last executing test programs: 34.609801449s ago: executing program 1 (id=45): r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) setresuid(0x0, 0xee00, 0xee00) r1 = socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(r1, 0x1, 0x24, &(0x7f0000000000), 0xfd80) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r2 = eventfd(0x8040001) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x110, 0xffffffffffffffff, 0x1ccef000) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c0000001000030500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c01000000000100697036746e6c00000c0002800500090089000000"], 0x3c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xd8}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='4\x00', 0xfffffffffffffe12) bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r6, &(0x7f0000000000), 0xd) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r9, 0x1, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x6, 0x0, r3, &(0x7f0000000000)="98", 0x1, 0x1000000, 0x0, 0x10, r4}]) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r10 = dup(0xffffffffffffffff) write$cgroup_subtree(r10, &(0x7f0000000180)=ANY=[@ANYBLOB="2d72646d010000000000000076656e74202d6465766963657320"], 0x33) write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c) 34.480223385s ago: executing program 1 (id=47): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\xb7AJ\n\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8\x1cXVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x62, 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x1) syz_open_dev$video4linux(&(0x7f0000000140), 0x1, 0x101000) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000480)='Y', 0x1}, {&(0x7f0000000100)="d5", 0xf4240}], 0x2}}], 0x1, 0x0) ftruncate(r1, 0x0) 34.410395727s ago: executing program 1 (id=48): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmsg$inet6(r0, &(0x7f0000000240)={&(0x7f0000000000)={0xa, 0x4e22, 0x1c1, @mcast2, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=[@flowinfo={{0x14, 0x29, 0xb, 0x5}}], 0x18, 0x10000000}, 0xc810) 34.410245609s ago: executing program 1 (id=49): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000240)="aebaa9153bcc69e382dba1a47f23ad638967d31cbb8b5eceb147e7de5d373b54c67a3a8aabc85441f48bcfb13137a23adcfaabaf4a01d28008c39a6f5aecdb06ee3066307d2d5a8f0a46e1c3cafc174e8c175ce78a105940c7932f8e18837ed28c3b23debfa73be6fc6fbb9637830a9dd51313d70c4346e217e2b0fd21f077fdaf7430", 0x83}, {&(0x7f0000000040)="3626dcb53b8a146520923a7add45905d35d0", 0x12}, {&(0x7f0000000100)="70a122dfc1f388366efcd1e3875661ed33b45968e5fdca40a9e76720b766c10b1ae2fb2d36f2", 0x26}, {&(0x7f0000000140)="038a8ab602c3a07ce9561ed91d0a599c29d076a0ac909a141d0853a5652af97d16fdb5ad391353798fac3f8306f43a224aa529e0905138b6742f9c", 0x3b}], 0x4) 34.407352041s ago: executing program 1 (id=51): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0xc000, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x6) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="b40200000000000061117200000000008500000000000000950000000000000189731d673c09000000000000007cee6be79a2a8a1b7da677e718cbfa"], &(0x7f0000000380)='GPL\x00', 0x5, 0xff92, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x36c, 0x10, &(0x7f0000000000), 0x26, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r5, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, r6, 0x40083, 0x715cb}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x4}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, @IFLA_IPTUN_PROTO={0x5}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000440)='./file0\x00', 0x0) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r8, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000180)=0x10) r9 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r8, 0x84, 0x11, &(0x7f0000000180)={r10, 0x8}, 0x8) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1607010, 0x0) r11 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r12 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r7, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x87, r12}, './file0\x00'}) 34.319700921s ago: executing program 1 (id=52): bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x7, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000001580)=0xa, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40010120, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f00000014c0), &(0x7f0000001500)=0x4) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$int_in(r3, 0x5452, &(0x7f0000000180)=0xf51) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union]}}, &(0x7f0000000c40)=""/229, 0x26, 0xe5, 0x1, 0x0, 0x0, @void, @value}, 0x28) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x25) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000001600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000030000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400030076657468305f746f5f626f6e6400000008003a"], 0x3c}}, 0x0) 19.179072219s ago: executing program 32 (id=52): bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x7, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000001580)=0xa, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40010120, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f00000014c0), &(0x7f0000001500)=0x4) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$int_in(r3, 0x5452, &(0x7f0000000180)=0xf51) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union]}}, &(0x7f0000000c40)=""/229, 0x26, 0xe5, 0x1, 0x0, 0x0, @void, @value}, 0x28) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x25) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000001600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000030000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400030076657468305f746f5f626f6e6400000008003a"], 0x3c}}, 0x0) 1.86934953s ago: executing program 4 (id=819): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) creat(&(0x7f0000000080)='./bus\x00', 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x74000}], 0x2, 0x101000, 0xf5000000, 0x8) 1.618126785s ago: executing program 4 (id=823): socket$packet(0x11, 0x3, 0x300) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x804c8c0) 1.549711105s ago: executing program 4 (id=826): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r1 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0) mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1f00, 0x1, 0x13, r1, 0x81000000) syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000280)=""/239, 0xef) write$char_usb(r2, &(0x7f0000000000)=' ', 0x1) (async) write$char_usb(r2, &(0x7f0000000000)=' ', 0x1) syz_usb_disconnect(r0) 1.489983257s ago: executing program 3 (id=829): bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x7, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000001580)=0xa, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40010120, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f00000014c0), &(0x7f0000001500)=0x4) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$int_in(r3, 0x5452, &(0x7f0000000180)=0xf51) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union]}}, &(0x7f0000000c40)=""/229, 0x26, 0xe5, 0x1, 0x0, 0x0, @void, @value}, 0x28) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x25) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000001600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000003000000001400030076657468305f746f5f626f6e6400000008003a"], 0x3c}}, 0x0) 1.399802673s ago: executing program 3 (id=831): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x10}}, 0x14}}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x6, @loopback, 0x0, 0x4, 'wrr\x00'}, 0x2c) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) pipe2$9p(&(0x7f00000000c0), 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000900)={'ip6_vti0\x00', @random="0600002000ff"}) 1.299743149s ago: executing program 3 (id=833): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfdef, 0x0) (fail_nth: 66) 1.237544855s ago: executing program 3 (id=836): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0xfffffff0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="000000000000000000000000000000000f0000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0) 1.236992126s ago: executing program 3 (id=838): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={&(0x7f0000000180), 0x6e, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0xa000}], 0x3}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0) r5 = syz_open_dev$usbmon(&(0x7f0000000000), 0x380f, 0xa200) ioctl$MON_IOCX_GET(r5, 0x40189206, &(0x7f00000001c0)={&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000200)=""/248, 0x6c}) 649.98325ms ago: executing program 0 (id=849): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0xfffffff0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000200000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0) 649.884349ms ago: executing program 0 (id=850): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000f41000010000000000000000000000000a20000000000a03400000000000000000010000000900010073797a300000000040000000160a07000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800024000000000080001400000000038000000160a09010000000000000000010000000900020073797a30000000000900010073797a300000000008000740000000000400038014000000110001"], 0xc0}}, 0x0) 599.557829ms ago: executing program 0 (id=851): r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/165, 0xa5}], 0x1) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) r2 = memfd_create(&(0x7f0000000340)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000008, 0x11, r2, 0x0) r3 = socket(0x840000000002, 0x3, 0x100) connect$inet(r3, &(0x7f00000005c0)={0x2, 0x7fe, @remote}, 0x10) getpeername$packet(r3, 0x0, &(0x7f0000000040)) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100) syz_emit_ethernet(0x5e, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "640ca6", 0x28, 0x29, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @local, {[], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d5"}}}}}, 0x0) 509.812125ms ago: executing program 0 (id=853): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000e80), 0x40100, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000001340), 0x80, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x6}, @hci_rp_delete_stored_link_key={{0x7f}, {0xe, 0xf2d2}}}}, 0x9) openat$cgroup_int(r0, &(0x7f0000000000)='blkio.throttle.read_iops_device\x00', 0x2, 0x0) 440.861682ms ago: executing program 0 (id=854): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x700, &(0x7f0000000080)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}, 0x1, 0x0, 0x500000}, 0x0) 440.394416ms ago: executing program 0 (id=856): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000000a01010000000000000000050000000900010073797a30000000000c00044000000000000000040c0004400000000000000005bc000000030a01030000000000000000050000000900010073797a300000000008000540000000004c0008800c00014000000000000000010c0002400000000000f6ff000c00024000000000000016cc0c21014000000000000100010c0002400000000000000014"], 0x130}}, 0x0) r3 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e22, @multicast2}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x4) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0xfffffffffffffffd, 0x0, 0x8, 0x8020000000000001, 0x0, 0x0, 0x2004c8, 0x0, 0x3, 0xe786, 0xffffffffffffffff], 0x8000000}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000000, @void, @value}, 0x94) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b6967335", 0x8}], 0x1, &(0x7f0000000740)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a7ce45002bdb85e47ab3e39597e422ffab456dd963a000000001800000000000000170100000400000006020000004000001800000000000000170100000300000001"], 0x60}], 0x1, 0x8001) recvmmsg(r7, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000001c0)=""/156, 0x9c}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000001480)=ANY=[@ANYBLOB="e09a0000", @ANYRES16=0x0, @ANYBLOB="00012cbd7000fedbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x4) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r5}, 0x10) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x700000b, 0x20010, r8, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r9 = socket$igmp(0x2, 0x3, 0x2) ioctl$SIOCGETVIFCNT(r9, 0x89e0, &(0x7f0000000340)) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x20, 0x2a, 0xb, 0x0, 0x0, {0x7}, [@typed={0x4, 0x3}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x81}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081) recvmsg(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000a80)=""/20, 0x14}], 0x1}, 0x0) r11 = accept4$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000) getsockopt$sock_int(r11, 0x1, 0x6, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc018937e, &(0x7f0000000440)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) connect$tipc(r12, &(0x7f0000000480)=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x1, 0x2}}, 0x10) 440.148413ms ago: executing program 2 (id=857): r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x2010008, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$bind(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x20000, 0x0) mount$overlay(0x8cffffff, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x2000000, &(0x7f00000023c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 369.926945ms ago: executing program 2 (id=858): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'bond0\x00', &(0x7f00000005c0)=@ethtool_drvinfo={0x3, "751b3a5054b25e3ad3efb5b662a743dd52bacca09240fdeb292bffd4050ef6cf", "0a1819733e1d64dbd19cb1e02bb39bb7a20e10a3459692faa0a8df09016daa6e", "44c1d129371e13cc3bcc669fd833c7391408ffdfa30285a5aa48141142ce5700", "242f28691b9da04dd4ff5e98d4030eb9000000000000000900", "9ca5fb02099a024df59efd8c9a8ef6c3649beea9eddf6b4cd2134dbf00", "858a1ba8d3f4dccddf00"}}) 369.459846ms ago: executing program 3 (id=859): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000001580)=@raw={'raw\x00', 0x3c1, 0x3, 0x1488, 0x1190, 0x1170, 0x1398, 0x0, 0x1170, 0x13b8, 0x1398, 0x1398, 0x13b8, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [0x0, 0x0, 0x0, 0xff000000], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6}, 0x0, 0x1128, 0x1190, 0x0, {}, [@common=@inet=@multiport={{0x50}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0x2, 0x0, 0x0, './cgroup.cpu/syz0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1, 0x10, 0x2, 0x2, 'syz1\x00', 'syz1\x00', {0xe203}}}}, {{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x23, 0x0, [@empty, @local, @remote, @mcast2, @loopback, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @local}, @mcast1, @loopback, @remote, @mcast2, @empty, @rand_addr=' \x01\x00', @mcast1, @remote]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x14e8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000680), &(0x7f0000000240)=0x8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000004c0)=@security={'security\x00', 0x4, 0x4, 0x3d0, 0xffffffff, 0x1c0, 0x0, 0x1c0, 0xffffffff, 0xffffffff, 0x300, 0x300, 0x300, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@dev, @remote, [], [], 'bridge_slave_1\x00', 'geneve0\x00', {}, {}, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00', {0x6}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@ipv6={@private1, @mcast1, [], [], 'geneve1\x00', 'macvlan0\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'syz0\x00'}}, @common=@ipv6header={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430) r3 = socket$kcm(0x10, 0x2, 0x4) close(r3) socket$kcm(0x10, 0x2, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r5}}) r7 = dup2(r5, r5) read$FUSE(r7, &(0x7f00000021c0)={0x2020}, 0x2020) r8 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0) readv(r8, &(0x7f0000000000)=[{&(0x7f0000000200)=""/215, 0x7ffff000}], 0x6) signalfd4(r8, &(0x7f0000000040)={[0x7fffffffffffffff]}, 0x8, 0x0) read$char_usb(r8, &(0x7f0000000900)=""/156, 0x9c) bind$bt_hci(r4, &(0x7f0000001ac0), 0x6) ioctl$sock_bt_hci(r4, 0x800448d7, &(0x7f0000000000)) r9 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r9, &(0x7f0000000380)={'syz1\x00', {0xfff9, 0x81, 0x1}, 0x37, [0x3, 0x8, 0x200, 0x4, 0x11, 0x8, 0x2, 0x7, 0x1ff, 0x4, 0x5, 0x7, 0x6, 0xa0a, 0x5, 0x7, 0xcb5, 0xffff, 0x1, 0x7, 0x7f, 0x7ff, 0x7, 0x200, 0x1ff, 0xb, 0x6, 0x3, 0x10, 0x64, 0x6, 0x1, 0x2006, 0x8, 0x63b, 0x9, 0x5, 0x6, 0xfffffffc, 0x0, 0x6, 0x6, 0x9, 0xfff, 0xff, 0x80, 0x6, 0xfffffff7, 0x6, 0x7f33, 0x0, 0xff, 0x7, 0x1, 0x4, 0x2, 0x3150, 0x3298, 0xe1, 0xd, 0x9, 0x0, 0xffffffff, 0x2], [0xffffff9b, 0xfffffff8, 0xdb3, 0x5000, 0x9, 0x2, 0x1, 0xffff3152, 0x2, 0x4a00, 0x5, 0x6, 0x10001, 0x0, 0x5, 0x9, 0x9, 0x2, 0x80, 0x8, 0x0, 0x1, 0xfff, 0x5, 0x7, 0x5a, 0x2, 0xff, 0x81, 0x0, 0xa4f, 0x8, 0x2, 0xf7, 0x6, 0x7fffffff, 0x2, 0x8, 0x800000e7, 0xae, 0x81, 0x9, 0x9, 0x9, 0x4, 0x2, 0x80, 0xa, 0x7, 0x4, 0x2, 0x8, 0x4, 0x9b2, 0x100, 0x7, 0x6, 0x101, 0x7, 0x2, 0x7ff, 0x8, 0x10001, 0x7f], [0x0, 0x5, 0x80, 0x7ff, 0x5003, 0xfffffffc, 0x8, 0x9, 0x7, 0x3, 0x81, 0x5, 0x220, 0xfffffffc, 0xd, 0x90, 0xffffffff, 0x3, 0x1, 0xb, 0x5, 0x0, 0x5, 0x8001, 0x3, 0xfffffffc, 0x8, 0x3ff, 0x1, 0x400, 0xe, 0x2, 0x64, 0x400, 0x10, 0x6, 0x7fffffff, 0x7, 0x4, 0x2, 0x4, 0x7d, 0xffff, 0x0, 0x2, 0x200, 0x5, 0x3d1, 0x7, 0x5, 0x1, 0x8, 0x9, 0x0, 0x6, 0x8, 0x4, 0x8, 0x7ff, 0x7, 0x0, 0x4, 0x8, 0x4], [0x401, 0x4, 0x9, 0x24d, 0x6, 0x354, 0xf5, 0x9, 0x3, 0xffffffff, 0x1, 0x8, 0x101, 0x100, 0x40, 0x45ee, 0x5, 0x95, 0x6, 0x1, 0x3, 0x7, 0x7, 0x0, 0x800, 0x200, 0x1, 0x7a28, 0x3, 0x1, 0x8, 0x6, 0x800, 0xb03, 0x2, 0xfffffffd, 0x3ff, 0x40, 0xffff7050, 0xc532, 0x1ff, 0x9, 0xeea6, 0xa0200000, 0x7f, 0xea0, 0x6, 0xcc5, 0xd, 0x751e, 0x3, 0x4, 0x200, 0x2, 0x9, 0xc, 0x7, 0xfff, 0x3, 0x4, 0x6, 0x1ff, 0x4]}, 0x45c) ioctl$UI_SET_EVBIT(r9, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r9, 0x5501) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) 369.260018ms ago: executing program 2 (id=860): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000780)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="400000001400210106000000000000000a000000", @ANYRES32=r3, @ANYBLOB="14000200fec0ffff000000000000000000000001140006"], 0x40}}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0xad, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6012000800033afffe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={'\x00', 0x0, 0x0, {0xfffffffffffffff8, 0x10000}, {0x6, 0x8}, 0xab4, [0x5, 0x7a, 0x1, 0x4000000005, 0x40, 0x66, 0x1, 0x5f, 0x2, 0xfffffffffffffffe, 0x2010, 0x4, 0x6, 0xffdffffffffffff7, 0x621, 0x7]}) openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x169101, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', @random='\a\x00\x00 \x00'}) 271.294882ms ago: executing program 2 (id=861): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000084040000000000000002"], 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000000c00000002000000002000000000001304000080"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8936, &(0x7f0000000000)={'nicvf0\x00', 0x0}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2}, 0x10) ioctl$TCFLSH(r0, 0x404c4701, 0x20000000) (fail_nth: 6) close(r0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x10) 209.51121ms ago: executing program 2 (id=862): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x9a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000000000640600fe8000000000000000000000000700bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="94c2"], 0x0) 209.32064ms ago: executing program 2 (id=863): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x6, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) (fail_nth: 61) 49.853335ms ago: executing program 4 (id=864): syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_complete={{0x3, 0xb}, {0x0, 0xc8, @any, 0x1, 0x9}}}, 0xe) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = syz_io_uring_setup(0x1efc, &(0x7f00000002c0)={0x0, 0xcdb3, 0x10100, 0x2, 0x143}, &(0x7f0000000340)=0x0, &(0x7f0000000500)=0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000100)={0x4, r5}) ioctl$DMA_BUF_SET_NAME_A(r7, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') (async) ioctl$DMA_BUF_SET_NAME_A(r7, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f0000000540)=0x1) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r2, r3, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r9, 0x0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000380)=""/197, 0xc5}], 0x1}, 0x0, 0x80002101}) io_uring_enter(r1, 0xd81, 0x0, 0x0, 0x0, 0x0) write(r8, &(0x7f0000000200)='~', 0xb7) (async) write(r8, &(0x7f0000000200)='~', 0xb7) close_range(r0, 0xffffffffffffffff, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) 48.296658ms ago: executing program 4 (id=865): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @local}, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}, 0x5, 0x0, 0x0, 0x0, 0xdffc}) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4, @dev}, {0x2, 0xfffe, @remote}, {0x2, 0xfffd, @multicast1}, 0x8f, 0x0, 0x0, 0x0, 0xfbdf, 0x0, 0x0, 0x0, 0x200}) bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42, @broadcast}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(0xffffffffffffffff, &(0x7f0000000000)='\"', 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='2\x00', 0x2) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) 0s ago: executing program 4 (id=866): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000f51000010000000000000000000000000a20000000000a03400000000000000000010000000900010073797a300000000040000000160a07000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800024000000000080001400000000038000000160a09010000000000000000010000000900020073797a30000000000900010073797a300000000008000740000000000400038014000000110001"], 0xc0}}, 0x0) kernel console output (not intermixed with test programs): 408.103577][ T7366] mapped:26786 shmem:8182 pagetables:1082 [ 408.103577][ T7366] sec_pagetables:295 bounce:0 [ 408.103577][ T7366] kernel_misc_reclaimable:0 [ 408.103577][ T7366] free:453736 free_pcp:9079 free_cma:0 [ 408.115532][ T7366] Node 0 active_anon:46548kB inactive_anon:0kB active_file:10664kB inactive_file:194292kB unevictable:3544kB isolated(anon):0kB isolated(file):0kB mapped:107144kB dirty:1028kB writeback:0kB shmem:29196kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12592kB pagetables:4328kB sec_pagetables:1180kB all_unreclaimable? no [ 408.123797][ T7366] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:12kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 408.131347][ T7366] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 408.138058][ T7366] lowmem_reserve[]: 0 1212 0 0 0 [ 408.139314][ T7366] Node 0 DMA32 free:228692kB boost:0kB min:27608kB low:34508kB high:41408kB reserved_highatomic:0KB active_anon:46424kB inactive_anon:0kB active_file:10664kB inactive_file:194292kB unevictable:3544kB writepending:1028kB present:2080628kB managed:1269936kB mlocked:8kB bounce:0kB free_pcp:19384kB local_pcp:1236kB free_cma:0kB [ 408.146926][ T7366] lowmem_reserve[]: 0 0 0 0 0 [ 408.148128][ T7366] Node 1 Normal free:1570252kB boost:0kB min:39632kB low:49540kB high:59448kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:3536kB writepending:12kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:17280kB local_pcp:4240kB free_cma:0kB [ 408.155495][ T7366] lowmem_reserve[]: 0 0 0 0 0 [ 408.156871][ T7366] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 408.160282][ T7366] Node 0 DMA32: 74*4kB (UE) 58*8kB (UE) 14*16kB (UE) 9*32kB (ME) 36*64kB (UE) 3*128kB (UE) 18*256kB (UM) 9*512kB (UME) 14*1024kB (UM) 2*2048kB (ME) 48*4096kB (UM) = 228216kB [ 408.164867][ T7366] Node 1 Normal: 2*4kB (UE) 5*8kB (UME) 4*16kB (UM) 37*32kB (UM) 9*64kB (UME) 13*128kB (UME) 4*256kB (U) 4*512kB (UM) 1*1024kB (U) 3*2048kB (UME) 380*4096kB (M) = 1570256kB [ 408.169616][ T7366] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 408.172143][ T7366] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 408.174564][ T7366] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 408.177096][ T7366] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 408.179508][ T7366] 59441 total pagecache pages [ 408.180800][ T7366] 0 pages in swap cache [ 408.181964][ T7366] Free swap = 124072kB [ 408.183056][ T7366] Total swap = 124996kB [ 408.184167][ T7366] 1048443 pages RAM [ 408.185170][ T7366] 0 pages HighMem/MovableOnly [ 408.186224][ T5977] Bluetooth: hci0: command 0x0419 tx timeout [ 408.186605][ T7366] 281638 pages reserved [ 408.189605][ T7366] 0 pages cma reserved [ 408.446248][ T7424] tipc: Enabling of bearer rejected, media not registered [ 408.449291][ T7424] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1011 sclass=netlink_route_socket pid=7424 comm=syz.0.511 [ 408.464561][ T7427] FAULT_INJECTION: forcing a failure. [ 408.464561][ T7427] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 408.471528][ T7427] CPU: 2 UID: 0 PID: 7427 Comm: syz.2.508 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 408.474063][ T7427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.476741][ T7427] Call Trace: [ 408.477595][ T7427] [ 408.478333][ T7427] dump_stack_lvl+0x16c/0x1f0 [ 408.479522][ T7427] should_fail_ex+0x497/0x5b0 [ 408.480678][ T7427] ? fs_reclaim_acquire+0xae/0x150 [ 408.481986][ T7427] should_fail_alloc_page+0xe7/0x130 [ 408.483274][ T7427] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 408.484764][ T7427] __alloc_pages_noprof+0x190/0x25b0 [ 408.486045][ T7427] ? hlock_class+0x4e/0x130 [ 408.487336][ T7427] ? __lock_acquire+0xcc5/0x3c40 [ 408.488699][ T7427] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 408.490088][ T7427] ? hlock_class+0x4e/0x130 [ 408.491199][ T7427] ? mark_lock+0xb5/0xc60 [ 408.492247][ T7427] ? hlock_class+0x4e/0x130 [ 408.493359][ T7427] ? mark_lock+0xb5/0xc60 [ 408.494691][ T7427] ? lock_acquire.part.0+0x11b/0x380 [ 408.496278][ T7427] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 408.498164][ T7427] ? policy_nodemask+0xea/0x4e0 [ 408.499743][ T7427] alloc_pages_mpol_noprof+0x2c9/0x610 [ 408.501451][ T7427] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 408.503321][ T7427] ? __lock_acquire+0xcc5/0x3c40 [ 408.504676][ T7427] ? find_held_lock+0x2d/0x110 [ 408.505945][ T7427] folio_alloc_mpol_noprof+0x36/0xd0 [ 408.507336][ T7427] vma_alloc_folio_noprof+0xee/0x1b0 [ 408.508832][ T7427] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 408.510516][ T7427] ? __pfx___lock_acquire+0x10/0x10 [ 408.512246][ T7427] do_wp_page+0x1431/0x47c0 [ 408.513683][ T7427] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 408.515507][ T7427] ? __pfx_do_wp_page+0x10/0x10 [ 408.516708][ T7427] ? rcu_is_watching+0x12/0xc0 [ 408.518100][ T7427] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 408.519785][ T7427] ? lock_acquire+0x2f/0xb0 [ 408.521284][ T7427] ? __handle_mm_fault+0xdfa/0x2a40 [ 408.522964][ T7427] __handle_mm_fault+0x1ade/0x2a40 [ 408.524636][ T7427] ? find_held_lock+0x2d/0x110 [ 408.526021][ T7427] ? __pfx___handle_mm_fault+0x10/0x10 [ 408.527510][ T7427] ? follow_page_pte+0x374/0x1b20 [ 408.528742][ T7427] ? __pfx_lock_release+0x10/0x10 [ 408.529983][ T7427] ? vm_normal_page+0x13c/0x2b0 [ 408.531207][ T7427] ? follow_page_pte+0x3f7/0x1b20 [ 408.532409][ T7427] handle_mm_fault+0x3fa/0xaa0 [ 408.533621][ T7427] __get_user_pages+0x8d9/0x3b50 [ 408.534922][ T7427] ? __pfx___get_user_pages+0x10/0x10 [ 408.536314][ T7427] ? down_read_killable+0xcc/0x380 [ 408.537850][ T7427] ? __pfx_down_read_killable+0x10/0x10 [ 408.539271][ T7427] ? mark_lock+0xb5/0xc60 [ 408.540399][ T7427] ? find_held_lock+0x2d/0x110 [ 408.541610][ T7427] __gup_longterm_locked+0x211/0x1870 [ 408.542943][ T7427] ? __pfx_lock_release+0x10/0x10 [ 408.544238][ T7427] ? trace_lock_acquire+0x14e/0x1f0 [ 408.545557][ T7427] ? __pfx___gup_longterm_locked+0x10/0x10 [ 408.547050][ T7427] ? gup_fast_fallback+0x84c/0x2690 [ 408.548318][ T7427] ? __pfx_lock_release+0x10/0x10 [ 408.549549][ T7427] ? const_folio_flags.constprop.0+0x56/0x150 [ 408.551069][ T7427] ? sanity_check_pinned_pages+0x385/0x11c0 [ 408.552525][ T7427] gup_fast_fallback+0x1802/0x2690 [ 408.553795][ T7427] ? __pfx_gup_fast_fallback+0x10/0x10 [ 408.555132][ T7427] ? rcu_is_watching+0x12/0xc0 [ 408.556286][ T7427] ? trace_kmalloc+0x2d/0xd0 [ 408.557442][ T7427] pin_user_pages_fast+0xa8/0x100 [ 408.558852][ T7427] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 408.560221][ T7427] ? __kvmalloc_node_noprof+0x7c/0x1a0 [ 408.561628][ T7427] iov_iter_extract_pages+0x3a5/0x2010 [ 408.562989][ T7427] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 408.564438][ T7427] ? rcu_is_watching+0x12/0xc0 [ 408.565626][ T7427] ? trace_kmalloc+0x2d/0xd0 [ 408.566816][ T7427] ? __kmalloc_noprof+0x23b/0x510 [ 408.568056][ T7427] ? mark_lock+0xb5/0xc60 [ 408.569112][ T7427] ? __lock_acquire+0xcc5/0x3c40 [ 408.570357][ T7427] ? bio_init+0x3a6/0x5a0 [ 408.571414][ T7427] bio_map_user_iov+0x326/0xa60 [ 408.572620][ T7427] ? __pfx_bio_map_user_iov+0x10/0x10 [ 408.573955][ T7427] ? hlock_class+0x4e/0x130 [ 408.575076][ T7427] blk_rq_map_user_iov+0x6c2/0x1360 [ 408.576382][ T7427] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 408.577786][ T7427] ? lock_acquire+0x2f/0xb0 [ 408.578912][ T7427] ? avc_has_perm_noaudit+0x143/0x3a0 [ 408.580221][ T7427] ? cred_has_capability.isra.0+0x192/0x2f0 [ 408.581688][ T7427] ? import_ubuf+0x1b6/0x220 [ 408.582824][ T7427] blk_rq_map_user_io+0x206/0x230 [ 408.584104][ T7427] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 408.585456][ T7427] ? bpf_lsm_capable+0x9/0x10 [ 408.586611][ T7427] ? security_capable+0x7e/0x260 [ 408.587805][ T7427] sg_io+0x53b/0xd80 [ 408.588801][ T7427] scsi_cdrom_send_packet+0x276/0x640 [ 408.590114][ T7427] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 408.591551][ T7427] ? hlock_class+0x4e/0x130 [ 408.592665][ T7427] ? __lock_acquire+0x15a9/0x3c40 [ 408.593935][ T7427] ? mark_lock+0xb5/0xc60 [ 408.595015][ T7427] ? __pfx_cdrom_ioctl+0x10/0x10 [ 408.596233][ T7427] scsi_ioctl+0x146/0x1840 [ 408.597388][ T7427] ? rpm_resume+0x81c/0x1330 [ 408.598586][ T7427] ? lock_acquire.part.0+0x11b/0x380 [ 408.599905][ T7427] ? find_held_lock+0x2d/0x110 [ 408.601104][ T7427] ? __pfx_scsi_ioctl+0x10/0x10 [ 408.602337][ T7427] ? __pfx_lock_release+0x10/0x10 [ 408.603578][ T7427] ? lockdep_hardirqs_on+0x7c/0x110 [ 408.604915][ T7427] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 408.606361][ T7427] ? __pm_runtime_resume+0xc3/0x170 [ 408.607787][ T7427] sr_block_ioctl+0x202/0x250 [ 408.608962][ T7427] ? __pfx_sr_block_ioctl+0x10/0x10 [ 408.610255][ T7427] blkdev_ioctl+0x276/0x6d0 [ 408.611410][ T7427] ? __pfx_blkdev_ioctl+0x10/0x10 [ 408.612675][ T7427] ? selinux_file_ioctl+0x180/0x270 [ 408.613990][ T7427] ? selinux_file_ioctl+0xb4/0x270 [ 408.615275][ T7427] ? __pfx_blkdev_ioctl+0x10/0x10 [ 408.616539][ T7427] __x64_sys_ioctl+0x190/0x200 [ 408.617740][ T7427] do_syscall_64+0xcd/0x250 [ 408.618859][ T7427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.620323][ T7427] RIP: 0033:0x7fbf4677ff19 [ 408.621447][ T7427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.626153][ T7427] RSP: 002b:00007fbf474ab058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 408.628195][ T7427] RAX: ffffffffffffffda RBX: 00007fbf46946080 RCX: 00007fbf4677ff19 [ 408.630187][ T7427] RDX: 0000000020001640 RSI: 0000000000005393 RDI: 0000000000000006 [ 408.632113][ T7427] RBP: 00007fbf474ab0a0 R08: 0000000000000000 R09: 0000000000000000 [ 408.634044][ T7427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 408.635974][ T7427] R13: 0000000000000000 R14: 00007fbf46946080 R15: 00007ffc76176968 [ 408.637924][ T7427] [ 408.641090][ T7439] netlink: 12 bytes leftover after parsing attributes in process `syz.0.516'. [ 408.643980][ T7439] netlink: 68 bytes leftover after parsing attributes in process `syz.0.516'. [ 408.835923][ T5977] Bluetooth: hci3: command tx timeout [ 409.365401][ T5977] Bluetooth: hci1: unexpected event for opcode 0x0c12 [ 409.365939][ T7013] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 409.420431][ T7500] FAULT_INJECTION: forcing a failure. [ 409.420431][ T7500] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 409.423830][ T7500] CPU: 0 UID: 0 PID: 7500 Comm: syz.3.538 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 409.426423][ T7500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 409.429048][ T7500] Call Trace: [ 409.429880][ T7500] [ 409.430619][ T7500] dump_stack_lvl+0x16c/0x1f0 [ 409.431780][ T7500] should_fail_ex+0x497/0x5b0 [ 409.432957][ T7500] ? fs_reclaim_acquire+0xae/0x150 [ 409.434250][ T7500] should_fail_alloc_page+0xe7/0x130 [ 409.435395][ T39] kauditd_printk_skb: 20 callbacks suppressed [ 409.435408][ T39] audit: type=1400 audit(1733411943.608:403): avc: denied { setopt } for pid=7506 comm="syz.4.541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 409.435533][ T7500] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 409.441891][ T39] audit: type=1400 audit(1733411943.608:404): avc: denied { write } for pid=7506 comm="syz.4.541" name="/" dev="9p" ino=38535218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 409.442298][ T7500] __alloc_pages_noprof+0x190/0x25b0 [ 409.443987][ T39] audit: type=1400 audit(1733411943.608:405): avc: denied { add_name } for pid=7506 comm="syz.4.541" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 409.449331][ T7500] ? find_held_lock+0x2d/0x110 [ 409.449357][ T7500] ? get_il_weight+0xf2/0x2a0 [ 409.449370][ T7500] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 409.449388][ T7500] ? get_il_weight+0xfc/0x2a0 [ 409.451183][ T39] audit: type=1400 audit(1733411943.608:406): avc: denied { create } for pid=7506 comm="syz.4.541" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 409.456336][ T7500] ? weighted_interleave_nodes+0x284/0x550 [ 409.456358][ T7500] ? policy_nodemask+0xea/0x4e0 [ 409.456371][ T7500] alloc_pages_mpol_noprof+0x2c9/0x610 [ 409.456387][ T7500] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 409.458369][ T39] audit: type=1400 audit(1733411943.608:407): avc: denied { associate } for pid=7506 comm="syz.4.541" name="net_prio.prioidx" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 409.459062][ T7500] ? do_raw_spin_lock+0x12d/0x2c0 [ 409.460766][ T39] audit: type=1400 audit(1733411943.608:408): avc: denied { read append open } for pid=7506 comm="syz.4.541" path="/24/file0/net_prio.prioidx" dev="9p" ino=38535355 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 409.461963][ T7500] ? lock_acquire+0x2f/0xb0 [ 409.467640][ T39] audit: type=1400 audit(1733411943.608:410): avc: denied { map } for pid=7506 comm="syz.4.541" path="/24/file0/net_prio.prioidx" dev="9p" ino=38535355 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 409.468699][ T7500] ? kasan_populate_vmalloc_pte+0xfb/0x160 [ 409.468717][ T7500] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 409.468729][ T7500] get_free_pages_noprof+0xc/0x40 [ 409.470051][ T39] audit: type=1400 audit(1733411943.608:409): avc: denied { map } for pid=7506 comm="syz.4.541" path="/24/file0/net_prio.prioidx" dev="9p" ino=38535355 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 409.471323][ T7500] kasan_populate_vmalloc_pte+0x2d/0x160 [ 409.473037][ T39] audit: type=1400 audit(1733411943.608:411): avc: denied { ioctl } for pid=7506 comm="syz.4.541" path="socket:[18576]" dev="sockfs" ino=18576 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 409.478417][ T7500] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 409.478433][ T7500] __apply_to_page_range+0x5fd/0xd30 [ 409.478446][ T7500] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 409.478459][ T7500] ? __pfx___apply_to_page_range+0x10/0x10 [ 409.479980][ T39] audit: type=1400 audit(1733411943.608:412): avc: denied { write } for pid=7506 comm="syz.4.541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 409.485823][ T7500] ? insert_vmap_area+0x2ef/0x4d0 [ 409.485847][ T7500] alloc_vmap_area+0x93e/0x2a70 [ 409.485867][ T7500] ? __pfx_alloc_vmap_area+0x10/0x10 [ 409.523932][ T7500] __get_vm_area_node+0x19e/0x2f0 [ 409.525177][ T7500] ? v4l_reqbufs+0x14c/0x1e0 [ 409.526355][ T7500] __vmalloc_node_range_noprof+0x26a/0x1530 [ 409.527949][ T7500] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 409.529187][ T7500] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 409.530434][ T7500] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 409.531980][ T7500] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 409.533254][ T7500] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 409.534632][ T7500] vmalloc_user_noprof+0x6b/0x90 [ 409.535815][ T7500] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 409.537077][ T7500] vb2_vmalloc_alloc+0x11e/0x3d0 [ 409.538290][ T7500] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 409.539593][ T7500] __vb2_queue_alloc+0x896/0x1230 [ 409.540807][ T7500] vb2_core_reqbufs+0xa73/0xfb0 [ 409.542023][ T7500] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 409.543358][ T7500] ? __pfx___mutex_trylock_common+0x10/0x10 [ 409.544784][ T7500] ? trace_lock_acquire+0x14e/0x1f0 [ 409.546071][ T7500] ? __video_do_ioctl+0x4a2/0xf00 [ 409.547275][ T7500] ? trace_contention_end+0xee/0x140 [ 409.548529][ T7500] ? __mutex_lock+0x1cc/0xa60 [ 409.549725][ T7500] vb2_reqbufs+0x1a5/0x1f0 [ 409.550858][ T7500] ? __pfx_vb2_reqbufs+0x10/0x10 [ 409.552098][ T7500] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 409.553533][ T7500] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 409.554827][ T7500] v4l_reqbufs+0x14c/0x1e0 [ 409.555906][ T7500] __video_do_ioctl+0xaf0/0xf00 [ 409.557139][ T7500] ? __pfx___video_do_ioctl+0x10/0x10 [ 409.558503][ T7500] ? __might_fault+0xe3/0x190 [ 409.559690][ T7500] video_usercopy+0x4d2/0x1620 [ 409.560868][ T7500] ? __pfx___video_do_ioctl+0x10/0x10 [ 409.562214][ T7500] ? __pfx_video_usercopy+0x10/0x10 [ 409.563537][ T7500] v4l2_ioctl+0x1ba/0x250 [ 409.564636][ T7500] ? __pfx_v4l2_ioctl+0x10/0x10 [ 409.565878][ T7500] __x64_sys_ioctl+0x190/0x200 [ 409.567121][ T7500] do_syscall_64+0xcd/0x250 [ 409.568253][ T7500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.569766][ T7500] RIP: 0033:0x7feb14b7ff19 [ 409.570888][ T7500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.575624][ T7500] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 409.577674][ T7500] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 409.579640][ T7500] RDX: 0000000020000040 RSI: 00000000c0145608 RDI: 0000000000000003 [ 409.581578][ T7500] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 409.583535][ T7500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 409.585463][ T7500] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 409.587408][ T7500] [ 409.588361][ T7013] usb 7-1: device descriptor read/64, error -71 [ 409.588400][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.680736][ T7520] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 409.716076][ T7525] libceph: resolve ' [ 409.716076][ T7525] -&fYǝa2i [ 409.716076][ T7525] .?&*&' (ret=-3): failed [ 409.720902][ T7525] netlink: 'syz.0.548': attribute type 21 has an invalid length. [ 409.723753][ T7528] netlink: 8 bytes leftover after parsing attributes in process `syz.3.549'. [ 409.726740][ T7528] Bluetooth: MGMT ver 1.23 [ 409.792940][ T7536] FAULT_INJECTION: forcing a failure. [ 409.792940][ T7536] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 409.796555][ T7536] CPU: 2 UID: 0 PID: 7536 Comm: syz.4.550 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 409.799171][ T7536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 409.801756][ T7536] Call Trace: [ 409.802602][ T7536] [ 409.803369][ T7536] dump_stack_lvl+0x16c/0x1f0 [ 409.804630][ T7536] should_fail_ex+0x497/0x5b0 [ 409.805838][ T7536] ? fs_reclaim_acquire+0xae/0x150 [ 409.807086][ T7536] should_fail_alloc_page+0xe7/0x130 [ 409.808394][ T7536] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 409.809929][ T7536] ? __pfx_mark_lock+0x10/0x10 [ 409.811118][ T7536] __alloc_pages_noprof+0x190/0x25b0 [ 409.812481][ T7536] ? finish_task_switch.isra.0+0x212/0xcc0 [ 409.813954][ T7536] ? __pfx_lock_release+0x10/0x10 [ 409.815186][ T7536] ? rcu_is_watching+0x12/0xc0 [ 409.816414][ T7536] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 409.817829][ T7536] ? __lock_acquire+0x15a9/0x3c40 [ 409.819052][ T7536] ? hlock_class+0x4e/0x130 [ 409.820167][ T7536] ? mark_lock+0xb5/0xc60 [ 409.821207][ T7536] ? hlock_class+0x4e/0x130 [ 409.822319][ T7536] ? mark_lock+0xb5/0xc60 [ 409.823417][ T7536] ? __schedule+0xe60/0x5ad0 [ 409.824604][ T7536] ? __pfx_mark_lock+0x10/0x10 [ 409.825826][ T7536] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 409.827271][ T7536] ? policy_nodemask+0xea/0x4e0 [ 409.828439][ T7536] alloc_pages_mpol_noprof+0x2c9/0x610 [ 409.829838][ T7536] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 409.831367][ T7536] ? __lock_acquire+0xcc5/0x3c40 [ 409.832622][ T7536] ? find_held_lock+0x2d/0x110 [ 409.833876][ T7536] folio_alloc_mpol_noprof+0x36/0xd0 [ 409.835260][ T7536] vma_alloc_folio_noprof+0xee/0x1b0 [ 409.836591][ T7536] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 409.838044][ T7536] ? __pfx___lock_acquire+0x10/0x10 [ 409.839353][ T7536] do_wp_page+0x1431/0x47c0 [ 409.840545][ T7536] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 409.841955][ T7536] ? __pfx_do_wp_page+0x10/0x10 [ 409.843184][ T7536] ? rcu_is_watching+0x12/0xc0 [ 409.844401][ T7536] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 409.845740][ T7536] ? lock_acquire+0x2f/0xb0 [ 409.846882][ T7536] ? __handle_mm_fault+0xdfa/0x2a40 [ 409.848221][ T7536] __handle_mm_fault+0x1ade/0x2a40 [ 409.849504][ T7536] ? find_held_lock+0x2d/0x110 [ 409.850716][ T7536] ? __pfx___handle_mm_fault+0x10/0x10 [ 409.852106][ T7536] ? follow_page_pte+0x374/0x1b20 [ 409.853377][ T7536] ? __pfx_lock_release+0x10/0x10 [ 409.854641][ T7536] ? vm_normal_page+0x13c/0x2b0 [ 409.855871][ T7536] ? follow_page_pte+0x3f7/0x1b20 [ 409.857145][ T7536] handle_mm_fault+0x3fa/0xaa0 [ 409.858362][ T7536] __get_user_pages+0x8d9/0x3b50 [ 409.859604][ T7536] ? __pfx___get_user_pages+0x10/0x10 [ 409.860957][ T7536] ? down_read_killable+0xcc/0x380 [ 409.862258][ T7536] ? __pfx_down_read_killable+0x10/0x10 [ 409.863628][ T7536] ? mark_lock+0xb5/0xc60 [ 409.864725][ T7536] ? find_held_lock+0x2d/0x110 [ 409.865934][ T7536] __gup_longterm_locked+0x211/0x1870 [ 409.867283][ T7536] ? __pfx_lock_release+0x10/0x10 [ 409.868559][ T7536] ? trace_lock_acquire+0x14e/0x1f0 [ 409.869924][ T7536] ? __pfx___gup_longterm_locked+0x10/0x10 [ 409.871387][ T7536] ? gup_fast_fallback+0x84c/0x2690 [ 409.872692][ T7536] ? __pfx_lock_release+0x10/0x10 [ 409.873966][ T7536] ? const_folio_flags.constprop.0+0x56/0x150 [ 409.875554][ T7536] ? sanity_check_pinned_pages+0x385/0x11c0 [ 409.877045][ T7536] gup_fast_fallback+0x1802/0x2690 [ 409.878304][ T7536] ? __pfx_gup_fast_fallback+0x10/0x10 [ 409.879650][ T7536] ? rcu_is_watching+0x12/0xc0 [ 409.880864][ T7536] ? trace_kmalloc+0x2d/0xd0 [ 409.882032][ T7536] pin_user_pages_fast+0xa8/0x100 [ 409.883255][ T7536] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 409.884654][ T7536] ? __kvmalloc_node_noprof+0x7c/0x1a0 [ 409.886016][ T7536] iov_iter_extract_pages+0x3a5/0x2010 [ 409.887406][ T7536] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 409.888864][ T7536] ? rcu_is_watching+0x12/0xc0 [ 409.890044][ T7536] ? trace_kmalloc+0x2d/0xd0 [ 409.891203][ T7536] ? __kmalloc_noprof+0x23b/0x510 [ 409.892480][ T7536] ? mark_lock+0xb5/0xc60 [ 409.893555][ T7536] ? __free_zapped_classes+0x301/0x320 [ 409.894910][ T7536] ? bio_init+0x3a6/0x5a0 [ 409.896004][ T7536] bio_map_user_iov+0x326/0xa60 [ 409.897225][ T7536] ? __schedule+0x3d67/0x5ad0 [ 409.898418][ T7536] ? __pfx_bio_map_user_iov+0x10/0x10 [ 409.899752][ T7536] blk_rq_map_user_iov+0x6c2/0x1360 [ 409.901016][ T7536] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 409.902394][ T7536] ? lock_acquire+0x2f/0xb0 [ 409.903563][ T7536] ? avc_has_perm_noaudit+0x143/0x3a0 [ 409.904940][ T7536] ? cred_has_capability.isra.0+0x192/0x2f0 [ 409.906431][ T7536] ? import_ubuf+0x1b6/0x220 [ 409.907598][ T7536] blk_rq_map_user_io+0x206/0x230 [ 409.908866][ T7536] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 409.910279][ T7536] ? bpf_lsm_capable+0x9/0x10 [ 409.911474][ T7536] ? security_capable+0x7e/0x260 [ 409.912720][ T7536] sg_io+0x53b/0xd80 [ 409.913771][ T7536] scsi_cdrom_send_packet+0x276/0x640 [ 409.915130][ T7536] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 409.916611][ T7536] ? hlock_class+0x4e/0x130 [ 409.917781][ T7536] ? __lock_acquire+0x15a9/0x3c40 [ 409.919032][ T7536] ? mark_lock+0xb5/0xc60 [ 409.920098][ T7536] ? __pfx_cdrom_ioctl+0x10/0x10 [ 409.921344][ T7536] scsi_ioctl+0x146/0x1840 [ 409.922437][ T7536] ? rpm_resume+0x81c/0x1330 [ 409.923572][ T7536] ? lock_acquire.part.0+0x11b/0x380 [ 409.924913][ T7536] ? find_held_lock+0x2d/0x110 [ 409.926142][ T7536] ? __pfx_scsi_ioctl+0x10/0x10 [ 409.927388][ T7536] ? __pfx_lock_release+0x10/0x10 [ 409.928663][ T7536] ? lockdep_hardirqs_on+0x7c/0x110 [ 409.929977][ T7536] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 409.931447][ T7536] ? __pm_runtime_resume+0xc3/0x170 [ 409.932737][ T7536] sr_block_ioctl+0x202/0x250 [ 409.933909][ T7536] ? __pfx_sr_block_ioctl+0x10/0x10 [ 409.935222][ T7536] blkdev_ioctl+0x276/0x6d0 [ 409.936348][ T7536] ? __pfx_blkdev_ioctl+0x10/0x10 [ 409.937800][ T7536] ? selinux_file_ioctl+0x180/0x270 [ 409.939158][ T7536] ? selinux_file_ioctl+0xb4/0x270 [ 409.940451][ T7536] ? __pfx_blkdev_ioctl+0x10/0x10 [ 409.941740][ T7536] __x64_sys_ioctl+0x190/0x200 [ 409.942963][ T7536] do_syscall_64+0xcd/0x250 [ 409.944127][ T7536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.945635][ T7536] RIP: 0033:0x7f2f8257ff19 [ 409.946719][ T7536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.951323][ T7536] RSP: 002b:00007f2f833c9058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 409.953382][ T7536] RAX: ffffffffffffffda RBX: 00007f2f82746080 RCX: 00007f2f8257ff19 [ 409.955287][ T7536] RDX: 0000000020001640 RSI: 0000000000005393 RDI: 0000000000000006 [ 409.957168][ T7536] RBP: 00007f2f833c90a0 R08: 0000000000000000 R09: 0000000000000000 [ 409.959111][ T7536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 409.961047][ T7536] R13: 0000000000000000 R14: 00007f2f82746080 R15: 00007ffc6a43d0c8 [ 409.962940][ T7536] [ 409.963768][ T7013] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 410.052121][ T7555] netlink: 12 bytes leftover after parsing attributes in process `syz.0.558'. [ 410.106044][ T7013] usb 7-1: device descriptor read/64, error -71 [ 410.137150][ T7558] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.208060][ T7558] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.216290][ T7013] usb usb7-port1: attempt power cycle [ 410.258362][ T7558] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.308758][ T7558] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.375745][ T7558] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.381101][ T7558] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.385760][ T7558] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.390957][ T7558] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.474714][ T7574] xt_NFQUEUE: number of total queues is 0 [ 410.546460][ T5977] Bluetooth: hci1: unexpected event for opcode 0x0c12 [ 410.576181][ T7013] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 410.602666][ T7013] usb 7-1: device descriptor read/8, error -71 [ 410.740381][ T7602] netlink: 44 bytes leftover after parsing attributes in process `syz.3.578'. [ 410.742911][ T7602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.578'. [ 410.835937][ T7013] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 410.858862][ T7620] usb usb8: usbfs: process 7620 (syz.3.585) did not claim interface 0 before use [ 410.883133][ T7013] usb 7-1: device descriptor read/8, error -71 [ 410.917790][ T5977] Bluetooth: hci3: command tx timeout [ 410.929143][ T7625] FAULT_INJECTION: forcing a failure. [ 410.929143][ T7625] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 410.933582][ T7625] CPU: 1 UID: 0 PID: 7625 Comm: syz.0.586 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 410.937096][ T7625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 410.940555][ T7625] Call Trace: [ 410.941657][ T7625] [ 410.942674][ T7625] dump_stack_lvl+0x16c/0x1f0 [ 410.944364][ T7625] should_fail_ex+0x497/0x5b0 [ 410.945994][ T7625] ? fs_reclaim_acquire+0xae/0x150 [ 410.947725][ T7625] should_fail_alloc_page+0xe7/0x130 [ 410.949463][ T7625] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 410.951467][ T7625] ? mark_lock+0xb5/0xc60 [ 410.952907][ T7625] ? __pfx_mark_lock+0x10/0x10 [ 410.954526][ T7625] __alloc_pages_noprof+0x190/0x25b0 [ 410.956290][ T7625] ? hlock_class+0x4e/0x130 [ 410.957821][ T7625] ? __lock_acquire+0xcc5/0x3c40 [ 410.959470][ T7625] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 410.961369][ T7625] ? hlock_class+0x4e/0x130 [ 410.962931][ T7625] ? mark_lock+0xb5/0xc60 [ 410.964366][ T7625] ? hlock_class+0x4e/0x130 [ 410.965893][ T7625] ? mark_lock+0xb5/0xc60 [ 410.967311][ T7625] ? lock_acquire.part.0+0x11b/0x380 [ 410.969076][ T7625] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 410.971084][ T7625] ? policy_nodemask+0xea/0x4e0 [ 410.972779][ T7625] alloc_pages_mpol_noprof+0x2c9/0x610 [ 410.974714][ T7625] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 410.976694][ T7625] ? __lock_acquire+0xcc5/0x3c40 [ 410.978363][ T7625] ? find_held_lock+0x2d/0x110 [ 410.979951][ T7625] folio_alloc_mpol_noprof+0x36/0xd0 [ 410.981665][ T7625] vma_alloc_folio_noprof+0xee/0x1b0 [ 410.983404][ T7625] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 410.985333][ T7625] ? __pfx___lock_acquire+0x10/0x10 [ 410.987076][ T7625] do_wp_page+0x1431/0x47c0 [ 410.988594][ T7625] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 410.990474][ T7625] ? __pfx_do_wp_page+0x10/0x10 [ 410.992074][ T7625] ? rcu_is_watching+0x12/0xc0 [ 410.993675][ T7625] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 410.995451][ T7625] ? lock_acquire+0x2f/0xb0 [ 410.996947][ T7625] ? __handle_mm_fault+0xdfa/0x2a40 [ 410.998669][ T7625] __handle_mm_fault+0x1ade/0x2a40 [ 411.000347][ T7625] ? find_held_lock+0x2d/0x110 [ 411.001927][ T7625] ? __pfx___handle_mm_fault+0x10/0x10 [ 411.003764][ T7625] ? follow_page_pte+0x374/0x1b20 [ 411.005421][ T7625] ? __pfx_lock_release+0x10/0x10 [ 411.007091][ T7625] ? vm_normal_page+0x13c/0x2b0 [ 411.008712][ T7625] ? follow_page_pte+0x3f7/0x1b20 [ 411.010442][ T7625] handle_mm_fault+0x3fa/0xaa0 [ 411.012073][ T7625] __get_user_pages+0x8d9/0x3b50 [ 411.013726][ T7625] ? __pfx___get_user_pages+0x10/0x10 [ 411.015506][ T7625] ? down_read_killable+0xcc/0x380 [ 411.017149][ T7625] ? __pfx_down_read_killable+0x10/0x10 [ 411.018944][ T7625] ? mark_lock+0xb5/0xc60 [ 411.020414][ T7625] ? find_held_lock+0x2d/0x110 [ 411.022012][ T7625] __gup_longterm_locked+0x211/0x1870 [ 411.023778][ T7625] ? __pfx_lock_release+0x10/0x10 [ 411.025451][ T7625] ? trace_lock_acquire+0x14e/0x1f0 [ 411.027192][ T7625] ? __pfx___gup_longterm_locked+0x10/0x10 [ 411.029107][ T7625] ? gup_fast_fallback+0x84c/0x2690 [ 411.030827][ T7625] ? __pfx_lock_release+0x10/0x10 [ 411.032480][ T7625] ? const_folio_flags.constprop.0+0x56/0x150 [ 411.034489][ T7625] ? sanity_check_pinned_pages+0x385/0x11c0 [ 411.036425][ T7625] gup_fast_fallback+0x1802/0x2690 [ 411.038210][ T7625] ? __pfx_gup_fast_fallback+0x10/0x10 [ 411.039979][ T7625] ? rcu_is_watching+0x12/0xc0 [ 411.041537][ T7625] ? trace_kmalloc+0x2d/0xd0 [ 411.043098][ T7625] pin_user_pages_fast+0xa8/0x100 [ 411.044800][ T7625] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 411.046633][ T7625] ? __kvmalloc_node_noprof+0x7c/0x1a0 [ 411.048384][ T7625] iov_iter_extract_pages+0x3a5/0x2010 [ 411.050254][ T7625] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 411.052178][ T7625] ? rcu_is_watching+0x12/0xc0 [ 411.053760][ T7625] ? trace_kmalloc+0x2d/0xd0 [ 411.055300][ T7625] ? __kmalloc_noprof+0x23b/0x510 [ 411.056967][ T7625] ? mark_lock+0xb5/0xc60 [ 411.058382][ T7625] ? bio_init+0x3a6/0x5a0 [ 411.059796][ T7625] bio_map_user_iov+0x326/0xa60 [ 411.061406][ T7625] ? __pfx_bio_map_user_iov+0x10/0x10 [ 411.063203][ T7625] ? hlock_class+0x4e/0x130 [ 411.064751][ T7625] blk_rq_map_user_iov+0x6c2/0x1360 [ 411.066483][ T7625] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 411.068312][ T7625] ? lock_acquire+0x2f/0xb0 [ 411.069845][ T7625] ? avc_has_perm_noaudit+0x143/0x3a0 [ 411.071578][ T7625] ? cred_has_capability.isra.0+0x192/0x2f0 [ 411.073482][ T7625] ? import_ubuf+0x1b6/0x220 [ 411.074972][ T7625] blk_rq_map_user_io+0x206/0x230 [ 411.076652][ T7625] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 411.078471][ T7625] ? bpf_lsm_capable+0x9/0x10 [ 411.079977][ T7625] ? security_capable+0x7e/0x260 [ 411.081562][ T7625] sg_io+0x53b/0xd80 [ 411.082854][ T7625] scsi_cdrom_send_packet+0x276/0x640 [ 411.084592][ T7625] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 411.086506][ T7625] ? mark_held_locks+0x9f/0xe0 [ 411.088055][ T7625] ? cdrom_ioctl+0xce/0x3290 [ 411.089562][ T7625] ? mark_lock+0xb5/0xc60 [ 411.090949][ T7625] ? __pfx_cdrom_ioctl+0x10/0x10 [ 411.092534][ T7625] scsi_ioctl+0x146/0x1840 [ 411.093993][ T7625] ? rpm_resume+0x81c/0x1330 [ 411.095489][ T7625] ? lock_acquire.part.0+0x11b/0x380 [ 411.097179][ T7625] ? find_held_lock+0x2d/0x110 [ 411.098732][ T7625] ? __pfx_scsi_ioctl+0x10/0x10 [ 411.100309][ T7625] ? __pfx_lock_release+0x10/0x10 [ 411.101932][ T7625] ? lockdep_hardirqs_on+0x7c/0x110 [ 411.103597][ T7625] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 411.105439][ T7625] ? __pm_runtime_resume+0xc3/0x170 [ 411.107117][ T7625] sr_block_ioctl+0x202/0x250 [ 411.108629][ T7625] ? __pfx_sr_block_ioctl+0x10/0x10 [ 411.110299][ T7625] blkdev_ioctl+0x276/0x6d0 [ 411.111754][ T7625] ? __pfx_blkdev_ioctl+0x10/0x10 [ 411.113364][ T7625] ? selinux_file_ioctl+0x180/0x270 [ 411.115018][ T7625] ? selinux_file_ioctl+0xb4/0x270 [ 411.116637][ T7625] ? __pfx_blkdev_ioctl+0x10/0x10 [ 411.118263][ T7625] __x64_sys_ioctl+0x190/0x200 [ 411.119813][ T7625] do_syscall_64+0xcd/0x250 [ 411.121294][ T7625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.123189][ T7625] RIP: 0033:0x7fbba097ff19 [ 411.124632][ T7625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.130584][ T7625] RSP: 002b:00007fbba17d6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 411.133266][ T7625] RAX: ffffffffffffffda RBX: 00007fbba0b46080 RCX: 00007fbba097ff19 [ 411.135770][ T7625] RDX: 0000000020001640 RSI: 0000000000005393 RDI: 0000000000000006 [ 411.138365][ T7625] RBP: 00007fbba17d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 411.140881][ T7625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 411.143380][ T7625] R13: 0000000000000000 R14: 00007fbba0b46080 R15: 00007ffd53fcfcc8 [ 411.145926][ T7625] [ 411.152448][ T7013] usb usb7-port1: unable to enumerate USB device [ 411.191424][ T7627] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 411.193171][ T7627] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 411.195148][ T7627] vhci_hcd vhci_hcd.0: Device attached [ 411.375988][ T5969] vhci_hcd: vhci_device speed not set [ 411.435912][ T5969] usb 45-1: new full-speed USB device number 2 using vhci_hcd [ 411.456011][ T6037] usb 9-1: new low-speed USB device number 2 using dummy_hcd [ 411.539081][ T7663] netlink: 12 bytes leftover after parsing attributes in process `syz.0.599'. [ 411.625761][ T6037] usb 9-1: config 0 has no interfaces? [ 411.628210][ T6037] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 411.630539][ T6037] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.633408][ T6037] usb 9-1: config 0 descriptor?? [ 411.758695][ T7690] netlink: 12 bytes leftover after parsing attributes in process `syz.3.609'. [ 411.763039][ T7690] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 411.839309][ T7629] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 1 [ 411.841938][ T6015] vhci_hcd: stop threads [ 411.843179][ T6015] vhci_hcd: release socket [ 411.844079][ T7694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 411.844779][ T6015] vhci_hcd: disconnect device [ 411.844811][ T7693] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(7) [ 411.844828][ T7693] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 411.846509][ T7693] vhci_hcd vhci_hcd.0: Device attached [ 411.848823][ T7694] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 411.867353][ T7695] vhci_hcd: connection closed [ 411.867655][ T9] usb 9-1: USB disconnect, device number 2 [ 411.870651][ T6015] vhci_hcd: stop threads [ 411.872297][ T6015] vhci_hcd: release socket [ 411.876134][ T6015] vhci_hcd: disconnect device [ 411.890686][ T7700] netlink: 12 bytes leftover after parsing attributes in process `syz.4.612'. [ 411.892891][ T7700] netlink: 68 bytes leftover after parsing attributes in process `syz.4.612'. [ 411.920746][ T7703] batman_adv: batadv0: Adding interface: dummy0 [ 411.922387][ T7703] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 411.928756][ T7703] batman_adv: batadv0: Interface activated: dummy0 [ 412.005911][ T64] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 412.047383][ T7705] FAULT_INJECTION: forcing a failure. [ 412.047383][ T7705] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 412.050743][ T7705] CPU: 2 UID: 0 PID: 7705 Comm: syz.4.614 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 412.053373][ T7705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.056053][ T7705] Call Trace: [ 412.056925][ T7705] [ 412.057720][ T7705] dump_stack_lvl+0x16c/0x1f0 [ 412.058942][ T7705] should_fail_ex+0x497/0x5b0 [ 412.060138][ T7705] ? fs_reclaim_acquire+0xae/0x150 [ 412.061409][ T7705] should_fail_alloc_page+0xe7/0x130 [ 412.062697][ T7705] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 412.064227][ T7705] __alloc_pages_noprof+0x190/0x25b0 [ 412.065550][ T7705] ? find_held_lock+0x2d/0x110 [ 412.066763][ T7705] ? get_il_weight+0xf2/0x2a0 [ 412.067945][ T7705] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 412.069369][ T7705] ? get_il_weight+0xfc/0x2a0 [ 412.070564][ T7705] ? weighted_interleave_nodes+0x284/0x550 [ 412.072078][ T7705] ? policy_nodemask+0xea/0x4e0 [ 412.073352][ T7705] alloc_pages_mpol_noprof+0x2c9/0x610 [ 412.074773][ T7705] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 412.076263][ T7705] ? do_raw_spin_lock+0x12d/0x2c0 [ 412.077539][ T7705] ? lock_acquire+0x2f/0xb0 [ 412.078679][ T7705] ? kasan_populate_vmalloc_pte+0xfb/0x160 [ 412.080136][ T7705] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 412.081697][ T7705] get_free_pages_noprof+0xc/0x40 [ 412.082967][ T7705] kasan_populate_vmalloc_pte+0x2d/0x160 [ 412.084392][ T7705] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 412.085930][ T7705] __apply_to_page_range+0x5fd/0xd30 [ 412.087261][ T7705] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 412.088828][ T7705] ? __pfx___apply_to_page_range+0x10/0x10 [ 412.090339][ T7705] ? insert_vmap_area+0x2ef/0x4d0 [ 412.091595][ T7705] alloc_vmap_area+0x93e/0x2a70 [ 412.092844][ T7705] ? __pfx_alloc_vmap_area+0x10/0x10 [ 412.094177][ T7705] __get_vm_area_node+0x19e/0x2f0 [ 412.095441][ T7705] ? v4l_reqbufs+0x14c/0x1e0 [ 412.096613][ T7705] __vmalloc_node_range_noprof+0x26a/0x1530 [ 412.098118][ T7705] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 412.099421][ T7705] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 412.100714][ T7705] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 412.102305][ T7705] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 412.103582][ T7705] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 412.104997][ T7705] vmalloc_user_noprof+0x6b/0x90 [ 412.106314][ T7705] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 412.107608][ T7705] vb2_vmalloc_alloc+0x11e/0x3d0 [ 412.108849][ T7705] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 412.110230][ T7705] __vb2_queue_alloc+0x896/0x1230 [ 412.111517][ T7705] vb2_core_reqbufs+0xa73/0xfb0 [ 412.112736][ T7705] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 412.114074][ T7705] ? __pfx___mutex_trylock_common+0x10/0x10 [ 412.115557][ T7705] ? trace_lock_acquire+0x14e/0x1f0 [ 412.116887][ T7705] ? __video_do_ioctl+0x4a2/0xf00 [ 412.118199][ T7705] ? trace_contention_end+0xee/0x140 [ 412.119563][ T7705] ? __mutex_lock+0x1cc/0xa60 [ 412.120780][ T7705] vb2_reqbufs+0x1a5/0x1f0 [ 412.121944][ T7705] ? __pfx_vb2_reqbufs+0x10/0x10 [ 412.123146][ T7705] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 412.124780][ T7705] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 412.126116][ T7705] v4l_reqbufs+0x14c/0x1e0 [ 412.127272][ T7705] __video_do_ioctl+0xaf0/0xf00 [ 412.128540][ T7705] ? __pfx___video_do_ioctl+0x10/0x10 [ 412.129883][ T7705] ? __might_fault+0xe3/0x190 [ 412.131067][ T7705] video_usercopy+0x4d2/0x1620 [ 412.132302][ T7705] ? __pfx___video_do_ioctl+0x10/0x10 [ 412.133639][ T7705] ? __pfx_video_usercopy+0x10/0x10 [ 412.134951][ T7705] v4l2_ioctl+0x1ba/0x250 [ 412.136039][ T7705] ? __pfx_v4l2_ioctl+0x10/0x10 [ 412.137283][ T7705] __x64_sys_ioctl+0x190/0x200 [ 412.138490][ T7705] do_syscall_64+0xcd/0x250 [ 412.139610][ T7705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.141054][ T7705] RIP: 0033:0x7f2f8257ff19 [ 412.142159][ T7705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.146923][ T7705] RSP: 002b:00007f2f833ea058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 412.148957][ T7705] RAX: ffffffffffffffda RBX: 00007f2f82745fa0 RCX: 00007f2f8257ff19 [ 412.150899][ T7705] RDX: 0000000020000040 RSI: 00000000c0145608 RDI: 0000000000000003 [ 412.152858][ T7705] RBP: 00007f2f833ea0a0 R08: 0000000000000000 R09: 0000000000000000 [ 412.154837][ T7705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 412.156759][ T7705] R13: 0000000000000000 R14: 00007f2f82745fa0 R15: 00007ffc6a43d0c8 [ 412.158706][ T7705] [ 412.186757][ T64] usb 5-1: Using ep0 maxpacket: 32 [ 412.190139][ T64] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 412.192808][ T64] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 412.195609][ T64] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 412.198157][ T64] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 412.200680][ T64] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 412.204294][ T64] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 412.207916][ T64] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 412.210409][ T64] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.214481][ T64] usb 5-1: config 0 descriptor?? [ 412.263043][ T7717] netlink: 'syz.2.618': attribute type 1 has an invalid length. [ 412.272780][ T7717] 8021q: adding VLAN 0 to HW filter on device bond4 [ 412.281790][ T7717] vlan5: entered promiscuous mode [ 412.283293][ T7717] bond4: entered promiscuous mode [ 412.285966][ T7717] vlan5: entered allmulticast mode [ 412.287369][ T7717] bond4: entered allmulticast mode [ 412.421008][ T64] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 412.428615][ T7727] FAULT_INJECTION: forcing a failure. [ 412.428615][ T7727] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 412.428641][ T64] usb 5-1: USB disconnect, device number 2 [ 412.431877][ T7727] CPU: 0 UID: 0 PID: 7727 Comm: syz.2.621 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 412.435940][ T7727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.437500][ T64] usblp0: removed [ 412.438748][ T7727] Call Trace: [ 412.438755][ T7727] [ 412.438760][ T7727] dump_stack_lvl+0x16c/0x1f0 [ 412.438778][ T7727] should_fail_ex+0x497/0x5b0 [ 412.438794][ T7727] ? fs_reclaim_acquire+0xae/0x150 [ 412.445142][ T7727] should_fail_alloc_page+0xe7/0x130 [ 412.446540][ T7727] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 412.448103][ T7727] ? __pfx_mark_lock+0x10/0x10 [ 412.449317][ T7727] __alloc_pages_noprof+0x190/0x25b0 [ 412.450700][ T7727] ? finish_task_switch.isra.0+0x212/0xcc0 [ 412.452186][ T7727] ? __pfx_lock_release+0x10/0x10 [ 412.453570][ T7727] ? rcu_is_watching+0x12/0xc0 [ 412.454822][ T7727] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 412.456283][ T7727] ? __lock_acquire+0x15a9/0x3c40 [ 412.457571][ T7727] ? hlock_class+0x4e/0x130 [ 412.458771][ T7727] ? mark_lock+0xb5/0xc60 [ 412.459936][ T7727] ? hlock_class+0x4e/0x130 [ 412.461100][ T7727] ? mark_lock+0xb5/0xc60 [ 412.462221][ T7727] ? __schedule+0xe60/0x5ad0 [ 412.463417][ T7727] ? __pfx_mark_lock+0x10/0x10 [ 412.464675][ T7727] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 412.466187][ T7727] ? policy_nodemask+0xea/0x4e0 [ 412.467435][ T7727] alloc_pages_mpol_noprof+0x2c9/0x610 [ 412.468836][ T7727] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 412.470387][ T7727] ? __lock_acquire+0xcc5/0x3c40 [ 412.471662][ T7727] ? find_held_lock+0x2d/0x110 [ 412.472883][ T7727] folio_alloc_mpol_noprof+0x36/0xd0 [ 412.474228][ T7727] vma_alloc_folio_noprof+0xee/0x1b0 [ 412.475554][ T7727] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 412.477056][ T7727] ? __pfx___lock_acquire+0x10/0x10 [ 412.478348][ T7727] do_wp_page+0x1431/0x47c0 [ 412.479501][ T7727] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 412.480921][ T7727] ? __pfx_do_wp_page+0x10/0x10 [ 412.482151][ T7727] ? rcu_is_watching+0x12/0xc0 [ 412.483365][ T7727] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 412.484710][ T7727] ? lock_acquire+0x2f/0xb0 [ 412.485882][ T7727] ? __handle_mm_fault+0xdfa/0x2a40 [ 412.487189][ T7727] __handle_mm_fault+0x1ade/0x2a40 [ 412.488476][ T7727] ? find_held_lock+0x2d/0x110 [ 412.489695][ T7727] ? __pfx___handle_mm_fault+0x10/0x10 [ 412.491071][ T7727] ? follow_page_pte+0x374/0x1b20 [ 412.492324][ T7727] ? __pfx_lock_release+0x10/0x10 [ 412.493562][ T7727] ? vm_normal_page+0x13c/0x2b0 [ 412.494821][ T7727] ? follow_page_pte+0x3f7/0x1b20 [ 412.496065][ T7727] handle_mm_fault+0x3fa/0xaa0 [ 412.497260][ T7727] __get_user_pages+0x8d9/0x3b50 [ 412.498529][ T7727] ? __pfx___get_user_pages+0x10/0x10 [ 412.499883][ T7727] ? down_read_killable+0xcc/0x380 [ 412.501165][ T7727] ? __pfx_down_read_killable+0x10/0x10 [ 412.502601][ T7727] ? mark_lock+0xb5/0xc60 [ 412.503697][ T7727] ? find_held_lock+0x2d/0x110 [ 412.504924][ T7727] __gup_longterm_locked+0x211/0x1870 [ 412.506296][ T7727] ? irqentry_exit+0x3b/0x90 [ 412.507460][ T7727] ? __pfx___gup_longterm_locked+0x10/0x10 [ 412.508907][ T7727] ? const_folio_flags.constprop.0+0x56/0x150 [ 412.510418][ T7727] ? sanity_check_pinned_pages+0x385/0x11c0 [ 412.511868][ T7727] gup_fast_fallback+0x1802/0x2690 [ 412.513144][ T7727] ? __pfx_gup_fast_fallback+0x10/0x10 [ 412.514540][ T7727] ? rcu_is_watching+0x12/0xc0 [ 412.515757][ T7727] ? trace_kmalloc+0x2d/0xd0 [ 412.516938][ T7727] pin_user_pages_fast+0xa8/0x100 [ 412.518221][ T7727] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 412.519617][ T7727] ? __kvmalloc_node_noprof+0x7c/0x1a0 [ 412.520996][ T7727] iov_iter_extract_pages+0x3a5/0x2010 [ 412.522348][ T7727] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 412.523774][ T7727] ? rcu_is_watching+0x12/0xc0 [ 412.524974][ T7727] ? trace_kmalloc+0x2d/0xd0 [ 412.526156][ T7727] ? __kmalloc_noprof+0x23b/0x510 [ 412.527434][ T7727] ? mark_lock+0xb5/0xc60 [ 412.528525][ T7727] ? io_schedule+0xb1/0x130 [ 412.529690][ T7727] ? bio_init+0x3a6/0x5a0 [ 412.530758][ T7727] bio_map_user_iov+0x326/0xa60 [ 412.532003][ T7727] ? __pfx_bio_map_user_iov+0x10/0x10 [ 412.533351][ T7727] ? hlock_class+0x4e/0x130 [ 412.534477][ T7727] blk_rq_map_user_iov+0x6c2/0x1360 [ 412.535781][ T7727] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 412.537148][ T7727] ? lock_acquire+0x2f/0xb0 [ 412.538271][ T7727] ? avc_has_perm_noaudit+0x143/0x3a0 [ 412.539615][ T7727] ? cred_has_capability.isra.0+0x192/0x2f0 [ 412.541090][ T7727] ? import_ubuf+0x1b6/0x220 [ 412.542271][ T7727] blk_rq_map_user_io+0x206/0x230 [ 412.543493][ T7727] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 412.544891][ T7727] ? bpf_lsm_capable+0x9/0x10 [ 412.546063][ T7727] ? security_capable+0x7e/0x260 [ 412.547266][ T7727] sg_io+0x53b/0xd80 [ 412.548214][ T7727] scsi_cdrom_send_packet+0x276/0x640 [ 412.549563][ T7727] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 412.551063][ T7727] ? hlock_class+0x4e/0x130 [ 412.552193][ T7727] ? __lock_acquire+0x15a9/0x3c40 [ 412.553394][ T7727] ? mark_lock+0xb5/0xc60 [ 412.554486][ T7727] ? __pfx_cdrom_ioctl+0x10/0x10 [ 412.555673][ T7727] scsi_ioctl+0x146/0x1840 [ 412.556770][ T7727] ? rpm_resume+0x81c/0x1330 [ 412.557927][ T7727] ? lock_acquire.part.0+0x11b/0x380 [ 412.559233][ T7727] ? find_held_lock+0x2d/0x110 [ 412.560436][ T7727] ? __pfx_scsi_ioctl+0x10/0x10 [ 412.561677][ T7727] ? __pfx_lock_release+0x10/0x10 [ 412.562960][ T7727] ? lockdep_hardirqs_on+0x7c/0x110 [ 412.564265][ T7727] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 412.565712][ T7727] ? __pm_runtime_resume+0xc3/0x170 [ 412.567034][ T7727] sr_block_ioctl+0x202/0x250 [ 412.568226][ T7727] ? __pfx_sr_block_ioctl+0x10/0x10 [ 412.569534][ T7727] blkdev_ioctl+0x276/0x6d0 [ 412.570669][ T7727] ? __pfx_blkdev_ioctl+0x10/0x10 [ 412.571933][ T7727] ? selinux_file_ioctl+0x180/0x270 [ 412.573231][ T7727] ? selinux_file_ioctl+0xb4/0x270 [ 412.574535][ T7727] ? __pfx_blkdev_ioctl+0x10/0x10 [ 412.575814][ T7727] __x64_sys_ioctl+0x190/0x200 [ 412.577011][ T7727] do_syscall_64+0xcd/0x250 [ 412.578197][ T7727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.579684][ T7727] RIP: 0033:0x7fbf4677ff19 [ 412.580802][ T7727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.585558][ T7727] RSP: 002b:00007fbf474ab058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 412.587682][ T7727] RAX: ffffffffffffffda RBX: 00007fbf46946080 RCX: 00007fbf4677ff19 [ 412.589643][ T7727] RDX: 0000000020001640 RSI: 0000000000005393 RDI: 0000000000000006 [ 412.591614][ T7727] RBP: 00007fbf474ab0a0 R08: 0000000000000000 R09: 0000000000000000 [ 412.593584][ T7727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 412.595578][ T7727] R13: 0000000000000000 R14: 00007fbf46946080 R15: 00007ffc76176968 [ 412.597540][ T7727] [ 412.598359][ C0] vkms_vblank_simulate: vblank timer overrun [ 412.714618][ T7738] all: renamed from ip_vti0 (while UP) [ 412.865967][ T6037] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 412.894092][ T7753] FAULT_INJECTION: forcing a failure. [ 412.894092][ T7753] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 412.897797][ T7753] CPU: 1 UID: 0 PID: 7753 Comm: syz.3.632 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 412.900497][ T7753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 412.903206][ T7753] Call Trace: [ 412.904059][ T7753] [ 412.904810][ T7753] dump_stack_lvl+0x16c/0x1f0 [ 412.905929][ T7753] should_fail_ex+0x497/0x5b0 [ 412.907102][ T7753] _copy_from_iter+0x2a1/0x1560 [ 412.908299][ T7753] ? trace_lock_acquire+0x14e/0x1f0 [ 412.909595][ T7753] ? __alloc_skb+0x1fe/0x380 [ 412.910805][ T7753] ? __pfx__copy_from_iter+0x10/0x10 [ 412.912129][ T7753] ? __virt_addr_valid+0x1a4/0x590 [ 412.913421][ T7753] ? __virt_addr_valid+0x5e/0x590 [ 412.914734][ T7753] ? __phys_addr_symbol+0x30/0x80 [ 412.916008][ T7753] ? __check_object_size+0x488/0x710 [ 412.917349][ T7753] netlink_sendmsg+0x813/0xd70 [ 412.918694][ T7753] ? __pfx_netlink_sendmsg+0x10/0x10 [ 412.920155][ T7753] ____sys_sendmsg+0xaaf/0xc90 [ 412.921382][ T7753] ? copy_msghdr_from_user+0x10b/0x160 [ 412.922750][ T7753] ? __pfx_____sys_sendmsg+0x10/0x10 [ 412.924094][ T7753] ___sys_sendmsg+0x135/0x1e0 [ 412.925279][ T7753] ? __pfx____sys_sendmsg+0x10/0x10 [ 412.926607][ T7753] ? __pfx_lock_release+0x10/0x10 [ 412.927877][ T7753] ? trace_lock_acquire+0x14e/0x1f0 [ 412.929193][ T7753] ? __fget_files+0x206/0x3a0 [ 412.930403][ T7753] __sys_sendmsg+0x16e/0x220 [ 412.931593][ T7753] ? __pfx___sys_sendmsg+0x10/0x10 [ 412.932895][ T7753] do_syscall_64+0xcd/0x250 [ 412.934050][ T7753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.935558][ T7753] RIP: 0033:0x7feb14b7ff19 [ 412.936694][ T7753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.941891][ T7753] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 412.944067][ T7753] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 412.946127][ T7753] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 412.948181][ T7753] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 412.950227][ T7753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 412.952190][ T7753] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 412.954204][ T7753] [ 413.056745][ T6037] usb 5-1: Using ep0 maxpacket: 32 [ 413.062135][ T6037] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 413.064340][ T6037] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 413.066630][ T6037] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 413.068905][ T6037] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 413.071322][ T6037] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 413.073740][ T6037] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 413.077226][ T6037] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 413.079509][ T6037] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.082472][ T6037] usb 5-1: config 0 descriptor?? [ 413.157777][ T7772] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3856 sclass=netlink_route_socket pid=7772 comm=syz.4.640 [ 413.256857][ T7777] block nbd3: shutting down sockets [ 413.262918][ T7778] block nbd3: NBD_DISCONNECT [ 413.264186][ T7778] block nbd3: Send disconnect failed -32 [ 413.286853][ T6037] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 413.297954][ T6037] usb 5-1: USB disconnect, device number 3 [ 413.303809][ T6037] usblp0: removed [ 413.595494][ T7806] ieee802154 phy0 wpan0: encryption failed: -22 [ 413.597402][ T7806] FAULT_INJECTION: forcing a failure. [ 413.597402][ T7806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 413.600619][ T7806] CPU: 1 UID: 0 PID: 7806 Comm: syz.3.653 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 413.603255][ T7806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 413.606364][ T7806] Call Trace: [ 413.607509][ T7806] [ 413.608377][ T7806] dump_stack_lvl+0x16c/0x1f0 [ 413.609916][ T7806] should_fail_ex+0x497/0x5b0 [ 413.611517][ T7806] _copy_from_user+0x2e/0xd0 [ 413.612933][ T7806] copy_msghdr_from_user+0x99/0x160 [ 413.614676][ T7806] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 413.616393][ T7806] ? __lock_acquire+0xcc5/0x3c40 [ 413.618046][ T7806] ? hlock_class+0x4e/0x130 [ 413.619380][ T7806] ? __lock_acquire+0x15a9/0x3c40 [ 413.621045][ T7806] ___sys_sendmsg+0xff/0x1e0 [ 413.622592][ T7806] ? __pfx____sys_sendmsg+0x10/0x10 [ 413.624126][ T7806] ? __pfx___lock_acquire+0x10/0x10 [ 413.625884][ T7806] ? __pfx___might_resched+0x10/0x10 [ 413.627613][ T7806] ? __might_fault+0xe3/0x190 [ 413.629094][ T7806] __sys_sendmmsg+0x201/0x420 [ 413.630658][ T7806] ? __pfx___sys_sendmmsg+0x10/0x10 [ 413.632234][ T7806] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 413.634224][ T7806] ? fput+0x67/0x440 [ 413.635343][ T7806] ? ksys_write+0x1ba/0x250 [ 413.636873][ T7806] ? __pfx_ksys_write+0x10/0x10 [ 413.638381][ T7806] __x64_sys_sendmmsg+0x9c/0x100 [ 413.639950][ T7806] ? lockdep_hardirqs_on+0x7c/0x110 [ 413.641709][ T7806] do_syscall_64+0xcd/0x250 [ 413.643076][ T7806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.645040][ T7806] RIP: 0033:0x7feb14b7ff19 [ 413.646373][ T7806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.652368][ T7806] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 413.654625][ T7806] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 413.656584][ T7806] RDX: 000000000000fdef RSI: 00000000200020c0 RDI: 0000000000000004 [ 413.658569][ T7806] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 413.660603][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 413.662669][ T7806] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 413.664864][ T7806] [ 413.844538][ T7816] __nla_validate_parse: 6 callbacks suppressed [ 413.844549][ T7816] netlink: 12 bytes leftover after parsing attributes in process `syz.2.657'. [ 413.970662][ T7826] netlink: 'syz.2.662': attribute type 1 has an invalid length. [ 413.977903][ T7826] 8021q: adding VLAN 0 to HW filter on device bond5 [ 413.989173][ T7826] vlan6: entered promiscuous mode [ 413.991129][ T7826] bond5: entered promiscuous mode [ 413.993026][ T7826] vlan6: entered allmulticast mode [ 413.994412][ T7826] bond5: entered allmulticast mode [ 414.037634][ T5980] Bluetooth: hci4: sending frame failed (-49) [ 414.039631][ T7831] Bluetooth: hci4: Frame reassembly failed (-84) [ 414.039842][ T5977] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 414.164598][ T7843] FAULT_INJECTION: forcing a failure. [ 414.164598][ T7843] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 414.172637][ T7843] CPU: 3 UID: 0 PID: 7843 Comm: syz.2.668 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 414.175705][ T7843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 414.179194][ T7843] Call Trace: [ 414.180349][ T7843] [ 414.181375][ T7843] dump_stack_lvl+0x16c/0x1f0 [ 414.183023][ T7843] should_fail_ex+0x497/0x5b0 [ 414.184683][ T7843] ? fs_reclaim_acquire+0xae/0x150 [ 414.186479][ T7843] should_fail_alloc_page+0xe7/0x130 [ 414.188316][ T7843] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 414.190434][ T7843] ? mark_lock+0xb5/0xc60 [ 414.191934][ T7843] ? __pfx_mark_lock+0x10/0x10 [ 414.193589][ T7843] __alloc_pages_noprof+0x190/0x25b0 [ 414.195422][ T7843] ? hlock_class+0x4e/0x130 [ 414.196961][ T7843] ? __lock_acquire+0xcc5/0x3c40 [ 414.198353][ T7843] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 414.199982][ T7843] ? hlock_class+0x4e/0x130 [ 414.201591][ T7843] ? mark_lock+0xb5/0xc60 [ 414.202781][ T7843] ? hlock_class+0x4e/0x130 [ 414.203993][ T7843] ? mark_lock+0xb5/0xc60 [ 414.205168][ T7843] ? lock_acquire.part.0+0x11b/0x380 [ 414.206579][ T7843] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 414.208196][ T7843] ? policy_nodemask+0xea/0x4e0 [ 414.209505][ T7843] alloc_pages_mpol_noprof+0x2c9/0x610 [ 414.210979][ T7843] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 414.212706][ T7843] ? __lock_acquire+0xcc5/0x3c40 [ 414.214164][ T7843] ? find_held_lock+0x2d/0x110 [ 414.215804][ T7843] folio_alloc_mpol_noprof+0x36/0xd0 [ 414.217841][ T7843] vma_alloc_folio_noprof+0xee/0x1b0 [ 414.219905][ T7843] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 414.221941][ T7843] ? __pfx___lock_acquire+0x10/0x10 [ 414.223737][ T7843] do_wp_page+0x1431/0x47c0 [ 414.225469][ T7843] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 414.227440][ T7843] ? __pfx_do_wp_page+0x10/0x10 [ 414.228738][ T7843] ? rcu_is_watching+0x12/0xc0 [ 414.230035][ T7843] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 414.231449][ T7843] ? lock_acquire+0x2f/0xb0 [ 414.232650][ T7843] ? __handle_mm_fault+0xdfa/0x2a40 [ 414.234162][ T7843] __handle_mm_fault+0x1ade/0x2a40 [ 414.235790][ T7843] ? find_held_lock+0x2d/0x110 [ 414.237226][ T7843] ? __pfx___handle_mm_fault+0x10/0x10 [ 414.238818][ T7843] ? follow_page_pte+0x374/0x1b20 [ 414.240278][ T7843] ? __pfx_lock_release+0x10/0x10 [ 414.241738][ T7843] ? vm_normal_page+0x13c/0x2b0 [ 414.243101][ T7843] ? follow_page_pte+0x3f7/0x1b20 [ 414.244411][ T7843] handle_mm_fault+0x3fa/0xaa0 [ 414.245632][ T7843] __get_user_pages+0x8d9/0x3b50 [ 414.246916][ T7843] ? __pfx___get_user_pages+0x10/0x10 [ 414.248455][ T7843] ? down_read_killable+0xcc/0x380 [ 414.249887][ T7843] ? __pfx_down_read_killable+0x10/0x10 [ 414.251553][ T7843] ? mark_lock+0xb5/0xc60 [ 414.252739][ T7843] ? find_held_lock+0x2d/0x110 [ 414.253984][ T7843] __gup_longterm_locked+0x211/0x1870 [ 414.255359][ T7843] ? __pfx_lock_release+0x10/0x10 [ 414.256628][ T7843] ? trace_lock_acquire+0x14e/0x1f0 [ 414.257966][ T7843] ? __pfx___gup_longterm_locked+0x10/0x10 [ 414.259437][ T7843] ? gup_fast_fallback+0x84c/0x2690 [ 414.260954][ T7843] ? __pfx_lock_release+0x10/0x10 [ 414.262454][ T7843] ? const_folio_flags.constprop.0+0x56/0x150 [ 414.264001][ T7843] ? sanity_check_pinned_pages+0x385/0x11c0 [ 414.265501][ T7843] gup_fast_fallback+0x1802/0x2690 [ 414.266804][ T7843] ? __pfx_gup_fast_fallback+0x10/0x10 [ 414.268175][ T7843] ? rcu_is_watching+0x12/0xc0 [ 414.269423][ T7843] ? trace_kmalloc+0x2d/0xd0 [ 414.270664][ T7843] pin_user_pages_fast+0xa8/0x100 [ 414.271920][ T7843] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 414.273617][ T7843] ? __kvmalloc_node_noprof+0x7c/0x1a0 [ 414.275223][ T7843] iov_iter_extract_pages+0x3a5/0x2010 [ 414.276600][ T7843] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 414.278217][ T7843] ? rcu_is_watching+0x12/0xc0 [ 414.279458][ T7843] ? trace_kmalloc+0x2d/0xd0 [ 414.280626][ T7843] ? __kmalloc_noprof+0x23b/0x510 [ 414.281889][ T7843] ? mark_lock+0xb5/0xc60 [ 414.282982][ T7843] ? __lock_acquire+0xcc5/0x3c40 [ 414.284268][ T7843] ? bio_init+0x3a6/0x5a0 [ 414.285377][ T7843] bio_map_user_iov+0x326/0xa60 [ 414.286621][ T7843] ? __pfx_bio_map_user_iov+0x10/0x10 [ 414.287982][ T7843] ? hlock_class+0x4e/0x130 [ 414.289192][ T7843] blk_rq_map_user_iov+0x6c2/0x1360 [ 414.290888][ T7843] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 414.292527][ T7843] ? lock_acquire+0x2f/0xb0 [ 414.294081][ T7843] ? avc_has_perm_noaudit+0x143/0x3a0 [ 414.295471][ T7843] ? cred_has_capability.isra.0+0x192/0x2f0 [ 414.297175][ T7843] ? import_ubuf+0x1b6/0x220 [ 414.298517][ T7843] blk_rq_map_user_io+0x206/0x230 [ 414.299985][ T7843] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 414.301471][ T7843] ? bpf_lsm_capable+0x9/0x10 [ 414.302842][ T7843] ? security_capable+0x7e/0x260 [ 414.304178][ T7843] sg_io+0x53b/0xd80 [ 414.305235][ T7843] scsi_cdrom_send_packet+0x276/0x640 [ 414.306821][ T7843] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 414.308493][ T7843] ? hlock_class+0x4e/0x130 [ 414.309867][ T7843] ? __lock_acquire+0x15a9/0x3c40 [ 414.311380][ T7843] ? mark_lock+0xb5/0xc60 [ 414.312649][ T7843] ? __pfx_cdrom_ioctl+0x10/0x10 [ 414.314098][ T7843] scsi_ioctl+0x146/0x1840 [ 414.315388][ T7843] ? rpm_resume+0x81c/0x1330 [ 414.316694][ T7843] ? lock_acquire.part.0+0x11b/0x380 [ 414.318265][ T7843] ? find_held_lock+0x2d/0x110 [ 414.319676][ T7843] ? __pfx_scsi_ioctl+0x10/0x10 [ 414.321114][ T7843] ? __pfx_lock_release+0x10/0x10 [ 414.322588][ T7843] ? lockdep_hardirqs_on+0x7c/0x110 [ 414.324219][ T7843] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 414.325873][ T7843] ? __pm_runtime_resume+0xc3/0x170 [ 414.327610][ T7843] sr_block_ioctl+0x202/0x250 [ 414.329343][ T7843] ? __pfx_sr_block_ioctl+0x10/0x10 [ 414.330918][ T7843] blkdev_ioctl+0x276/0x6d0 [ 414.332222][ T7843] ? __pfx_blkdev_ioctl+0x10/0x10 [ 414.333817][ T7843] ? selinux_file_ioctl+0x180/0x270 [ 414.335397][ T7843] ? selinux_file_ioctl+0xb4/0x270 [ 414.336913][ T7843] ? __pfx_blkdev_ioctl+0x10/0x10 [ 414.338612][ T7843] __x64_sys_ioctl+0x190/0x200 [ 414.340272][ T7843] do_syscall_64+0xcd/0x250 [ 414.341862][ T7843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.343875][ T7843] RIP: 0033:0x7fbf4677ff19 [ 414.345388][ T7843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.351922][ T7843] RSP: 002b:00007fbf474ab058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 414.354047][ T7843] RAX: ffffffffffffffda RBX: 00007fbf46946080 RCX: 00007fbf4677ff19 [ 414.356052][ T7843] RDX: 0000000020001640 RSI: 0000000000005393 RDI: 0000000000000006 [ 414.358055][ T7843] RBP: 00007fbf474ab0a0 R08: 0000000000000000 R09: 0000000000000000 [ 414.360026][ T7843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 414.362191][ T7843] R13: 0000000000000000 R14: 00007fbf46946080 R15: 00007ffc76176968 [ 414.364244][ T7843] [ 414.500009][ T7866] netlink: 12 bytes leftover after parsing attributes in process `syz.2.677'. [ 414.645517][ T39] kauditd_printk_skb: 20 callbacks suppressed [ 414.645527][ T39] audit: type=1400 audit(1733411948.828:433): avc: denied { write } for pid=7884 comm="syz.0.684" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 414.716952][ T39] audit: type=1400 audit(1733411948.908:434): avc: denied { append } for pid=7884 comm="syz.0.684" name="001" dev="devtmpfs" ino=755 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 414.736934][ T7885] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.801538][ T7885] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.809006][ T7895] ieee802154 phy0 wpan0: encryption failed: -22 [ 414.811164][ T7895] FAULT_INJECTION: forcing a failure. [ 414.811164][ T7895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 414.815686][ T7895] CPU: 1 UID: 0 PID: 7895 Comm: syz.3.687 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 414.818531][ T7895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 414.821308][ T7895] Call Trace: [ 414.822209][ T7895] [ 414.822978][ T7895] dump_stack_lvl+0x16c/0x1f0 [ 414.824208][ T7895] should_fail_ex+0x497/0x5b0 [ 414.825458][ T7895] _copy_from_user+0x2e/0xd0 [ 414.826624][ T7895] copy_msghdr_from_user+0x99/0x160 [ 414.827866][ T7895] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 414.829397][ T7895] ? __lock_acquire+0xcc5/0x3c40 [ 414.830675][ T7895] ? hlock_class+0x4e/0x130 [ 414.831812][ T7895] ? __lock_acquire+0x15a9/0x3c40 [ 414.833046][ T7895] ___sys_sendmsg+0xff/0x1e0 [ 414.834236][ T7895] ? __pfx____sys_sendmsg+0x10/0x10 [ 414.835509][ T7895] ? __pfx___lock_acquire+0x10/0x10 [ 414.836827][ T7895] ? __pfx___might_resched+0x10/0x10 [ 414.838249][ T7895] ? __might_fault+0xe3/0x190 [ 414.839453][ T7895] __sys_sendmmsg+0x201/0x420 [ 414.840598][ T7895] ? __pfx___sys_sendmmsg+0x10/0x10 [ 414.842001][ T7895] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 414.843481][ T7895] ? fput+0x67/0x440 [ 414.844485][ T7895] ? ksys_write+0x1ba/0x250 [ 414.845606][ T7895] ? __pfx_ksys_write+0x10/0x10 [ 414.846865][ T7895] __x64_sys_sendmmsg+0x9c/0x100 [ 414.848100][ T7895] ? lockdep_hardirqs_on+0x7c/0x110 [ 414.849495][ T7895] do_syscall_64+0xcd/0x250 [ 414.850718][ T7895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.852167][ T7895] RIP: 0033:0x7feb14b7ff19 [ 414.853272][ T7895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.858015][ T7895] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 414.860229][ T7895] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 414.862296][ T7895] RDX: 000000000000fdef RSI: 00000000200020c0 RDI: 0000000000000004 [ 414.864372][ T7895] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 414.866438][ T7895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 414.868508][ T7895] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 414.870576][ T7895] [ 414.889809][ T7885] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.893325][ T7897] netlink: 12 bytes leftover after parsing attributes in process `syz.2.688'. [ 414.949919][ T7885] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.984712][ T7907] netlink: 'syz.4.693': attribute type 1 has an invalid length. [ 415.008704][ T7907] 8021q: adding VLAN 0 to HW filter on device bond1 [ 415.015935][ T7907] bond1: (slave ip6gretap1): making interface the new active one [ 415.018345][ T7907] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 415.023765][ T7907] vlan3: entered promiscuous mode [ 415.025145][ T7907] bond1: entered promiscuous mode [ 415.026726][ T7907] ip6gretap1: entered promiscuous mode [ 415.028315][ T7907] vlan3: entered allmulticast mode [ 415.029625][ T7907] bond1: entered allmulticast mode [ 415.030896][ T7907] ip6gretap1: entered allmulticast mode [ 415.041251][ T7885] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.050822][ T7885] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.059906][ T7885] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.063471][ T7903] FAULT_INJECTION: forcing a failure. [ 415.063471][ T7903] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 415.067018][ T7903] CPU: 2 UID: 0 PID: 7903 Comm: syz.2.691 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 415.069798][ T7903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 415.072553][ T7903] Call Trace: [ 415.073416][ T7903] [ 415.074193][ T7903] dump_stack_lvl+0x16c/0x1f0 [ 415.075404][ T7903] should_fail_ex+0x497/0x5b0 [ 415.076372][ T7885] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.077049][ T7903] ? fs_reclaim_acquire+0xae/0x150 [ 415.081159][ T7903] should_fail_alloc_page+0xe7/0x130 [ 415.083155][ T7903] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 415.085426][ T7903] __alloc_pages_noprof+0x190/0x25b0 [ 415.087477][ T7903] ? find_held_lock+0x2d/0x110 [ 415.088990][ T7903] ? get_il_weight+0xf2/0x2a0 [ 415.090222][ T7903] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 415.091644][ T7903] ? get_il_weight+0xfc/0x2a0 [ 415.092834][ T7903] ? weighted_interleave_nodes+0x284/0x550 [ 415.094365][ T7903] ? policy_nodemask+0xea/0x4e0 [ 415.095636][ T7903] alloc_pages_mpol_noprof+0x2c9/0x610 [ 415.097198][ T7903] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 415.098877][ T7903] ? do_raw_spin_lock+0x12d/0x2c0 [ 415.100183][ T7903] ? lock_acquire+0x2f/0xb0 [ 415.101374][ T7903] ? kasan_populate_vmalloc_pte+0xfb/0x160 [ 415.102941][ T7903] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 415.104566][ T7903] get_free_pages_noprof+0xc/0x40 [ 415.105924][ T7903] kasan_populate_vmalloc_pte+0x2d/0x160 [ 415.107362][ T7903] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 415.109035][ T7903] __apply_to_page_range+0x5fd/0xd30 [ 415.110426][ T7903] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 415.112029][ T7903] ? __pfx___apply_to_page_range+0x10/0x10 [ 415.113510][ T7903] ? insert_vmap_area+0x2ef/0x4d0 [ 415.114823][ T7903] alloc_vmap_area+0x93e/0x2a70 [ 415.116074][ T7903] ? __pfx_alloc_vmap_area+0x10/0x10 [ 415.117398][ T7903] __get_vm_area_node+0x19e/0x2f0 [ 415.118693][ T7903] ? v4l_reqbufs+0x14c/0x1e0 [ 415.119891][ T7903] __vmalloc_node_range_noprof+0x26a/0x1530 [ 415.121364][ T7903] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 415.122654][ T7903] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 415.123967][ T7903] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 415.125604][ T7903] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 415.126948][ T7903] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 415.128365][ T7903] vmalloc_user_noprof+0x6b/0x90 [ 415.129635][ T7903] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 415.130942][ T7903] vb2_vmalloc_alloc+0x11e/0x3d0 [ 415.132202][ T7903] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 415.133611][ T7903] __vb2_queue_alloc+0x896/0x1230 [ 415.134946][ T7903] vb2_core_reqbufs+0xa73/0xfb0 [ 415.136168][ T7903] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 415.137507][ T7903] ? __pfx___mutex_trylock_common+0x10/0x10 [ 415.139104][ T7903] ? trace_lock_acquire+0x14e/0x1f0 [ 415.140434][ T7903] ? __video_do_ioctl+0x4a2/0xf00 [ 415.141723][ T7903] ? trace_contention_end+0xee/0x140 [ 415.143076][ T7903] ? __mutex_lock+0x1cc/0xa60 [ 415.144254][ T7903] vb2_reqbufs+0x1a5/0x1f0 [ 415.145333][ T7903] ? __pfx_vb2_reqbufs+0x10/0x10 [ 415.146587][ T7903] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 415.148053][ T7903] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 415.149463][ T7903] v4l_reqbufs+0x14c/0x1e0 [ 415.150600][ T7903] __video_do_ioctl+0xaf0/0xf00 [ 415.151795][ T7903] ? __pfx___video_do_ioctl+0x10/0x10 [ 415.153092][ T7903] ? __might_fault+0xe3/0x190 [ 415.154263][ T7903] video_usercopy+0x4d2/0x1620 [ 415.155467][ T7903] ? __pfx___video_do_ioctl+0x10/0x10 [ 415.156842][ T7903] ? __pfx_video_usercopy+0x10/0x10 [ 415.158296][ T7903] v4l2_ioctl+0x1ba/0x250 [ 415.159435][ T7903] ? __pfx_v4l2_ioctl+0x10/0x10 [ 415.160679][ T7903] __x64_sys_ioctl+0x190/0x200 [ 415.161864][ T7903] do_syscall_64+0xcd/0x250 [ 415.162989][ T7903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.164472][ T7903] RIP: 0033:0x7fbf4677ff19 [ 415.165558][ T7903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.170170][ T7903] RSP: 002b:00007fbf474cc058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 415.172150][ T7903] RAX: ffffffffffffffda RBX: 00007fbf46945fa0 RCX: 00007fbf4677ff19 [ 415.174030][ T7903] RDX: 0000000020000040 RSI: 00000000c0145608 RDI: 0000000000000003 [ 415.176004][ T7903] RBP: 00007fbf474cc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 415.177986][ T7903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 415.179997][ T7903] R13: 0000000000000000 R14: 00007fbf46945fa0 R15: 00007ffc76176968 [ 415.181975][ T7903] [ 415.252435][ T7932] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 415.253801][ T7928] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.255693][ T7932] overlayfs: failed to clone lowerpath [ 415.283546][ T39] audit: type=1400 audit(1733411949.468:435): avc: denied { setopt } for pid=7935 comm="syz.3.702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 415.293565][ T39] audit: type=1400 audit(1733411949.478:436): avc: denied { create } for pid=7937 comm="syz.2.703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 415.298944][ T39] audit: type=1400 audit(1733411949.478:437): avc: denied { ioctl } for pid=7937 comm="syz.2.703" path="socket:[19057]" dev="sockfs" ino=19057 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 415.319059][ T7928] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.322359][ T7944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.705'. [ 415.349054][ T7948] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 415.427816][ T7928] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.465019][ T7964] xt_hashlimit: size too large, truncated to 1048576 [ 415.469087][ T39] audit: type=1400 audit(1733411949.658:438): avc: denied { setopt } for pid=7963 comm="syz.3.714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 415.492011][ T7928] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.588007][ T7928] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.598895][ T7928] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.606269][ T7928] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.614351][ T7928] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.693726][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.703784][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.706958][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.709957][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.712867][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.716006][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.718976][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.721953][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.724858][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.728275][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.731281][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.734089][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.738513][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.743475][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.746735][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.749705][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.752564][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.755458][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.758771][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.761757][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.764885][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.768321][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.771270][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.774189][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.778901][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.781906][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.784864][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.789802][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.792736][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.798605][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.801559][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.805391][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.809116][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.812162][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.814965][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.826610][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.831233][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.834260][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.838503][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.846443][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.849313][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.859014][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.862640][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.865488][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.868977][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.871181][ T7992] overlayfs: failed to get inode (-116) [ 415.871944][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.873185][ T7992] overlayfs: failed to get inode (-116) [ 415.876340][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.879512][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.883034][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.886443][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.889279][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.892257][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.895015][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.898179][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.900993][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.904041][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.907025][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.909909][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.912664][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.915423][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.918329][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.921165][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.923901][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.926858][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.929613][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.963378][ T7999] netlink: 12 bytes leftover after parsing attributes in process `syz.4.726'. [ 415.965739][ T7999] netlink: 68 bytes leftover after parsing attributes in process `syz.4.726'. [ 416.003492][ T39] audit: type=1400 audit(1733411950.188:439): avc: denied { nlmsg_write } for pid=8000 comm="syz.4.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 416.070986][ T8003] netlink: 'syz.4.728': attribute type 1 has an invalid length. [ 416.079692][ T8003] 8021q: adding VLAN 0 to HW filter on device bond2 [ 416.087212][ T8003] vlan4: entered promiscuous mode [ 416.088577][ T8003] bond2: entered promiscuous mode [ 416.089943][ T8003] vlan4: entered allmulticast mode [ 416.091296][ T8003] bond2: entered allmulticast mode [ 416.164109][ T8008] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.279230][ T8008] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.340181][ T8008] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.432268][ T8008] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.554408][ T8012] netlink: 12 bytes leftover after parsing attributes in process `syz.2.732'. [ 416.585991][ T5969] vhci_hcd: vhci_device speed not set [ 416.686369][ T39] audit: type=1400 audit(1733411950.868:440): avc: denied { ioctl } for pid=8028 comm="syz.2.738" path="/dev/ptp1" dev="devtmpfs" ino=1288 ioctlcmd=0x3d08 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 416.707802][ T39] audit: type=1400 audit(1733411950.888:441): avc: denied { recv } for pid=16 comm="ksoftirqd/0" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=46784 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 416.714152][ T39] audit: type=1400 audit(1733411950.888:442): avc: denied { recv } for pid=16 comm="ksoftirqd/0" saddr=127.0.0.1 src=46784 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 416.823276][ T8049] FAULT_INJECTION: forcing a failure. [ 416.823276][ T8049] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 416.830806][ T8049] CPU: 2 UID: 0 PID: 8049 Comm: syz.0.742 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 416.833931][ T8049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 416.836664][ T8049] Call Trace: [ 416.837708][ T8049] [ 416.838569][ T8049] dump_stack_lvl+0x16c/0x1f0 [ 416.839849][ T8049] should_fail_ex+0x497/0x5b0 [ 416.841035][ T8049] _copy_to_user+0x32/0xd0 [ 416.842186][ T8049] scsi_cdrom_send_packet+0x3a1/0x640 [ 416.843574][ T8049] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 416.845074][ T8049] ? hlock_class+0x4e/0x130 [ 416.846259][ T8049] ? __lock_acquire+0x15a9/0x3c40 [ 416.847569][ T8049] ? mark_lock+0xb5/0xc60 [ 416.848653][ T8049] ? __pfx_cdrom_ioctl+0x10/0x10 [ 416.849939][ T8049] scsi_ioctl+0x146/0x1840 [ 416.850668][ T8051] FAULT_INJECTION: forcing a failure. [ 416.850668][ T8051] name failslab, interval 1, probability 0, space 0, times 0 [ 416.851092][ T8049] ? rpm_resume+0x81c/0x1330 [ 416.855534][ T8049] ? lock_acquire.part.0+0x11b/0x380 [ 416.856902][ T8049] ? find_held_lock+0x2d/0x110 [ 416.858190][ T8049] ? __pfx_scsi_ioctl+0x10/0x10 [ 416.859496][ T8049] ? __pfx_lock_release+0x10/0x10 [ 416.860843][ T8049] ? lockdep_hardirqs_on+0x7c/0x110 [ 416.862257][ T8049] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 416.863786][ T8049] ? __pm_runtime_resume+0xc3/0x170 [ 416.865065][ T8049] sr_block_ioctl+0x202/0x250 [ 416.866285][ T8049] ? __pfx_sr_block_ioctl+0x10/0x10 [ 416.867535][ T8049] blkdev_ioctl+0x276/0x6d0 [ 416.868659][ T8049] ? __pfx_blkdev_ioctl+0x10/0x10 [ 416.869974][ T8049] ? selinux_file_ioctl+0x180/0x270 [ 416.871285][ T8049] ? selinux_file_ioctl+0xb4/0x270 [ 416.872569][ T8049] ? __pfx_blkdev_ioctl+0x10/0x10 [ 416.873835][ T8049] __x64_sys_ioctl+0x190/0x200 [ 416.875057][ T8049] do_syscall_64+0xcd/0x250 [ 416.876208][ T8049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.877664][ T8049] RIP: 0033:0x7fbba097ff19 [ 416.878738][ T8049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.883510][ T8049] RSP: 002b:00007fbba17d6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 416.885692][ T8049] RAX: ffffffffffffffda RBX: 00007fbba0b46080 RCX: 00007fbba097ff19 [ 416.887678][ T8049] RDX: 0000000020001640 RSI: 0000000000005393 RDI: 0000000000000006 [ 416.889606][ T8049] RBP: 00007fbba17d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 416.891561][ T8049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 416.893528][ T8049] R13: 0000000000000000 R14: 00007fbba0b46080 R15: 00007ffd53fcfcc8 [ 416.895538][ T8049] [ 416.896331][ T8051] CPU: 0 UID: 0 PID: 8051 Comm: syz.3.746 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 416.899172][ T8051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 416.901952][ T8051] Call Trace: [ 416.902848][ T8051] [ 416.903639][ T8051] dump_stack_lvl+0x16c/0x1f0 [ 416.904888][ T8051] should_fail_ex+0x497/0x5b0 [ 416.906155][ T8051] ? fs_reclaim_acquire+0xae/0x150 [ 416.907595][ T8051] should_failslab+0xc2/0x120 [ 416.908883][ T8051] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 416.910457][ T8051] ? __alloc_skb+0x2b1/0x380 [ 416.911715][ T8051] __alloc_skb+0x2b1/0x380 [ 416.912947][ T8051] ? __pfx___alloc_skb+0x10/0x10 [ 416.914292][ T8051] ? rtnetlink_rcv_msg+0x3e6/0xea0 [ 416.915671][ T8051] netlink_ack+0x15f/0xb80 [ 416.916877][ T8051] netlink_rcv_skb+0x348/0x440 [ 416.918169][ T8051] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 416.919649][ T8051] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 416.921075][ T8051] ? netlink_deliver_tap+0x1ae/0xd30 [ 416.922514][ T8051] netlink_unicast+0x53c/0x7f0 [ 416.923815][ T8051] ? __pfx_netlink_unicast+0x10/0x10 [ 416.925245][ T8051] netlink_sendmsg+0x8b8/0xd70 [ 416.926544][ T8051] ? __pfx_netlink_sendmsg+0x10/0x10 [ 416.927974][ T8051] ____sys_sendmsg+0xaaf/0xc90 [ 416.929271][ T8051] ? copy_msghdr_from_user+0x10b/0x160 [ 416.930766][ T8051] ? __pfx_____sys_sendmsg+0x10/0x10 [ 416.932211][ T8051] ___sys_sendmsg+0x135/0x1e0 [ 416.933710][ T8051] ? __pfx____sys_sendmsg+0x10/0x10 [ 416.935100][ T8051] ? __pfx_lock_release+0x10/0x10 [ 416.936391][ T8051] ? trace_lock_acquire+0x14e/0x1f0 [ 416.937736][ T8051] ? __fget_files+0x206/0x3a0 [ 416.938923][ T8051] __sys_sendmsg+0x16e/0x220 [ 416.940130][ T8051] ? __pfx___sys_sendmsg+0x10/0x10 [ 416.941493][ T8051] do_syscall_64+0xcd/0x250 [ 416.942728][ T8051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.944324][ T8051] RIP: 0033:0x7feb14b7ff19 [ 416.945530][ T8051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.950641][ T8051] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 416.952952][ T8051] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 416.955021][ T8051] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 416.957157][ T8051] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 416.959211][ T8051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.961326][ T8051] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 416.963367][ T8051] [ 417.028976][ T8061] netlink: 12 bytes leftover after parsing attributes in process `syz.3.750'. [ 417.031730][ T8061] netlink: 68 bytes leftover after parsing attributes in process `syz.3.750'. [ 417.064353][ T8063] usb usb8: usbfs: process 8063 (syz.3.752) did not claim interface 0 before use [ 417.170612][ T8069] af_packet: tpacket_rcv: packet too big, clamped from 74 to 4294967286. macoff=82 [ 417.173900][ T5977] Bluetooth: hci1: unexpected event for opcode 0x0c12 [ 417.200727][ T8072] netlink: 12 bytes leftover after parsing attributes in process `syz.0.755'. [ 417.353941][ T8091] overlay: Unknown parameter 'smackfsfloor' [ 417.480960][ T8103] FAULT_INJECTION: forcing a failure. [ 417.480960][ T8103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.485749][ T8103] CPU: 3 UID: 0 PID: 8103 Comm: syz.3.767 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 417.489226][ T8103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 417.492749][ T8103] Call Trace: [ 417.493889][ T8103] [ 417.494897][ T8103] dump_stack_lvl+0x16c/0x1f0 [ 417.496623][ T8103] should_fail_ex+0x497/0x5b0 [ 417.498282][ T8103] _copy_to_user+0x32/0xd0 [ 417.499838][ T8103] scsi_cdrom_send_packet+0x3a1/0x640 [ 417.501653][ T8103] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 417.503672][ T8103] ? hlock_class+0x4e/0x130 [ 417.505240][ T8103] ? __lock_acquire+0x15a9/0x3c40 [ 417.506962][ T8103] ? mark_lock+0xb5/0xc60 [ 417.508437][ T8103] ? __pfx_cdrom_ioctl+0x10/0x10 [ 417.510135][ T8103] scsi_ioctl+0x146/0x1840 [ 417.511650][ T8103] ? rpm_resume+0x81c/0x1330 [ 417.513184][ T8103] ? lock_acquire.part.0+0x11b/0x380 [ 417.514981][ T8103] ? find_held_lock+0x2d/0x110 [ 417.516652][ T8103] ? __pfx_scsi_ioctl+0x10/0x10 [ 417.518337][ T8103] ? __pfx_lock_release+0x10/0x10 [ 417.520050][ T8103] ? lockdep_hardirqs_on+0x7c/0x110 [ 417.521831][ T8103] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 417.523808][ T8103] ? __pm_runtime_resume+0xc3/0x170 [ 417.525592][ T8103] sr_block_ioctl+0x202/0x250 [ 417.527242][ T8103] ? __pfx_sr_block_ioctl+0x10/0x10 [ 417.529011][ T8103] blkdev_ioctl+0x276/0x6d0 [ 417.530584][ T8103] ? __pfx_blkdev_ioctl+0x10/0x10 [ 417.532505][ T8103] ? selinux_file_ioctl+0x180/0x270 [ 417.534296][ T8103] ? selinux_file_ioctl+0xb4/0x270 [ 417.536050][ T8103] ? __pfx_blkdev_ioctl+0x10/0x10 [ 417.537826][ T8103] __x64_sys_ioctl+0x190/0x200 [ 417.539483][ T8103] do_syscall_64+0xcd/0x250 [ 417.541050][ T8103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.543080][ T8103] RIP: 0033:0x7feb14b7ff19 [ 417.544625][ T8103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.551138][ T8103] RSP: 002b:00007feb15a31058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 417.553957][ T8103] RAX: ffffffffffffffda RBX: 00007feb14d46080 RCX: 00007feb14b7ff19 [ 417.556663][ T8103] RDX: 0000000020001640 RSI: 0000000000005393 RDI: 0000000000000006 [ 417.559285][ T8103] RBP: 00007feb15a310a0 R08: 0000000000000000 R09: 0000000000000000 [ 417.562043][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 417.564746][ T8103] R13: 0000000000000000 R14: 00007feb14d46080 R15: 00007ffe0bcf2988 [ 417.566864][ T8103] [ 418.023910][ T8138] FAULT_INJECTION: forcing a failure. [ 418.023910][ T8138] name failslab, interval 1, probability 0, space 0, times 0 [ 418.025580][ T8133] netlink: 'syz.2.778': attribute type 21 has an invalid length. [ 418.027106][ T8138] CPU: 2 UID: 0 PID: 8138 Comm: syz.3.779 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 418.027129][ T8138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 418.027135][ T8138] Call Trace: [ 418.027139][ T8138] [ 418.027144][ T8138] dump_stack_lvl+0x16c/0x1f0 [ 418.027161][ T8138] should_fail_ex+0x497/0x5b0 [ 418.027176][ T8138] ? fs_reclaim_acquire+0xae/0x150 [ 418.040801][ T8138] should_failslab+0xc2/0x120 [ 418.042038][ T8138] __kmalloc_noprof+0xcb/0x510 [ 418.043289][ T8138] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 418.044762][ T8138] tomoyo_realpath_from_path+0xb9/0x720 [ 418.046209][ T8138] ? tomoyo_path_number_perm+0x235/0x590 [ 418.047665][ T8138] ? tomoyo_path_number_perm+0x235/0x590 [ 418.049113][ T8138] tomoyo_path_number_perm+0x248/0x590 [ 418.050534][ T8138] ? tomoyo_path_number_perm+0x235/0x590 [ 418.051985][ T8138] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 418.053547][ T8138] ? __pfx_lock_release+0x10/0x10 [ 418.054860][ T8138] ? trace_lock_acquire+0x14e/0x1f0 [ 418.056205][ T8138] ? lock_acquire+0x2f/0xb0 [ 418.057380][ T8138] ? __fget_files+0x40/0x3a0 [ 418.058596][ T8138] ? __fget_files+0x206/0x3a0 [ 418.059815][ T8138] security_file_ioctl+0x9b/0x240 [ 418.061114][ T8138] __x64_sys_ioctl+0xb7/0x200 [ 418.062338][ T8138] do_syscall_64+0xcd/0x250 [ 418.063528][ T8138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.065063][ T8138] RIP: 0033:0x7feb14b7ff19 [ 418.066223][ T8138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.071134][ T8138] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 418.073273][ T8138] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 418.075305][ T8138] RDX: 0000000020000000 RSI: 00000000404c4701 RDI: 0000000000000003 [ 418.077344][ T8138] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 418.079410][ T8138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.081442][ T8138] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 418.083489][ T8138] [ 418.084596][ T8138] ERROR: Out of memory at tomoyo_realpath_from_path. [ 418.335033][ T8149] ieee802154 phy0 wpan0: encryption failed: -22 [ 418.337092][ T8149] FAULT_INJECTION: forcing a failure. [ 418.337092][ T8149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 418.340524][ T8149] CPU: 3 UID: 0 PID: 8149 Comm: syz.3.782 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 418.343247][ T8149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 418.346031][ T8149] Call Trace: [ 418.346979][ T8149] [ 418.347757][ T8149] dump_stack_lvl+0x16c/0x1f0 [ 418.348996][ T8149] should_fail_ex+0x497/0x5b0 [ 418.350240][ T8149] _copy_from_user+0x2e/0xd0 [ 418.351458][ T8149] copy_msghdr_from_user+0x99/0x160 [ 418.352814][ T8149] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 418.354332][ T8149] ? __lock_acquire+0xcc5/0x3c40 [ 418.355629][ T8149] ? hlock_class+0x4e/0x130 [ 418.356816][ T8149] ? __lock_acquire+0x15a9/0x3c40 [ 418.358132][ T8149] ___sys_sendmsg+0xff/0x1e0 [ 418.359347][ T8149] ? __pfx____sys_sendmsg+0x10/0x10 [ 418.360703][ T8149] ? __pfx___lock_acquire+0x10/0x10 [ 418.362093][ T8149] ? __pfx___might_resched+0x10/0x10 [ 418.363470][ T8149] ? __might_fault+0xe3/0x190 [ 418.364720][ T8149] __sys_sendmmsg+0x201/0x420 [ 418.365985][ T8149] ? __pfx___sys_sendmmsg+0x10/0x10 [ 418.367343][ T8149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 418.368904][ T8149] ? fput+0x67/0x440 [ 418.369976][ T8149] ? ksys_write+0x1ba/0x250 [ 418.371182][ T8149] ? __pfx_ksys_write+0x10/0x10 [ 418.372453][ T8149] __x64_sys_sendmmsg+0x9c/0x100 [ 418.373768][ T8149] ? lockdep_hardirqs_on+0x7c/0x110 [ 418.375118][ T8149] do_syscall_64+0xcd/0x250 [ 418.376300][ T8149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.377839][ T8149] RIP: 0033:0x7feb14b7ff19 [ 418.379032][ T8149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.384005][ T8149] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 418.386168][ T8149] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 418.388210][ T8149] RDX: 000000000000fdef RSI: 00000000200020c0 RDI: 0000000000000004 [ 418.390220][ T8149] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 418.392440][ T8149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 418.394605][ T8149] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 418.396698][ T8149] [ 418.425598][ T8151] netlink: 'syz.3.783': attribute type 1 has an invalid length. [ 418.444905][ T8151] 8021q: adding VLAN 0 to HW filter on device bond4 [ 418.458652][ T8151] vlan4: entered promiscuous mode [ 418.460124][ T8151] bond4: entered promiscuous mode [ 418.461503][ T8151] vlan4: entered allmulticast mode [ 418.462920][ T8151] bond4: entered allmulticast mode [ 418.773317][ T8168] FAULT_INJECTION: forcing a failure. [ 418.773317][ T8168] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 418.776982][ T8168] CPU: 3 UID: 0 PID: 8168 Comm: syz.0.788 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 418.779626][ T8168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 418.782402][ T8168] Call Trace: [ 418.783280][ T8168] [ 418.784077][ T8168] dump_stack_lvl+0x16c/0x1f0 [ 418.785381][ T8168] should_fail_ex+0x497/0x5b0 [ 418.786674][ T8168] _copy_to_user+0x32/0xd0 [ 418.787757][ T8168] simple_read_from_buffer+0xd0/0x160 [ 418.789113][ T8168] proc_fail_nth_read+0x198/0x270 [ 418.790450][ T8168] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 418.791882][ T8168] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 418.793336][ T8168] vfs_read+0x1df/0xbe0 [ 418.794438][ T8168] ? __fget_files+0x1fc/0x3a0 [ 418.795686][ T8168] ? __pfx___mutex_lock+0x10/0x10 [ 418.796991][ T8168] ? __pfx_vfs_read+0x10/0x10 [ 418.798241][ T8168] ? __fget_files+0x206/0x3a0 [ 418.799476][ T8168] ksys_read+0x12b/0x250 [ 418.800590][ T8168] ? __pfx_ksys_read+0x10/0x10 [ 418.801838][ T8168] do_syscall_64+0xcd/0x250 [ 418.803027][ T8168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.804555][ T8168] RIP: 0033:0x7fbba097e92c [ 418.805693][ T8168] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 418.810631][ T8168] RSP: 002b:00007fbba17d6050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 418.812768][ T8168] RAX: ffffffffffffffda RBX: 00007fbba0b46080 RCX: 00007fbba097e92c [ 418.814829][ T8168] RDX: 000000000000000f RSI: 00007fbba17d60b0 RDI: 0000000000000007 [ 418.816807][ T8168] RBP: 00007fbba17d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 418.818857][ T8168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 418.820890][ T8168] R13: 0000000000000000 R14: 00007fbba0b46080 R15: 00007ffd53fcfcc8 [ 418.822936][ T8168] [ 418.847890][ T5977] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 419.044696][ T8184] vcan0: entered allmulticast mode [ 419.377861][ T8207] __nla_validate_parse: 7 callbacks suppressed [ 419.377873][ T8207] netlink: 12 bytes leftover after parsing attributes in process `syz.0.799'. [ 419.383272][ T8207] netlink: 68 bytes leftover after parsing attributes in process `syz.0.799'. [ 419.399122][ T8008] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.406889][ T8008] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.427585][ T8008] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.438739][ T8008] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.492430][ T5977] Bluetooth: hci2: unexpected event for opcode 0x203b [ 419.559040][ T8233] FAULT_INJECTION: forcing a failure. [ 419.559040][ T8233] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 419.563465][ T8233] CPU: 3 UID: 0 PID: 8233 Comm: syz.3.812 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 419.566451][ T8233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 419.569779][ T8233] Call Trace: [ 419.570749][ T8233] [ 419.571652][ T8233] dump_stack_lvl+0x16c/0x1f0 [ 419.573068][ T8233] should_fail_ex+0x497/0x5b0 [ 419.574620][ T8233] _copy_from_user+0x2e/0xd0 [ 419.576306][ T8233] gsmld_ioctl+0x170/0x1550 [ 419.577867][ T8233] ? trace_lock_acquire+0x14e/0x1f0 [ 419.579219][ T8233] ? tty_ldisc_ref_wait+0x24/0x80 [ 419.580584][ T8233] ? __pfx_gsmld_ioctl+0x10/0x10 [ 419.581854][ T8233] ? __ldsem_down_read_nested+0xf4/0x920 [ 419.583320][ T8233] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 419.585043][ T8233] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 419.586587][ T8233] ? __pfx_pty_bsd_ioctl+0x10/0x10 [ 419.588125][ T8233] ? __pfx_gsmld_ioctl+0x10/0x10 [ 419.589416][ T8233] tty_ioctl+0x6ee/0x15d0 [ 419.590574][ T8233] ? __pfx_tty_ioctl+0x10/0x10 [ 419.591819][ T8233] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 419.594099][ T8233] ? __pfx_lock_release+0x10/0x10 [ 419.596004][ T8233] ? selinux_file_ioctl+0x180/0x270 [ 419.597905][ T8233] ? selinux_file_ioctl+0xb4/0x270 [ 419.599970][ T8233] ? __pfx_tty_ioctl+0x10/0x10 [ 419.601671][ T8233] __x64_sys_ioctl+0x190/0x200 [ 419.603411][ T8233] do_syscall_64+0xcd/0x250 [ 419.605042][ T8233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.606653][ T8233] RIP: 0033:0x7feb14b7ff19 [ 419.607817][ T8233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.614121][ T8233] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 419.617019][ T8233] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 419.619838][ T8233] RDX: 0000000020000000 RSI: 00000000404c4701 RDI: 0000000000000003 [ 419.622621][ T8233] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 419.625545][ T8233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.628295][ T8233] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 419.630419][ T8233] [ 419.685289][ T8247] ieee802154 phy0 wpan0: encryption failed: -22 [ 419.687405][ T8247] FAULT_INJECTION: forcing a failure. [ 419.687405][ T8247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 419.690954][ T8247] CPU: 3 UID: 0 PID: 8247 Comm: syz.4.816 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 419.693793][ T8247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 419.696616][ T8247] Call Trace: [ 419.697493][ T8247] [ 419.698705][ T8247] dump_stack_lvl+0x16c/0x1f0 [ 419.700068][ T8247] should_fail_ex+0x497/0x5b0 [ 419.701322][ T8247] _copy_from_user+0x2e/0xd0 [ 419.702579][ T8247] copy_msghdr_from_user+0x99/0x160 [ 419.703942][ T8247] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 419.705497][ T8247] ? __lock_acquire+0xcc5/0x3c40 [ 419.706865][ T8247] ? hlock_class+0x4e/0x130 [ 419.708038][ T8247] ? __lock_acquire+0x15a9/0x3c40 [ 419.709363][ T8247] ___sys_sendmsg+0xff/0x1e0 [ 419.710590][ T8247] ? __pfx____sys_sendmsg+0x10/0x10 [ 419.711944][ T8247] ? __pfx___lock_acquire+0x10/0x10 [ 419.713377][ T8247] ? __pfx___might_resched+0x10/0x10 [ 419.714818][ T8247] ? __might_fault+0xe3/0x190 [ 419.716079][ T8247] __sys_sendmmsg+0x201/0x420 [ 419.717335][ T8247] ? __pfx___sys_sendmmsg+0x10/0x10 [ 419.718741][ T8247] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 419.720290][ T8247] ? fput+0x67/0x440 [ 419.721294][ T8247] ? ksys_write+0x1ba/0x250 [ 419.722452][ T8247] ? __pfx_ksys_write+0x10/0x10 [ 419.723718][ T8247] __x64_sys_sendmmsg+0x9c/0x100 [ 419.725030][ T8247] ? lockdep_hardirqs_on+0x7c/0x110 [ 419.726414][ T8247] do_syscall_64+0xcd/0x250 [ 419.727647][ T8247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.729226][ T8247] RIP: 0033:0x7f2f8257ff19 [ 419.730424][ T8247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.735537][ T8247] RSP: 002b:00007f2f833ea058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 419.737963][ T8247] RAX: ffffffffffffffda RBX: 00007f2f82745fa0 RCX: 00007f2f8257ff19 [ 419.740138][ T8247] RDX: 000000000000fdef RSI: 00000000200020c0 RDI: 0000000000000004 [ 419.742313][ T8247] RBP: 00007f2f833ea0a0 R08: 0000000000000000 R09: 0000000000000000 [ 419.744436][ T8247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 419.746593][ T8247] R13: 0000000000000000 R14: 00007f2f82745fa0 R15: 00007ffc6a43d0c8 [ 419.748766][ T8247] [ 419.790654][ T8253] netlink: 12 bytes leftover after parsing attributes in process `syz.4.818'. [ 419.841361][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 419.841377][ T39] audit: type=1400 audit(1733411954.028:460): avc: denied { sqpoll } for pid=8252 comm="syz.3.817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 419.970300][ T39] audit: type=1400 audit(1733411954.158:461): avc: denied { relabelfrom } for pid=8263 comm="syz.3.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 419.979410][ T39] audit: type=1400 audit(1733411954.158:462): avc: denied { relabelto } for pid=8263 comm="syz.3.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 420.100207][ T8276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.825'. [ 420.103108][ T8276] netlink: 68 bytes leftover after parsing attributes in process `syz.0.825'. [ 420.177928][ T5977] Bluetooth: hci1: unexpected event for opcode 0x200a [ 420.306158][ T8292] netlink: 'syz.0.830': attribute type 1 has an invalid length. [ 420.328382][ T8296] ieee802154 phy0 wpan0: encryption failed: -22 [ 420.330277][ T8296] FAULT_INJECTION: forcing a failure. [ 420.330277][ T8296] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 420.333730][ T8296] CPU: 1 UID: 0 PID: 8296 Comm: syz.3.833 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 420.336526][ T8296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 420.339329][ T8296] Call Trace: [ 420.340220][ T8296] [ 420.341001][ T8296] dump_stack_lvl+0x16c/0x1f0 [ 420.342304][ T8296] should_fail_ex+0x497/0x5b0 [ 420.343550][ T8296] _copy_from_user+0x2e/0xd0 [ 420.344190][ T8298] Cannot find add_set index 3 as target [ 420.344778][ T8296] copy_msghdr_from_user+0x99/0x160 [ 420.348009][ T8296] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 420.349536][ T8296] ? __lock_acquire+0xcc5/0x3c40 [ 420.350883][ T8296] ? hlock_class+0x4e/0x130 [ 420.352085][ T8296] ? __lock_acquire+0x15a9/0x3c40 [ 420.353435][ T8296] ___sys_sendmsg+0xff/0x1e0 [ 420.354660][ T8296] ? __pfx____sys_sendmsg+0x10/0x10 [ 420.356030][ T8296] ? __pfx___lock_acquire+0x10/0x10 [ 420.357433][ T8296] ? __pfx___might_resched+0x10/0x10 [ 420.358857][ T8296] ? __might_fault+0xe3/0x190 [ 420.360104][ T8296] __sys_sendmmsg+0x201/0x420 [ 420.361351][ T8296] ? __pfx___sys_sendmmsg+0x10/0x10 [ 420.362788][ T8296] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 420.364445][ T8296] ? fput+0x67/0x440 [ 420.365521][ T8296] ? ksys_write+0x1ba/0x250 [ 420.366737][ T8296] ? __pfx_ksys_write+0x10/0x10 [ 420.368030][ T8296] __x64_sys_sendmmsg+0x9c/0x100 [ 420.369343][ T8296] ? lockdep_hardirqs_on+0x7c/0x110 [ 420.370779][ T8296] do_syscall_64+0xcd/0x250 [ 420.372050][ T8296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.373617][ T8296] RIP: 0033:0x7feb14b7ff19 [ 420.374809][ T8296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.379918][ T8296] RSP: 002b:00007feb15a52058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 420.382103][ T8296] RAX: ffffffffffffffda RBX: 00007feb14d45fa0 RCX: 00007feb14b7ff19 [ 420.384192][ T8296] RDX: 000000000000fdef RSI: 00000000200020c0 RDI: 0000000000000004 [ 420.386229][ T8296] RBP: 00007feb15a520a0 R08: 0000000000000000 R09: 0000000000000000 [ 420.386940][ T5969] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 420.388451][ T8296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 420.388462][ T8296] R13: 0000000000000000 R14: 00007feb14d45fa0 R15: 00007ffe0bcf2988 [ 420.388475][ T8296] [ 420.418427][ T8302] netlink: 12 bytes leftover after parsing attributes in process `syz.3.836'. [ 420.454310][ T5977] Bluetooth: hci0: unexpected event for opcode 0x200b [ 420.486495][ T8310] veth1_macvtap: left promiscuous mode [ 420.487969][ T8310] macsec0: entered promiscuous mode [ 420.489401][ T8310] macsec0: entered allmulticast mode [ 420.507713][ T39] audit: type=1400 audit(1733411954.698:463): avc: denied { read write } for pid=8305 comm="syz.3.838" name="usbmon1" dev="devtmpfs" ino=738 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 420.514493][ T39] audit: type=1400 audit(1733411954.698:464): avc: denied { open } for pid=8305 comm="syz.3.838" path="/dev/usbmon1" dev="devtmpfs" ino=738 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 420.520845][ T39] audit: type=1400 audit(1733411954.698:465): avc: denied { ioctl } for pid=8305 comm="syz.3.838" path="/dev/usbmon1" dev="devtmpfs" ino=738 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 420.565973][ T5969] usb 9-1: Using ep0 maxpacket: 8 [ 420.569369][ T5969] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 420.572260][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 420.576349][ T5969] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 420.580768][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 420.584810][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 420.589632][ T5969] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 420.592393][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 420.596403][ T5969] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 420.600502][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 420.604457][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 420.608594][ T5969] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 420.610714][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 420.613472][ T5969] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 420.616500][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 420.619726][ T5969] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 420.624878][ T5969] usb 9-1: string descriptor 0 read error: -22 [ 420.626716][ T5969] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 420.629175][ T5969] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.636365][ T5969] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 420.716030][ T25] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 420.788258][ T8325] netlink: 576 bytes leftover after parsing attributes in process `syz.0.844'. [ 420.788398][ T8326] netlink: 576 bytes leftover after parsing attributes in process `syz.0.844'. [ 420.838332][ T6009] usb 9-1: USB disconnect, device number 3 [ 420.865989][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 420.870434][ T25] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 420.872854][ T25] usb 7-1: config 179 has no interface number 0 [ 420.875190][ T25] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 420.879825][ T25] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 420.883107][ T25] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 420.886014][ T25] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 420.888480][ T25] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 420.891396][ T25] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 420.893354][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.897436][ T8312] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 421.002960][ T8338] netlink: 12 bytes leftover after parsing attributes in process `syz.0.849'. [ 421.106697][ T6009] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:179.65/input/input9 [ 421.114767][ T39] audit: type=1400 audit(1733411955.298:466): avc: denied { read } for pid=5337 comm="acpid" name="js0" dev="devtmpfs" ino=3209 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 421.114952][ T9] usb 7-1: USB disconnect, device number 10 [ 421.115193][ C2] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 421.115227][ C2] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 421.122242][ T39] audit: type=1400 audit(1733411955.298:467): avc: denied { open } for pid=5337 comm="acpid" path="/dev/input/js0" dev="devtmpfs" ino=3209 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 421.138083][ T39] audit: type=1400 audit(1733411955.298:468): avc: denied { ioctl } for pid=5337 comm="acpid" path="/dev/input/js0" dev="devtmpfs" ino=3209 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 421.138971][ T9] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 421.171050][ T39] audit: type=1400 audit(1733411955.358:469): avc: denied { read } for pid=8347 comm="syz.0.853" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 421.174985][ T5977] Bluetooth: hci1: unexpected event for opcode 0x0c12 [ 421.220275][ T8352] netlink: 12 bytes leftover after parsing attributes in process `syz.2.855'. [ 421.309268][ T8361] xt_CT: You must specify a L4 protocol and not use inversions on it [ 421.317289][ T8361] 9pnet_fd: Insufficient options for proto=fd [ 421.347429][ T8366] FAULT_INJECTION: forcing a failure. [ 421.347429][ T8366] name failslab, interval 1, probability 0, space 0, times 0 [ 421.350490][ T8366] CPU: 3 UID: 0 PID: 8366 Comm: syz.2.861 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 421.353018][ T8366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 421.355586][ T8366] Call Trace: [ 421.356414][ T8366] [ 421.357137][ T8366] dump_stack_lvl+0x16c/0x1f0 [ 421.358310][ T8366] should_fail_ex+0x497/0x5b0 [ 421.359499][ T8366] ? fs_reclaim_acquire+0xae/0x150 [ 421.360786][ T8366] should_failslab+0xc2/0x120 [ 421.361974][ T8366] __kmalloc_cache_noprof+0x68/0x410 [ 421.362575][ T5352] udevd[5352]: worker [6286] terminated by signal 33 (Unknown signal 33) [ 421.363228][ T8366] tty_register_device_attr+0x223/0x7c0 [ 421.366608][ T8366] ? __pfx_tty_register_device_attr+0x10/0x10 [ 421.368037][ T8366] ? lockdep_init_map_type+0x16d/0x7d0 [ 421.369396][ T8366] ? tty_port_init+0x156/0x1c0 [ 421.370592][ T8366] gsm_activate_mux+0x157/0x2e0 [ 421.371809][ T8366] gsmld_ioctl+0x8cc/0x1550 [ 421.372926][ T8366] ? __pfx_gsmld_ioctl+0x10/0x10 [ 421.374155][ T8366] ? __ldsem_down_read_nested+0xf4/0x920 [ 421.374868][ T8367] input: syz1 as /devices/virtual/input/input10 [ 421.375534][ T8366] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 421.375554][ T8366] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 421.380710][ T8366] ? __pfx_pty_bsd_ioctl+0x10/0x10 [ 421.381985][ T8366] ? __pfx_gsmld_ioctl+0x10/0x10 [ 421.383185][ T8366] tty_ioctl+0x6ee/0x15d0 [ 421.384250][ T8366] ? __pfx_tty_ioctl+0x10/0x10 [ 421.385411][ T8366] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 421.387073][ T8366] ? __pfx_lock_release+0x10/0x10 [ 421.388317][ T8366] ? selinux_file_ioctl+0x180/0x270 [ 421.389607][ T8366] ? selinux_file_ioctl+0xb4/0x270 [ 421.390853][ T8366] ? __pfx_tty_ioctl+0x10/0x10 [ 421.392010][ T8366] __x64_sys_ioctl+0x190/0x200 [ 421.393166][ T8366] do_syscall_64+0xcd/0x250 [ 421.394317][ T8366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.395773][ T8366] RIP: 0033:0x7fbf4677ff19 [ 421.396982][ T8366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.401769][ T8366] RSP: 002b:00007fbf474cc058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 421.403815][ T8366] RAX: ffffffffffffffda RBX: 00007fbf46945fa0 RCX: 00007fbf4677ff19 [ 421.405719][ T8366] RDX: 0000000020000000 RSI: 00000000404c4701 RDI: 0000000000000003 [ 421.407635][ T8366] RBP: 00007fbf474cc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 421.409550][ T8366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.411472][ T8366] R13: 0000000000000000 R14: 00007fbf46945fa0 R15: 00007ffc76176968 [ 421.413371][ T8366] [ 421.587137][ T8372] FAULT_INJECTION: forcing a failure. [ 421.587137][ T8372] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 421.590482][ T8372] CPU: 2 UID: 0 PID: 8372 Comm: syz.2.863 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 421.593115][ T8372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 421.596036][ T8372] Call Trace: [ 421.596965][ T8372] [ 421.597713][ T8372] dump_stack_lvl+0x16c/0x1f0 [ 421.598939][ T8372] should_fail_ex+0x497/0x5b0 [ 421.600161][ T8372] ? fs_reclaim_acquire+0xae/0x150 [ 421.601506][ T8372] should_fail_alloc_page+0xe7/0x130 [ 421.602901][ T8372] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 421.604496][ T8372] __alloc_pages_noprof+0x190/0x25b0 [ 421.605855][ T8372] ? find_held_lock+0x2d/0x110 [ 421.607112][ T8372] ? get_il_weight+0xf2/0x2a0 [ 421.608349][ T8372] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 421.609851][ T8372] ? get_il_weight+0xfc/0x2a0 [ 421.611058][ T8372] ? weighted_interleave_nodes+0x284/0x550 [ 421.612580][ T8372] ? policy_nodemask+0xea/0x4e0 [ 421.613867][ T8372] alloc_pages_mpol_noprof+0x2c9/0x610 [ 421.615303][ T8372] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 421.616866][ T8372] ? do_raw_spin_lock+0x12d/0x2c0 [ 421.618184][ T8372] ? lock_acquire+0x2f/0xb0 [ 421.619397][ T8372] ? kasan_populate_vmalloc_pte+0xfb/0x160 [ 421.620921][ T8372] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 421.622566][ T8372] get_free_pages_noprof+0xc/0x40 [ 421.623884][ T8372] kasan_populate_vmalloc_pte+0x2d/0x160 [ 421.625346][ T8372] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 421.626958][ T8372] __apply_to_page_range+0x5fd/0xd30 [ 421.628332][ T8372] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 421.629960][ T8372] ? __pfx___apply_to_page_range+0x10/0x10 [ 421.631471][ T8372] ? insert_vmap_area+0x2ef/0x4d0 [ 421.632778][ T8372] alloc_vmap_area+0x93e/0x2a70 [ 421.634021][ T8372] ? __pfx_alloc_vmap_area+0x10/0x10 [ 421.635341][ T8372] __get_vm_area_node+0x19e/0x2f0 [ 421.636820][ T8372] ? v4l_reqbufs+0x14c/0x1e0 [ 421.638177][ T8372] __vmalloc_node_range_noprof+0x26a/0x1530 [ 421.639866][ T8372] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.641198][ T8372] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.642532][ T8372] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 421.644171][ T8372] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.645490][ T8372] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 421.646921][ T8372] vmalloc_user_noprof+0x6b/0x90 [ 421.648219][ T8372] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.649556][ T8372] vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.650852][ T8372] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 421.652272][ T8372] __vb2_queue_alloc+0x896/0x1230 [ 421.653635][ T8372] vb2_core_reqbufs+0xa73/0xfb0 [ 421.654906][ T8372] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 421.656305][ T8372] ? __pfx___mutex_trylock_common+0x10/0x10 [ 421.657842][ T8372] ? trace_lock_acquire+0x14e/0x1f0 [ 421.659197][ T8372] ? __video_do_ioctl+0x4a2/0xf00 [ 421.660511][ T8372] ? trace_contention_end+0xee/0x140 [ 421.661886][ T8372] ? __mutex_lock+0x1cc/0xa60 [ 421.663101][ T8372] vb2_reqbufs+0x1a5/0x1f0 [ 421.664276][ T8372] ? __pfx_vb2_reqbufs+0x10/0x10 [ 421.665567][ T8372] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 421.667081][ T8372] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 421.668451][ T8372] v4l_reqbufs+0x14c/0x1e0 [ 421.669625][ T8372] __video_do_ioctl+0xaf0/0xf00 [ 421.670902][ T8372] ? __pfx___video_do_ioctl+0x10/0x10 [ 421.672301][ T8372] ? __might_fault+0xe3/0x190 [ 421.673547][ T8372] video_usercopy+0x4d2/0x1620 [ 421.674816][ T8372] ? __pfx___video_do_ioctl+0x10/0x10 [ 421.676395][ T8372] ? __pfx_video_usercopy+0x10/0x10 [ 421.677762][ T8372] v4l2_ioctl+0x1ba/0x250 [ 421.678950][ T8372] ? __pfx_v4l2_ioctl+0x10/0x10 [ 421.680227][ T8372] __x64_sys_ioctl+0x190/0x200 [ 421.681475][ T8372] do_syscall_64+0xcd/0x250 [ 421.682661][ T8372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.684162][ T8372] RIP: 0033:0x7fbf4677ff19 [ 421.685271][ T8372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.690300][ T8372] RSP: 002b:00007fbf474cc058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 421.692474][ T8372] RAX: ffffffffffffffda RBX: 00007fbf46945fa0 RCX: 00007fbf4677ff19 [ 421.694486][ T8372] RDX: 0000000020000040 RSI: 00000000c0145608 RDI: 0000000000000003 [ 421.696449][ T8372] RBP: 00007fbf474cc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 421.698348][ T8372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 421.700383][ T8372] R13: 0000000000000000 R14: 00007fbf46945fa0 R15: 00007ffc76176968 [ 421.702437][ T8372] [ 421.703671][ T8372] warn_alloc: 3 callbacks suppressed [ 421.703679][ T8372] syz.2.863: vmalloc error: size 2768896, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 421.710855][ T8372] CPU: 2 UID: 0 PID: 8372 Comm: syz.2.863 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 421.711552][ C0] ================================================================== [ 421.713601][ T8372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 421.713611][ T8372] Call Trace: [ 421.715724][ C0] BUG: KASAN: slab-out-of-bounds in selinux_ip_output+0x1e0/0x1f0 [ 421.718516][ T8372] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 421.719432][ C0] Read of size 8 at addr ffff88803439e758 by task syz.0.856/8353 [ 421.721429][ T8372] dump_stack_lvl+0x16c/0x1f0 [ 421.722338][ C0] [ 421.728113][ T8372] warn_alloc+0x24d/0x3a0 [ 421.729262][ T8372] ? __pfx_warn_alloc+0x10/0x10 [ 421.730557][ T8372] ? kfree+0x14f/0x4b0 [ 421.731625][ T8372] ? __get_vm_area_node+0x1dc/0x2f0 [ 421.732989][ T8372] __vmalloc_node_range_noprof+0xd27/0x1530 [ 421.734497][ T8372] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.735845][ T8372] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 421.737501][ T8372] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.738979][ T8372] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 421.740460][ T8372] vmalloc_user_noprof+0x6b/0x90 [ 421.741806][ T8372] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.743261][ T8372] vb2_vmalloc_alloc+0x11e/0x3d0 [ 421.744564][ T8372] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 421.745992][ T8372] __vb2_queue_alloc+0x896/0x1230 [ 421.747313][ T8372] vb2_core_reqbufs+0xa73/0xfb0 [ 421.748588][ T8372] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 421.749994][ T8372] ? __pfx___mutex_trylock_common+0x10/0x10 [ 421.751638][ T8372] ? trace_lock_acquire+0x14e/0x1f0 [ 421.752997][ T8372] ? __video_do_ioctl+0x4a2/0xf00 [ 421.754319][ T8372] ? trace_contention_end+0xee/0x140 [ 421.755695][ T8372] ? __mutex_lock+0x1cc/0xa60 [ 421.756928][ T8372] vb2_reqbufs+0x1a5/0x1f0 [ 421.758100][ T8372] ? __pfx_vb2_reqbufs+0x10/0x10 [ 421.759328][ T8372] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 421.760824][ T8372] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 421.762200][ T8372] v4l_reqbufs+0x14c/0x1e0 [ 421.763358][ T8372] __video_do_ioctl+0xaf0/0xf00 [ 421.764647][ T8372] ? __pfx___video_do_ioctl+0x10/0x10 [ 421.766041][ T8372] ? __might_fault+0xe3/0x190 [ 421.767232][ T8372] video_usercopy+0x4d2/0x1620 [ 421.768458][ T8372] ? __pfx___video_do_ioctl+0x10/0x10 [ 421.769873][ T8372] ? __pfx_video_usercopy+0x10/0x10 [ 421.771218][ T8372] v4l2_ioctl+0x1ba/0x250 [ 421.772344][ T8372] ? __pfx_v4l2_ioctl+0x10/0x10 [ 421.773602][ T8372] __x64_sys_ioctl+0x190/0x200 [ 421.774829][ T8372] do_syscall_64+0xcd/0x250 [ 421.776003][ T8372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.777541][ T8372] RIP: 0033:0x7fbf4677ff19 [ 421.778687][ T8372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.783519][ T8372] RSP: 002b:00007fbf474cc058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 421.785643][ T8372] RAX: ffffffffffffffda RBX: 00007fbf46945fa0 RCX: 00007fbf4677ff19 [ 421.787722][ T8372] RDX: 0000000020000040 RSI: 00000000c0145608 RDI: 0000000000000003 [ 421.789755][ T8372] RBP: 00007fbf474cc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 421.791749][ T8372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 421.793739][ T8372] R13: 0000000000000000 R14: 00007fbf46945fa0 R15: 00007ffc76176968 [ 421.795711][ T8372] [ 421.796522][ C0] CPU: 0 UID: 0 PID: 8353 Comm: syz.0.856 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 421.799297][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 421.802055][ C0] Call Trace: [ 421.802924][ C0] [ 421.803657][ C0] dump_stack_lvl+0x116/0x1f0 [ 421.804878][ C0] print_report+0xc3/0x620 [ 421.806045][ C0] ? __virt_addr_valid+0x5e/0x590 [ 421.807366][ C0] ? __phys_addr+0xc6/0x150 [ 421.808559][ C0] kasan_report+0xd9/0x110 [ 421.809736][ C0] ? selinux_ip_output+0x1e0/0x1f0 [ 421.811076][ C0] ? selinux_ip_output+0x1e0/0x1f0 [ 421.812404][ C0] selinux_ip_output+0x1e0/0x1f0 [ 421.813711][ C0] ? __pfx_selinux_ip_output+0x10/0x10 [ 421.815076][ C0] nf_hook_slow+0xbb/0x200 [ 421.816244][ C0] nf_hook+0x386/0x6d0 [ 421.817325][ C0] ? __pfx_dst_output+0x10/0x10 [ 421.818611][ C0] ? __pfx_nf_hook+0x10/0x10 [ 421.819789][ C0] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 421.821234][ C0] ? __pfx_ip_reply_glue_bits+0x10/0x10 [ 421.822601][ C0] ? __pfx_dst_output+0x10/0x10 [ 421.823832][ C0] ? __ip_make_skb+0x1150/0x1d00 [ 421.824986][ C0] ? do_csum+0x26f/0x2d0 [ 421.825978][ C0] __ip_local_out+0x339/0x640 [ 421.827116][ C0] ? __pfx_dst_output+0x10/0x10 [ 421.828358][ C0] ip_push_pending_frames+0xa0/0x5b0 [ 421.829676][ C0] ip_send_unicast_reply+0xd0e/0x1650 [ 421.831061][ C0] ? __pfx_ip_send_unicast_reply+0x10/0x10 [ 421.832568][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 421.833857][ C0] ? tcp_v4_send_ack+0x627/0x13f0 [ 421.835152][ C0] tcp_v4_send_ack+0x976/0x13f0 [ 421.836380][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 421.837718][ C0] ? __pfx_tcp_v4_send_ack+0x10/0x10 [ 421.838973][ C0] ? find_held_lock+0x2d/0x110 [ 421.840189][ C0] ? tcp_v4_rcv+0x38a6/0x4380 [ 421.841319][ C0] ? mark_held_locks+0x9f/0xe0 [ 421.842508][ C0] ? tcp_v4_rcv+0x2f8e/0x4380 [ 421.843692][ C0] tcp_v4_rcv+0x2f8e/0x4380 [ 421.844855][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 421.846072][ C0] ? rcu_is_watching+0x12/0xc0 [ 421.847271][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 421.848540][ C0] ip_protocol_deliver_rcu+0xba/0x4c0 [ 421.849857][ C0] ip_local_deliver_finish+0x316/0x570 [ 421.851188][ C0] ip_local_deliver+0x18e/0x1f0 [ 421.852410][ C0] ? __pfx_ip_local_deliver+0x10/0x10 [ 421.853757][ C0] ip_rcv+0x2c3/0x5d0 [ 421.854764][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 421.855917][ C0] __netif_receive_skb_one_core+0x199/0x1e0 [ 421.857366][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 421.858913][ C0] ? rcu_is_watching+0x12/0xc0 [ 421.860103][ C0] ? process_backlog+0x3f1/0x15f0 [ 421.861372][ C0] ? process_backlog+0x3f1/0x15f0 [ 421.862605][ C0] __netif_receive_skb+0x1d/0x160 [ 421.863844][ C0] process_backlog+0x443/0x15f0 [ 421.865066][ C0] __napi_poll.constprop.0+0xb7/0x550 [ 421.866428][ C0] net_rx_action+0xa94/0x1010 [ 421.867609][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 421.868927][ C0] ? __pfx_mark_lock+0x10/0x10 [ 421.870145][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 421.871439][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 421.872725][ C0] ? sched_clock+0x38/0x60 [ 421.873831][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 421.875061][ C0] ? mark_held_locks+0x9f/0xe0 [ 421.876027][ T8372] Mem-Info: [ 421.876199][ C0] handle_softirqs+0x213/0x8f0 [ 421.876968][ T8372] active_anon:10709 inactive_anon:0 isolated_anon:0 [ 421.876968][ T8372] active_file:936 inactive_file:50647 isolated_file:0 [ 421.876968][ T8372] unevictable:1768 dirty:367 writeback:0 [ 421.876968][ T8372] slab_reclaimable:11627 slab_unreclaimable:75855 [ 421.876968][ T8372] mapped:20701 shmem:8168 pagetables:840 [ 421.876968][ T8372] sec_pagetables:301 bounce:0 [ 421.876968][ T8372] kernel_misc_reclaimable:0 [ 421.876968][ T8372] free:450946 free_pcp:9255 free_cma:0 [ 421.878078][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 421.892588][ C0] ? irqtime_account_irq+0x18d/0x2e0 [ 421.893896][ C0] ? __dev_queue_xmit+0x89b/0x43e0 [ 421.894308][ T8372] Node 0 active_anon:42836kB inactive_anon:0kB active_file:3744kB inactive_file:202512kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:82804kB dirty:1468kB writeback:0kB shmem:29136kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12688kB pagetables:3360kB sec_pagetables:1204kB all_unreclaimable? no [ 421.895168][ C0] do_softirq+0xb2/0xf0 [ 421.904667][ T8372] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 421.905479][ C0] [ 421.914367][ T8372] Node 0 [ 421.914601][ C0] [ 421.914611][ C0] __local_bh_enable_ip+0x100/0x120 [ 421.915404][ T8372] DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 421.916180][ C0] ? __dev_queue_xmit+0x89b/0x43e0 [ 421.916203][ C0] __dev_queue_xmit+0x8b0/0x43e0 [ 421.916217][ C0] ? __lock_acquire+0x15a9/0x3c40 [ 421.916229][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 421.916242][ C0] ? __free_zapped_classes+0x300/0x320 [ 421.916258][ C0] ? __pfx_mark_lock+0x10/0x10 [ 421.916269][ C0] ? find_held_lock+0x2d/0x110 [ 421.916283][ C0] ? __ip_finish_output+0x49e/0x950 [ 421.916295][ C0] ? __pfx_lock_release+0x10/0x10 [ 421.916306][ C0] ? mark_held_locks+0x9f/0xe0 [ 421.916317][ C0] ip_finish_output2+0xc6c/0x2150 [ 421.916332][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 421.916344][ C0] ? ip_skb_dst_mtu+0x3fc/0xc70 [ 421.916356][ C0] ? __pfx_ip_skb_dst_mtu+0x10/0x10 [ 421.917881][ T8372] lowmem_reserve[]: [ 421.924340][ C0] __ip_finish_output+0x49e/0x950 [ 421.925689][ T8372] 0 1212 [ 421.926951][ C0] ip_finish_output+0x35/0x380 [ 421.926973][ C0] ip_output+0x13b/0x2a0 [ 421.926985][ C0] ? __pfx_ip_output+0x10/0x10 [ 421.926996][ C0] ip_local_out+0x33e/0x4a0 [ 421.927009][ C0] __ip_queue_xmit+0x777/0x1970 [ 421.929388][ T8372] 0 [ 421.929764][ C0] ? __pfx_ip_queue_xmit+0x10/0x10 [ 421.931206][ T8372] 0 [ 421.932436][ C0] __tcp_transmit_skb+0x2b39/0x3df0 [ 421.933943][ T8372] 0 [ 421.934989][ C0] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 421.936802][ T8372] [ 421.937598][ C0] ? __pfx_lock_release+0x10/0x10 [ 421.938931][ T8372] Node 0 [ 421.940356][ C0] ? ktime_get+0x206/0x300 [ 421.941650][ T8372] DMA32 free:225380kB boost:0kB min:27608kB low:34508kB high:41408kB reserved_highatomic:0KB active_anon:42836kB inactive_anon:0kB active_file:3744kB inactive_file:202512kB unevictable:3536kB writepending:1468kB present:2080628kB managed:1269936kB mlocked:0kB bounce:0kB free_pcp:12800kB local_pcp:1968kB free_cma:0kB [ 421.943002][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 421.944038][ T8372] lowmem_reserve[]: 0 [ 421.945387][ C0] tcp_write_xmit+0x12b1/0x8560 [ 421.946803][ T8372] 0 [ 421.947504][ C0] ? tcp_current_mss+0x27e/0x500 [ 421.948634][ T8372] 0 [ 421.949883][ C0] __tcp_push_pending_frames+0xaf/0x390 [ 421.951075][ T8372] 0 [ 421.952335][ C0] tcp_send_fin+0x154/0xc70 [ 421.953014][ T8372] 0 [ 421.954347][ C0] ? __pfx_tcp_send_fin+0x10/0x10 [ 421.955030][ T8372] [ 421.956372][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 421.956395][ C0] __tcp_close+0x96b/0xff0 [ 421.956407][ C0] tcp_close+0x28/0x120 [ 421.956417][ C0] inet_release+0x13c/0x280 [ 421.957904][ T8372] Node 1 [ 421.958539][ C0] __sock_release+0xb0/0x270 [ 421.959182][ T8372] Normal free:1562788kB boost:0kB min:39632kB low:49540kB high:59448kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:24352kB local_pcp:10676kB free_cma:0kB [ 421.960480][ C0] ? __pfx_sock_close+0x10/0x10 [ 421.961331][ T8372] lowmem_reserve[]: 0 [ 421.962487][ C0] sock_close+0x1c/0x30 [ 421.970850][ T8372] 0 [ 421.971677][ C0] __fput+0x3f8/0xb60 [ 421.972741][ T8372] 0 [ 421.974024][ C0] task_work_run+0x14e/0x250 [ 421.974700][ T8372] 0 [ 421.975977][ C0] ? __pfx_task_work_run+0x10/0x10 [ 421.975995][ C0] ? __pfx___do_sys_close_range+0x10/0x10 [ 421.976009][ C0] syscall_exit_to_user_mode+0x27b/0x2a0 [ 421.976023][ C0] do_syscall_64+0xda/0x250 [ 421.976036][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.977334][ T8372] 0 [ 421.978133][ C0] RIP: 0033:0x7fbba097ff19 [ 421.978808][ T8372] [ 421.979978][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.980648][ T8372] Node 0 [ 421.981950][ C0] RSP: 002b:00007ffd53fcfe28 EFLAGS: 00000246 [ 421.982595][ T8372] DMA: [ 421.983994][ C0] ORIG_RAX: 00000000000001b4 [ 421.985170][ T8372] 0*4kB [ 421.986253][ C0] RAX: 0000000000000000 RBX: 00007fbba0b47ba0 RCX: 00007fbba097ff19 [ 421.986269][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 421.986275][ C0] RBP: 00007fbba0b47ba0 R08: 0000000000000214 R09: 00007ffd53fd010f [ 421.986282][ C0] R10: 00000000003ffbd0 R11: 0000000000000246 R12: 000000000006705d [ 421.986288][ C0] R13: 00007fbba0b46080 R14: 0000000000000032 R15: ffffffffffffffff [ 421.986299][ C0] [ 421.986303][ C0] [ 421.986306][ C0] The buggy address belongs to the object at ffff88803439e6e0 [ 421.986306][ C0] which belongs to the cache tw_sock_TCPv6 of size 288 [ 421.986314][ C0] The buggy address is located 120 bytes inside of [ 421.986314][ C0] allocated 288-byte region [ffff88803439e6e0, ffff88803439e800) [ 421.986324][ C0] [ 421.986327][ C0] The buggy address belongs to the physical page: [ 421.986330][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3439e [ 421.986340][ C0] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 421.986347][ C0] memcg:ffff8880302e1901 [ 421.986352][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 421.988991][ T8372] 0*8kB [ 421.989496][ C0] page_type: f5(slab) [ 421.996990][ T8372] 0*16kB [ 421.998021][ C0] raw: 00fff00000000040 ffff88810965e280 dead000000000122 0000000000000000 [ 421.999058][ T8372] 0*32kB [ 422.000454][ C0] raw: 0000000000000000 0000000080170017 00000001f5000000 ffff8880302e1901 [ 422.001117][ T8372] 0*64kB [ 422.002470][ C0] head: 00fff00000000040 ffff88810965e280 dead000000000122 0000000000000000 [ 422.003136][ T8372] 0*128kB [ 422.004352][ C0] head: 0000000000000000 0000000080170017 00000001f5000000 ffff8880302e1901 [ 422.004989][ T8372] 0*256kB [ 422.006565][ C0] head: 00fff00000000001 ffffea0000d0e781 ffffffffffffffff 0000000000000000 [ 422.006578][ C0] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 422.006583][ C0] page dumped because: kasan: bad access detected [ 422.006589][ C0] page_owner tracks the page as allocated [ 422.006592][ C0] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6268, tgid 6267 (syz.0.86), ts 390894051466, free_ts 390806829548 [ 422.006610][ C0] post_alloc_hook+0x2d1/0x350 [ 422.008981][ T8372] 0*512kB [ 422.009891][ C0] get_page_from_freelist+0xfce/0x2f80 [ 422.011090][ T8372] 1*1024kB [ 422.013064][ C0] __alloc_pages_noprof+0x223/0x25b0 [ 422.013089][ C0] alloc_pages_mpol_noprof+0x2c9/0x610 [ 422.013111][ C0] new_slab+0x2c9/0x410 [ 422.013126][ C0] ___slab_alloc+0xdac/0x1870 [ 422.013141][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 422.013162][ C0] kmem_cache_alloc_noprof+0xfa/0x3d0 [ 422.013180][ C0] inet_twsk_alloc+0x120/0x970 [ 422.013194][ C0] tcp_time_wait+0x5f/0xe10 [ 422.013210][ C0] tcp_fin+0x418/0x500 [ 422.013230][ C0] tcp_data_queue+0x1d61/0x4d80 [ 422.013252][ C0] tcp_rcv_state_process+0xf6f/0x4c40 [ 422.013276][ C0] tcp_v4_do_rcv+0x1ad/0xa90 [ 422.013978][ T8372] (U) 1*2048kB [ 422.015307][ C0] tcp_v4_rcv+0x33a0/0x4380 [ 422.016972][ T8372] (M) [ 422.021972][ C0] ip_protocol_deliver_rcu+0xba/0x4c0 [ 422.022818][ T8372] 3*4096kB [ 422.024634][ C0] page last free pid 6264 tgid 6264 stack trace: [ 422.025370][ T8372] (M) = 15360kB [ 422.026859][ C0] free_unref_page+0x661/0x1080 [ 422.026874][ C0] vfree+0x17a/0x890 [ 422.026883][ C0] vb2_vmalloc_put+0x7b/0xc0 [ 422.026894][ C0] __vb2_buf_mem_free+0x14d/0x2b0 [ 422.026904][ C0] __vb2_queue_free+0x7dc/0xa20 [ 422.026913][ C0] vb2_core_queue_release+0x70/0x190 [ 422.026923][ C0] v4l2_m2m_ctx_release+0x1e/0x40 [ 422.026932][ C0] vicodec_release+0x9c/0x150 [ 422.026944][ C0] v4l2_release+0x232/0x460 [ 422.026956][ C0] __fput+0x3f8/0xb60 [ 422.026967][ C0] task_work_run+0x14e/0x250 [ 422.026976][ C0] syscall_exit_to_user_mode+0x27b/0x2a0 [ 422.026989][ C0] do_syscall_64+0xda/0x250 [ 422.028871][ T8372] Node 0 [ 422.030265][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.032319][ T8372] DMA32: 417*4kB [ 422.034625][ C0] [ 422.034632][ C0] Memory state around the buggy address: [ 422.037207][ T8372] (UME) [ 422.038680][ C0] ffff88803439e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 422.039506][ T8372] 252*8kB [ 422.040314][ C0] ffff88803439e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 422.043983][ T8372] (UME) [ 422.047895][ C0] >ffff88803439e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 422.047910][ C0] ^ [ 422.047921][ C0] ffff88803439e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 422.047933][ C0] ffff88803439e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 422.047942][ C0] ================================================================== [ 422.048071][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 422.048080][ C0] CPU: 0 UID: 0 PID: 8353 Comm: syz.0.856 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 [ 422.048102][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 422.048113][ C0] Call Trace: [ 422.048118][ C0] [ 422.048125][ C0] dump_stack_lvl+0x3d/0x1f0 [ 422.048150][ C0] panic+0x71d/0x800 [ 422.048180][ C0] ? mark_held_locks+0x9f/0xe0 [ 422.048192][ C0] ? __pfx_panic+0x10/0x10 [ 422.048217][ C0] ? irqentry_exit+0x3b/0x90 [ 422.048238][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 422.048262][ C0] ? check_panic_on_warn+0x1f/0xb0 [ 422.048280][ C0] check_panic_on_warn+0xab/0xb0 [ 422.048294][ C0] end_report+0x117/0x180 [ 422.048311][ C0] kasan_report+0xe9/0x110 [ 422.048332][ C0] ? selinux_ip_output+0x1e0/0x1f0 [ 422.048356][ C0] ? selinux_ip_output+0x1e0/0x1f0 [ 422.048378][ C0] selinux_ip_output+0x1e0/0x1f0 [ 422.048395][ C0] ? __pfx_selinux_ip_output+0x10/0x10 [ 422.048417][ C0] nf_hook_slow+0xbb/0x200 [ 422.048437][ C0] nf_hook+0x386/0x6d0 [ 422.048457][ C0] ? __pfx_dst_output+0x10/0x10 [ 422.048471][ C0] ? __pfx_nf_hook+0x10/0x10 [ 422.048481][ C0] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 422.048495][ C0] ? __pfx_ip_reply_glue_bits+0x10/0x10 [ 422.048507][ C0] ? __pfx_dst_output+0x10/0x10 [ 422.048519][ C0] ? __ip_make_skb+0x1150/0x1d00 [ 422.048531][ C0] ? do_csum+0x26f/0x2d0 [ 422.048543][ C0] __ip_local_out+0x339/0x640 [ 422.048555][ C0] ? __pfx_dst_output+0x10/0x10 [ 422.048567][ C0] ip_push_pending_frames+0xa0/0x5b0 [ 422.048580][ C0] ip_send_unicast_reply+0xd0e/0x1650 [ 422.048594][ C0] ? __pfx_ip_send_unicast_reply+0x10/0x10 [ 422.203258][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 422.204588][ C0] ? tcp_v4_send_ack+0x627/0x13f0 [ 422.205879][ C0] tcp_v4_send_ack+0x976/0x13f0 [ 422.207102][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 422.208424][ C0] ? __pfx_tcp_v4_send_ack+0x10/0x10 [ 422.209845][ C0] ? find_held_lock+0x2d/0x110 [ 422.211107][ C0] ? tcp_v4_rcv+0x38a6/0x4380 [ 422.212314][ C0] ? mark_held_locks+0x9f/0xe0 [ 422.213506][ C0] ? tcp_v4_rcv+0x2f8e/0x4380 [ 422.214754][ C0] tcp_v4_rcv+0x2f8e/0x4380 [ 422.215928][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 422.217201][ C0] ? rcu_is_watching+0x12/0xc0 [ 422.218457][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 422.219741][ C0] ip_protocol_deliver_rcu+0xba/0x4c0 [ 422.221155][ C0] ip_local_deliver_finish+0x316/0x570 [ 422.222591][ C0] ip_local_deliver+0x18e/0x1f0 [ 422.223853][ C0] ? __pfx_ip_local_deliver+0x10/0x10 [ 422.225281][ C0] ip_rcv+0x2c3/0x5d0 [ 422.226342][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 422.227541][ C0] __netif_receive_skb_one_core+0x199/0x1e0 [ 422.229094][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 422.230769][ C0] ? rcu_is_watching+0x12/0xc0 [ 422.232026][ C0] ? process_backlog+0x3f1/0x15f0 [ 422.233296][ C0] ? process_backlog+0x3f1/0x15f0 [ 422.234574][ C0] __netif_receive_skb+0x1d/0x160 [ 422.235867][ C0] process_backlog+0x443/0x15f0 [ 422.237145][ C0] __napi_poll.constprop.0+0xb7/0x550 [ 422.238554][ C0] net_rx_action+0xa94/0x1010 [ 422.239791][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 422.241124][ C0] ? __pfx_mark_lock+0x10/0x10 [ 422.242422][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 422.243785][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 422.245162][ C0] ? sched_clock+0x38/0x60 [ 422.246346][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 422.247611][ C0] ? mark_held_locks+0x9f/0xe0 [ 422.248866][ C0] handle_softirqs+0x213/0x8f0 [ 422.250143][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 422.251548][ C0] ? irqtime_account_irq+0x18d/0x2e0 [ 422.252980][ C0] ? __dev_queue_xmit+0x89b/0x43e0 [ 422.254328][ C0] do_softirq+0xb2/0xf0 [ 422.255426][ C0] [ 422.256197][ C0] [ 422.256975][ C0] __local_bh_enable_ip+0x100/0x120 [ 422.258348][ C0] ? __dev_queue_xmit+0x89b/0x43e0 [ 422.259713][ C0] __dev_queue_xmit+0x8b0/0x43e0 [ 422.261013][ C0] ? __lock_acquire+0x15a9/0x3c40 [ 422.262344][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 422.263749][ C0] ? __free_zapped_classes+0x300/0x320 [ 422.265176][ C0] ? __pfx_mark_lock+0x10/0x10 [ 422.266440][ C0] ? find_held_lock+0x2d/0x110 [ 422.267657][ C0] ? __ip_finish_output+0x49e/0x950 [ 422.268981][ C0] ? __pfx_lock_release+0x10/0x10 [ 422.270281][ C0] ? mark_held_locks+0x9f/0xe0 [ 422.271520][ C0] ip_finish_output2+0xc6c/0x2150 [ 422.272893][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 422.274673][ C0] ? ip_skb_dst_mtu+0x3fc/0xc70 [ 422.276064][ C0] ? __pfx_ip_skb_dst_mtu+0x10/0x10 [ 422.277385][ C0] __ip_finish_output+0x49e/0x950 [ 422.278715][ C0] ip_finish_output+0x35/0x380 [ 422.279961][ C0] ip_output+0x13b/0x2a0 [ 422.281028][ C0] ? __pfx_ip_output+0x10/0x10 [ 422.282280][ C0] ip_local_out+0x33e/0x4a0 [ 422.283429][ C0] __ip_queue_xmit+0x777/0x1970 [ 422.284697][ C0] ? __pfx_ip_queue_xmit+0x10/0x10 [ 422.286100][ C0] __tcp_transmit_skb+0x2b39/0x3df0 [ 422.287850][ C0] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 422.289249][ C0] ? __pfx_lock_release+0x10/0x10 [ 422.290566][ C0] ? ktime_get+0x206/0x300 [ 422.291692][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 422.292993][ C0] tcp_write_xmit+0x12b1/0x8560 [ 422.294237][ C0] ? tcp_current_mss+0x27e/0x500 [ 422.295470][ C0] __tcp_push_pending_frames+0xaf/0x390 [ 422.296896][ C0] tcp_send_fin+0x154/0xc70 [ 422.298090][ C0] ? __pfx_tcp_send_fin+0x10/0x10 [ 422.299398][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 422.300884][ C0] __tcp_close+0x96b/0xff0 [ 422.302350][ C0] tcp_close+0x28/0x120 [ 422.303630][ C0] inet_release+0x13c/0x280 [ 422.304794][ C0] __sock_release+0xb0/0x270 [ 422.305949][ C0] ? __pfx_sock_close+0x10/0x10 [ 422.307154][ C0] sock_close+0x1c/0x30 [ 422.308190][ C0] __fput+0x3f8/0xb60 [ 422.309224][ C0] task_work_run+0x14e/0x250 [ 422.310407][ C0] ? __pfx_task_work_run+0x10/0x10 [ 422.311772][ C0] ? __pfx___do_sys_close_range+0x10/0x10 [ 422.313673][ C0] syscall_exit_to_user_mode+0x27b/0x2a0 [ 422.315436][ C0] do_syscall_64+0xda/0x250 [ 422.316930][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.318845][ C0] RIP: 0033:0x7fbba097ff19 [ 422.320016][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.326025][ C0] RSP: 002b:00007ffd53fcfe28 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 422.328799][ C0] RAX: 0000000000000000 RBX: 00007fbba0b47ba0 RCX: 00007fbba097ff19 [ 422.331054][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 422.333564][ C0] RBP: 00007fbba0b47ba0 R08: 0000000000000214 R09: 00007ffd53fd010f [ 422.336223][ C0] R10: 00000000003ffbd0 R11: 0000000000000246 R12: 000000000006705d [ 422.338864][ C0] R13: 00007fbba0b46080 R14: 0000000000000032 R15: ffffffffffffffff [ 422.341517][ C0] [ 422.343196][ C0] Kernel Offset: disabled [ 422.344674][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:14:55 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000002 RCX=ffffffff8179164f RDX=ffff88802b4d8000 RSI=ffffffff8179162a RDI=0000000000000005 RBP=ffffffff8d955dbe RSP=ffffc900000071b0 R8 =0000000000000005 R9 =00000000ffffffff R10=0000000000000002 R11=0000000037333854 R12=ffff88803439e758 R13=0000000000000001 R14=0000000000000008 R15=ffff88802b4d8000 RIP=ffffffff8179162c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000555569b34500 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2efc84 CR3=0000000012eb4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f4830 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f483d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f4837 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f484b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f48d1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f49af ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf46910488 00007fbf46910480 00007fbf46910478 00007fbf46910450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf4747d100 00007fbf46910440 00007fbf46910458 0004000700080006 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf46910498 00007fbf46910490 00007fbf46910488 00007fbf46910480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 000000000000008c ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000001d RBX=0000000000000757 RCX=1ffffffff2dd5ba7 RDX=0000000000000000 RSI=0000000000000008 RDI=ffffffff96eadd38 RBP=0000000000000027 RSP=ffffc900006b0a60 R8 =0000000000000000 R9 =fffffbfff2dca3b5 R10=ffffffff96e51daf R11=0000000000000005 R12=0000000000000001 R13=ffff888034f7c880 R14=0000000000000003 R15=ffff888034f7d3d8 RIP=ffffffff81767925 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f670b5bad00 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f2f82747bac CR3=000000002b440000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000003400003 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 697270203a732500 7325207461206465 7269707865207972 746e65203a732500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c5755051f560000 5600055144054140 574c555d40055c57 514b40051f560000 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=ca86c8afca86c8af ca86c8afca86c8af ca86c8afca86c8af ca86c8afca86c8af ca86c8afca86c8af ca86c8afca86c8af ca86c8afca86c8af ca86c8afca86c8af ZMM22=13c156f313c156f3 13c156f313c156f3 13c156f313c156f3 13c156f313c156f3 13c156f313c156f3 13c156f313c156f3 13c156f313c156f3 13c156f313c156f3 ZMM23=9b5f113d9b5f113d 9b5f113d9b5f113d 9b5f113d9b5f113d 9b5f113d9b5f113d 9b5f113d9b5f113d 9b5f113d9b5f113d 9b5f113d9b5f113d 9b5f113d9b5f113d ZMM24=bb6ed6cbbb6ed6cb bb6ed6cbbb6ed6cb bb6ed6cbbb6ed6cb bb6ed6cbbb6ed6cb bb6ed6cbbb6ed6cb bb6ed6cbbb6ed6cb bb6ed6cbbb6ed6cb bb6ed6cbbb6ed6cb ZMM25=5c345cf15c345cf1 5c345cf15c345cf1 5c345cf15c345cf1 5c345cf15c345cf1 5c345cf15c345cf1 5c345cf15c345cf1 5c345cf15c345cf1 5c345cf15c345cf1 ZMM26=1ef884041ef88404 1ef884041ef88404 1ef884041ef88404 1ef884041ef88404 1ef884041ef88404 1ef884041ef88404 1ef884041ef88404 1ef884041ef88404 ZMM27=2130f1472130f147 2130f1472130f147 2130f1472130f147 2130f1472130f147 2130f1472130f147 2130f1472130f147 2130f1472130f147 2130f1472130f147 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=b1040000b1040000 b1040000b1040000 b1040000b1040000 b1040000b1040000 b1040000b1040000 b1040000b1040000 b1040000b1040000 b1040000b1040000 info registers vcpu 2 CPU#2 RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff851c98d5 RDI=ffffffff9ab0fbe0 RBP=ffffffff9ab0fba0 RSP=ffffc90004737020 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005 R12=0000000000000000 R13=0000000000000073 R14=ffffffff851c9870 R15=0000000000000000 RIP=ffffffff851c98ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007fbf474cc6c0 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fbf46763ce0 CR3=00000000213e0000 CR4=00352ef0 DR0=fffffffffffffffc DR1=0000000000000000 DR2=0000000000000002 DR3=0000000000000800 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffffffc Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf474cc080 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f4830 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f483d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f4837 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f484b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f48d1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf467f49af ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 73697664616d2065 74616c75706f7000 757a253d657a6973 2070253d72747000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 564c534144480540 51444950554a5500 505f0018405f4c56 0555001857515500 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 000000000000008c ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000015 RCX=ffffffff81e7e919 RDX=ffff888026d28000 RSI=000000000000002a RDI=0000000000000004 RBP=000000000000002a RSP=ffffc900034177f0 R8 =0000000000000004 R9 =000000000000002a R10=0000000000000015 R11=0000000000000003 R12=0000000000000000 R13=dffffc0000000000 R14=ffff88802aca8000 R15=ffffea0000d88200 RIP=ffffffff819a061c RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f5689e77d60 CR3=000000000df7e000 CR4=00352ef0 DR0=fffffffffffffffc DR1=0000000000000000 DR2=0000000000000002 DR3=0000000000000800 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f56893106a3 00007f56893106a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd950e3140 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557dd2e894 000055557dd2e890 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557dd1e490 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557dd236e9 000055557dd23460 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd950e35a4 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008001498030008 0014900300080014 8803000800148003 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0102a01000138004 0a1000060102a800 080015a003000800 1598030008001590 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0303ffffffff0415 800303ffffffff04 14f00300080014e8 0300080014e00300 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 080014d803000800 14d00303ffffffff 0414c00300080014 b80300080014b003 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03ffffffff0414a0 0300080014980300 0800149003000800 1488030008001480 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000