b69359c9194e05bce2e2d3644347dd830e45f81f5a492d562b25066f396839a9828cb60f5980cb5826036c37b341", 0x57}, {&(0x7f00000003c0)="93642729e6bbad73e140149d6f6bbe3bd226add78d79324d01f5f5003258a9bbef439ce1c053fe6ac6b5e3edec5893b64ce15b30244199aefc3bc2e5f5668a7efcda6d6fb5b852f1f30c29f37140050a8621ffa51eca734c59a6578213ef64c36f5eebfe70d0c78c4155187182af0019d746053f3e71e357", 0x78}, {&(0x7f0000000140)="6230f1313226d1aaeeef223272c4", 0xe}], 0x5}, 0x4000000) r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r3, 0x4020565b, &(0x7f0000000740)={0x0, 0x1ff, 0x2}) openat$dir(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup\x00', 0x8000, 0x90) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3a0, 0x118, 0x0, 0x330, 0x298, 0x330, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x6, 0x0, {[{{@ip={@multicast1, @remote, 0x0, 0x0, 'ip6erspan0\x00', 'pimreg0\x00'}, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38}}, {{@ip={@multicast2, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 'vlan0\x00', 'veth1_to_bridge\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[], 0x188}, 0x1, 0x0, 0x0, 0x40800}, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 49.69751ms ago: executing program 3 (id=2569): socket$pppoe(0x18, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000940)=0x200000000) write$vhost_msg_v2(r0, 0x0, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000300)='#\n$)-.\x02\xcc\xd7\xb2f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\n\x13:\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb|&#\xe9\xa3\'\x91>\x8f\x97\x18\xce\x92\xc9\xa8\x1c\x9d\\C\xfeI%\xae\x8fKHq\x89\x83\xbb\x9dC\xd6Hy\xfao\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n=/o\xf3\x96\xaf\b1\x1b48\bu\x01\xab\x90Q\xe8r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\p\xe9\x8a\xb9\xe495\x12B\x06\xe5\x8f\x83Vb\xf1\xbc\x00E\x1a\x9bH$\x1f^\x9dX\xd0\xca\xcc\xc9\x86\xaa\xd0\x9c\xc0\x82\xabE\xcc{\xcd\xd3\xdb\x97v\x9c\xbd%fN1\xd4[\xa0\x0f\xdd.\x15\xf1)\xd6\xd8\x1cb\xc5\xd9=c\xb5U|+K*\x9f\x01u\xb0\xe4\x98_o\xb5\xdcN\xe3C\x15\x1f\xa91g\x89v\\^\x107N\'r\xa4\xb1tVv\bej\xf8\xa0\xe0\a\xd1\xfb\xa6\x80s\xd5L\x87f\"\xaf\xd2\xe1qc\xde\x03\xd1\xf6\x12\x9c\x11\xe58\xa6&\xa1I\x93\xfa\xed\xe0w\x9eM\xa3\xf2\xe0\xaa\x9d\xbf\xa9\xda|\xaa\xc3\x86$\x835\xca\x88V\x1e\xeb\xda\xe4pW#', 0xfeffffff00000000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r3, &(0x7f0000000540)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000280)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 245.707µs ago: executing program 0 (id=2570): r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, 0x0) 0s ago: executing program 0 (id=2571): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x8000000001) (async) syz_open_dev$midi(&(0x7f0000000000), 0x80000001, 0x101800) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc4) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xfc) (async) r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000402300000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000095000000b7000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x2, 0x100b, &(0x7f0000001e40)=""/4107, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6c) kernel console output (not intermixed with test programs): 29][T11366] RAX: ffffffffffffffda RBX: 00007fd3ef5b5fa0 RCX: 00007fd3ef38e969 [ 140.969138][T11366] RDX: 0000200000000180 RSI: 0000000080085504 RDI: 0000000000000003 [ 140.969146][T11366] RBP: 00007fd3f02be090 R08: 0000000000000000 R09: 0000000000000000 [ 140.969164][T11366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 140.969173][T11366] R13: 0000000000000000 R14: 00007fd3ef5b5fa0 R15: 00007fff5b7147a8 [ 140.969194][T11366] [ 141.059289][ T40] audit: type=1400 audit(140.935:582): avc: denied { append } for pid=11369 comm="syz.3.1941" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 141.146063][T11392] fuseblk: Unknown parameter 'gd' [ 141.183864][T11395] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 141.222490][T11402] NILFS (nbd3): device size too small [ 141.403891][T11421] fuseblk: Unknown parameter 'gd' [ 141.441217][T11427] xt_CT: You must specify a L4 protocol and not use inversions on it [ 141.500055][ T40] audit: type=1400 audit(141.365:583): avc: denied { map } for pid=11430 comm="syz.2.1966" path="/dev/vmci" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 141.574266][T11444] fuseblk: Unknown parameter 'gd' [ 141.605207][T11446] usb usb8: usbfs: process 11446 (syz.2.1973) did not claim interface 0 before use [ 141.819114][ T40] audit: type=1400 audit(141.695:584): avc: denied { mounton } for pid=11456 comm="syz.3.1978" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 141.819122][T11457] binder: Bad value for 'max' [ 141.881395][T11468] __nla_validate_parse: 7 callbacks suppressed [ 141.881407][T11468] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1980'. [ 141.888714][T11468] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1980'. [ 141.925833][T11472] fuseblk: Unknown parameter 'gd' [ 142.074820][ T40] audit: type=1400 audit(141.945:585): avc: denied { setopt } for pid=11485 comm="syz.2.1988" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 142.100521][T11488] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1989'. [ 142.181942][T11495] fuseblk: Unknown parameter 'gd' [ 142.227020][T11501] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1994'. [ 142.230732][T11501] FAULT_INJECTION: forcing a failure. [ 142.230732][T11501] name failslab, interval 1, probability 0, space 0, times 0 [ 142.235762][T11501] CPU: 2 UID: 0 PID: 11501 Comm: syz.2.1994 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 142.235785][T11501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.235795][T11501] Call Trace: [ 142.235801][T11501] [ 142.235808][T11501] dump_stack_lvl+0x16c/0x1f0 [ 142.235849][T11501] should_fail_ex+0x512/0x640 [ 142.235875][T11501] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 142.235895][T11501] should_failslab+0xc2/0x120 [ 142.235913][T11501] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 142.235930][T11501] ? __alloc_skb+0x2b2/0x380 [ 142.235948][T11501] ? bpf_lsm_capable+0x9/0x10 [ 142.235964][T11501] __alloc_skb+0x2b2/0x380 [ 142.235978][T11501] ? __pfx___alloc_skb+0x10/0x10 [ 142.235995][T11501] ? genl_rcv_msg+0x550/0x800 [ 142.236016][T11501] ? genl_rcv_msg+0x4bb/0x800 [ 142.236045][T11501] netlink_ack+0x15d/0xb80 [ 142.236066][T11501] ? __lock_acquire+0xaa4/0x1ba0 [ 142.236092][T11501] netlink_rcv_skb+0x347/0x440 [ 142.236113][T11501] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.236141][T11501] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 142.236166][T11501] ? __pfx_down_read+0x10/0x10 [ 142.236183][T11501] ? netlink_deliver_tap+0x1ae/0xd30 [ 142.236206][T11501] genl_rcv+0x28/0x40 [ 142.236226][T11501] netlink_unicast+0x53a/0x7f0 [ 142.236249][T11501] ? __pfx_netlink_unicast+0x10/0x10 [ 142.236271][T11501] netlink_sendmsg+0x8d1/0xdd0 [ 142.236297][T11501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.236327][T11501] ____sys_sendmsg+0xa95/0xc70 [ 142.236350][T11501] ? copy_msghdr_from_user+0x10a/0x160 [ 142.236365][T11501] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.236399][T11501] ___sys_sendmsg+0x134/0x1d0 [ 142.236418][T11501] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.236458][T11501] __sys_sendmsg+0x16d/0x220 [ 142.236478][T11501] ? __pfx___sys_sendmsg+0x10/0x10 [ 142.236504][T11501] ? rcu_is_watching+0x12/0xc0 [ 142.236529][T11501] do_syscall_64+0xcd/0x260 [ 142.236551][T11501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.236567][T11501] RIP: 0033:0x7fd3ef38e969 [ 142.236582][T11501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.236597][T11501] RSP: 002b:00007fd3f02be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.236612][T11501] RAX: ffffffffffffffda RBX: 00007fd3ef5b5fa0 RCX: 00007fd3ef38e969 [ 142.236623][T11501] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 142.236645][T11501] RBP: 00007fd3f02be090 R08: 0000000000000000 R09: 0000000000000000 [ 142.236656][T11501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.236683][T11501] R13: 0000000000000000 R14: 00007fd3ef5b5fa0 R15: 00007fff5b7147a8 [ 142.236707][T11501] [ 142.348747][ C2] vkms_vblank_simulate: vblank timer overrun [ 142.406979][ T40] audit: type=1400 audit(142.285:586): avc: denied { append } for pid=11505 comm="syz.1.1996" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 142.431279][T11507] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1996'. [ 142.431295][T11512] netlink: 'syz.2.1998': attribute type 9 has an invalid length. [ 142.434390][ T40] audit: type=1400 audit(142.305:587): avc: denied { read } for pid=11505 comm="syz.1.1996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 142.437427][T11512] netlink: 'syz.2.1998': attribute type 7 has an invalid length. [ 142.448148][T11512] netlink: 'syz.2.1998': attribute type 8 has an invalid length. [ 142.455666][ T40] audit: type=1400 audit(142.325:588): avc: denied { map } for pid=11511 comm="syz.2.1998" path="socket:[49731]" dev="sockfs" ino=49731 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 142.464577][ T40] audit: type=1400 audit(142.325:589): avc: denied { accept } for pid=11511 comm="syz.2.1998" path="socket:[49731]" dev="sockfs" ino=49731 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 142.479178][T11514] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1999'. [ 142.481940][T11514] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1999'. [ 142.498672][T11516] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2000'. [ 142.510461][T11516] team0: Mode changed to "loadbalance" [ 142.524405][T11521] fuseblk: Unknown parameter 'gd' [ 142.961502][T11559] usb usb8: usbfs: process 11559 (syz.3.2011) did not claim interface 0 before use [ 142.964592][T11559] FAULT_INJECTION: forcing a failure. [ 142.964592][T11559] name failslab, interval 1, probability 0, space 0, times 0 [ 142.968639][T11559] CPU: 2 UID: 0 PID: 11559 Comm: syz.3.2011 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 142.968674][T11559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.968685][T11559] Call Trace: [ 142.968690][T11559] [ 142.968696][T11559] dump_stack_lvl+0x16c/0x1f0 [ 142.968716][T11559] should_fail_ex+0x512/0x640 [ 142.968733][T11559] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 142.968746][T11559] should_failslab+0xc2/0x120 [ 142.968759][T11559] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 142.968770][T11559] ? __kernfs_new_node+0xd2/0x8a0 [ 142.968784][T11559] __kernfs_new_node+0xd2/0x8a0 [ 142.968797][T11559] ? __pfx___kernfs_new_node+0x10/0x10 [ 142.968811][T11559] ? find_held_lock+0x2b/0x80 [ 142.968826][T11559] ? kernfs_root+0xee/0x2a0 [ 142.968840][T11559] kernfs_new_node+0x13c/0x1e0 [ 142.968860][T11559] kernfs_create_link+0xcc/0x240 [ 142.968878][T11559] sysfs_do_create_link_sd+0x90/0x140 [ 142.968890][T11559] sysfs_create_link+0x61/0xc0 [ 142.968901][T11559] driver_sysfs_add+0x112/0x2d0 [ 142.968913][T11559] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 142.968929][T11559] device_bind_driver+0x16/0x70 [ 142.968941][T11559] usb_driver_claim_interface+0x228/0x400 [ 142.968960][T11559] claimintf+0x181/0x240 [ 142.968978][T11559] checkintf+0x161/0x1d0 [ 142.968995][T11559] proc_do_submiturb+0x48b/0x3b20 [ 142.969008][T11559] ? find_held_lock+0x2b/0x80 [ 142.969021][T11559] ? __might_fault+0xe3/0x190 [ 142.969032][T11559] ? __might_fault+0x13b/0x190 [ 142.969047][T11559] usbdev_ioctl+0x2d21/0x4070 [ 142.969060][T11559] ? __pfx_usbdev_ioctl+0x10/0x10 [ 142.969071][T11559] ? do_vfs_ioctl+0x512/0x1990 [ 142.969086][T11559] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 142.969105][T11559] ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450 [ 142.969128][T11559] ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450 [ 142.969147][T11559] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 142.969170][T11559] ? hook_file_ioctl_common+0x145/0x410 [ 142.969186][T11559] ? selinux_file_ioctl+0x180/0x270 [ 142.969203][T11559] ? selinux_file_ioctl+0xb4/0x270 [ 142.969221][T11559] ? __pfx_usbdev_ioctl+0x10/0x10 [ 142.969232][T11559] __x64_sys_ioctl+0x193/0x200 [ 142.969249][T11559] do_syscall_64+0xcd/0x260 [ 142.969267][T11559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.969279][T11559] RIP: 0033:0x7f646178e969 [ 142.969288][T11559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.969299][T11559] RSP: 002b:00007f6462634038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.969310][T11559] RAX: ffffffffffffffda RBX: 00007f64619b5fa0 RCX: 00007f646178e969 [ 142.969317][T11559] RDX: 0000200000000040 RSI: 000000008038550a RDI: 0000000000000003 [ 142.969324][T11559] RBP: 00007f6462634090 R08: 0000000000000000 R09: 0000000000000000 [ 142.969330][T11559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.969337][T11559] R13: 0000000000000000 R14: 00007f64619b5fa0 R15: 00007ffd2280a118 [ 142.969350][T11559] [ 143.067330][ C2] vkms_vblank_simulate: vblank timer overrun [ 143.127554][T11563] fuseblk: Unknown parameter 'gd' [ 143.290079][T11573] nfs4: Unknown parameter 'rema' [ 143.294100][T11573] usb usb8: usbfs: process 11573 (syz.3.2017) did not claim interface 0 before use [ 143.848346][T11589] fuseblk: Unknown parameter 'gd' [ 144.494641][T11613] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 144.497966][T11613] overlayfs: missing 'lowerdir' [ 144.608617][T11615] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2031'. [ 144.828665][ T67] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 145.468368][T11660] FAULT_INJECTION: forcing a failure. [ 145.468368][T11660] name failslab, interval 1, probability 0, space 0, times 0 [ 145.473053][T11660] CPU: 0 UID: 0 PID: 11660 Comm: syz.3.2045 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 145.473069][T11660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 145.473076][T11660] Call Trace: [ 145.473080][T11660] [ 145.473085][T11660] dump_stack_lvl+0x16c/0x1f0 [ 145.473106][T11660] should_fail_ex+0x512/0x640 [ 145.473122][T11660] ? __kmalloc_noprof+0xbf/0x510 [ 145.473134][T11660] ? lsm_blob_alloc+0x68/0x90 [ 145.473152][T11660] should_failslab+0xc2/0x120 [ 145.473165][T11660] __kmalloc_noprof+0xd2/0x510 [ 145.473175][T11660] ? __pfx_perf_event_init_task+0x10/0x10 [ 145.473191][T11660] ? audit_alloc+0xa2/0x7b0 [ 145.473206][T11660] lsm_blob_alloc+0x68/0x90 [ 145.473218][T11660] security_task_alloc+0x2d/0x260 [ 145.473229][T11660] copy_process+0x24ba/0x91a0 [ 145.473245][T11660] ? kasan_save_track+0x14/0x30 [ 145.473254][T11660] ? __kasan_kmalloc+0xaa/0xb0 [ 145.473271][T11660] ? vhost_task_create+0xe5/0x2e0 [ 145.473281][T11660] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 145.473299][T11660] ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 145.473314][T11660] ? kvm_vcpu_ioctl+0x5e9/0x1680 [ 145.473330][T11660] ? __x64_sys_ioctl+0x193/0x200 [ 145.473344][T11660] ? do_syscall_64+0xcd/0x260 [ 145.473360][T11660] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.473378][T11660] ? __pfx_copy_process+0x10/0x10 [ 145.473401][T11660] ? lockdep_init_map_type+0x5c/0x280 [ 145.473413][T11660] ? lockdep_init_map_type+0x5c/0x280 [ 145.473423][T11660] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 145.473436][T11660] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 145.473451][T11660] vhost_task_create+0x1d2/0x2e0 [ 145.473462][T11660] ? __pfx_vhost_task_create+0x10/0x10 [ 145.473473][T11660] ? register_lock_class+0x41/0x4c0 [ 145.473494][T11660] ? __pfx_vhost_task_fn+0x10/0x10 [ 145.473506][T11660] ? kvm_vcpu_ioctl+0x27e/0x1680 [ 145.473526][T11660] kvm_mmu_post_init_vm+0x1b7/0x370 [ 145.473545][T11660] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 145.473561][T11660] ? kvm_vcpu_ioctl+0x14c2/0x1680 [ 145.473580][T11660] kvm_vcpu_ioctl+0x5e9/0x1680 [ 145.473598][T11660] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 145.473619][T11660] ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450 [ 145.473639][T11660] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 145.473661][T11660] ? hook_file_ioctl_common+0x145/0x410 [ 145.473677][T11660] ? selinux_file_ioctl+0x180/0x270 [ 145.473694][T11660] ? selinux_file_ioctl+0xb4/0x270 [ 145.473712][T11660] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 145.473729][T11660] __x64_sys_ioctl+0x193/0x200 [ 145.473745][T11660] do_syscall_64+0xcd/0x260 [ 145.473762][T11660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.473773][T11660] RIP: 0033:0x7f646178e969 [ 145.473783][T11660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.473793][T11660] RSP: 002b:00007f6462634038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 145.473804][T11660] RAX: ffffffffffffffda RBX: 00007f64619b5fa0 RCX: 00007f646178e969 [ 145.473811][T11660] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 145.473817][T11660] RBP: 00007f6462634090 R08: 0000000000000000 R09: 0000000000000000 [ 145.473823][T11660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 145.473829][T11660] R13: 0000000000000000 R14: 00007f64619b5fa0 R15: 00007ffd2280a118 [ 145.473843][T11660] [ 145.768480][T11678] binder: 11677:11678 ioctl c0306201 200000000000 returned -22 [ 145.776374][T11679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2050'. [ 145.777420][T11678] usb usb8: usbfs: process 11678 (syz.2.2053) did not claim interface 0 before use [ 146.640618][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 146.640683][ T40] audit: type=1400 audit(146.515:597): avc: denied { setopt } for pid=11753 comm="syz.0.2079" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 146.649437][ T40] audit: type=1400 audit(146.515:598): avc: denied { bind } for pid=11753 comm="syz.0.2079" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 146.657302][ T40] audit: type=1400 audit(146.515:599): avc: denied { name_bind } for pid=11753 comm="syz.0.2079" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 146.665667][ T40] audit: type=1400 audit(146.515:600): avc: denied { node_bind } for pid=11753 comm="syz.0.2079" saddr=fe88::1 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 147.498516][T11762] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2082'. [ 147.854902][T11685] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 148.133059][T11781] IPv6: NLM_F_CREATE should be specified when creating new route [ 148.228158][T11783] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2091'. [ 148.573997][ T40] audit: type=1400 audit(149.446:601): avc: denied { read } for pid=11802 comm="syz.1.2099" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 148.581623][ T40] audit: type=1400 audit(149.446:602): avc: denied { open } for pid=11802 comm="syz.1.2099" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 148.590647][ T40] audit: type=1400 audit(149.446:603): avc: denied { ioctl } for pid=11802 comm="syz.1.2099" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 148.637364][T11807] FAULT_INJECTION: forcing a failure. [ 148.637364][T11807] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 148.641528][T11807] CPU: 2 UID: 0 PID: 11807 Comm: syz.2.2101 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 148.641543][T11807] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.641551][T11807] Call Trace: [ 148.641555][T11807] [ 148.641560][T11807] dump_stack_lvl+0x16c/0x1f0 [ 148.641594][T11807] should_fail_ex+0x512/0x640 [ 148.641616][T11807] _copy_from_user+0x2e/0xd0 [ 148.641633][T11807] copy_msghdr_from_user+0x98/0x160 [ 148.641647][T11807] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 148.641666][T11807] ___sys_sendmsg+0xfe/0x1d0 [ 148.641680][T11807] ? __pfx____sys_sendmsg+0x10/0x10 [ 148.641708][T11807] __sys_sendmsg+0x16d/0x220 [ 148.641721][T11807] ? __pfx___sys_sendmsg+0x10/0x10 [ 148.641737][T11807] ? rcu_is_watching+0x12/0xc0 [ 148.641756][T11807] do_syscall_64+0xcd/0x260 [ 148.641774][T11807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.641785][T11807] RIP: 0033:0x7fd3ef38e969 [ 148.641794][T11807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.641804][T11807] RSP: 002b:00007fd3f02be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.641815][T11807] RAX: ffffffffffffffda RBX: 00007fd3ef5b5fa0 RCX: 00007fd3ef38e969 [ 148.641822][T11807] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 148.641829][T11807] RBP: 00007fd3f02be090 R08: 0000000000000000 R09: 0000000000000000 [ 148.641836][T11807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.641842][T11807] R13: 0000000000000000 R14: 00007fd3ef5b5fa0 R15: 00007fff5b7147a8 [ 148.641855][T11807] [ 148.685214][T11808] IPv6: NLM_F_CREATE should be specified when creating new route [ 148.687410][ C2] vkms_vblank_simulate: vblank timer overrun [ 148.726087][ T40] audit: type=1400 audit(150.600:604): avc: denied { append } for pid=11809 comm="syz.2.2102" name="event3" dev="devtmpfs" ino=1298 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 149.091280][T11836] 8021q: adding VLAN 0 to HW filter on device bond2 [ 149.155733][T11836] bond2 (unregistering): Released all slaves [ 149.164369][T11841] IPv6: NLM_F_CREATE should be specified when creating new route [ 149.239917][T11843] macvlan0: entered promiscuous mode [ 149.241723][T11843] macvlan0: entered allmulticast mode [ 149.243492][T11843] veth1_vlan: entered allmulticast mode [ 149.317263][ T40] audit: type=1400 audit(152.190:605): avc: denied { read append } for pid=11845 comm="syz.2.2116" name="pids.current" dev="9p" ino=35913977 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 149.327751][ T40] audit: type=1400 audit(152.190:606): avc: denied { open } for pid=11845 comm="syz.2.2116" path="/529/file0/pids.current" dev="9p" ino=35913977 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 149.332541][T11848] netfs: Couldn't get user pages (rc=-14) [ 149.454028][T11747] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 149.520697][T11869] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2123'. [ 149.535299][ T67] Bluetooth: hci1: command 0x0c1a tx timeout [ 149.618457][T11876] xt_l2tp: invalid flags combination: c [ 149.661365][T11883] FAULT_INJECTION: forcing a failure. [ 149.661365][T11883] name failslab, interval 1, probability 0, space 0, times 0 [ 149.666146][T11883] CPU: 3 UID: 0 PID: 11883 Comm: syz.0.2128 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 149.666171][T11883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 149.666181][T11883] Call Trace: [ 149.666187][T11883] [ 149.666193][T11883] dump_stack_lvl+0x16c/0x1f0 [ 149.666227][T11883] should_fail_ex+0x512/0x640 [ 149.666247][T11883] ? fs_reclaim_acquire+0xae/0x150 [ 149.666263][T11883] ? tomoyo_encode2+0x100/0x3e0 [ 149.666280][T11883] should_failslab+0xc2/0x120 [ 149.666293][T11883] __kmalloc_noprof+0xd2/0x510 [ 149.666308][T11883] tomoyo_encode2+0x100/0x3e0 [ 149.666326][T11883] tomoyo_encode+0x29/0x50 [ 149.666342][T11883] tomoyo_realpath_from_path+0x18f/0x6e0 [ 149.666361][T11883] ? tomoyo_profile+0x47/0x60 [ 149.666374][T11883] tomoyo_path_number_perm+0x245/0x580 [ 149.666388][T11883] ? tomoyo_path_number_perm+0x237/0x580 [ 149.666403][T11883] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 149.666419][T11883] ? find_held_lock+0x2b/0x80 [ 149.666445][T11883] ? find_held_lock+0x2b/0x80 [ 149.666458][T11883] ? hook_file_ioctl_common+0x145/0x410 [ 149.666473][T11883] ? __fget_files+0x20e/0x3c0 [ 149.666486][T11883] security_file_ioctl+0x9b/0x240 [ 149.666504][T11883] __x64_sys_ioctl+0xb7/0x200 [ 149.666520][T11883] do_syscall_64+0xcd/0x260 [ 149.666538][T11883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.666550][T11883] RIP: 0033:0x7fd6e178e969 [ 149.666560][T11883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.666570][T11883] RSP: 002b:00007fd6e2523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 149.666581][T11883] RAX: ffffffffffffffda RBX: 00007fd6e19b5fa0 RCX: 00007fd6e178e969 [ 149.666587][T11883] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 149.666594][T11883] RBP: 00007fd6e2523090 R08: 0000000000000000 R09: 0000000000000000 [ 149.666600][T11883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.666606][T11883] R13: 0000000000000000 R14: 00007fd6e19b5fa0 R15: 00007ffc6c23dd68 [ 149.666620][T11883] [ 149.666631][T11883] ERROR: Out of memory at tomoyo_realpath_from_path. [ 149.692835][T11887] xt_cgroup: path and classid specified [ 149.778753][T11892] FAULT_INJECTION: forcing a failure. [ 149.778753][T11892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.784347][T11892] CPU: 1 UID: 0 PID: 11892 Comm: syz.2.2131 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 149.784372][T11892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 149.784384][T11892] Call Trace: [ 149.784393][T11892] [ 149.784401][T11892] dump_stack_lvl+0x16c/0x1f0 [ 149.784430][T11892] should_fail_ex+0x512/0x640 [ 149.784457][T11892] _copy_to_user+0x32/0xd0 [ 149.784483][T11892] simple_read_from_buffer+0xcb/0x170 [ 149.784510][T11892] proc_fail_nth_read+0x197/0x270 [ 149.784538][T11892] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 149.784568][T11892] ? rw_verify_area+0xcf/0x680 [ 149.784590][T11892] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 149.784781][T11892] vfs_read+0x1e1/0xc70 [ 149.784812][T11892] ? __pfx___mutex_lock+0x10/0x10 [ 149.784830][T11892] ? __pfx_vfs_read+0x10/0x10 [ 149.784851][T11892] ? __fget_files+0x20e/0x3c0 [ 149.784865][T11892] ksys_read+0x12a/0x240 [ 149.784882][T11892] ? __pfx_ksys_read+0x10/0x10 [ 149.784903][T11892] do_syscall_64+0xcd/0x260 [ 149.784922][T11892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.784934][T11892] RIP: 0033:0x7fd3ef38d37c [ 149.784944][T11892] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 149.784954][T11892] RSP: 002b:00007fd3f02be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 149.784966][T11892] RAX: ffffffffffffffda RBX: 00007fd3ef5b5fa0 RCX: 00007fd3ef38d37c [ 149.784973][T11892] RDX: 000000000000000f RSI: 00007fd3f02be0a0 RDI: 0000000000000004 [ 149.784979][T11892] RBP: 00007fd3f02be090 R08: 0000000000000000 R09: 0000000000000000 [ 149.784986][T11892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.784992][T11892] R13: 0000000000000000 R14: 00007fd3ef5b5fa0 R15: 00007fff5b7147a8 [ 149.785006][T11892] [ 149.874220][T11896] tipc: Enabled bearer , priority 10 [ 150.366389][T11919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2138'. [ 150.369277][T11919] macvtap0: entered allmulticast mode [ 150.371133][T11919] veth0_macvtap: entered allmulticast mode [ 150.373354][T11919] netlink: 'syz.0.2138': attribute type 3 has an invalid length. [ 150.420347][T11923] random: crng reseeded on system resumption [ 150.658368][T11926] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2141'. [ 150.662333][T11926] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 150.665799][T11926] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 150.939369][T11941] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2146'. [ 151.414291][T11974] FAULT_INJECTION: forcing a failure. [ 151.414291][T11974] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 151.418392][T11974] CPU: 1 UID: 0 PID: 11974 Comm: syz.2.2158 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 151.418407][T11974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 151.418414][T11974] Call Trace: [ 151.418418][T11974] [ 151.418423][T11974] dump_stack_lvl+0x16c/0x1f0 [ 151.418444][T11974] should_fail_ex+0x512/0x640 [ 151.418462][T11974] should_fail_alloc_page+0xe7/0x130 [ 151.418476][T11974] prepare_alloc_pages+0x3c2/0x610 [ 151.418495][T11974] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 151.418507][T11974] ? bio_kmalloc+0x41/0x70 [ 151.418523][T11974] ? kasan_save_stack+0x33/0x60 [ 151.418533][T11974] ? kasan_save_track+0x14/0x30 [ 151.418542][T11974] ? __kasan_kmalloc+0xaa/0xb0 [ 151.418558][T11974] ? __kmalloc_noprof+0x223/0x510 [ 151.418568][T11974] ? bio_kmalloc+0x41/0x70 [ 151.418583][T11974] ? blk_rq_map_kern+0x39a/0x710 [ 151.418595][T11974] ? scsi_execute_cmd+0xc14/0xf40 [ 151.418608][T11974] ? sr_do_ioctl+0x219/0x840 [ 151.418619][T11974] ? sr_read_tocentry.isra.0+0x180/0x540 [ 151.418630][T11974] ? sr_audio_ioctl+0x282/0x2f0 [ 151.418642][T11974] ? cdrom_count_tracks+0x3de/0x7e0 [ 151.418658][T11974] ? cdrom_ioctl+0xfe0/0x3190 [ 151.418669][T11974] ? sr_block_ioctl+0x1b0/0x250 [ 151.418678][T11974] ? blkdev_ioctl+0x277/0x6d0 [ 151.418691][T11974] ? __x64_sys_ioctl+0x193/0x200 [ 151.418705][T11974] ? do_syscall_64+0xcd/0x260 [ 151.418721][T11974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.418734][T11974] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 151.418754][T11974] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 151.418768][T11974] ? policy_nodemask+0xea/0x4e0 [ 151.418780][T11974] alloc_pages_mpol+0x1fb/0x550 [ 151.418793][T11974] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 151.418805][T11974] ? trace_kmalloc+0x2b/0xd0 [ 151.418822][T11974] ? __kmalloc_noprof+0x242/0x510 [ 151.418831][T11974] ? __pfx___debug_object_init+0x10/0x10 [ 151.418842][T11974] ? __blk_mq_alloc_requests+0x1601/0x1620 [ 151.418856][T11974] alloc_pages_noprof+0x131/0x390 [ 151.418869][T11974] blk_rq_map_kern+0x3f5/0x710 [ 151.418883][T11974] scsi_execute_cmd+0xc14/0xf40 [ 151.418898][T11974] ? scsi_block_when_processing_errors+0x2d0/0x440 [ 151.418918][T11974] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 151.418936][T11974] sr_do_ioctl+0x219/0x840 [ 151.418950][T11974] ? __pfx_sr_do_ioctl+0x10/0x10 [ 151.418969][T11974] sr_read_tocentry.isra.0+0x180/0x540 [ 151.418982][T11974] ? __pfx_sr_read_tocentry.isra.0+0x10/0x10 [ 151.418994][T11974] ? __pfx_sr_read_tochdr.isra.0+0x10/0x10 [ 151.419009][T11974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.419023][T11974] sr_audio_ioctl+0x282/0x2f0 [ 151.419036][T11974] ? __pfx_sr_audio_ioctl+0x10/0x10 [ 151.419048][T11974] ? find_held_lock+0x2b/0x80 [ 151.419063][T11974] ? avc_has_extended_perms+0x33a/0x1090 [ 151.419079][T11974] cdrom_count_tracks+0x3de/0x7e0 [ 151.419098][T11974] ? __pfx_cdrom_count_tracks+0x10/0x10 [ 151.419114][T11974] ? __lock_acquire+0xaa4/0x1ba0 [ 151.419136][T11974] cdrom_ioctl+0xfe0/0x3190 [ 151.419148][T11974] ? __pfx_cdrom_ioctl+0x10/0x10 [ 151.419160][T11974] ? rpm_resume+0x80c/0x1310 [ 151.419171][T11974] ? rcu_is_watching+0x12/0xc0 [ 151.419184][T11974] ? rpm_resume+0x80c/0x1310 [ 151.419194][T11974] ? trace_rpm_return_int+0x196/0x220 [ 151.419205][T11974] ? rpm_resume+0x811/0x1310 [ 151.419220][T11974] ? do_raw_spin_lock+0x12c/0x2b0 [ 151.419232][T11974] ? find_held_lock+0x2b/0x80 [ 151.419246][T11974] ? mark_held_locks+0x49/0x80 [ 151.419263][T11974] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 151.419278][T11974] ? lockdep_hardirqs_on+0x7c/0x110 [ 151.419293][T11974] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 151.419308][T11974] ? __pm_runtime_resume+0xc3/0x170 [ 151.419321][T11974] sr_block_ioctl+0x1b0/0x250 [ 151.419333][T11974] ? __pfx_sr_block_ioctl+0x10/0x10 [ 151.419345][T11974] blkdev_ioctl+0x277/0x6d0 [ 151.419357][T11974] ? __pfx_blkdev_ioctl+0x10/0x10 [ 151.419369][T11974] ? selinux_file_ioctl+0x180/0x270 [ 151.419386][T11974] ? selinux_file_ioctl+0xb4/0x270 [ 151.419405][T11974] ? __pfx_blkdev_ioctl+0x10/0x10 [ 151.419418][T11974] __x64_sys_ioctl+0x193/0x200 [ 151.419434][T11974] do_syscall_64+0xcd/0x260 [ 151.419451][T11974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.419462][T11974] RIP: 0033:0x7fd3ef38e969 [ 151.419471][T11974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.419482][T11974] RSP: 002b:00007fd3f02be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 151.419493][T11974] RAX: ffffffffffffffda RBX: 00007fd3ef5b5fa0 RCX: 00007fd3ef38e969 [ 151.419500][T11974] RDX: 0000000000000000 RSI: 0000000000005327 RDI: 0000000000000003 [ 151.419506][T11974] RBP: 00007fd3f02be090 R08: 0000000000000000 R09: 0000000000000000 [ 151.419513][T11974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.419519][T11974] R13: 0000000000000000 R14: 00007fd3ef5b5fa0 R15: 00007fff5b7147a8 [ 151.419532][T11974] [ 151.723465][T11992] xt_CT: You must specify a L4 protocol and not use inversions on it [ 152.019488][T12013] netlink: 'syz.0.2173': attribute type 10 has an invalid length. [ 152.023951][T12013] team0: Cannot enslave team device to itself [ 152.052207][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 152.052219][ T40] audit: type=1400 audit(154.920:620): avc: denied { mount } for pid=12017 comm="syz.2.2175" name="/" dev="configfs" ino=2075 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 152.063996][ T40] audit: type=1400 audit(154.920:621): avc: denied { search } for pid=12017 comm="syz.2.2175" name="/" dev="configfs" ino=2075 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 152.073278][ T40] audit: type=1400 audit(154.920:622): avc: denied { mounton } for pid=12017 comm="syz.2.2175" path="/" dev="configfs" ino=2075 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 152.083592][ T40] audit: type=1400 audit(154.960:623): avc: denied { unmount } for pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 152.126263][T12029] FAULT_INJECTION: forcing a failure. [ 152.126263][T12029] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.130932][T12029] CPU: 3 UID: 0 PID: 12029 Comm: syz.0.2179 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 152.130948][T12029] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 152.130955][T12029] Call Trace: [ 152.130959][T12029] [ 152.130965][T12029] dump_stack_lvl+0x16c/0x1f0 [ 152.130985][T12029] should_fail_ex+0x512/0x640 [ 152.131004][T12029] _copy_to_user+0x32/0xd0 [ 152.131022][T12029] simple_read_from_buffer+0xcb/0x170 [ 152.131041][T12029] proc_fail_nth_read+0x197/0x270 [ 152.131059][T12029] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 152.131080][T12029] ? rw_verify_area+0xcf/0x680 [ 152.131095][T12029] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 152.131112][T12029] vfs_read+0x1e1/0xc70 [ 152.131131][T12029] ? __pfx___mutex_lock+0x10/0x10 [ 152.131148][T12029] ? __pfx_vfs_read+0x10/0x10 [ 152.131168][T12029] ? __fget_files+0x20e/0x3c0 [ 152.131182][T12029] ksys_read+0x12a/0x240 [ 152.131199][T12029] ? __pfx_ksys_read+0x10/0x10 [ 152.131214][T12029] ? rcu_is_watching+0x12/0xc0 [ 152.131232][T12029] do_syscall_64+0xcd/0x260 [ 152.131250][T12029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.131262][T12029] RIP: 0033:0x7fd6e178d37c [ 152.131271][T12029] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 152.131282][T12029] RSP: 002b:00007fd6e2523030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 152.131293][T12029] RAX: ffffffffffffffda RBX: 00007fd6e19b5fa0 RCX: 00007fd6e178d37c [ 152.131300][T12029] RDX: 000000000000000f RSI: 00007fd6e25230a0 RDI: 0000000000000004 [ 152.131306][T12029] RBP: 00007fd6e2523090 R08: 0000000000000000 R09: 0000000000000000 [ 152.131313][T12029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.131319][T12029] R13: 0000000000000000 R14: 00007fd6e19b5fa0 R15: 00007ffc6c23dd68 [ 152.131332][T12029] [ 152.510130][T12052] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2187'. [ 152.518877][T12052] team0: Mode changed to "loadbalance" [ 152.733682][ T40] audit: type=1400 audit(155.600:624): avc: denied { map } for pid=12064 comm="syz.3.2193" path="socket:[54747]" dev="sockfs" ino=54747 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 152.774207][T12076] FAULT_INJECTION: forcing a failure. [ 152.774207][T12076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.778698][T12076] CPU: 3 UID: 0 PID: 12076 Comm: syz.0.2197 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 152.778714][T12076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 152.778721][T12076] Call Trace: [ 152.778724][T12076] [ 152.778729][T12076] dump_stack_lvl+0x16c/0x1f0 [ 152.778763][T12076] should_fail_ex+0x512/0x640 [ 152.778787][T12076] _copy_to_iter+0x477/0x15a0 [ 152.778809][T12076] ? __pfx__copy_to_iter+0x10/0x10 [ 152.778827][T12076] ? __skb_recv_datagram+0x1b2/0x220 [ 152.778840][T12076] ? __pfx___skb_recv_datagram+0x10/0x10 [ 152.778855][T12076] ? avc_has_perm_noaudit+0x149/0x3b0 [ 152.778869][T12076] simple_copy_to_iter+0x46/0x90 [ 152.778886][T12076] __skb_datagram_iter+0x125/0x8c0 [ 152.778902][T12076] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 152.778920][T12076] ? skb_recv_datagram+0x88/0xc0 [ 152.778932][T12076] skb_copy_datagram_iter+0x40/0x50 [ 152.778950][T12076] netlink_recvmsg+0x298/0xf20 [ 152.778965][T12076] ? __pfx_netlink_recvmsg+0x10/0x10 [ 152.778981][T12076] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 152.779003][T12076] sock_recvmsg+0x1f6/0x250 [ 152.779019][T12076] ____sys_recvmsg+0x218/0x6b0 [ 152.779037][T12076] ? __pfx_____sys_recvmsg+0x10/0x10 [ 152.779057][T12076] ? __lock_acquire+0x5ca/0x1ba0 [ 152.779077][T12076] ___sys_recvmsg+0x114/0x1a0 [ 152.779090][T12076] ? __pfx____sys_recvmsg+0x10/0x10 [ 152.779104][T12076] ? find_held_lock+0x2b/0x80 [ 152.779125][T12076] do_recvmmsg+0x2fe/0x740 [ 152.779139][T12076] ? __pfx_do_recvmmsg+0x10/0x10 [ 152.779150][T12076] ? find_held_lock+0x2b/0x80 [ 152.779162][T12076] ? __might_fault+0xe3/0x190 [ 152.779174][T12076] ? __might_fault+0x13b/0x190 [ 152.779190][T12076] ? __pfx_get_timespec64+0x10/0x10 [ 152.779205][T12076] ? __fget_files+0x20e/0x3c0 [ 152.779219][T12076] __x64_sys_recvmmsg+0x199/0x280 [ 152.779232][T12076] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 152.779245][T12076] ? rcu_is_watching+0x12/0xc0 [ 152.779262][T12076] do_syscall_64+0xcd/0x260 [ 152.779280][T12076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.779291][T12076] RIP: 0033:0x7fd6e178e969 [ 152.779301][T12076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.779311][T12076] RSP: 002b:00007fd6e2523038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 152.779322][T12076] RAX: ffffffffffffffda RBX: 00007fd6e19b5fa0 RCX: 00007fd6e178e969 [ 152.779329][T12076] RDX: 03ffffffffffff7c RSI: 00002000000037c0 RDI: 0000000000000006 [ 152.779335][T12076] RBP: 00007fd6e2523090 R08: 0000200000003700 R09: 0000000000000000 [ 152.779342][T12076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.779348][T12076] R13: 0000000000000000 R14: 00007fd6e19b5fa0 R15: 00007ffc6c23dd68 [ 152.779362][T12076] [ 152.953776][T12084] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 152.956020][T12084] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 152.960208][T12084] vhci_hcd vhci_hcd.0: Device attached [ 153.138395][T12085] vhci_hcd: connection closed [ 153.139701][ T90] vhci_hcd: stop threads [ 153.142680][ T90] vhci_hcd: release socket [ 153.144219][ T90] vhci_hcd: disconnect device [ 153.154877][ T5973] vhci_hcd: vhci_device speed not set [ 153.199660][ T40] audit: type=1400 audit(156.070:625): avc: denied { bind } for pid=12099 comm="syz.2.2205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 153.206142][ T40] audit: type=1400 audit(156.070:626): avc: denied { connect } for pid=12099 comm="syz.2.2205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 153.449814][T12118] FAULT_INJECTION: forcing a failure. [ 153.449814][T12118] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.454130][T12118] CPU: 1 UID: 0 PID: 12118 Comm: syz.1.2211 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 153.454155][T12118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 153.454166][T12118] Call Trace: [ 153.454173][T12118] [ 153.454181][T12118] dump_stack_lvl+0x16c/0x1f0 [ 153.454210][T12118] should_fail_ex+0x512/0x640 [ 153.454238][T12118] _copy_to_user+0x32/0xd0 [ 153.454265][T12118] simple_read_from_buffer+0xcb/0x170 [ 153.454295][T12118] proc_fail_nth_read+0x197/0x270 [ 153.454322][T12118] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 153.454350][T12118] ? rw_verify_area+0xcf/0x680 [ 153.454373][T12118] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 153.454399][T12118] vfs_read+0x1e1/0xc70 [ 153.454428][T12118] ? __pfx___mutex_lock+0x10/0x10 [ 153.454453][T12118] ? __pfx_vfs_read+0x10/0x10 [ 153.454485][T12118] ? __fget_files+0x20e/0x3c0 [ 153.454510][T12118] ksys_read+0x12a/0x240 [ 153.454535][T12118] ? __pfx_ksys_read+0x10/0x10 [ 153.454568][T12118] do_syscall_64+0xcd/0x260 [ 153.454596][T12118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.454614][T12118] RIP: 0033:0x7ffbd4d8d37c [ 153.454629][T12118] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 153.454645][T12118] RSP: 002b:00007ffbd5c4f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 153.454662][T12118] RAX: ffffffffffffffda RBX: 00007ffbd4fb6080 RCX: 00007ffbd4d8d37c [ 153.454673][T12118] RDX: 000000000000000f RSI: 00007ffbd5c4f0a0 RDI: 0000000000000005 [ 153.454683][T12118] RBP: 00007ffbd5c4f090 R08: 0000000000000000 R09: 0000000000000000 [ 153.454693][T12118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.454703][T12118] R13: 0000000000000000 R14: 00007ffbd4fb6080 R15: 00007ffe17695808 [ 153.454728][T12118] [ 153.543815][T12124] syz.1.2213: attempt to access beyond end of device [ 153.543815][T12124] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 153.550466][T12124] syz.1.2213: attempt to access beyond end of device [ 153.550466][T12124] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 153.717031][T12143] lo: left promiscuous mode [ 153.719006][T12143] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 153.719992][T12139] FAULT_INJECTION: forcing a failure. [ 153.719992][T12139] name failslab, interval 1, probability 0, space 0, times 0 [ 153.729012][ T40] audit: type=1400 audit(156.600:627): avc: denied { watch watch_reads } for pid=12141 comm="syz.1.2221" path="pipe:[53979]" dev="pipefs" ino=53979 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 153.735188][T12139] CPU: 0 UID: 0 PID: 12139 Comm: syz.0.2220 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 153.735209][T12139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 153.735217][T12139] Call Trace: [ 153.735222][T12139] [ 153.735228][T12139] dump_stack_lvl+0x16c/0x1f0 [ 153.735252][T12139] should_fail_ex+0x512/0x640 [ 153.735271][T12139] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 153.735288][T12139] should_failslab+0xc2/0x120 [ 153.735303][T12139] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 153.735317][T12139] ? alloc_pid+0xc7/0xbc0 [ 153.735333][T12139] alloc_pid+0xc7/0xbc0 [ 153.735350][T12139] copy_process+0x3872/0x91a0 [ 153.735368][T12139] ? kasan_save_track+0x14/0x30 [ 153.735379][T12139] ? __kasan_kmalloc+0xaa/0xb0 [ 153.735399][T12139] ? vhost_task_create+0xe5/0x2e0 [ 153.735412][T12139] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 153.735433][T12139] ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 153.735452][T12139] ? kvm_vcpu_ioctl+0x5e9/0x1680 [ 153.735472][T12139] ? do_syscall_64+0xcd/0x260 [ 153.735491][T12139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.735520][T12139] ? __pfx_copy_process+0x10/0x10 [ 153.735544][T12139] ? lockdep_init_map_type+0x5c/0x280 [ 153.735556][T12139] ? lockdep_init_map_type+0x5c/0x280 [ 153.735567][T12139] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 153.735579][T12139] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 153.735595][T12139] vhost_task_create+0x1d2/0x2e0 [ 153.735607][T12139] ? __pfx_vhost_task_create+0x10/0x10 [ 153.735619][T12139] ? register_lock_class+0x41/0x4c0 [ 153.735639][T12139] ? __pfx_vhost_task_fn+0x10/0x10 [ 153.735652][T12139] ? kvm_vcpu_ioctl+0x27e/0x1680 [ 153.735673][T12139] kvm_mmu_post_init_vm+0x1b7/0x370 [ 153.735692][T12139] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 153.735709][T12139] ? kvm_vcpu_ioctl+0x14c2/0x1680 [ 153.735728][T12139] kvm_vcpu_ioctl+0x5e9/0x1680 [ 153.735746][T12139] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 153.735767][T12139] ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450 [ 153.735787][T12139] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 153.735810][T12139] ? hook_file_ioctl_common+0x145/0x410 [ 153.735826][T12139] ? selinux_file_ioctl+0x180/0x270 [ 153.735849][T12139] ? selinux_file_ioctl+0xb4/0x270 [ 153.735867][T12139] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 153.735885][T12139] __x64_sys_ioctl+0x193/0x200 [ 153.735902][T12139] do_syscall_64+0xcd/0x260 [ 153.735920][T12139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.735931][T12139] RIP: 0033:0x7fd6e178e969 [ 153.735941][T12139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.735951][T12139] RSP: 002b:00007fd6e2523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 153.735962][T12139] RAX: ffffffffffffffda RBX: 00007fd6e19b5fa0 RCX: 00007fd6e178e969 [ 153.735969][T12139] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 153.735976][T12139] RBP: 00007fd6e2523090 R08: 0000000000000000 R09: 0000000000000000 [ 153.735983][T12139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 153.735989][T12139] R13: 0000000000000000 R14: 00007fd6e19b5fa0 R15: 00007ffc6c23dd68 [ 153.736003][T12139] [ 153.813397][T12153] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2219'. [ 153.813734][ T40] audit: type=1400 audit(156.680:628): avc: denied { nlmsg_read } for pid=12138 comm="syz.3.2219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 154.005549][T12161] usb usb8: usbfs: process 12161 (syz.1.2226) did not claim interface 0 before use [ 154.115027][ T40] audit: type=1400 audit(156.990:629): avc: denied { connect } for pid=12176 comm="syz.2.2232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 154.131633][T12178] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2228'. [ 154.190897][T12186] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 154.509410][T12212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2244'. [ 154.546704][T12215] netlink: 'syz.1.2245': attribute type 10 has an invalid length. [ 154.702331][T12243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2257'. [ 154.709472][T12247] usb usb8: usbfs: process 12247 (syz.2.2259) did not claim interface 0 before use [ 154.713750][T12246] efs: device does not support 512 byte blocks [ 154.717526][T12246] device does not support 512 byte blocks [ 154.717526][T12246] [ 154.869133][T12272] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2270'. [ 154.944932][T12283] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2274'. [ 154.948161][T12286] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2275'. [ 155.118014][T12306] program syz.1.2283 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 155.253848][T12312] FAULT_INJECTION: forcing a failure. [ 155.253848][T12312] name failslab, interval 1, probability 0, space 0, times 0 [ 155.259284][T12312] CPU: 0 UID: 0 PID: 12312 Comm: syz.2.2284 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 155.259306][T12312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 155.259331][T12312] Call Trace: [ 155.259338][T12312] [ 155.259346][T12312] dump_stack_lvl+0x16c/0x1f0 [ 155.259389][T12312] should_fail_ex+0x512/0x640 [ 155.259412][T12312] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 155.259433][T12312] should_failslab+0xc2/0x120 [ 155.259452][T12312] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 155.259470][T12312] ? copy_process+0x4bd/0x91a0 [ 155.259494][T12312] ? _raw_spin_unlock_irq+0x23/0x50 [ 155.259519][T12312] copy_process+0x4bd/0x91a0 [ 155.259540][T12312] ? kasan_save_track+0x14/0x30 [ 155.259555][T12312] ? __kasan_kmalloc+0xaa/0xb0 [ 155.259579][T12312] ? vhost_task_create+0xe5/0x2e0 [ 155.259597][T12312] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 155.259621][T12312] ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 155.259645][T12312] ? kvm_vcpu_ioctl+0x5e9/0x1680 [ 155.259669][T12312] ? __x64_sys_ioctl+0x193/0x200 [ 155.259690][T12312] ? do_syscall_64+0xcd/0x260 [ 155.259712][T12312] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.259743][T12312] ? __pfx_copy_process+0x10/0x10 [ 155.259782][T12312] ? lockdep_init_map_type+0x5c/0x280 [ 155.259800][T12312] ? lockdep_init_map_type+0x5c/0x280 [ 155.259818][T12312] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 155.259836][T12312] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 155.259863][T12312] vhost_task_create+0x1d2/0x2e0 [ 155.259881][T12312] ? __pfx_vhost_task_create+0x10/0x10 [ 155.259899][T12312] ? register_lock_class+0x41/0x4c0 [ 155.259931][T12312] ? __pfx_vhost_task_fn+0x10/0x10 [ 155.259952][T12312] ? kvm_vcpu_ioctl+0x27e/0x1680 [ 155.259984][T12312] kvm_mmu_post_init_vm+0x1b7/0x370 [ 155.260012][T12312] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 155.260036][T12312] ? kvm_vcpu_ioctl+0x14c2/0x1680 [ 155.260071][T12312] kvm_vcpu_ioctl+0x5e9/0x1680 [ 155.260098][T12312] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 155.260145][T12312] ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450 [ 155.260176][T12312] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 155.260212][T12312] ? hook_file_ioctl_common+0x145/0x410 [ 155.260238][T12312] ? selinux_file_ioctl+0x180/0x270 [ 155.260264][T12312] ? selinux_file_ioctl+0xb4/0x270 [ 155.260291][T12312] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 155.260318][T12312] __x64_sys_ioctl+0x193/0x200 [ 155.260343][T12312] do_syscall_64+0xcd/0x260 [ 155.260370][T12312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.260385][T12312] RIP: 0033:0x7fd3ef38e969 [ 155.260401][T12312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.260416][T12312] RSP: 002b:00007fd3f027c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 155.260434][T12312] RAX: ffffffffffffffda RBX: 00007fd3ef5b6160 RCX: 00007fd3ef38e969 [ 155.260445][T12312] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 155.260454][T12312] RBP: 00007fd3f027c090 R08: 0000000000000000 R09: 0000000000000000 [ 155.260466][T12312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.260476][T12312] R13: 0000000000000000 R14: 00007fd3ef5b6160 R15: 00007fff5b7147a8 [ 155.260499][T12312] [ 155.382514][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.559002][T12314] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2285'. [ 155.910837][T12323] FAULT_INJECTION: forcing a failure. [ 155.910837][T12323] name failslab, interval 1, probability 0, space 0, times 0 [ 155.915020][T12323] CPU: 3 UID: 0 PID: 12323 Comm: syz.3.2289 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 155.915046][T12323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 155.915057][T12323] Call Trace: [ 155.915064][T12323] [ 155.915077][T12323] dump_stack_lvl+0x16c/0x1f0 [ 155.915107][T12323] should_fail_ex+0x512/0x640 [ 155.915129][T12323] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 155.915149][T12323] should_failslab+0xc2/0x120 [ 155.915169][T12323] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 155.915187][T12323] ? __alloc_skb+0x2b2/0x380 [ 155.915210][T12323] __alloc_skb+0x2b2/0x380 [ 155.915228][T12323] ? __pfx___alloc_skb+0x10/0x10 [ 155.915250][T12323] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 155.915278][T12323] netlink_alloc_large_skb+0x69/0x130 [ 155.915302][T12323] netlink_sendmsg+0x6a1/0xdd0 [ 155.915346][T12323] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.915378][T12323] ____sys_sendmsg+0xa95/0xc70 [ 155.915405][T12323] ? copy_msghdr_from_user+0x10a/0x160 [ 155.915424][T12323] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.915463][T12323] ___sys_sendmsg+0x134/0x1d0 [ 155.915485][T12323] ? __pfx____sys_sendmsg+0x10/0x10 [ 155.915538][T12323] __sys_sendmsg+0x16d/0x220 [ 155.915559][T12323] ? __pfx___sys_sendmsg+0x10/0x10 [ 155.915597][T12323] do_syscall_64+0xcd/0x260 [ 155.915626][T12323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.915645][T12323] RIP: 0033:0x7f646178e969 [ 155.915660][T12323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.915676][T12323] RSP: 002b:00007f6462634038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 155.915693][T12323] RAX: ffffffffffffffda RBX: 00007f64619b5fa0 RCX: 00007f646178e969 [ 155.915704][T12323] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 155.915714][T12323] RBP: 00007f6462634090 R08: 0000000000000000 R09: 0000000000000000 [ 155.915725][T12323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.915736][T12323] R13: 0000000000000000 R14: 00007f64619b5fa0 R15: 00007ffd2280a118 [ 155.915760][T12323] [ 156.246957][ T5933] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 156.250673][ T5933] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 156.256114][ T5933] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 156.261653][ T5933] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 156.264432][ T5933] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 156.368212][T12343] chnl_net:caif_netlink_parms(): no params data found [ 156.454434][T12343] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.457054][T12343] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.459538][T12343] bridge_slave_0: entered allmulticast mode [ 156.462277][T12343] bridge_slave_0: entered promiscuous mode [ 156.467195][T12343] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.470281][T12343] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.473101][T12343] bridge_slave_1: entered allmulticast mode [ 156.476306][T12343] bridge_slave_1: entered promiscuous mode [ 156.541597][T12343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.545986][T12343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.599727][T12343] team0: Port device team_slave_0 added [ 156.606187][T12343] team0: Port device team_slave_1 added [ 156.643872][T12343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.646058][T12343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.654307][T12343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.659230][T12343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.661398][T12343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.669398][T12343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.735761][T12343] hsr_slave_0: entered promiscuous mode [ 156.738550][T12343] hsr_slave_1: entered promiscuous mode [ 157.141906][T12343] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 157.147715][T12343] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 157.153916][T12343] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 157.160290][T12343] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 157.200924][T12375] ubi31: attaching mtd0 [ 157.210857][T12375] ubi31: scanning is finished [ 157.213142][T12375] ubi31: empty MTD device detected [ 157.230724][T12343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.247598][T12343] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.256336][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.258737][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.265191][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.268267][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.331247][ T5973] IPVS: starting estimator thread 0... [ 157.335129][T12375] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 157.337468][T12375] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 157.340018][T12375] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 157.342304][T12375] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 157.344949][T12375] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 157.347122][T12375] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 157.349716][T12375] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3997761115 [ 157.352828][T12375] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 157.356970][T12378] ubi31: background thread "ubi_bgt31d" started, PID 12378 [ 157.405792][T12343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.428561][T12343] veth0_vlan: entered promiscuous mode [ 157.433641][T12343] veth1_vlan: entered promiscuous mode [ 157.434955][T12377] IPVS: using max 43 ests per chain, 103200 per kthread [ 157.450854][T12343] veth0_macvtap: entered promiscuous mode [ 157.455938][T12343] veth1_macvtap: entered promiscuous mode [ 157.469164][T12343] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.477104][T12343] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.481990][T12343] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.486450][T12343] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.489321][T12343] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.492244][T12343] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.531472][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.534118][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.548005][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.550546][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.561230][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 157.561241][ T40] audit: type=1400 audit(160.430:635): avc: denied { mounton } for pid=12343 comm="syz-executor" path="/syzkaller.bss8al/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 157.574061][ T40] audit: type=1400 audit(160.440:636): avc: denied { mounton } for pid=12343 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 157.603017][T12384] FAULT_INJECTION: forcing a failure. [ 157.603017][T12384] name failslab, interval 1, probability 0, space 0, times 0 [ 157.603040][T12384] CPU: 1 UID: 0 PID: 12384 Comm: syz.3.2295 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 157.603054][T12384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 157.603062][T12384] Call Trace: [ 157.603066][T12384] [ 157.603071][T12384] dump_stack_lvl+0x16c/0x1f0 [ 157.603090][T12384] should_fail_ex+0x512/0x640 [ 157.603106][T12384] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 157.603125][T12384] should_failslab+0xc2/0x120 [ 157.603138][T12384] __kmalloc_cache_noprof+0x6a/0x3e0 [ 157.603155][T12384] ? virtio_gpu_plane_duplicate_state+0x6c/0xc0 [ 157.603174][T12384] virtio_gpu_plane_duplicate_state+0x6c/0xc0 [ 157.603188][T12384] drm_atomic_get_plane_state+0x20b/0x590 [ 157.603204][T12384] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 157.603219][T12384] ? __pfx___might_resched+0x10/0x10 [ 157.603239][T12384] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 157.603254][T12384] ? __mutex_lock+0x1ca/0xb90 [ 157.603279][T12384] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 157.603302][T12384] drm_client_modeset_commit_locked+0x14d/0x580 [ 157.603318][T12384] drm_fb_helper_pan_display+0x32d/0xa40 [ 157.603338][T12384] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 157.603354][T12384] fb_pan_display+0x47c/0x7d0 [ 157.603367][T12384] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 157.603387][T12384] bit_update_start+0x49/0x1f0 [ 157.603403][T12384] fbcon_switch+0xbf8/0x14c0 [ 157.603420][T12384] ? __pfx_fbcon_switch+0x10/0x10 [ 157.603441][T12384] ? __pfx_bit_cursor+0x10/0x10 [ 157.603454][T12384] ? fbcon_cursor+0x40c/0x5f0 [ 157.603468][T12384] ? is_console_locked+0x9/0x20 [ 157.603484][T12384] ? con_is_visible+0x65/0x150 [ 157.603503][T12384] redraw_screen+0x2c1/0x760 [ 157.603516][T12384] ? __pfx_redraw_screen+0x10/0x10 [ 157.603529][T12384] ? fbcon_set_palette+0x401/0x640 [ 157.603543][T12384] fbcon_modechanged+0x456/0x700 [ 157.603559][T12384] fbcon_set_all_vcs+0x1d6/0x450 [ 157.603574][T12384] fbcon_update_vcs+0x2c/0x50 [ 157.603587][T12384] do_fb_ioctl+0x787/0x7e0 [ 157.603603][T12384] ? __pfx_do_fb_ioctl+0x10/0x10 [ 157.603623][T12384] ? do_vfs_ioctl+0x512/0x1990 [ 157.603657][T12384] ? selinux_file_ioctl+0x180/0x270 [ 157.603678][T12384] fb_ioctl+0xe5/0x150 [ 157.603693][T12384] ? __pfx_fb_ioctl+0x10/0x10 [ 157.603709][T12384] __x64_sys_ioctl+0x193/0x200 [ 157.603725][T12384] do_syscall_64+0xcd/0x260 [ 157.603752][T12384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.603764][T12384] RIP: 0033:0x7fa6fe38e969 [ 157.603773][T12384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.603784][T12384] RSP: 002b:00007fa6ff186038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.603795][T12384] RAX: ffffffffffffffda RBX: 00007fa6fe5b5fa0 RCX: 00007fa6fe38e969 [ 157.603803][T12384] RDX: 0000200000000140 RSI: 0000000000004601 RDI: 0000000000000003 [ 157.603809][T12384] RBP: 00007fa6ff186090 R08: 0000000000000000 R09: 0000000000000000 [ 157.603816][T12384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 157.603823][T12384] R13: 0000000000000000 R14: 00007fa6fe5b5fa0 R15: 00007fff6a280ff8 [ 157.603838][T12384] [ 157.981840][T12397] netlink: 'syz.3.2310': attribute type 5 has an invalid length. [ 158.255122][T12342] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 158.335296][ T67] Bluetooth: hci2: command tx timeout [ 158.540055][T12433] usb usb8: usbfs: process 12433 (syz.3.2324) did not claim interface 0 before use [ 158.543215][T12433] FAULT_INJECTION: forcing a failure. [ 158.543215][T12433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.549800][T12433] CPU: 3 UID: 0 PID: 12433 Comm: syz.3.2324 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 158.549824][T12433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.549835][T12433] Call Trace: [ 158.549842][T12433] [ 158.549849][T12433] dump_stack_lvl+0x16c/0x1f0 [ 158.549879][T12433] should_fail_ex+0x512/0x640 [ 158.549907][T12433] _copy_to_user+0x32/0xd0 [ 158.549932][T12433] simple_read_from_buffer+0xcb/0x170 [ 158.549951][T12433] proc_fail_nth_read+0x197/0x270 [ 158.549969][T12433] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 158.549987][T12433] ? rw_verify_area+0xcf/0x680 [ 158.550002][T12433] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 158.550020][T12433] vfs_read+0x1e1/0xc70 [ 158.550044][T12433] ? __pfx___mutex_lock+0x10/0x10 [ 158.550061][T12433] ? __pfx_vfs_read+0x10/0x10 [ 158.550081][T12433] ? __fget_files+0x20e/0x3c0 [ 158.550096][T12433] ksys_read+0x12a/0x240 [ 158.550120][T12433] ? __pfx_ksys_read+0x10/0x10 [ 158.550137][T12433] ? rcu_is_watching+0x12/0xc0 [ 158.550155][T12433] do_syscall_64+0xcd/0x260 [ 158.550172][T12433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.550184][T12433] RIP: 0033:0x7fa6fe38d37c [ 158.550194][T12433] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 158.550205][T12433] RSP: 002b:00007fa6ff186030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 158.550217][T12433] RAX: ffffffffffffffda RBX: 00007fa6fe5b5fa0 RCX: 00007fa6fe38d37c [ 158.550224][T12433] RDX: 000000000000000f RSI: 00007fa6ff1860a0 RDI: 0000000000000004 [ 158.550230][T12433] RBP: 00007fa6ff186090 R08: 0000000000000000 R09: 0000000000000000 [ 158.550237][T12433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 158.550244][T12433] R13: 0000000000000000 R14: 00007fa6fe5b5fa0 R15: 00007fff6a280ff8 [ 158.550258][T12433] [ 158.666204][ T5933] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 158.675623][ T5933] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 158.678597][ T5933] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 158.681776][ T5933] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 158.684167][ T5933] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 158.699141][T12438] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 158.805244][T12436] chnl_net:caif_netlink_parms(): no params data found [ 158.883911][T12461] FAULT_INJECTION: forcing a failure. [ 158.883911][T12461] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 158.888972][T12461] CPU: 3 UID: 0 PID: 12461 Comm: syz.1.2332 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 158.888999][T12461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.889010][T12461] Call Trace: [ 158.889017][T12461] [ 158.889024][T12461] dump_stack_lvl+0x16c/0x1f0 [ 158.889054][T12461] should_fail_ex+0x512/0x640 [ 158.889082][T12461] should_fail_alloc_page+0xe7/0x130 [ 158.889105][T12461] prepare_alloc_pages+0x3c2/0x610 [ 158.889133][T12461] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 158.889151][T12461] ? bio_kmalloc+0x41/0x70 [ 158.889176][T12461] ? kasan_save_stack+0x33/0x60 [ 158.889191][T12461] ? kasan_save_track+0x14/0x30 [ 158.889205][T12461] ? __kasan_kmalloc+0xaa/0xb0 [ 158.889229][T12461] ? __kmalloc_noprof+0x223/0x510 [ 158.889245][T12461] ? bio_kmalloc+0x41/0x70 [ 158.889267][T12461] ? blk_rq_map_kern+0x39a/0x710 [ 158.889286][T12461] ? scsi_execute_cmd+0xc14/0xf40 [ 158.889306][T12461] ? sr_do_ioctl+0x219/0x840 [ 158.889323][T12461] ? sr_read_tocentry.isra.0+0x180/0x540 [ 158.889341][T12461] ? sr_audio_ioctl+0x282/0x2f0 [ 158.889359][T12461] ? cdrom_count_tracks+0x3de/0x7e0 [ 158.889384][T12461] ? cdrom_ioctl+0xfe0/0x3190 [ 158.889401][T12461] ? sr_block_ioctl+0x1b0/0x250 [ 158.889417][T12461] ? blkdev_ioctl+0x277/0x6d0 [ 158.889435][T12461] ? __x64_sys_ioctl+0x193/0x200 [ 158.889456][T12461] ? do_syscall_64+0xcd/0x260 [ 158.889480][T12461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.889500][T12461] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 158.889535][T12461] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 158.889556][T12461] ? policy_nodemask+0xea/0x4e0 [ 158.889589][T12461] alloc_pages_mpol+0x1fb/0x550 [ 158.889610][T12461] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 158.889629][T12461] ? trace_kmalloc+0x2b/0xd0 [ 158.889648][T12461] ? __kmalloc_noprof+0x242/0x510 [ 158.889663][T12461] ? __pfx___debug_object_init+0x10/0x10 [ 158.889681][T12461] ? __blk_mq_alloc_requests+0x1601/0x1620 [ 158.889710][T12461] alloc_pages_noprof+0x131/0x390 [ 158.889730][T12461] blk_rq_map_kern+0x3f5/0x710 [ 158.889756][T12461] scsi_execute_cmd+0xc14/0xf40 [ 158.889779][T12461] ? scsi_block_when_processing_errors+0x2d0/0x440 [ 158.889814][T12461] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 158.889845][T12461] sr_do_ioctl+0x219/0x840 [ 158.889871][T12461] ? __pfx_sr_do_ioctl+0x10/0x10 [ 158.889908][T12461] sr_read_tocentry.isra.0+0x180/0x540 [ 158.889930][T12461] ? __pfx_sr_read_tocentry.isra.0+0x10/0x10 [ 158.889949][T12461] ? __pfx_sr_read_tochdr.isra.0+0x10/0x10 [ 158.889976][T12461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.890001][T12461] sr_audio_ioctl+0x282/0x2f0 [ 158.890021][T12461] ? __pfx_sr_audio_ioctl+0x10/0x10 [ 158.890042][T12461] ? find_held_lock+0x2b/0x80 [ 158.890065][T12461] ? avc_has_extended_perms+0x33a/0x1090 [ 158.890092][T12461] cdrom_count_tracks+0x3de/0x7e0 [ 158.890125][T12461] ? __pfx_cdrom_count_tracks+0x10/0x10 [ 158.890150][T12461] ? __lock_acquire+0xaa4/0x1ba0 [ 158.890188][T12461] cdrom_ioctl+0xfe0/0x3190 [ 158.890207][T12461] ? __pfx_cdrom_ioctl+0x10/0x10 [ 158.890225][T12461] ? rpm_resume+0x80c/0x1310 [ 158.890242][T12461] ? rcu_is_watching+0x12/0xc0 [ 158.890261][T12461] ? rpm_resume+0x80c/0x1310 [ 158.890276][T12461] ? trace_rpm_return_int+0x196/0x220 [ 158.890294][T12461] ? rpm_resume+0x811/0x1310 [ 158.890318][T12461] ? do_raw_spin_lock+0x12c/0x2b0 [ 158.890338][T12461] ? find_held_lock+0x2b/0x80 [ 158.890361][T12461] ? mark_held_locks+0x49/0x80 [ 158.890386][T12461] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 158.890409][T12461] ? lockdep_hardirqs_on+0x7c/0x110 [ 158.890433][T12461] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 158.890457][T12461] ? __pm_runtime_resume+0xc3/0x170 [ 158.890479][T12461] sr_block_ioctl+0x1b0/0x250 [ 158.890498][T12461] ? __pfx_sr_block_ioctl+0x10/0x10 [ 158.890517][T12461] blkdev_ioctl+0x277/0x6d0 [ 158.890537][T12461] ? __pfx_blkdev_ioctl+0x10/0x10 [ 158.890556][T12461] ? selinux_file_ioctl+0x180/0x270 [ 158.890583][T12461] ? selinux_file_ioctl+0xb4/0x270 [ 158.890612][T12461] ? __pfx_blkdev_ioctl+0x10/0x10 [ 158.890634][T12461] __x64_sys_ioctl+0x193/0x200 [ 158.890661][T12461] do_syscall_64+0xcd/0x260 [ 158.890688][T12461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.890710][T12461] RIP: 0033:0x7ffbd4d8e969 [ 158.890725][T12461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.890742][T12461] RSP: 002b:00007ffbd5c70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.890761][T12461] RAX: ffffffffffffffda RBX: 00007ffbd4fb5fa0 RCX: 00007ffbd4d8e969 [ 158.890772][T12461] RDX: 0000000000000000 RSI: 0000000000005327 RDI: 0000000000000003 [ 158.890782][T12461] RBP: 00007ffbd5c70090 R08: 0000000000000000 R09: 0000000000000000 [ 158.890793][T12461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.890803][T12461] R13: 0000000000000000 R14: 00007ffbd4fb5fa0 R15: 00007ffe17695808 [ 158.890828][T12461] [ 159.064186][T12436] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.067228][T12436] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.069812][T12436] bridge_slave_0: entered allmulticast mode [ 159.072483][T12436] bridge_slave_0: entered promiscuous mode [ 159.079365][T12436] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.082076][T12436] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.085527][T12436] bridge_slave_1: entered allmulticast mode [ 159.088408][T12436] bridge_slave_1: entered promiscuous mode [ 159.126627][T12436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.131169][T12436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 159.174289][T12436] team0: Port device team_slave_0 added [ 159.177910][T12436] team0: Port device team_slave_1 added [ 159.188213][T12469] __nla_validate_parse: 1 callbacks suppressed [ 159.188223][T12469] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2335'. [ 159.197761][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2335'. [ 159.233701][T12436] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 159.236123][T12436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.244005][T12436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 159.250623][T12436] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 159.253359][T12436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.263396][T12436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 159.306807][T12436] hsr_slave_0: entered promiscuous mode [ 159.309171][T12436] hsr_slave_1: entered promiscuous mode [ 159.311235][T12436] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 159.313586][T12436] Cannot create hsr debugfs directory [ 159.418922][T12436] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.462254][T12491] ubi: mtd0 is already attached to ubi31 [ 159.532289][T12436] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.579056][ T5976] IPVS: starting estimator thread 0... [ 159.621509][T12508] usb usb8: usbfs: process 12508 (syz.1.2351) did not claim interface 0 before use [ 159.631939][T12436] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.674238][T12512] ISOFS: Unable to identify CD-ROM format. [ 159.684972][T12503] IPVS: using max 43 ests per chain, 103200 per kthread [ 159.731993][T12436] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.873600][T12518] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2356'. [ 159.878589][T12518] team0: Unable to change to the same mode the team is in [ 159.886196][T12436] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 159.890795][T12436] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 159.895794][T12436] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 159.901143][T12520] syz.0.2355 (12520): /proc/12519/oom_adj is deprecated, please use /proc/12519/oom_score_adj instead. [ 159.907944][T12436] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 159.937200][ T40] audit: type=1400 audit(162.810:637): avc: denied { ioctl } for pid=12524 comm="syz.0.2358" path="socket:[60768]" dev="sockfs" ino=60768 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 159.958845][T12436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.972315][T12436] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.979461][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.981739][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.989343][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.991606][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.018421][T12436] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.092147][T12540] usb usb8: usbfs: process 12540 (syz.3.2361) did not claim interface 0 before use [ 160.096049][T12540] FAULT_INJECTION: forcing a failure. [ 160.096049][T12540] name failslab, interval 1, probability 0, space 0, times 0 [ 160.100092][T12540] CPU: 3 UID: 0 PID: 12540 Comm: syz.3.2361 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 160.100107][T12540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 160.100114][T12540] Call Trace: [ 160.100119][T12540] [ 160.100123][T12540] dump_stack_lvl+0x16c/0x1f0 [ 160.100157][T12540] should_fail_ex+0x512/0x640 [ 160.100177][T12540] ? __kmalloc_noprof+0xbf/0x510 [ 160.100190][T12540] ? usb_alloc_urb+0x66/0xa0 [ 160.100207][T12540] should_failslab+0xc2/0x120 [ 160.100220][T12540] __kmalloc_noprof+0xd2/0x510 [ 160.100234][T12540] usb_alloc_urb+0x66/0xa0 [ 160.100252][T12540] proc_do_submiturb+0x7b7/0x3b20 [ 160.100267][T12540] ? __might_fault+0xb0/0x190 [ 160.100277][T12540] ? __might_fault+0xb1/0x190 [ 160.100293][T12540] usbdev_ioctl+0x2d21/0x4070 [ 160.100306][T12540] ? __pfx_usbdev_ioctl+0x10/0x10 [ 160.100317][T12540] ? do_vfs_ioctl+0x512/0x1990 [ 160.100333][T12540] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 160.100352][T12540] ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450 [ 160.100372][T12540] ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450 [ 160.100392][T12540] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 160.100416][T12540] ? hook_file_ioctl_common+0x145/0x410 [ 160.100432][T12540] ? selinux_file_ioctl+0x180/0x270 [ 160.100449][T12540] ? selinux_file_ioctl+0xb4/0x270 [ 160.100468][T12540] ? __pfx_usbdev_ioctl+0x10/0x10 [ 160.100480][T12540] __x64_sys_ioctl+0x193/0x200 [ 160.100496][T12540] do_syscall_64+0xcd/0x260 [ 160.100540][T12540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.100556][T12540] RIP: 0033:0x7fa6fe38e969 [ 160.100569][T12540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.100581][T12540] RSP: 002b:00007fa6ff186038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 160.100592][T12540] RAX: ffffffffffffffda RBX: 00007fa6fe5b5fa0 RCX: 00007fa6fe38e969 [ 160.100600][T12540] RDX: 0000200000000040 RSI: 000000008038550a RDI: 0000000000000003 [ 160.100607][T12540] RBP: 00007fa6ff186090 R08: 0000000000000000 R09: 0000000000000000 [ 160.100613][T12540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.100620][T12540] R13: 0000000000000000 R14: 00007fa6fe5b5fa0 R15: 00007fff6a280ff8 [ 160.100634][T12540] [ 160.117735][T12436] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.224279][T12436] veth0_vlan: entered promiscuous mode [ 160.231460][T12436] veth1_vlan: entered promiscuous mode [ 160.252961][T12436] veth0_macvtap: entered promiscuous mode [ 160.260687][T12436] veth1_macvtap: entered promiscuous mode [ 160.270339][T12436] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 160.277608][T12436] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 160.283094][T12436] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.287100][T12436] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.289737][T12436] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.292577][T12436] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.298792][T12551] FAULT_INJECTION: forcing a failure. [ 160.298792][T12551] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.304337][T12551] CPU: 1 UID: 0 PID: 12551 Comm: syz.1.2364 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 160.304362][T12551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 160.304373][T12551] Call Trace: [ 160.304379][T12551] [ 160.304387][T12551] dump_stack_lvl+0x16c/0x1f0 [ 160.304417][T12551] should_fail_ex+0x512/0x640 [ 160.304446][T12551] _copy_to_iter+0x477/0x15a0 [ 160.304478][T12551] ? __pfx__copy_to_iter+0x10/0x10 [ 160.304529][T12551] ? __skb_recv_datagram+0x1b2/0x220 [ 160.304551][T12551] ? __pfx___skb_recv_datagram+0x10/0x10 [ 160.304567][T12551] ? avc_has_perm_noaudit+0x149/0x3b0 [ 160.304589][T12551] simple_copy_to_iter+0x46/0x90 [ 160.304615][T12551] __skb_datagram_iter+0x125/0x8c0 [ 160.304639][T12551] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 160.304667][T12551] ? skb_recv_datagram+0x88/0xc0 [ 160.304687][T12551] skb_copy_datagram_iter+0x40/0x50 [ 160.304716][T12551] netlink_recvmsg+0x298/0xf20 [ 160.304747][T12551] ? __pfx_netlink_recvmsg+0x10/0x10 [ 160.304787][T12551] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 160.304824][T12551] sock_recvmsg+0x1f6/0x250 [ 160.304850][T12551] ____sys_recvmsg+0x218/0x6b0 [ 160.304879][T12551] ? __pfx_____sys_recvmsg+0x10/0x10 [ 160.304914][T12551] ? __lock_acquire+0x5ca/0x1ba0 [ 160.304946][T12551] ___sys_recvmsg+0x114/0x1a0 [ 160.304967][T12551] ? __pfx____sys_recvmsg+0x10/0x10 [ 160.304994][T12551] ? find_held_lock+0x2b/0x80 [ 160.305032][T12551] do_recvmmsg+0x2fe/0x740 [ 160.305056][T12551] ? __pfx_do_recvmmsg+0x10/0x10 [ 160.305074][T12551] ? find_held_lock+0x2b/0x80 [ 160.305094][T12551] ? __might_fault+0xe3/0x190 [ 160.305113][T12551] ? __might_fault+0x13b/0x190 [ 160.305142][T12551] ? __pfx_get_timespec64+0x10/0x10 [ 160.305165][T12551] ? __fget_files+0x20e/0x3c0 [ 160.305188][T12551] __x64_sys_recvmmsg+0x199/0x280 [ 160.305210][T12551] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 160.305230][T12551] ? rcu_is_watching+0x12/0xc0 [ 160.305259][T12551] do_syscall_64+0xcd/0x260 [ 160.305287][T12551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.305306][T12551] RIP: 0033:0x7ffbd4d8e969 [ 160.305320][T12551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.305337][T12551] RSP: 002b:00007ffbd5c70038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 160.305354][T12551] RAX: ffffffffffffffda RBX: 00007ffbd4fb5fa0 RCX: 00007ffbd4d8e969 [ 160.305366][T12551] RDX: 03ffffffffffff7c RSI: 00002000000037c0 RDI: 0000000000000006 [ 160.305377][T12551] RBP: 00007ffbd5c70090 R08: 0000200000003700 R09: 0000000000000000 [ 160.305388][T12551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.305399][T12551] R13: 0000000000000000 R14: 00007ffbd4fb5fa0 R15: 00007ffe17695808 [ 160.305423][T12551] [ 160.318350][T12549] ubi: mtd0 is already attached to ubi31 [ 160.415220][ T67] Bluetooth: hci2: command tx timeout [ 160.432911][ T90] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.435474][ T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.449470][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.453177][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.471772][ T57] IPVS: starting estimator thread 0... [ 160.485743][T12561] netlink: 'syz.1.2368': attribute type 4 has an invalid length. [ 160.493892][ T40] audit: type=1400 audit(163.360:638): avc: denied { setopt } for pid=12559 comm="syz.1.2368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 160.564958][T12558] IPVS: using max 43 ests per chain, 103200 per kthread [ 160.587237][T12572] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2370'. [ 160.592071][ T40] audit: type=1400 audit(163.460:639): avc: denied { accept } for pid=12571 comm="syz.1.2370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 160.621546][T12575] 9pnet_fd: p9_fd_create_tcp (12575): problem connecting socket to 127.0.0.1 [ 160.628929][T12575] netdevsim netdevsim1: Direct firmware load for . [ 160.628929][T12575] failed with error -2 [ 160.633636][T12575] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 160.633636][T12575] [ 160.633676][ T40] audit: type=1400 audit(163.500:640): avc: denied { firmware_load } for pid=12574 comm="syz.1.2371" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 160.735159][ T67] Bluetooth: hci4: command tx timeout [ 161.041682][T12593] usb usb8: usbfs: process 12593 (syz.3.2378) did not claim interface 0 before use [ 161.076448][T12595] autofs4:pid:12595:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e) [ 161.109823][T12597] bond0: entered promiscuous mode [ 161.111610][T12597] bond_slave_0: entered promiscuous mode [ 161.113632][T12597] bond_slave_1: entered promiscuous mode [ 161.117087][T12597] batadv0: entered promiscuous mode [ 161.119860][T12597] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 161.930259][ C2] vcan0: j1939_tp_rxtimer: 0xffff88802416e800: rx timeout, send abort [ 161.934434][ C2] vcan0: j1939_xtp_rx_abort_one: 0xffff88802416e800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 161.935876][ T40] audit: type=1400 audit(164.810:641): avc: denied { read } for pid=5324 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 161.946360][ T40] audit: type=1400 audit(164.810:642): avc: denied { search } for pid=5324 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 161.954900][ T40] audit: type=1400 audit(164.810:643): avc: denied { write } for pid=5324 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 161.965124][ T40] audit: type=1400 audit(164.810:644): avc: denied { add_name } for pid=5324 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 162.005175][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2386'. [ 162.118348][T12628] ubi: mtd0 is already attached to ubi31 [ 162.495216][ T67] Bluetooth: hci2: command tx timeout [ 162.524954][T12647] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2399'. [ 162.672055][ T5933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 162.677650][ T5933] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 162.681550][ T5933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 162.685510][ T5933] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 162.688918][ T5933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 162.791289][T12649] chnl_net:caif_netlink_parms(): no params data found [ 162.824889][ T5933] Bluetooth: hci4: command tx timeout [ 162.831457][T12658] netlink: 'syz.3.2401': attribute type 10 has an invalid length. [ 162.876614][T12649] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.878891][T12649] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.881221][T12649] bridge_slave_0: entered allmulticast mode [ 162.883823][T12649] bridge_slave_0: entered promiscuous mode [ 162.886949][T12649] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.889161][T12649] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.891534][T12649] bridge_slave_1: entered allmulticast mode [ 162.894169][T12649] bridge_slave_1: entered promiscuous mode [ 162.928085][T12649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.932786][T12649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.968261][T12649] team0: Port device team_slave_0 added [ 162.973533][T12649] team0: Port device team_slave_1 added [ 162.984223][T12669] capability: warning: `syz.3.2405' uses 32-bit capabilities (legacy support in use) [ 163.010108][T12649] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.012392][T12649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.021202][T12649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.021785][T12674] efs: device does not support 512 byte blocks [ 163.025597][T12649] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.028499][T12674] device does not support 512 byte blocks [ 163.028499][T12674] [ 163.028649][T12649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.035095][T12674] xt_cgroup: path and classid specified [ 163.039580][T12649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.082936][T12649] hsr_slave_0: entered promiscuous mode [ 163.085360][T12649] hsr_slave_1: entered promiscuous mode [ 163.087414][T12649] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 163.089785][T12649] Cannot create hsr debugfs directory [ 163.103338][T12680] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 163.148970][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 163.148982][ T40] audit: type=1400 audit(166.020:650): avc: denied { append } for pid=12678 comm="syz.3.2410" name="video3" dev="devtmpfs" ino=959 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 163.204367][T12649] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.291887][T12649] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.305207][T12699] FAULT_INJECTION: forcing a failure. [ 163.305207][T12699] name failslab, interval 1, probability 0, space 0, times 0 [ 163.310890][T12699] CPU: 1 UID: 0 PID: 12699 Comm: syz.2.2418 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 163.310917][T12699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.310928][T12699] Call Trace: [ 163.310941][T12699] [ 163.310950][T12699] dump_stack_lvl+0x16c/0x1f0 [ 163.311005][T12699] should_fail_ex+0x512/0x640 [ 163.311037][T12699] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 163.311059][T12699] should_failslab+0xc2/0x120 [ 163.311079][T12699] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 163.311097][T12699] ? __might_fault+0xe3/0x190 [ 163.311115][T12699] ? __might_fault+0x13b/0x190 [ 163.311134][T12699] ? getname_flags.part.0+0x4c/0x550 [ 163.311177][T12699] getname_flags.part.0+0x4c/0x550 [ 163.311204][T12699] getname_flags+0x93/0xf0 [ 163.311231][T12699] user_path_at+0x24/0x60 [ 163.311259][T12699] __x64_sys_mount+0x1fc/0x310 [ 163.311282][T12699] ? __pfx___x64_sys_mount+0x10/0x10 [ 163.311311][T12699] do_syscall_64+0xcd/0x260 [ 163.311341][T12699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.311360][T12699] RIP: 0033:0x7f532598e969 [ 163.311376][T12699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.311394][T12699] RSP: 002b:00007f53268a1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 163.311414][T12699] RAX: ffffffffffffffda RBX: 00007f5325bb5fa0 RCX: 00007f532598e969 [ 163.311427][T12699] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 0000200000000040 [ 163.311440][T12699] RBP: 00007f53268a1090 R08: 0000000000000000 R09: 0000000000000000 [ 163.311452][T12699] R10: 0000000000208001 R11: 0000000000000246 R12: 0000000000000001 [ 163.311463][T12699] R13: 0000000000000001 R14: 00007f5325bb5fa0 R15: 00007ffc08912378 [ 163.311490][T12699] [ 163.378874][T12705] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2421'. [ 163.384569][T12706] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2419'. [ 163.407916][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2422'. [ 163.437800][T12649] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.511962][T12649] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.556442][T12718] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=12718 comm=syz.2.2424 [ 163.592573][T12724] warn_alloc: 1 callbacks suppressed [ 163.592583][T12724] syz.0.2428: vmalloc error: size 20480, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 163.599264][T12724] CPU: 0 UID: 0 PID: 12724 Comm: syz.0.2428 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 163.599280][T12724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.599287][T12724] Call Trace: [ 163.599292][T12724] [ 163.599297][T12724] dump_stack_lvl+0x16c/0x1f0 [ 163.599317][T12724] warn_alloc+0x248/0x3a0 [ 163.599330][T12724] ? __pfx_warn_alloc+0x10/0x10 [ 163.599342][T12724] ? alloc_pages_mpol+0x25a/0x550 [ 163.599355][T12724] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 163.599374][T12724] __vmalloc_node_range_noprof+0x12d2/0x1540 [ 163.599395][T12724] ? vhost_task_create+0x1d2/0x2e0 [ 163.599411][T12724] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 163.599431][T12724] ? rcu_is_watching+0x12/0xc0 [ 163.599447][T12724] ? vhost_task_create+0x1d2/0x2e0 [ 163.599458][T12724] __vmalloc_node_noprof+0x74/0xa0 [ 163.599475][T12724] ? vhost_task_create+0x1d2/0x2e0 [ 163.599487][T12724] copy_process+0x2ead/0x91a0 [ 163.599502][T12724] ? kasan_save_track+0x14/0x30 [ 163.599512][T12724] ? __kasan_kmalloc+0xaa/0xb0 [ 163.599529][T12724] ? vhost_task_create+0xe5/0x2e0 [ 163.599539][T12724] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 163.599557][T12724] ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 163.599573][T12724] ? kvm_vcpu_ioctl+0x5e9/0x1680 [ 163.599590][T12724] ? __x64_sys_ioctl+0x193/0x200 [ 163.599605][T12724] ? do_syscall_64+0xcd/0x260 [ 163.599621][T12724] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.599641][T12724] ? __pfx_copy_process+0x10/0x10 [ 163.599664][T12724] ? lockdep_init_map_type+0x5c/0x280 [ 163.599676][T12724] ? lockdep_init_map_type+0x5c/0x280 [ 163.599692][T12724] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 163.599705][T12724] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 163.599721][T12724] vhost_task_create+0x1d2/0x2e0 [ 163.599733][T12724] ? __pfx_vhost_task_create+0x10/0x10 [ 163.599745][T12724] ? register_lock_class+0x41/0x4c0 [ 163.599766][T12724] ? __pfx_vhost_task_fn+0x10/0x10 [ 163.599779][T12724] ? kvm_vcpu_ioctl+0x27e/0x1680 [ 163.599800][T12724] kvm_mmu_post_init_vm+0x1b7/0x370 [ 163.599819][T12724] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 163.599836][T12724] ? kvm_vcpu_ioctl+0x14c2/0x1680 [ 163.599855][T12724] kvm_vcpu_ioctl+0x5e9/0x1680 [ 163.599874][T12724] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 163.599895][T12724] ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450 [ 163.599916][T12724] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 163.599940][T12724] ? hook_file_ioctl_common+0x145/0x410 [ 163.599957][T12724] ? selinux_file_ioctl+0x180/0x270 [ 163.599974][T12724] ? selinux_file_ioctl+0xb4/0x270 [ 163.599993][T12724] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 163.600010][T12724] __x64_sys_ioctl+0x193/0x200 [ 163.600027][T12724] do_syscall_64+0xcd/0x260 [ 163.600045][T12724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.600056][T12724] RIP: 0033:0x7fd6e178e969 [ 163.600066][T12724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.600077][T12724] RSP: 002b:00007fd6e2523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.600088][T12724] RAX: ffffffffffffffda RBX: 00007fd6e19b5fa0 RCX: 00007fd6e178e969 [ 163.600095][T12724] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 163.600102][T12724] RBP: 00007fd6e2523090 R08: 0000000000000000 R09: 0000000000000000 [ 163.600109][T12724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 163.600115][T12724] R13: 0000000000000000 R14: 00007fd6e19b5fa0 R15: 00007ffc6c23dd68 [ 163.600129][T12724] [ 163.600133][T12724] Mem-Info: [ 163.626135][T12649] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 163.627612][T12724] active_anon:8456 inactive_anon:0 isolated_anon:0 [ 163.627612][T12724] active_file:6177 inactive_file:50938 isolated_file:0 [ 163.627612][T12724] unevictable:1770 dirty:163 writeback:0 [ 163.627612][T12724] slab_reclaimable:7591 slab_unreclaimable:82606 [ 163.627612][T12724] mapped:25441 shmem:2399 pagetables:765 [ 163.627612][T12724] sec_pagetables:312 bounce:0 [ 163.627612][T12724] kernel_misc_reclaimable:0 [ 163.627612][T12724] free:451401 free_pcp:6061 free_cma:0 [ 163.728673][T12724] Node 0 active_anon:45044kB inactive_anon:0kB active_file:24708kB inactive_file:203548kB unevictable:3544kB isolated(anon):0kB isolated(file):0kB mapped:101764kB dirty:656kB writeback:0kB shmem:15112kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12432kB pagetables:2936kB sec_pagetables:1248kB all_unreclaimable? no Balloon:0kB [ 163.731371][T12649] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 163.739902][T12724] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:144kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 163.753482][T12724] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 163.764001][T12724] lowmem_reserve[]: 0 1238 1238 1238 1238 [ 163.767543][T12724] Node 0 DMA32 free:196396kB boost:0kB min:27576kB low:34468kB high:41360kB reserved_highatomic:0KB active_anon:51136kB inactive_anon:0kB active_file:24708kB inactive_file:203548kB unevictable:3544kB writepending:656kB present:2080628kB managed:1268536kB mlocked:8kB bounce:0kB free_pcp:13988kB local_pcp:8792kB free_cma:0kB [ 163.769908][T12729] FAULT_INJECTION: forcing a failure. [ 163.769908][T12729] name failslab, interval 1, probability 0, space 0, times 0 [ 163.778980][T12724] lowmem_reserve[]: 0 0 0 0 0 [ 163.781093][T12729] CPU: 3 UID: 0 PID: 12729 Comm: syz.2.2429 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 163.781109][T12729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.781116][T12729] Call Trace: [ 163.781121][T12729] [ 163.781126][T12729] dump_stack_lvl+0x16c/0x1f0 [ 163.781160][T12729] should_fail_ex+0x512/0x640 [ 163.781178][T12729] ? __kmalloc_noprof+0xbf/0x510 [ 163.781190][T12729] ? lsm_blob_alloc+0x68/0x90 [ 163.781202][T12729] should_failslab+0xc2/0x120 [ 163.781215][T12729] __kmalloc_noprof+0xd2/0x510 [ 163.781225][T12729] ? __pfx_perf_event_init_task+0x10/0x10 [ 163.781244][T12729] ? audit_alloc+0xa2/0x7b0 [ 163.781259][T12729] lsm_blob_alloc+0x68/0x90 [ 163.781272][T12729] security_task_alloc+0x2d/0x260 [ 163.781284][T12729] copy_process+0x24ba/0x91a0 [ 163.781300][T12729] ? kasan_save_track+0x14/0x30 [ 163.781310][T12729] ? __kasan_kmalloc+0xaa/0xb0 [ 163.781327][T12729] ? vhost_task_create+0xe5/0x2e0 [ 163.781338][T12729] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 163.781356][T12729] ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 163.781372][T12729] ? kvm_vcpu_ioctl+0x5e9/0x1680 [ 163.781389][T12729] ? __x64_sys_ioctl+0x193/0x200 [ 163.781404][T12729] ? do_syscall_64+0xcd/0x260 [ 163.781420][T12729] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.781440][T12729] ? __pfx_copy_process+0x10/0x10 [ 163.781463][T12729] ? lockdep_init_map_type+0x5c/0x280 [ 163.781476][T12729] ? lockdep_init_map_type+0x5c/0x280 [ 163.781486][T12729] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 163.781500][T12729] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 163.781515][T12729] vhost_task_create+0x1d2/0x2e0 [ 163.781527][T12729] ? __pfx_vhost_task_create+0x10/0x10 [ 163.781538][T12729] ? register_lock_class+0x41/0x4c0 [ 163.781560][T12729] ? __pfx_vhost_task_fn+0x10/0x10 [ 163.781573][T12729] ? kvm_vcpu_ioctl+0x27e/0x1680 [ 163.781594][T12729] kvm_mmu_post_init_vm+0x1b7/0x370 [ 163.781613][T12729] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 163.781630][T12729] ? kvm_vcpu_ioctl+0x14c2/0x1680 [ 163.781649][T12729] kvm_vcpu_ioctl+0x5e9/0x1680 [ 163.781668][T12729] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 163.781689][T12729] ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450 [ 163.781709][T12729] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 163.781737][T12729] ? hook_file_ioctl_common+0x145/0x410 [ 163.781753][T12729] ? selinux_file_ioctl+0x180/0x270 [ 163.781770][T12729] ? selinux_file_ioctl+0xb4/0x270 [ 163.781789][T12729] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 163.781807][T12729] __x64_sys_ioctl+0x193/0x200 [ 163.781823][T12729] do_syscall_64+0xcd/0x260 [ 163.781840][T12729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.781852][T12729] RIP: 0033:0x7f532598e969 [ 163.781862][T12729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.781873][T12729] RSP: 002b:00007f532685f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.781883][T12729] RAX: ffffffffffffffda RBX: 00007f5325bb6160 RCX: 00007f532598e969 [ 163.781890][T12729] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 163.781897][T12729] RBP: 00007f532685f090 R08: 0000000000000000 R09: 0000000000000000 [ 163.781904][T12729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.781910][T12729] R13: 0000000000000000 R14: 00007f5325bb6160 R15: 00007ffc08912378 [ 163.781924][T12729] [ 163.895333][T12724] Node 1 Normal free:1585040kB boost:0kB min:39660kB low:49572kB high:59484kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781964kB mlocked:0kB bounce:0kB free_pcp:1432kB local_pcp:360kB free_cma:0kB [ 163.904388][T12724] lowmem_reserve[]: 0 0 0 0 0 [ 163.905985][T12724] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 163.910022][T12724] Node 0 DMA32: 0*4kB 84*8kB (UME) 49*16kB (UME) 32*32kB (UE) 46*64kB (UE) 24*128kB (UE) 21*256kB (ME) 19*512kB (UME) 12*1024kB (UME) 4*2048kB (UME) 32*4096kB (M) = 175152kB [ 163.915507][T12724] Node 1 Normal: 7*4kB (UME) 11*8kB (UME) 14*16kB (UME) 122*32kB (UME) 70*64kB (UME) 15*128kB (UME) 2*256kB (UE) 6*512kB (UME) 2*1024kB (E) 6*2048kB (UME) 380*4096kB (M) = 1585044kB [ 163.922359][T12724] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 163.923439][T12649] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 163.925958][T12724] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 163.930583][T12724] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 163.933017][T12649] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 163.933576][T12724] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 163.933588][T12724] 63573 total pagecache pages [ 163.933593][T12724] 1 pages in swap cache [ 163.941496][T12724] Free swap = 124992kB [ 163.942841][T12724] Total swap = 124996kB [ 163.944174][T12724] 1048443 pages RAM [ 163.945463][T12724] 0 pages HighMem/MovableOnly [ 163.946959][T12724] 281978 pages reserved [ 163.948288][T12724] 0 pages cma reserved [ 163.981487][T12649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 163.994430][T12649] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.005580][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.008045][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.011373][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.013601][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.058853][T12736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2432'. [ 164.139360][T12753] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 164.146759][T12649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 164.179254][T12649] veth0_vlan: entered promiscuous mode [ 164.184044][T12649] veth1_vlan: entered promiscuous mode [ 164.203310][T12649] veth0_macvtap: entered promiscuous mode [ 164.210964][T12649] veth1_macvtap: entered promiscuous mode [ 164.224641][T12649] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.229581][T12761] __nla_validate_parse: 2 callbacks suppressed [ 164.229592][T12761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2443'. [ 164.238284][T12649] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.242172][T12649] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.245967][T12649] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.248784][T12649] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.251494][T12649] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.311581][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.314078][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.363745][ T90] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.366785][ T90] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.404854][T12774] fuse: Unknown parameter '' [ 164.438751][T12781] program syz.0.2449 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 164.472103][ T5933] Bluetooth: hci1: unexpected event for opcode 0x1405 [ 164.574970][ T5933] Bluetooth: hci2: command tx timeout [ 164.675398][T12788] FAULT_INJECTION: forcing a failure. [ 164.675398][T12788] name failslab, interval 1, probability 0, space 0, times 0 [ 164.679392][T12788] CPU: 2 UID: 0 PID: 12788 Comm: syz.0.2452 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 164.679407][T12788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.679414][T12788] Call Trace: [ 164.679418][T12788] [ 164.679423][T12788] dump_stack_lvl+0x16c/0x1f0 [ 164.679443][T12788] should_fail_ex+0x512/0x640 [ 164.679461][T12788] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 164.679474][T12788] should_failslab+0xc2/0x120 [ 164.679487][T12788] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 164.679499][T12788] ? copy_process+0x4bd/0x91a0 [ 164.679515][T12788] ? _raw_spin_unlock_irq+0x23/0x50 [ 164.679532][T12788] copy_process+0x4bd/0x91a0 [ 164.679551][T12788] ? kasan_save_track+0x14/0x30 [ 164.679564][T12788] ? __kasan_kmalloc+0xaa/0xb0 [ 164.679587][T12788] ? vhost_task_create+0xe5/0x2e0 [ 164.679603][T12788] ? kvm_mmu_post_init_vm+0x1b7/0x370 [ 164.679631][T12788] ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 164.679657][T12788] ? kvm_vcpu_ioctl+0x5e9/0x1680 [ 164.679673][T12788] ? __x64_sys_ioctl+0x193/0x200 [ 164.679688][T12788] ? do_syscall_64+0xcd/0x260 [ 164.679703][T12788] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.679723][T12788] ? __pfx_copy_process+0x10/0x10 [ 164.679746][T12788] ? lockdep_init_map_type+0x5c/0x280 [ 164.679758][T12788] ? lockdep_init_map_type+0x5c/0x280 [ 164.679768][T12788] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 164.679781][T12788] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 164.679797][T12788] vhost_task_create+0x1d2/0x2e0 [ 164.679809][T12788] ? __pfx_vhost_task_create+0x10/0x10 [ 164.679820][T12788] ? register_lock_class+0x41/0x4c0 [ 164.679842][T12788] ? __pfx_vhost_task_fn+0x10/0x10 [ 164.679854][T12788] ? kvm_vcpu_ioctl+0x27e/0x1680 [ 164.679875][T12788] kvm_mmu_post_init_vm+0x1b7/0x370 [ 164.679894][T12788] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 164.679911][T12788] ? kvm_vcpu_ioctl+0x14c2/0x1680 [ 164.679930][T12788] kvm_vcpu_ioctl+0x5e9/0x1680 [ 164.679949][T12788] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 164.679970][T12788] ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450 [ 164.679991][T12788] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 164.680014][T12788] ? hook_file_ioctl_common+0x145/0x410 [ 164.680030][T12788] ? selinux_file_ioctl+0x180/0x270 [ 164.680047][T12788] ? selinux_file_ioctl+0xb4/0x270 [ 164.680066][T12788] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 164.680084][T12788] __x64_sys_ioctl+0x193/0x200 [ 164.680100][T12788] do_syscall_64+0xcd/0x260 [ 164.680117][T12788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.680129][T12788] RIP: 0033:0x7fd6e178e969 [ 164.680138][T12788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.680149][T12788] RSP: 002b:00007fd6e2523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.680161][T12788] RAX: ffffffffffffffda RBX: 00007fd6e19b5fa0 RCX: 00007fd6e178e969 [ 164.680168][T12788] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 164.680175][T12788] RBP: 00007fd6e2523090 R08: 0000000000000000 R09: 0000000000000000 [ 164.680182][T12788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.680188][T12788] R13: 0000000000000000 R14: 00007fd6e19b5fa0 R15: 00007ffc6c23dd68 [ 164.680202][T12788] [ 164.687717][T12790] FAULT_INJECTION: forcing a failure. [ 164.687717][T12790] name failslab, interval 1, probability 0, space 0, times 0 [ 164.687747][T12790] CPU: 3 UID: 0 PID: 12790 Comm: syz.2.2453 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 164.687769][T12790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.687780][T12790] Call Trace: [ 164.687786][T12790] [ 164.687792][T12790] dump_stack_lvl+0x16c/0x1f0 [ 164.687821][T12790] should_fail_ex+0x512/0x640 [ 164.687844][T12790] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 164.687873][T12790] should_failslab+0xc2/0x120 [ 164.687892][T12790] __kmalloc_cache_noprof+0x6a/0x3e0 [ 164.687916][T12790] ? ww_mutex_lock+0x37/0x160 [ 164.687941][T12790] ? drm_atomic_helper_crtc_duplicate_state+0x70/0xd0 [ 164.687974][T12790] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0 [ 164.687996][T12790] drm_atomic_get_crtc_state+0x16e/0x450 [ 164.688021][T12790] drm_atomic_get_plane_state+0x436/0x590 [ 164.688045][T12790] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 164.688068][T12790] ? __pfx___might_resched+0x10/0x10 [ 164.688123][T12790] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 164.688145][T12790] ? __mutex_lock+0x1ca/0xb90 [ 164.688185][T12790] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 164.688219][T12790] drm_client_modeset_commit_locked+0x14d/0x580 [ 164.688245][T12790] drm_fb_helper_pan_display+0x32d/0xa40 [ 164.688282][T12790] fb_pan_display+0x47c/0x7d0 [ 164.688300][T12790] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 164.688330][T12790] bit_update_start+0x49/0x1f0 [ 164.688353][T12790] fbcon_switch+0xbf8/0x14c0 [ 164.688381][T12790] ? __pfx_fbcon_switch+0x10/0x10 [ 164.688414][T12790] ? __pfx_bit_cursor+0x10/0x10 [ 164.688433][T12790] ? fbcon_cursor+0x40c/0x5f0 [ 164.688454][T12790] ? is_console_locked+0x9/0x20 [ 164.688508][T12790] ? con_is_visible+0x65/0x150 [ 164.688537][T12790] redraw_screen+0x2c1/0x760 [ 164.688556][T12790] ? __pfx_redraw_screen+0x10/0x10 [ 164.688576][T12790] ? fbcon_set_palette+0x401/0x640 [ 164.688599][T12790] fbcon_modechanged+0x456/0x700 [ 164.688623][T12790] fbcon_set_all_vcs+0x1d6/0x450 [ 164.688646][T12790] fbcon_update_vcs+0x2c/0x50 [ 164.688666][T12790] do_fb_ioctl+0x787/0x7e0 [ 164.688690][T12790] ? __pfx_do_fb_ioctl+0x10/0x10 [ 164.688719][T12790] ? do_vfs_ioctl+0x512/0x1990 [ 164.688777][T12790] ? selinux_file_ioctl+0x180/0x270 [ 164.688809][T12790] fb_ioctl+0xe5/0x150 [ 164.688830][T12790] ? __pfx_fb_ioctl+0x10/0x10 [ 164.688853][T12790] __x64_sys_ioctl+0x193/0x200 [ 164.688878][T12790] do_syscall_64+0xcd/0x260 [ 164.688905][T12790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.688921][T12790] RIP: 0033:0x7f532598e969 [ 164.688936][T12790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.688958][T12790] RSP: 002b:00007f53268a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.688975][T12790] RAX: ffffffffffffffda RBX: 00007f5325bb5fa0 RCX: 00007f532598e969 [ 164.688986][T12790] RDX: 0000200000000140 RSI: 0000000000004601 RDI: 0000000000000003 [ 164.688997][T12790] RBP: 00007f53268a1090 R08: 0000000000000000 R09: 0000000000000000 [ 164.689008][T12790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 164.689019][T12790] R13: 0000000000000000 R14: 00007f5325bb5fa0 R15: 00007ffc08912378 [ 164.689045][T12790] [ 164.744915][ T5933] Bluetooth: hci0: command tx timeout [ 164.800283][T12794] Bluetooth: MGMT ver 1.23 [ 164.896539][ T5933] Bluetooth: hci4: command tx timeout [ 164.956235][T12798] ubi: mtd0 is already attached to ubi31 [ 165.586109][T12828] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2464'. [ 165.592046][T12828] ipip0: entered promiscuous mode [ 165.665872][T12833] ubi: mtd0 is already attached to ubi31 [ 165.715088][T12832] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2466'. [ 165.715471][T12832] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2466'. [ 165.716470][T12832] @: renamed from vlan0 (while UP) [ 165.819574][T12846] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2472'. [ 165.822440][T12846] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 165.918382][T12851] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2473'. [ 165.921321][T12851] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2473'. [ 166.060932][T12864] program syz.2.2480 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 166.169368][T12874] FAULT_INJECTION: forcing a failure. [ 166.169368][T12874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.173571][T12874] CPU: 2 UID: 0 PID: 12874 Comm: syz.1.2483 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 166.173587][T12874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 166.173594][T12874] Call Trace: [ 166.173604][T12874] [ 166.173613][T12874] dump_stack_lvl+0x16c/0x1f0 [ 166.173645][T12874] should_fail_ex+0x512/0x640 [ 166.173673][T12874] _copy_from_user+0x2e/0xd0 [ 166.173691][T12874] kstrtouint_from_user+0xd6/0x1d0 [ 166.173704][T12874] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 166.173716][T12874] ? __lock_acquire+0xaa4/0x1ba0 [ 166.173741][T12874] proc_fail_nth_write+0x83/0x250 [ 166.173759][T12874] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 166.173781][T12874] vfs_write+0x25f/0x1180 [ 166.173797][T12874] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 166.173817][T12874] ? __pfx___mutex_lock+0x10/0x10 [ 166.173834][T12874] ? __pfx_vfs_write+0x10/0x10 [ 166.173855][T12874] ? __fget_files+0x20e/0x3c0 [ 166.173870][T12874] ksys_write+0x12a/0x240 [ 166.173887][T12874] ? __pfx_ksys_write+0x10/0x10 [ 166.173908][T12874] do_syscall_64+0xcd/0x260 [ 166.173926][T12874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.173938][T12874] RIP: 0033:0x7fe8bc58d41f [ 166.173948][T12874] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 166.173959][T12874] RSP: 002b:00007fe8bd33d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 166.173970][T12874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe8bc58d41f [ 166.173977][T12874] RDX: 0000000000000001 RSI: 00007fe8bd33d0a0 RDI: 0000000000000004 [ 166.173984][T12874] RBP: 00007fe8bd33d090 R08: 0000000000000000 R09: 0000000000000000 [ 166.173991][T12874] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 166.173998][T12874] R13: 0000000000000000 R14: 00007fe8bc7b5fa0 R15: 00007ffedfb95088 [ 166.174012][T12874] [ 166.311697][T12879] ubi: mtd0 is already attached to ubi31 [ 166.323410][T12882] netlink: 'syz.0.2485': attribute type 32 has an invalid length. [ 166.326056][T12882] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2485'. [ 166.328887][T12882] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 166.333300][T12882] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 166.478161][ T40] audit: type=1400 audit(169.350:651): avc: denied { map } for pid=12889 comm="syz.0.2488" path="socket:[62274]" dev="sockfs" ino=62274 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 166.490256][ T40] audit: type=1400 audit(169.350:652): avc: denied { accept } for pid=12889 comm="syz.0.2488" path="socket:[62274]" dev="sockfs" ino=62274 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 166.626332][T12903] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2492'. [ 166.822574][ T5933] Bluetooth: hci0: command tx timeout [ 166.846483][T12923] ubi: mtd0 is already attached to ubi31 [ 166.866028][T12925] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 166.975322][ T5933] Bluetooth: hci4: command tx timeout [ 167.029463][T12937] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2504'. [ 167.047311][T12939] usb usb8: usbfs: process 12939 (syz.2.2507) did not claim interface 0 before use [ 167.210154][T12966] syz.0.2517: attempt to access beyond end of device [ 167.210154][T12966] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0 [ 167.214164][T12966] syz.0.2517: attempt to access beyond end of device [ 167.214164][T12966] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0 [ 167.250972][T12970] vim2m vim2m.0: vidioc_s_fmt queue busy [ 167.253464][T12970] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 167.328190][T12977] Cannot find map_set index 0 as target [ 167.337772][T12979] ubi: mtd0 is already attached to ubi31 [ 167.408254][ T57] IPVS: starting estimator thread 0... [ 167.438998][T12995] usb usb8: usbfs: process 12995 (syz.3.2527) did not claim interface 0 before use [ 167.494899][T12990] IPVS: using max 43 ests per chain, 103200 per kthread [ 167.607288][ T67] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 167.611056][ T67] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 167.614489][ T67] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 167.619728][ T67] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 167.623417][ T67] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 167.750264][T13006] chnl_net:caif_netlink_parms(): no params data found [ 167.792040][ T40] audit: type=1400 audit(170.660:653): avc: denied { setattr } for pid=13012 comm="syz.1.2533" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 167.801746][ T40] audit: type=1400 audit(170.660:654): avc: denied { map } for pid=13012 comm="syz.1.2533" path="socket:[64164]" dev="sockfs" ino=64164 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 167.863031][T13006] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.865640][T13006] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.868376][T13006] bridge_slave_0: entered allmulticast mode [ 167.871135][T13006] bridge_slave_0: entered promiscuous mode [ 167.875725][T13006] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.878775][T13006] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.881854][T13006] bridge_slave_1: entered allmulticast mode [ 167.886063][T13006] bridge_slave_1: entered promiscuous mode [ 167.933729][T13006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.942336][T13006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.977705][T13006] team0: Port device team_slave_0 added [ 167.981867][T13006] team0: Port device team_slave_1 added [ 168.012307][T13006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.014540][T13006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.022998][T13006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.027443][T13006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.029937][T13006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.038583][T13006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.079106][T13006] hsr_slave_0: entered promiscuous mode [ 168.081366][T13006] hsr_slave_1: entered promiscuous mode [ 168.083559][T13006] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.086312][T13006] Cannot create hsr debugfs directory [ 168.184867][ T833] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 168.336206][ T833] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 168.339865][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 168.343340][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 168.346514][ T833] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 168.350528][ T833] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 168.353522][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.357569][ T833] usb 7-1: config 0 descriptor?? [ 168.514398][T13006] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 168.521315][T13006] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 168.525725][T13006] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 168.530317][T13006] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 168.544737][T13006] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.547911][T13006] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.550380][T13006] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.552583][T13006] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.582804][T13006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.593302][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.598975][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.616972][T13006] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.625667][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.627919][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.633364][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.635655][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.665109][T13046] ubi: mtd0 is already attached to ubi31 [ 168.759107][T13006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.769917][ T833] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 168.783083][T13006] veth0_vlan: entered promiscuous mode [ 168.785337][ T833] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 168.792086][T13006] veth1_vlan: entered promiscuous mode [ 168.811176][T13006] veth0_macvtap: entered promiscuous mode [ 168.815153][T13006] veth1_macvtap: entered promiscuous mode [ 168.824342][T13006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 168.831164][T13006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.836258][T13006] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.839091][T13006] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.842213][T13006] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.844940][T13006] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.885728][T13057] mkiss: ax0: crc mode is auto. [ 168.893527][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.897658][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.905481][ T5933] Bluetooth: hci0: command tx timeout [ 168.911894][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.914360][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.027898][T13038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 169.032366][T13038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.049629][ T40] audit: type=1400 audit(171.920:655): avc: denied { remount } for pid=13072 comm="syz.1.2551" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 169.336623][T13086] ubi: mtd0 is already attached to ubi31 [ 169.685785][ T40] audit: type=1400 audit(172.550:656): avc: denied { ioctl } for pid=13090 comm="syz.2.2558" path="/dev/btrfs-control" dev="devtmpfs" ino=1335 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 169.705555][ T5933] Bluetooth: hci3: command tx timeout [ 169.711681][ T13] bond0 (unregistering): Released all slaves [ 169.719763][ T13] bond1 (unregistering): Released all slaves [ 169.821636][ T13] tipc: Disabling bearer [ 169.836328][ T13] tipc: Left network mode [ 169.852637][ T13] IPVS: stopping backup sync thread 7160 ... [ 169.884750][T13100] netlink: 'syz.0.2560': attribute type 10 has an invalid length. [ 169.920145][T13108] __nla_validate_parse: 3 callbacks suppressed [ 169.920156][T13108] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2564'. [ 169.971880][T13117] efs: device does not support 512 byte blocks [ 169.973863][T13117] device does not support 512 byte blocks [ 169.973863][T13117] [ 170.050466][T13126] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN NOPTI [ 170.054064][T13126] KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] [ 170.057592][T13126] CPU: 3 UID: 0 PID: 13126 Comm: syz.0.2571 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) [ 170.061833][T13126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 170.064989][T13126] RIP: 0010:bcsp_recv+0x10a/0x17f0 [ 170.066507][T13126] Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 9a 47 5d f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8 [ 170.072213][T13126] RSP: 0018:ffffc9000387fbf0 EFLAGS: 00010293 [ 170.074017][T13126] RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885dfe5a [ 170.076317][T13126] RDX: ffff88802b818000 RSI: ffffffff885dfea6 RDI: 0000000000000005 [ 170.078646][T13126] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 170.080957][T13126] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc9000387fd88 [ 170.083258][T13126] R13: ffffc9000387fd88 R14: 0000000000000001 R15: ffff88804400c800 [ 170.085658][T13126] FS: 00007f9c819d56c0(0000) GS:ffff8880d6cdf000(0000) knlGS:0000000000000000 [ 170.088439][T13126] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.090475][T13126] CR2: 00007f9c819d4f98 CR3: 000000004b1d8000 CR4: 0000000000352ef0 [ 170.092869][T13126] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 170.095346][T13126] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 170.097757][T13126] Call Trace: [ 170.098797][T13126] [ 170.099720][T13126] ? __pfx_bcsp_recv+0x10/0x10 [ 170.101224][T13126] hci_uart_tty_receive+0x254/0x7e0 [ 170.102807][T13126] ? __pfx_hci_uart_tty_receive+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 170.104822][T13126] tty_ioctl+0x580/0x1610 [ 170.106224][T13126] ? __pfx_tty_ioctl+0x10/0x10 [ 170.107709][T13126] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 170.109817][T13126] ? hook_file_ioctl_common+0x145/0x410 [ 170.111523][T13126] ? selinux_file_ioctl+0x180/0x270 [ 170.113112][T13126] ? selinux_file_ioctl+0xb4/0x270 [ 170.114652][T13126] ? __pfx_tty_ioctl+0x10/0x10 [ 170.116119][T13126] __x64_sys_ioctl+0x193/0x200 [ 170.117616][T13126] do_syscall_64+0xcd/0x260 [ 170.119013][T13126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.120833][T13126] RIP: 0033:0x7f9c83b8e969 [ 170.122185][T13126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.127807][T13126] RSP: 002b:00007f9c819d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.130310][T13126] RAX: ffffffffffffffda RBX: 00007f9c83db6160 RCX: 00007f9c83b8e969 [ 170.132712][T13126] RDX: 0000200000000140 RSI: 0000000000005412 RDI: 0000000000000004 [ 170.135095][T13126] RBP: 00007f9c83c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 170.137520][T13126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.139964][T13126] R13: 0000000000000001 R14: 00007f9c83db6160 R15: 00007ffd069bb218 [ 170.142397][T13126] [ 170.143375][T13126] Modules linked in: [ 170.144714][ C3] vkms_vblank_simulate: vblank timer overrun [ 170.146867][T13126] ---[ end trace 0000000000000000 ]--- [ 170.165731][T13126] RIP: 0010:bcsp_recv+0x10a/0x17f0 [ 170.167431][T13126] Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 9a 47 5d f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8 [ 170.182410][T13126] RSP: 0018:ffffc9000387fbf0 EFLAGS: 00010293 [ 170.197823][T13126] RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885dfe5a [ 170.200244][T13126] RDX: ffff88802b818000 RSI: ffffffff885dfea6 RDI: 0000000000000005 [ 170.202732][T13126] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 170.206437][T13126] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc9000387fd88 [ 170.208905][T13126] R13: ffffc9000387fd88 R14: 0000000000000001 R15: ffff88804400c800 [ 170.211301][T13126] FS: 00007f9c819d56c0(0000) GS:ffff8880d6bdf000(0000) knlGS:0000000000000000 [ 170.214025][T13126] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.216620][T13126] CR2: 0000556ff1938b08 CR3: 000000004b1d8000 CR4: 0000000000352ef0 [ 170.219220][T13126] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 170.221634][T13126] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 170.224057][T13126] Kernel panic - not syncing: Fatal exception [ 170.226599][T13126] Kernel Offset: disabled [ 170.227952][T13126] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:32:33 Registers: info registers vcpu 0 CPU#0 RAX=0000000000004016 RBX=ffff88805059d280 RCX=ffffc9000c001000 RDX=0000000000080000 RSI=ffffffff81505a34 RDI=0000000000000005 RBP=0000000080000306 RSP=ffffc90003cdfa18 R8 =0000000000000005 R9 =0000000000000001 R10=0000000000000003 R11=0000000000000000 R12=0000000000000003 R13=0000000000000000 R14=0000000000000006 R15=ffff88805059d558 RIP=ffffffff81505a3c RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] FS =0000 00007fe8bd33d6c0 ffffffff 00c09300 DPL=0 DS [-WA] GS =0000 ffff8880d69df000 ffffffff 00c09300 DPL=0 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000ffff IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000038441000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa6fe411a8a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa6fe411a97 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa6fe411a91 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa6fe411aa5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa6fe411b2b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa6fe411c09 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000140cca RCX=000000000000556f RDX=ffffffff9ab542e0 RSI=0000000000000000 RDI=0000000000140cca RBP=0000000000000000 RSP=ffffc900037f6e00 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffffff9ab542e0 R13=000000000000556f R14=0000000000000000 R15=0000000000000000 RIP=ffffffff821d5ad2 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f53268a16c0 ffffffff 00c00000 GS =0000 ffff8880d6adf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c270055 CR3=000000003382d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000040000400 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc08912700 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5325a11a8a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5325a11a97 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5325a11a91 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5325a11aa5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5325a11b2b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5325a11c09 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88806a7415a0 RCX=ffffffff81af2ee9 RDX=ffff888025174880 RSI=ffffffff81af2ec3 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900040075c8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000007c6c R12=ffffed100d4e82b5 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88806a63b040 RIP=ffffffff81af2ec5 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6bdf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fecfc6e7d60 CR3=000000001fc14000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fecfbb836a3 00007fecfbb836a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffcfb91d50 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555566aa4ba0 0000555566aa4940 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555566aac1e7 0000555566aab600 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff0420c003 20080020b8030008 0020b0030fffffff ffffff0420a00310 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0101d810001f8004 0a1000060102a200 080021a003000800 2198032008002190 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030fffffffffffff 042180030fffffff ffffff0420f00300 080020e803000800 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20e00300080020d8 0300080020d0030f ffffffffffff0420 c00320080020b803 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00080020b0030fff ffffffffff0420a0 0310080020980301 0800209003000800 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854f8435 RDI=ffffffff9adf9560 RBP=ffffffff9adf9520 RSP=ffffc9000387f560 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043 R12=0000000000000000 R13=0000000000000031 R14=ffffffff9adf9520 R15=ffffffff854f83d0 RIP=ffffffff854f845f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f9c819d56c0 ffffffff 00c01300 GS =0000 ffff8880d6cdf000 ffffffff 00c01300 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f9c819d4f98 CR3=000000004b1d8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c83c11a8a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c83c11a97 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c83c11a91 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c83c11aa5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c83c11b2b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c83c11c09 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c83d83488 00007f9c83d83480 00007f9c83d83478 00007f9c83d83450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c848ed100 00007f9c83d83440 00007f9c83d83458 00007f9c83d834a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9c83d83498 00007f9c83d83490 00007f9c83d83488 00007f9c83d83480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000c0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000