last executing test programs: 5.210742223s ago: executing program 1 (id=2138): socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x79b3, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0)) socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x1, 0x0, 0x3b9}, &(0x7f00000002c0), &(0x7f00000000c0)=0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x6, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r3}, 0x38) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f00000004c0)) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@private=0xa010100, @local, @local}, 0xc) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000080)) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r5, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1200412}, 0xc, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="47a083cc8fce22d5fb80f459530423a4e1be87c00628716a36b3d72c5979c1db4ae69f700c7b0306aab13bcb0aa5e23d0c1a0e22ed7587daca33469806460048903d89554edb6de7072f21dfb23ad06214a14915d37b8ba2652a2ddcbed9ac4c7146df68b09a2c477936cd9024c509583ec7be58db56be139974d27fe100"/135, @ANYRES32=r0, @ANYRES16], 0x34}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) r6 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, &(0x7f0000000100)) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001180)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x80010, r1, 0x10000000) 5.08042528s ago: executing program 1 (id=2140): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$qrtr(0xffffffffffffffff, &(0x7f0000000340)={0x2a, 0x4}, 0xc) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000000)=0x1) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x0, @local}, 0x2}}, 0x26) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r5, 0x111, 0x3, 0x20000000, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x5, 0x400, 0x0, 0x1}, 0x48) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f00000001c0)={0x42, 0x0, &(0x7f0000000180)}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200), 0x4}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000100)) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c) sendto$inet6(r7, &(0x7f00000001c0)='O', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) 4.270764266s ago: executing program 1 (id=2144): socket$inet_udp(0x2, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 3.391165341s ago: executing program 1 (id=2149): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0], 0x18}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000780)={0x18, &(0x7f00000008c0)=ANY=[@ANYBLOB="10000f00"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_write(r0, 0x0, 0x0, 0x0) ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, 0x0) syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x4ec42) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000840)={0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="40003000000030001edb9991a0bca15ac13786e92c80546e132888720db67d689d7c13ccdf577b03403dd245c104"], &(0x7f00000006c0)=ANY=[]}, &(0x7f00000011c0)={0x1c, &(0x7f0000000f40)=ANY=[@ANYBLOB="2017bd000000f8a68c3a2cdcdc40a53536b6b55907da69bb72233201ae3773824953447cc5f08cfbffe0552bae34f8c7a4b2b0330c80aa6c76b1a2cf391ed1c14d32f49e45325a92e36c916bdcf3bc0f0bb287e5c293d9479575de30cafcb8f2847a3d5ee1995d5dd615a0eebb27cc8705f9689424795e101f2903b92689d568bf56536f1ac83a256ba142ddb41a64634c7ff40e24bc9293580601be19120cc3b88e5a467f4598778f076392245a82bccefdf48a30f5e67f5485201898d31686826872"], &(0x7f0000000880)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000ac0)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000580)=ANY=[@ANYBLOB="20005e000000005c74c9354768781d89dc334abdc4fa7100d6e36160fcf01188dbf972c748b1843bb9f78a97ddb7fd9290b4207bfd90a2d5d29e71d036f4508c857872c017fb4463dfb34c459e6974c7cb4ef1a0174979ff0eca0a3f8cb669edf0fd7f6677e2c344e2ae5c2316d5e462ffcae5a307a4d4c136ada713bfd1888bcf70a6154ee3dfb94bf7f340c8d1ebba82d070828091683864ebfa525ea29bd0bcf37ba8da4c2d3c011c8c70ab7c72fd31ad54e590f8411ba2ab3b3cc8a19a4c474c0f53580939e46da8c32d530555bbf0c6c66e0d400d6e75b79bd224b144195d8925db9f3302190b9ea840d1a19d96c2b8a318782750cca9f78dd42d7c0bbd63f71084e4dcb8084058b9940e27ef0d6fba16d61dc9458ae62a449d6719273d905e65d92a2924e8b3ac64b7ae1d89432ddff041270c94eabb74188cf951"], &(0x7f0000000b00)={0x20, 0x1, 0x1, 0x9c}, &(0x7f0000000380)={0x20, 0x0, 0x1}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000440)={[{@metacopy_on}, {@lowerdir={'lowerdir', 0x3d, './file1/../file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@subj_role={'subj_role', 0x3d, 'wlan0\x00'}}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@appraise}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@uid_eq}, {@smackfstransmute={'smackfstransmute', 0x3d, '!]\'*'}}]}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) r2 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x2, 0x12e, [], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021d8cfce038d14c4ebc8402bbcd903000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000067656e6576653100000000000000000070696d7265673000000000000000000076657468315f746f5f6873720000000077673100000000000000000000000000000000000000000000000000e5fc1d7dd7d60000000000006e0000006e0000009e000000736e6174000000000000000000000000000000000000000000000000000000000c000000aaaaaaaaaa00"/302]}, 0x17e) 3.190831379s ago: executing program 3 (id=2151): socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x89, 0x0, r2}, [@IFA_ADDRESS={0x14, 0x1, @remote}]}, 0x2c}}, 0x0) 3.190196268s ago: executing program 3 (id=2152): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$qrtr(0xffffffffffffffff, &(0x7f0000000340)={0x2a, 0x4}, 0xc) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000000)=0x1) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x0, @local}, 0x2}}, 0x26) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r5, 0x111, 0x3, 0x20000000, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x5, 0x400, 0x0, 0x1}, 0x48) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f00000001c0)={0x42, 0x0, &(0x7f0000000180)}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200), 0x4}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000100)) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c) sendto$inet6(r7, &(0x7f00000001c0)='O', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) 2.44068243s ago: executing program 3 (id=2158): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x0, &(0x7f0000000500)}) 2.440113495s ago: executing program 3 (id=2159): socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x79b3, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0)) socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x1, 0x0, 0x3b9}, &(0x7f00000002c0), &(0x7f00000000c0)=0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x6, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r3}, 0x38) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f00000004c0)) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@private=0xa010100, @local, @local}, 0xc) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000080)) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r5, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1200412}, 0xc, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="47a083cc8fce22d5fb80f459530423a4e1be87c00628716a36b3d72c5979c1db4ae69f700c7b0306aab13bcb0aa5e23d0c1a0e22ed7587daca33469806460048903d89554edb6de7072f21dfb23ad06214a14915d37b8ba2652a2ddcbed9ac4c7146df68b09a2c477936cd9024c509583ec7be58db56be139974d27fe100"/135, @ANYRES32=r0, @ANYRES16], 0x34}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) r6 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, &(0x7f0000000100)) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001180)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x80010, r1, 0x10000000) 2.191383831s ago: executing program 3 (id=2160): memfd_create(0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000002140)=[{&(0x7f00000010c0)=""/29, 0x1d}], 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setresgid(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$BPF_LINK_CREATE(0x8, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, @val=@tracing}, 0x40) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000003c0), 0x1, 0x0) write$vga_arbiter(r3, &(0x7f0000000400)=ANY=[@ANYBLOB='target PCI:0:0:16.1'], 0x15) 1.590549122s ago: executing program 2 (id=2161): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27f", 0x88}], 0x1}, 0x0) 1.589843588s ago: executing program 1 (id=2162): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r3, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r4, &(0x7f0000000340)={0x2a, 0x4}, 0xc) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r6, {0x2, 0x0, @local}, 0x2}}, 0x26) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(0xffffffffffffffff, 0x111, 0x3, 0x20000000, 0x4) 1.453605799s ago: executing program 0 (id=2163): r0 = socket(0xa, 0x3, 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800de00000000001c0000f01b00000002000ad9ab3800000000000105000000000000000000000000000009000000000000"], 0x0, 0x36}, 0x20) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') 1.300880757s ago: executing program 0 (id=2164): syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x0, 0x0, 'wlc\x00'}, 0x2c) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="500000000206010100000000000000000000000005000100070000000900020073797a30000000000c00078008001240000000000c000300686173683a697000050005000a000000050004"], 0x50}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000040601080000000000000000000000000500010007"], 0x1c}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x202, 0x0) write$P9_RXATTRWALK(r4, &(0x7f0000000300)={0x2d}, 0xf) openat$sw_sync_info(0xffffff9c, 0x0, 0x44100, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x1c, r6, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) 1.1909075s ago: executing program 0 (id=2165): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000380)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1d, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @rand_addr, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@empty}, {@broadcast}, {@empty}, {@multicast1}, {@private}]}, @rr={0x7, 0xf, 0x0, [@remote, @empty, @multicast1]}]}}}}}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) r1 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=0x0, &(0x7f0000000140)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, 0x0) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.026395403s ago: executing program 2 (id=2166): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$qrtr(0xffffffffffffffff, &(0x7f0000000340)={0x2a, 0x4}, 0xc) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000000)=0x1) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x0, @local}, 0x2}}, 0x26) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r5, 0x111, 0x3, 0x20000000, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x5, 0x400, 0x0, 0x1}, 0x48) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f00000001c0)={0x42, 0x0, &(0x7f0000000180)}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200), 0x4}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000100)) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c) sendto$inet6(r7, &(0x7f00000001c0)='O', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) 946.81832ms ago: executing program 0 (id=2167): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f00000005c0)="96a67b36bd06304a08a67f14f6c3881ca6167592ce060670a396f8ab05ace2caca6b2a9ecf3471d2", 0x28}], 0x1}}], 0x1, 0x0) 870.939234ms ago: executing program 0 (id=2168): socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x79b3, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0)) socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x1, 0x0, 0x3b9}, &(0x7f00000002c0), &(0x7f00000000c0)=0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x6, 0x5}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), &(0x7f0000000680), 0x2, r3}, 0x38) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f00000004c0)) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@private=0xa010100, @local, @local}, 0xc) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000080)) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r5, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1200412}, 0xc, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="47a083cc8fce22d5fb80f459530423a4e1be87c00628716a36b3d72c5979c1db4ae69f700c7b0306aab13bcb0aa5e23d0c1a0e22ed7587daca33469806460048903d89554edb6de7072f21dfb23ad06214a14915d37b8ba2652a2ddcbed9ac4c7146df68b09a2c477936cd9024c509583ec7be58db56be139974d27fe100"/135, @ANYRES32=r0, @ANYRES16], 0x34}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) r6 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, &(0x7f0000000100)) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001180)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x80010, r1, 0x10000000) 431.081762ms ago: executing program 0 (id=2169): socket$inet_udp(0x2, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 251.375231ms ago: executing program 1 (id=2170): memfd_create(0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000002140)=[{&(0x7f00000010c0)=""/29, 0x1d}], 0x1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) 190.870193ms ago: executing program 3 (id=2171): memfd_create(0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000002140)=[{&(0x7f00000010c0)=""/29, 0x1d}], 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setresgid(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) remap_file_pages(&(0x7f000013e000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 190.486302ms ago: executing program 2 (id=2172): r0 = socket(0xa, 0x3, 0x4) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') 121.07852ms ago: executing program 2 (id=2173): syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x0, 0x0, 'wlc\x00'}, 0x2c) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="500000000206010100000000000000000000000005000100070000000900020073797a30000000000c00078008001240000000000c000300686173683a697000050005000a000000050004"], 0x50}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000040601080000000000000000000000000500010007"], 0x1c}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x202, 0x0) write$P9_RXATTRWALK(r4, &(0x7f0000000300)={0x2d}, 0xf) openat$sw_sync_info(0xffffff9c, 0x0, 0x44100, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x1c, r6, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) 50.954832ms ago: executing program 2 (id=2174): syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x0, 0x0, 'wlc\x00'}, 0x2c) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="500000000206010100000000000000000000000005000100070000000900020073797a30000000000c00078008001240000000000c000300686173683a697000050005000a000000050004"], 0x50}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000040601080000000000000000000000000500010007"], 0x1c}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x202, 0x0) write$P9_RXATTRWALK(r4, &(0x7f0000000300)={0x2d}, 0xf) openat$sw_sync_info(0xffffff9c, 0x0, 0x44100, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x1c, r6, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) 0s ago: executing program 2 (id=2175): socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x79b3, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0)) socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x1, 0x0, 0x3b9}, &(0x7f00000002c0), &(0x7f00000000c0)=0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x6, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r3}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), &(0x7f0000000680), 0x2, r3}, 0x38) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f00000004c0)) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@private=0xa010100, @local, @local}, 0xc) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000080)) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r5, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1200412}, 0xc, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="47a083cc8fce22d5fb80f459530423a4e1be87c00628716a36b3d72c5979c1db4ae69f700c7b0306aab13bcb0aa5e23d0c1a0e22ed7587daca33469806460048903d89554edb6de7072f21dfb23ad06214a14915d37b8ba2652a2ddcbed9ac4c7146df68b09a2c477936cd9024c509583ec7be58db56be139974d27fe100"/135, @ANYRES32=r0, @ANYRES16], 0x34}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) r6 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, &(0x7f0000000100)) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001180)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') mmap$IORING_OFF_SQES(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x80010, r1, 0x10000000) kernel console output (not intermixed with test programs): /0xcf0 [ 451.351491][T11642] netlink_unicast+0x606/0x830 [ 451.353376][T11642] ? __pfx_netlink_unicast+0x10/0x10 [ 451.355793][T11642] ? __phys_addr_symbol+0x30/0x80 [ 451.358142][T11642] ? __check_object_size+0x497/0x720 [ 451.360882][T11642] netlink_sendmsg+0x8b8/0xd70 [ 451.363371][T11642] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.366353][T11642] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 451.369216][T11642] ____sys_sendmsg+0x9b4/0xb50 [ 451.372146][T11642] ? __pfx_____sys_sendmsg+0x10/0x10 [ 451.375353][T11642] ? get_compat_msghdr+0x11b/0x170 [ 451.378419][T11642] ? __pfx___lock_acquire+0x10/0x10 [ 451.381194][T11642] ___sys_sendmsg+0x135/0x1e0 [ 451.383834][T11642] ? __pfx____sys_sendmsg+0x10/0x10 [ 451.386754][T11642] ? ksys_write+0x21c/0x260 [ 451.389711][T11642] ? __fget_light+0x173/0x210 [ 451.392712][T11642] __sys_sendmsg+0x117/0x1f0 [ 451.395673][T11642] ? __pfx___sys_sendmsg+0x10/0x10 [ 451.398938][T11642] __do_fast_syscall_32+0x73/0x120 [ 451.401994][T11642] do_fast_syscall_32+0x32/0x80 [ 451.404429][T11642] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 451.407748][T11642] RIP: 0023:0xf7f66579 [ 451.409885][T11642] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 451.420827][T11642] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 451.424881][T11642] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180 [ 451.428865][T11642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 451.432910][T11642] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 451.436747][T11642] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 451.440080][T11642] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 451.443982][T11642] [ 451.453888][T11642] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1283'. [ 451.846597][T11659] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1288'. [ 451.859947][ T5640] usb 7-1: USB disconnect, device number 10 [ 453.390043][ T6377] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 453.575181][ T6377] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 453.584758][ T6377] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 453.588719][ T6377] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 453.592816][ T6377] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.599372][ T6377] usb 7-1: rejected 1 configuration due to insufficient available bus power [ 453.607534][ T6377] usb 7-1: no configuration chosen from 1 choice [ 454.521747][T11706] block nbd0: shutting down sockets [ 454.866275][ C0] vkms_vblank_simulate: vblank timer overrun [ 456.122965][ T5640] usb 7-1: USB disconnect, device number 11 [ 456.399982][T11736] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1312'. [ 456.949543][T11746] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 456.952465][T11746] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 456.963110][T11746] vhci_hcd vhci_hcd.0: Device attached [ 456.988437][T11748] vhci_hcd: connection closed [ 456.990951][ T13] vhci_hcd: stop threads [ 456.995966][ T13] vhci_hcd: release socket [ 456.998059][ T13] vhci_hcd: disconnect device [ 457.111267][T11758] FAULT_INJECTION: forcing a failure. [ 457.111267][T11758] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 457.116393][T11758] CPU: 3 UID: 0 PID: 11758 Comm: syz.3.1318 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 457.120432][T11758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 457.124291][T11758] Call Trace: [ 457.125540][T11758] [ 457.126744][T11758] dump_stack_lvl+0x16c/0x1f0 [ 457.128796][T11758] should_fail_ex+0x497/0x5b0 [ 457.130524][T11758] _copy_to_user+0x30/0xc0 [ 457.132294][T11758] msr_read+0x155/0x250 [ 457.133979][T11758] ? __pfx_msr_read+0x10/0x10 [ 457.135622][T11758] ? security_file_permission+0x98/0xc0 [ 457.137778][T11758] ? __pfx_msr_read+0x10/0x10 [ 457.139893][T11758] vfs_read+0x1d4/0xbd0 [ 457.141732][T11758] ? __pfx_vfs_read+0x10/0x10 [ 457.143812][T11758] ? __fget_files+0x256/0x400 [ 457.145817][T11758] ? __fget_light+0x173/0x210 [ 457.147806][T11758] ksys_read+0x12f/0x260 [ 457.149694][T11758] ? __pfx_ksys_read+0x10/0x10 [ 457.151837][T11758] __do_fast_syscall_32+0x73/0x120 [ 457.154167][T11758] do_fast_syscall_32+0x32/0x80 [ 457.156300][T11758] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 457.159073][T11758] RIP: 0023:0xf7fb0579 [ 457.160878][T11758] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 457.169241][T11758] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 457.172851][T11758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020019680 [ 457.176199][T11758] RDX: 0000000000018ff8 RSI: 0000000000000000 RDI: 0000000000000000 [ 457.179580][T11758] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 457.183177][T11758] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 457.186625][T11758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 457.189934][T11758] [ 457.350148][ T4767] Bluetooth: hci2: command 0x0406 tx timeout [ 457.496559][T11766] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 457.529992][ T5216] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 457.722241][ T5216] usb 6-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 457.729936][ T5216] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 457.734594][ T5216] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 457.737861][ T5216] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.746509][ T5216] usb 6-1: config 0 descriptor?? [ 457.763168][ T5216] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 457.981537][T11771] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 458.566714][T11779] Bluetooth: MGMT ver 1.23 [ 458.684804][T11782] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 458.696565][T11782] overlay: Unknown parameter 'subj_role' [ 458.948282][T11795] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1332'. [ 460.263206][ T1416] usb 6-1: USB disconnect, device number 14 [ 460.367021][T11837] mkiss: ax0: crc mode is auto. [ 460.500233][T11841] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1347'. [ 461.564330][T11860] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1353'. [ 461.568647][T11860] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1353'. [ 462.089924][ T5216] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 462.291117][ T5216] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 462.295651][ T5216] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 462.302137][ T5216] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 462.305939][ T5216] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.313035][ T5216] usb 5-1: config 0 descriptor?? [ 462.322122][ T5216] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 463.263683][T11887] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 463.289089][T11887] overlay: Unknown parameter 'subj_role' [ 464.577490][T11907] FAULT_INJECTION: forcing a failure. [ 464.577490][T11907] name failslab, interval 1, probability 0, space 0, times 0 [ 464.583055][T11907] CPU: 2 UID: 0 PID: 11907 Comm: syz.1.1367 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 464.587926][T11907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 464.592606][T11907] Call Trace: [ 464.593989][T11907] [ 464.595176][T11907] dump_stack_lvl+0x16c/0x1f0 [ 464.597177][T11907] should_fail_ex+0x497/0x5b0 [ 464.599002][T11907] ? fs_reclaim_acquire+0xae/0x160 [ 464.600969][T11907] should_failslab+0xc2/0x120 [ 464.602787][T11907] __kmalloc_noprof+0xcb/0x410 [ 464.604630][T11907] tomoyo_encode2+0x100/0x3e0 [ 464.606455][T11907] tomoyo_realpath_from_path+0x1a7/0x710 [ 464.608602][T11907] ? tomoyo_profile+0x47/0x60 [ 464.610425][T11907] tomoyo_path_number_perm+0x245/0x5b0 [ 464.612429][T11907] ? tomoyo_path_number_perm+0x232/0x5b0 [ 464.614567][T11907] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 464.616871][T11907] ? __pfx_lock_release+0x10/0x10 [ 464.618889][T11907] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 464.621262][T11907] ? __fget_files+0x256/0x400 [ 464.623075][T11907] security_file_ioctl_compat+0x75/0xc0 [ 464.625195][T11907] __do_compat_sys_ioctl+0x5d/0x330 [ 464.627197][T11907] __do_fast_syscall_32+0x73/0x120 [ 464.629126][T11907] do_fast_syscall_32+0x32/0x80 [ 464.631008][T11907] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 464.633236][T11907] RIP: 0023:0xf7f66579 [ 464.634619][T11907] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 464.641023][T11907] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 464.643869][T11907] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800443d2 [ 464.646682][T11907] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 464.649662][T11907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 464.652647][T11907] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 464.655433][T11907] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 464.658144][T11907] [ 464.667785][T11907] ERROR: Out of memory at tomoyo_realpath_from_path. [ 464.695889][ T1416] usb 5-1: USB disconnect, device number 9 [ 465.029987][ T6952] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 465.229798][ T6952] usb 6-1: Using ep0 maxpacket: 32 [ 465.236133][ T6952] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 465.244670][ T6952] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 465.247990][ T6952] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 465.251975][ T6952] usb 6-1: Product: syz [ 465.254100][ T6952] usb 6-1: Manufacturer: syz [ 465.259318][ T6952] usb 6-1: SerialNumber: syz [ 465.266433][ T6952] usb 6-1: config 0 descriptor?? [ 465.273296][T11913] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 465.610148][ T6377] usb 6-1: USB disconnect, device number 15 [ 467.186690][T11947] FAULT_INJECTION: forcing a failure. [ 467.186690][T11947] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 467.194224][T11947] CPU: 2 UID: 0 PID: 11947 Comm: syz.0.1381 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 467.198895][T11947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 467.203556][T11947] Call Trace: [ 467.205004][T11947] [ 467.206324][T11947] dump_stack_lvl+0x16c/0x1f0 [ 467.208409][T11947] should_fail_ex+0x497/0x5b0 [ 467.210519][T11947] ? fs_reclaim_acquire+0xae/0x160 [ 467.212803][T11947] should_fail_alloc_page+0xe7/0x130 [ 467.215105][T11947] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 467.217506][T11947] __alloc_pages_noprof+0x194/0x2460 [ 467.219672][T11947] ? hlock_class+0x4e/0x130 [ 467.221712][T11947] ? __pfx_mark_lock+0x10/0x10 [ 467.223836][T11947] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 467.226355][T11947] ? mark_lock+0xb5/0xc60 [ 467.228274][T11947] ? hlock_class+0x4e/0x130 [ 467.230312][T11947] ? hlock_class+0x4e/0x130 [ 467.232284][T11947] ? __lock_acquire+0xbdd/0x3cb0 [ 467.234484][T11947] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 467.237026][T11947] ? policy_nodemask+0xea/0x4e0 [ 467.239213][T11947] alloc_pages_mpol_noprof+0x275/0x610 [ 467.241616][T11947] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 467.244248][T11947] ? hlock_class+0x4e/0x130 [ 467.246293][T11947] pte_alloc_one+0x20/0x370 [ 467.248298][T11947] __pte_alloc+0x6e/0x3a0 [ 467.250221][T11947] ? __pfx___pte_alloc+0x10/0x10 [ 467.252427][T11947] __handle_mm_fault+0x4807/0x5360 [ 467.254691][T11947] ? __pfx_mt_find+0x10/0x10 [ 467.256740][T11947] ? __pfx___handle_mm_fault+0x10/0x10 [ 467.259133][T11947] ? find_vma+0xc0/0x140 [ 467.260988][T11947] ? __pfx_find_vma+0x10/0x10 [ 467.263060][T11947] handle_mm_fault+0x44e/0x7b0 [ 467.265188][T11947] ? __pkru_allows_pkey+0x52/0xb0 [ 467.267169][T11947] do_user_addr_fault+0x7a3/0x13f0 [ 467.268893][T11947] exc_page_fault+0x5c/0xc0 [ 467.270478][T11947] asm_exc_page_fault+0x26/0x30 [ 467.272132][T11947] RIP: 0010:_copy_to_user+0xa7/0xc0 [ 467.274166][T11947] Code: 89 ee 48 89 ef e8 b9 1b 0c fd 4d 85 f6 75 b5 e8 ff 19 0c fd 89 de 4c 89 e7 e8 85 bb 6a fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 a4 0f 1f 00 0f 01 ca 48 89 cb eb 8d 66 66 2e 0f 1f 84 00 00 00 [ 467.280958][T11947] RSP: 0018:ffffc9000369fd40 EFLAGS: 00050246 [ 467.283058][T11947] RAX: 0000000000000001 RBX: 0000000000000040 RCX: 0000000000000040 [ 467.286040][T11947] RDX: fffff520006d3fc2 RSI: ffffc9000369fdd0 RDI: 0000000020000240 [ 467.289372][T11947] RBP: 0000000020000240 R08: 0000000000000000 R09: fffff520006d3fc1 [ 467.292012][T11947] R10: ffffc9000369fe0f R11: 0000000000000000 R12: ffffc9000369fdd0 [ 467.295205][T11947] R13: 0000000020000280 R14: 0000000000000000 R15: 0000000006951000 [ 467.298638][T11947] __do_compat_sys_sysinfo+0x1eb/0x3b0 [ 467.301096][T11947] ? __pfx___do_compat_sys_sysinfo+0x10/0x10 [ 467.303766][T11947] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 467.306384][T11947] __do_fast_syscall_32+0x73/0x120 [ 467.308687][T11947] do_fast_syscall_32+0x32/0x80 [ 467.310885][T11947] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 467.313718][T11947] RIP: 0023:0xf7f26579 [ 467.315505][T11947] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 467.324042][T11947] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000074 [ 467.327736][T11947] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 0000000000000000 [ 467.331266][T11947] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 467.334733][T11947] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 467.338020][T11947] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 467.341530][T11947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 467.345015][T11947] [ 468.538789][ T57] IPVS: starting estimator thread 0... [ 468.636187][T11959] IPVS: using max 23 ests per chain, 55200 per kthread [ 468.686797][T11961] netlink: 'syz.2.1386': attribute type 29 has an invalid length. [ 468.767865][T11967] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1389'. [ 468.773350][T11967] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1389'. [ 469.088649][T11978] input: syz0 as /devices/virtual/input/input13 [ 470.523501][T12004] pimreg: entered allmulticast mode [ 472.890244][T12065] block nbd0: shutting down sockets [ 473.195348][T12077] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 473.198450][T12077] overlayfs: failed to set xattr on upper [ 473.209747][T12077] overlayfs: ...falling back to redirect_dir=nofollow. [ 473.212528][T12077] overlayfs: ...falling back to index=off. [ 473.214838][T12077] overlayfs: ...falling back to uuid=null. [ 473.233529][T12077] FAULT_INJECTION: forcing a failure. [ 473.233529][T12077] name failslab, interval 1, probability 0, space 0, times 0 [ 473.238910][T12077] CPU: 3 UID: 0 PID: 12077 Comm: syz.1.1419 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 473.243459][T12077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 473.248030][T12077] Call Trace: [ 473.249488][T12077] [ 473.250768][T12077] dump_stack_lvl+0x16c/0x1f0 [ 473.252706][T12077] should_fail_ex+0x497/0x5b0 [ 473.254182][T12077] ? fs_reclaim_acquire+0xae/0x160 [ 473.255965][T12077] should_failslab+0xc2/0x120 [ 473.257736][T12077] kmem_cache_alloc_node_noprof+0x71/0x310 [ 473.260179][T12077] ? __alloc_skb+0x2b3/0x380 [ 473.262113][T12077] __alloc_skb+0x2b3/0x380 [ 473.263786][T12077] ? __pfx___alloc_skb+0x10/0x10 [ 473.265808][T12077] ? inet_diag_handler_cmd+0x1c0/0x2e0 [ 473.268166][T12077] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 473.270408][T12077] netlink_ack+0x164/0xb20 [ 473.272307][T12077] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 473.274771][T12077] netlink_rcv_skb+0x327/0x410 [ 473.276853][T12077] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 473.279297][T12077] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 473.281651][T12077] ? netlink_deliver_tap+0x1ae/0xcf0 [ 473.284014][T12077] netlink_unicast+0x544/0x830 [ 473.286174][T12077] ? __pfx_netlink_unicast+0x10/0x10 [ 473.288608][T12077] ? __phys_addr_symbol+0x30/0x80 [ 473.290810][T12077] ? __check_object_size+0x497/0x720 [ 473.293097][T12077] netlink_sendmsg+0x8b8/0xd70 [ 473.295227][T12077] ? __pfx_netlink_sendmsg+0x10/0x10 [ 473.297664][T12077] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 473.300019][T12077] sock_write_iter+0x50a/0x5c0 [ 473.302090][T12077] ? __pfx_sock_write_iter+0x10/0x10 [ 473.304374][T12077] ? __pfx_mark_lock+0x10/0x10 [ 473.306529][T12077] do_iter_readv_writev+0x531/0x800 [ 473.308823][T12077] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 473.311317][T12077] ? bpf_lsm_file_permission+0x9/0x10 [ 473.313727][T12077] ? security_file_permission+0x98/0xc0 [ 473.316191][T12077] vfs_writev+0x36f/0xde0 [ 473.318160][T12077] ? __pfx_vfs_writev+0x10/0x10 [ 473.320447][T12077] ? __fget_files+0x24c/0x400 [ 473.322576][T12077] ? do_writev+0x287/0x370 [ 473.324302][T12077] do_writev+0x287/0x370 [ 473.326122][T12077] ? __pfx_do_writev+0x10/0x10 [ 473.328165][T12077] __do_fast_syscall_32+0x73/0x120 [ 473.330376][T12077] do_fast_syscall_32+0x32/0x80 [ 473.332479][T12077] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 473.335180][T12077] RIP: 0023:0xf7f66579 [ 473.337022][T12077] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 473.347159][T12077] RSP: 002b:00000000f56f556c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 473.350745][T12077] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000200001c0 [ 473.354245][T12077] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 473.357650][T12077] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 473.360471][T12077] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 473.363438][T12077] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 473.366750][T12077] [ 473.831532][T12073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 475.831096][T12103] af_packet: tpacket_rcv: packet too big, clamped from 65536 to 3952. macoff=96 [ 477.391412][ T57] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 477.570003][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 477.574812][ T57] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 477.583821][ T57] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 477.588268][ T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 477.593989][ T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 477.598588][ T57] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 477.614653][ T57] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 477.618888][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.850619][ T57] usb 6-1: usb_control_msg returned -32 [ 477.853232][ T57] usbtmc 6-1:16.0: can't read capabilities [ 478.077536][T12163] 9pnet_fd: Insufficient options for proto=fd [ 479.949870][ T5381] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 480.117561][T12205] 9pnet_fd: Insufficient options for proto=fd [ 480.138993][ T4701] usb 6-1: USB disconnect, device number 16 [ 480.139887][ T5381] usb 7-1: Using ep0 maxpacket: 16 [ 480.150566][ T5381] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 480.160779][ T5381] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 480.164446][ T5381] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.171690][ T5381] usb 7-1: Product: syz [ 480.173434][ T5381] usb 7-1: Manufacturer: syz [ 480.175392][ T5381] usb 7-1: SerialNumber: syz [ 480.189669][ T5381] usb 7-1: config 0 descriptor?? [ 480.197155][ T5381] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input14 [ 480.411943][ T5381] usb 7-1: USB disconnect, device number 12 [ 481.178281][T12223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1466'. [ 481.182961][T12223] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1466'. [ 481.189806][T12223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1466'. [ 482.322480][T12246] FAULT_INJECTION: forcing a failure. [ 482.322480][T12246] name failslab, interval 1, probability 0, space 0, times 0 [ 482.327712][T12246] CPU: 2 UID: 0 PID: 12246 Comm: syz.3.1474 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 482.331991][T12246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 482.336386][T12246] Call Trace: [ 482.337642][T12246] [ 482.339022][T12246] dump_stack_lvl+0x16c/0x1f0 [ 482.341088][T12246] should_fail_ex+0x497/0x5b0 [ 482.343201][T12246] ? fs_reclaim_acquire+0xae/0x160 [ 482.345137][T12246] should_failslab+0xc2/0x120 [ 482.347283][T12246] kmem_cache_alloc_node_noprof+0x71/0x310 [ 482.349669][T12246] ? __alloc_skb+0x2b3/0x380 [ 482.351764][T12246] __alloc_skb+0x2b3/0x380 [ 482.353337][T12246] ? __pfx___alloc_skb+0x10/0x10 [ 482.355462][T12246] ? __pfx___might_resched+0x10/0x10 [ 482.357650][T12246] netlink_alloc_large_skb+0x69/0x130 [ 482.359883][T12246] netlink_sendmsg+0x689/0xd70 [ 482.361898][T12246] ? __pfx_netlink_sendmsg+0x10/0x10 [ 482.364262][T12246] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 482.366532][T12246] ____sys_sendmsg+0x9b4/0xb50 [ 482.368814][T12246] ? __pfx_____sys_sendmsg+0x10/0x10 [ 482.371391][T12246] ? get_compat_msghdr+0x11b/0x170 [ 482.373790][T12246] ? __pfx___lock_acquire+0x10/0x10 [ 482.376130][T12246] ___sys_sendmsg+0x135/0x1e0 [ 482.378218][T12246] ? __pfx____sys_sendmsg+0x10/0x10 [ 482.380642][T12246] ? ksys_write+0x21c/0x260 [ 482.382686][T12246] ? __fget_light+0x173/0x210 [ 482.384516][T12246] __sys_sendmsg+0x117/0x1f0 [ 482.386505][T12246] ? __pfx___sys_sendmsg+0x10/0x10 [ 482.388568][T12246] __do_fast_syscall_32+0x73/0x120 [ 482.390646][T12246] do_fast_syscall_32+0x32/0x80 [ 482.392778][T12246] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 482.395315][T12246] RIP: 0023:0xf7fb0579 [ 482.397147][T12246] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 482.405458][T12246] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 482.409027][T12246] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 482.411910][T12246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 482.415386][T12246] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 482.418531][T12246] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 482.422238][T12246] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 482.425988][T12246] [ 482.469212][T12248] FAULT_INJECTION: forcing a failure. [ 482.469212][T12248] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 482.482885][T12248] CPU: 2 UID: 0 PID: 12248 Comm: syz.3.1475 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 482.487219][T12248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 482.492249][T12248] Call Trace: [ 482.493753][T12248] [ 482.495096][T12248] dump_stack_lvl+0x16c/0x1f0 [ 482.496871][T12248] should_fail_ex+0x497/0x5b0 [ 482.498898][T12248] ? fs_reclaim_acquire+0xae/0x160 [ 482.501112][T12248] should_fail_alloc_page+0xe7/0x130 [ 482.503415][T12248] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 482.506312][T12248] ? __pfx_stack_trace_save+0x10/0x10 [ 482.508715][T12248] __alloc_pages_noprof+0x194/0x2460 [ 482.511198][T12248] ? add_lock_to_list+0x17d/0x380 [ 482.513654][T12248] ? hlock_class+0x4e/0x130 [ 482.515701][T12248] ? __lock_acquire+0x1620/0x3cb0 [ 482.518021][T12248] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 482.520285][T12248] ? __pfx___lock_acquire+0x10/0x10 [ 482.522675][T12248] ? _find_first_zero_bit+0x94/0xb0 [ 482.525089][T12248] ? add_lock_to_list+0x17d/0x380 [ 482.527449][T12248] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 482.529903][T12248] ? policy_nodemask+0xea/0x4e0 [ 482.531858][T12248] alloc_pages_mpol_noprof+0x275/0x610 [ 482.534173][T12248] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 482.536804][T12248] ? do_raw_spin_lock+0x12d/0x2c0 [ 482.539066][T12248] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 482.541944][T12248] get_free_pages_noprof+0xc/0x40 [ 482.544302][T12248] kasan_populate_vmalloc_pte+0x2d/0x160 [ 482.546880][T12248] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 482.549676][T12248] __apply_to_page_range+0x795/0xdd0 [ 482.551776][T12248] ? __pfx___apply_to_page_range+0x10/0x10 [ 482.553582][T12248] ? insert_vmap_area+0x2ef/0x4d0 [ 482.555837][T12248] alloc_vmap_area+0x93e/0x2a70 [ 482.558031][T12248] ? __pfx_alloc_vmap_area+0x10/0x10 [ 482.560613][T12248] __get_vm_area_node+0x17e/0x2d0 [ 482.562947][T12248] __vmalloc_node_range_noprof+0x276/0x1520 [ 482.565689][T12248] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.568534][T12248] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.571330][T12248] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 482.574172][T12248] ? trace_kmalloc+0x2d/0xe0 [ 482.575930][T12248] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 482.578560][T12248] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.581522][T12248] __kvmalloc_node_noprof+0x14f/0x1a0 [ 482.584090][T12248] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.586895][T12248] __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.589611][T12248] vivid_update_format_cap+0x127b/0x2530 [ 482.591882][T12248] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 482.594665][T12248] ? vivid_get_format+0x124/0x180 [ 482.597053][T12248] vivid_s_fmt_vid_cap+0x1a17/0x3310 [ 482.599486][T12248] ? __pfx_vivid_s_fmt_vid_cap+0x10/0x10 [ 482.602078][T12248] fmt_sp2mp_func+0xb2/0x3e0 [ 482.603689][T12248] ? __pfx_fmt_sp2mp_func+0x10/0x10 [ 482.605963][T12248] ? __pfx_lock_release+0x10/0x10 [ 482.608225][T12248] ? v4l_sanitize_format+0x177/0x3a0 [ 482.610698][T12248] vidioc_s_fmt_vid_cap+0xa0/0xe0 [ 482.613057][T12248] vivid_s_fmt_cap+0x76/0xc0 [ 482.615160][T12248] v4l_s_fmt+0x383/0xbc0 [ 482.617141][T12248] __video_do_ioctl+0xaf9/0xf00 [ 482.619316][T12248] ? __pfx___video_do_ioctl+0x10/0x10 [ 482.621917][T12248] ? trace_kmalloc+0x2d/0xe0 [ 482.624166][T12248] ? __kmalloc_noprof+0x207/0x410 [ 482.626542][T12248] ? __sanitizer_cov_trace_switch+0x31/0x90 [ 482.629300][T12248] video_usercopy+0x426/0x1500 [ 482.631555][T12248] ? __pfx___video_do_ioctl+0x10/0x10 [ 482.633877][T12248] ? __pfx_video_usercopy+0x10/0x10 [ 482.636215][T12248] v4l2_ioctl+0x1c0/0x260 [ 482.638346][T12248] v4l2_compat_ioctl32+0x21d/0x2c0 [ 482.640812][T12248] ? __pfx_v4l2_compat_ioctl32+0x10/0x10 [ 482.643335][T12248] __do_compat_sys_ioctl+0x2c3/0x330 [ 482.645652][T12248] __do_fast_syscall_32+0x73/0x120 [ 482.648020][T12248] do_fast_syscall_32+0x32/0x80 [ 482.650236][T12248] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 482.653244][T12248] RIP: 0023:0xf7fb0579 [ 482.654918][T12248] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 482.665261][T12248] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 482.668770][T12248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0cc5605 [ 482.672062][T12248] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 482.674984][T12248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 482.678382][T12248] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 482.681950][T12248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 482.685712][T12248] [ 482.703846][T12248] syz.3.1475: vmalloc error: size 16588800, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 482.711895][T12248] CPU: 2 UID: 0 PID: 12248 Comm: syz.3.1475 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 482.716763][T12248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 482.720899][T12248] Call Trace: [ 482.722283][T12248] [ 482.723598][T12248] dump_stack_lvl+0x16c/0x1f0 [ 482.725772][T12248] warn_alloc+0x24d/0x3a0 [ 482.727797][T12248] ? __pfx_warn_alloc+0x10/0x10 [ 482.730186][T12248] ? lockdep_hardirqs_on+0x7c/0x110 [ 482.732399][T12248] ? __get_vm_area_node+0x27d/0x2d0 [ 482.734277][T12248] ? __get_vm_area_node+0x1bc/0x2d0 [ 482.736584][T12248] __vmalloc_node_range_noprof+0xc1e/0x1520 [ 482.739002][T12248] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.741293][T12248] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 482.743914][T12248] ? trace_kmalloc+0x2d/0xe0 [ 482.745888][T12248] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 482.748070][T12248] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.750712][T12248] __kvmalloc_node_noprof+0x14f/0x1a0 [ 482.753244][T12248] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.755766][T12248] __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 482.758539][T12248] vivid_update_format_cap+0x127b/0x2530 [ 482.761268][T12248] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 482.763592][T12248] ? vivid_get_format+0x124/0x180 [ 482.765636][T12248] vivid_s_fmt_vid_cap+0x1a17/0x3310 [ 482.766556][T12251] netlink: 'syz.2.1476': attribute type 1 has an invalid length. [ 482.767529][T12248] ? __pfx_vivid_s_fmt_vid_cap+0x10/0x10 [ 482.772990][T12248] fmt_sp2mp_func+0xb2/0x3e0 [ 482.775060][T12248] ? __pfx_fmt_sp2mp_func+0x10/0x10 [ 482.777528][T12248] ? __pfx_lock_release+0x10/0x10 [ 482.779802][T12248] ? v4l_sanitize_format+0x177/0x3a0 [ 482.782124][T12248] vidioc_s_fmt_vid_cap+0xa0/0xe0 [ 482.784272][T12248] vivid_s_fmt_cap+0x76/0xc0 [ 482.785931][T12248] v4l_s_fmt+0x383/0xbc0 [ 482.787447][T12248] __video_do_ioctl+0xaf9/0xf00 [ 482.789630][T12248] ? __pfx___video_do_ioctl+0x10/0x10 [ 482.792081][T12248] ? trace_kmalloc+0x2d/0xe0 [ 482.794234][T12248] ? __kmalloc_noprof+0x207/0x410 [ 482.796678][T12248] ? __sanitizer_cov_trace_switch+0x31/0x90 [ 482.799526][T12248] video_usercopy+0x426/0x1500 [ 482.801833][T12248] ? __pfx___video_do_ioctl+0x10/0x10 [ 482.804117][T12248] ? __pfx_video_usercopy+0x10/0x10 [ 482.806595][T12248] v4l2_ioctl+0x1c0/0x260 [ 482.808555][T12248] v4l2_compat_ioctl32+0x21d/0x2c0 [ 482.811004][T12248] ? __pfx_v4l2_compat_ioctl32+0x10/0x10 [ 482.813464][T12248] __do_compat_sys_ioctl+0x2c3/0x330 [ 482.815716][T12248] __do_fast_syscall_32+0x73/0x120 [ 482.817982][T12248] do_fast_syscall_32+0x32/0x80 [ 482.819907][T12248] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 482.822229][T12248] RIP: 0023:0xf7fb0579 [ 482.823902][T12248] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 482.832539][T12248] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 482.836095][T12248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0cc5605 [ 482.839981][T12248] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 482.843652][T12248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 482.847175][T12248] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 482.850856][T12248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 482.854568][T12248] [ 482.871192][T12248] Mem-Info: [ 482.872449][T12248] active_anon:5134 inactive_anon:10 isolated_anon:0 [ 482.872449][T12248] active_file:14248 inactive_file:29223 isolated_file:0 [ 482.872449][T12248] unevictable:768 dirty:717 writeback:0 [ 482.872449][T12248] slab_reclaimable:4848 slab_unreclaimable:58896 [ 482.872449][T12248] mapped:27565 shmem:3271 pagetables:758 [ 482.872449][T12248] sec_pagetables:326 bounce:0 [ 482.872449][T12248] kernel_misc_reclaimable:0 [ 482.872449][T12248] free:86348 free_pcp:2836 free_cma:0 [ 482.893507][T12248] Node 0 active_anon:4kB inactive_anon:28kB active_file:76kB inactive_file:160kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12860kB dirty:132kB writeback:0kB shmem:1544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9768kB pagetables:1728kB sec_pagetables:1252kB all_unreclaimable? no [ 482.909048][T12248] Node 1 active_anon:20532kB inactive_anon:12kB active_file:56916kB inactive_file:116732kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97400kB dirty:2736kB writeback:0kB shmem:11540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1908kB pagetables:1304kB sec_pagetables:52kB all_unreclaimable? no [ 482.924449][T12248] Node 0 DMA free:912kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:280kB local_pcp:4kB free_cma:0kB [ 482.937566][T12248] lowmem_reserve[]: 0 369 0 0 0 [ 482.940334][T12248] Node 0 DMA32 free:27824kB boost:0kB min:18816kB low:23520kB high:28224kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:28kB active_file:0kB inactive_file:236kB unevictable:1536kB writepending:132kB present:1032192kB managed:405700kB mlocked:0kB bounce:0kB free_pcp:4504kB local_pcp:372kB free_cma:0kB [ 482.954034][T12248] lowmem_reserve[]: 0 0 0 0 0 [ 482.956379][T12248] Node 1 DMA32 free:324000kB boost:0kB min:47052kB low:58812kB high:70572kB reserved_highatomic:0KB active_anon:20532kB inactive_anon:12kB active_file:56916kB inactive_file:116732kB unevictable:1536kB writepending:2736kB present:1048436kB managed:946208kB mlocked:0kB bounce:0kB free_pcp:3424kB local_pcp:1072kB free_cma:0kB [ 482.961671][T12251] FAULT_INJECTION: forcing a failure. [ 482.961671][T12251] name failslab, interval 1, probability 0, space 0, times 0 [ 482.971243][T12248] lowmem_reserve[]: 0 0 0 0 0 [ 482.977909][T12251] CPU: 1 UID: 0 PID: 12251 Comm: syz.2.1476 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 482.979091][T12248] Node 0 [ 482.983361][T12251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 482.983375][T12251] Call Trace: [ 482.983383][T12251] [ 482.983391][T12251] dump_stack_lvl+0x16c/0x1f0 [ 482.983421][T12251] should_fail_ex+0x497/0x5b0 [ 482.983441][T12251] ? fs_reclaim_acquire+0xae/0x160 [ 482.983468][T12251] should_failslab+0xc2/0x120 [ 482.986487][T12248] DMA: [ 482.988953][T12251] __kmalloc_noprof+0xcb/0x410 [ 482.988984][T12251] dns_resolver_preparse+0x5ed/0xd00 [ 482.991059][T12248] 28*4kB [ 482.991740][T12251] ? __pfx_lock_acquire+0x10/0x10 [ 482.994087][T12248] (U) [ 482.995867][T12251] ? rwsem_read_trylock+0x12d/0x250 [ 482.995898][T12251] ? __pfx_dns_resolver_preparse+0x10/0x10 [ 482.995920][T12251] ? __pfx___might_resched+0x10/0x10 [ 482.998520][T12248] 0*8kB [ 483.000071][T12251] ? down_read+0xc9/0x330 [ 483.000089][T12251] ? __pfx_down_read+0x10/0x10 [ 483.000104][T12251] ? __pfx_dns_resolver_preparse+0x10/0x10 [ 483.000117][T12251] __key_create_or_update+0x459/0xe10 [ 483.000134][T12251] ? __pfx___key_create_or_update+0x10/0x10 [ 483.002390][T12248] 0*16kB [ 483.003390][T12251] ? lookup_user_key+0x2ca/0x12f0 [ 483.007258][T12248] 25*32kB [ 483.008706][T12251] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 483.008724][T12251] key_create_or_update+0x42/0x60 [ 483.008740][T12251] __do_sys_add_key+0x29c/0x460 [ 483.008756][T12251] ? __pfx___do_sys_add_key+0x10/0x10 [ 483.041998][T12251] ? ksys_write+0x1ab/0x260 [ 483.043983][T12251] __do_fast_syscall_32+0x73/0x120 [ 483.045907][T12251] do_fast_syscall_32+0x32/0x80 [ 483.047518][T12251] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 483.050065][T12251] RIP: 0023:0xf7f56579 [ 483.051809][T12251] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 483.060051][T12251] RSP: 002b:00000000f56e556c EFLAGS: 00000296 ORIG_RAX: 000000000000011e [ 483.060534][T12248] (U) [ 483.063599][T12251] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000020000400 [ 483.063616][T12251] RDX: 0000000020000080 RSI: 0000000000000006 RDI: 00000000fffffffb [ 483.063628][T12251] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 483.063639][T12251] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 483.064556][T12248] 0*64kB [ 483.067500][T12251] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 483.067528][T12251] [ 483.070779][T12248] 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 912kB [ 483.086981][T12248] Node 0 DMA32: 112*4kB (UEH) 69*8kB (UEH) 25*16kB (UMEH) 98*32kB (UMEH) 82*64kB (UMEH) 39*128kB (UME) 14*256kB (UME) 7*512kB (UME) 5*1024kB (UM) 0*2048kB 0*4096kB = 27064kB [ 483.094788][T12248] Node 1 DMA32: 563*4kB (UME) 657*8kB (UM) 610*16kB (UME) 549*32kB (UME) 404*64kB (UME) 169*128kB (UME) 76*256kB (UME) 42*512kB (UME) 17*1024kB (UME) 12*2048kB (UME) 39*4096kB (UME) = 325012kB [ 483.102979][T12248] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 483.108654][T12248] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 483.113066][T12248] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 483.117229][T12248] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 483.121774][T12248] 47422 total pagecache pages [ 483.123811][T12248] 680 pages in swap cache [ 483.125758][T12248] Free swap = 108356kB [ 483.127796][T12248] Total swap = 124996kB [ 483.130137][T12248] 524155 pages RAM [ 483.131984][T12248] 0 pages HighMem/MovableOnly [ 483.134095][T12248] 182338 pages reserved [ 483.136106][T12248] 0 pages cma reserved [ 483.236191][T12252] vivid-000: ================= START STATUS ================= [ 483.242170][T12252] vivid-000: Test Pattern: 75% Colorbar [ 483.245305][T12252] vivid-000: Fill Percentage of Frame: 100 [ 483.248452][T12252] vivid-000: Horizontal Movement: No Movement [ 483.292296][T12252] vivid-000: Vertical Movement: No Movement [ 483.298181][T12252] vivid-000: OSD Text Mode: All [ 483.302696][T12252] vivid-000: Show Border: false [ 483.305943][T12252] vivid-000: Show Square: false [ 483.309156][T12252] vivid-000: Sensor Flipped Horizontally: false [ 483.329984][T12252] vivid-000: Sensor Flipped Vertically: false [ 483.349594][T12252] vivid-000: Insert SAV Code in Image: false [ 483.362654][T12252] vivid-000: Insert EAV Code in Image: false [ 483.376520][T12252] vivid-000: Insert Video Guard Band: false [ 483.381181][T12252] vivid-000: Reduced Framerate: false [ 483.398886][T12252] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 483.404908][T12252] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 483.430174][T12252] vivid-000: Enable Capture Cropping: true [ 483.432665][T12252] vivid-000: Enable Capture Composing: true [ 483.435124][T12252] vivid-000: Enable Capture Scaler: true [ 483.437926][T12252] vivid-000: Timestamp Source: End of Frame [ 483.447087][T12252] vivid-000: Colorspace: sRGB [ 483.455683][T12252] vivid-000: Transfer Function: Default [ 483.458710][T12252] vivid-000: Y'CbCr Encoding: Default [ 483.472168][T12252] vivid-000: HSV Encoding: Hue 0-179 [ 483.477039][T12252] vivid-000: Quantization: Default [ 483.479446][T12252] vivid-000: Apply Alpha To Red Only: false [ 483.520665][T12252] vivid-000: Standard Aspect Ratio: 4x3 [ 483.527985][T12252] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 483.532472][T12252] vivid-000: DV Timings: 640x480p59 inactive [ 483.536514][T12252] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 483.540388][T12252] vivid-000: Maximum EDID Blocks: 2 [ 483.544470][T12252] vivid-000: Limited RGB Range (16-235): false [ 483.547784][T12252] vivid-000: Rx RGB Quantization Range: Automatic [ 483.551751][T12252] vivid-000: Power Present: 0x00000001 [ 483.554284][T12252] tpg source WxH: 3840x2160 (HSV) [ 483.556492][T12252] tpg field: 1 [ 483.558197][T12252] tpg crop: 3840x2160@0x0 [ 483.572176][T12252] tpg compose: 3840x2160@0x0 [ 483.574622][T12252] tpg colorspace: 8 [ 483.584007][T12252] tpg transfer function: 0/2 [ 483.585897][T12252] tpg HSV encoding: 0/128 [ 483.587547][T12252] tpg quantization: 0/2 [ 483.589163][T12252] tpg RGB range: 0/2 [ 483.607891][T12252] vivid-000: ================== END STATUS ================== [ 484.467966][ T39] audit: type=1800 audit(1723265394.397:4517): pid=12280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1484" name="bus" dev="overlay" ino=1067 res=0 errno=0 [ 484.599842][ T5640] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 484.784524][ T5640] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 484.789446][ T5640] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 484.794420][ T5640] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 484.800581][ T5640] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 484.804709][ T5640] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.813742][ T5640] usb 5-1: config 0 descriptor?? [ 485.141595][T12286] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 485.145555][T12286] overlayfs: failed to set xattr on upper [ 485.160046][T12286] overlayfs: ...falling back to redirect_dir=nofollow. [ 485.163103][T12286] overlayfs: ...falling back to index=off. [ 485.166093][T12286] overlayfs: ...falling back to uuid=null. [ 485.278128][ T5640] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 485.284543][ T5640] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 485.298721][ T5640] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 485.482515][ T6952] usb 5-1: USB disconnect, device number 10 [ 485.579790][ T4701] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 485.764247][ T4701] usb 6-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 485.790855][ T4701] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 485.796504][ T4701] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 485.800341][ T4701] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.804199][ T4701] usb 6-1: config 0 descriptor?? [ 485.815793][ T4701] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 486.811022][T12328] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 486.857907][T12328] overlay: Unknown parameter 'subj_role' [ 487.504207][T12348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1506'. [ 487.554068][T12350] FAULT_INJECTION: forcing a failure. [ 487.554068][T12350] name failslab, interval 1, probability 0, space 0, times 0 [ 487.560190][T12350] CPU: 2 UID: 0 PID: 12350 Comm: syz.0.1507 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 487.564786][T12350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 487.569506][T12350] Call Trace: [ 487.570956][T12350] [ 487.572238][T12350] dump_stack_lvl+0x16c/0x1f0 [ 487.574224][T12350] should_fail_ex+0x497/0x5b0 [ 487.576282][T12350] should_failslab+0xc2/0x120 [ 487.578371][T12350] __kmalloc_cache_noprof+0x6b/0x310 [ 487.580653][T12350] ? sctp_add_bind_addr+0x9d/0x3e0 [ 487.582943][T12350] sctp_add_bind_addr+0x9d/0x3e0 [ 487.585141][T12350] sctp_do_bind+0x2d6/0x700 [ 487.587072][T12350] sctp_connect_new_asoc+0x5ff/0x790 [ 487.589106][T12350] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 487.591086][T12350] ? mark_held_locks+0x9f/0xe0 [ 487.593250][T12350] ? sctp_sendmsg+0x112f/0x1f10 [ 487.595336][T12350] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 487.597730][T12350] sctp_sendmsg+0x162a/0x1f10 [ 487.599808][T12350] ? __might_fault+0x13b/0x190 [ 487.601907][T12350] ? __pfx_sctp_sendmsg+0x10/0x10 [ 487.604098][T12350] ? __pfx___might_resched+0x10/0x10 [ 487.606389][T12350] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 487.608779][T12350] ? __pfx_aa_sk_perm+0x10/0x10 [ 487.610449][T12350] ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10 [ 487.613058][T12350] ? __import_iovec+0x1fd/0x6e0 [ 487.615183][T12350] ? __pfx_sctp_sendmsg+0x10/0x10 [ 487.617386][T12350] inet_sendmsg+0x119/0x140 [ 487.619349][T12350] ____sys_sendmsg+0x90d/0xb50 [ 487.621436][T12350] ? __pfx_____sys_sendmsg+0x10/0x10 [ 487.623721][T12350] ? get_compat_msghdr+0x11b/0x170 [ 487.625816][T12350] ? __pfx___lock_acquire+0x10/0x10 [ 487.628056][T12350] ___sys_sendmsg+0x135/0x1e0 [ 487.629720][T12350] ? __pfx____sys_sendmsg+0x10/0x10 [ 487.631674][T12350] ? ksys_write+0x21c/0x260 [ 487.633602][T12350] ? __fget_light+0x173/0x210 [ 487.635647][T12350] __sys_sendmsg+0x117/0x1f0 [ 487.637684][T12350] ? __pfx___sys_sendmsg+0x10/0x10 [ 487.639938][T12350] __do_fast_syscall_32+0x73/0x120 [ 487.642172][T12350] do_fast_syscall_32+0x32/0x80 [ 487.644276][T12350] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 487.647006][T12350] RIP: 0023:0xf7f26579 [ 487.648740][T12350] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 487.656926][T12350] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 487.660475][T12350] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000600 [ 487.663868][T12350] RDX: 00000000040000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 487.667270][T12350] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 487.670673][T12350] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 487.674064][T12350] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 487.677439][T12350] [ 488.318306][ T5376] usb 6-1: USB disconnect, device number 17 [ 489.067107][T12389] FAULT_INJECTION: forcing a failure. [ 489.067107][T12389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 489.075512][T12389] CPU: 0 UID: 0 PID: 12389 Comm: syz.0.1522 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 489.079826][T12389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 489.083935][T12389] Call Trace: [ 489.085472][T12389] [ 489.086633][T12389] dump_stack_lvl+0x16c/0x1f0 [ 489.088521][T12389] should_fail_ex+0x497/0x5b0 [ 489.090364][T12389] _copy_to_user+0x30/0xc0 [ 489.092098][T12389] simple_read_from_buffer+0xd0/0x160 [ 489.094317][T12389] proc_fail_nth_read+0x1b0/0x290 [ 489.096484][T12389] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 489.098631][T12389] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 489.101006][T12389] vfs_read+0x1d4/0xbd0 [ 489.102717][T12389] ? __fdget_pos+0xeb/0x180 [ 489.104459][T12389] ? __pfx_vfs_read+0x10/0x10 [ 489.106421][T12389] ? __pfx___mutex_lock+0x10/0x10 [ 489.108501][T12389] ? __fget_files+0x256/0x400 [ 489.110512][T12389] ksys_read+0x12f/0x260 [ 489.112345][T12389] ? __pfx_ksys_read+0x10/0x10 [ 489.114402][T12389] __do_fast_syscall_32+0x73/0x120 [ 489.116636][T12389] do_fast_syscall_32+0x32/0x80 [ 489.118763][T12389] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 489.121354][T12389] RIP: 0023:0xf7f26579 [ 489.123188][T12389] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 489.131131][T12389] RSP: 002b:00000000f56d65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 489.134691][T12389] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56d6620 [ 489.138121][T12389] RDX: 000000000000000f RSI: 00000000f73acff4 RDI: 0000000000000000 [ 489.141603][T12389] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 489.145074][T12389] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 489.148544][T12389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 489.152192][T12389] [ 489.153716][ C0] vkms_vblank_simulate: vblank timer overrun [ 489.410337][ T6952] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 489.602244][ T6952] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 489.608970][ T6952] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 489.618168][ T6952] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 489.626700][ T6952] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.645534][ T6952] usb 7-1: config 0 descriptor?? [ 489.654657][ T6952] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 490.609581][T12412] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 490.646940][T12412] overlay: Unknown parameter 'subj_role' [ 492.064414][T12428] smc: net device lo applied user defined pnetid SYZ2 [ 492.086969][ T5376] usb 7-1: USB disconnect, device number 13 [ 492.548135][T12434] mkiss: ax0: crc mode is auto. [ 493.650051][ T4701] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 493.846020][ T4701] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 493.851336][ T4701] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 493.856910][ T4701] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 493.878475][ T4701] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.882991][ T4701] usb 7-1: config 0 descriptor?? [ 493.888032][ T4701] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 494.021112][T12467] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1548'. [ 494.035731][T12467] Κό: entered promiscuous mode [ 494.813980][T12462] syzkaller0: entered promiscuous mode [ 494.816510][T12462] syzkaller0: entered allmulticast mode [ 494.849112][T12475] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 494.864551][T12475] overlay: Unknown parameter 'subj_role' [ 496.401100][ T5640] usb 7-1: USB disconnect, device number 14 [ 496.823198][T12506] netlink: 'syz.3.1556': attribute type 11 has an invalid length. [ 497.636392][T12492] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1554'. [ 497.688228][T12509] FAULT_INJECTION: forcing a failure. [ 497.688228][T12509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 497.693158][T12509] CPU: 0 UID: 0 PID: 12509 Comm: syz.0.1557 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 497.696945][T12509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 497.701449][T12509] Call Trace: [ 497.702612][T12509] [ 497.703686][T12509] dump_stack_lvl+0x16c/0x1f0 [ 497.705478][T12509] should_fail_ex+0x497/0x5b0 [ 497.707426][T12509] _copy_to_user+0x30/0xc0 [ 497.709398][T12509] simple_read_from_buffer+0xd0/0x160 [ 497.711549][T12509] proc_fail_nth_read+0x1b0/0x290 [ 497.713440][T12509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 497.715790][T12509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 497.718133][T12509] vfs_read+0x1d4/0xbd0 [ 497.719890][T12509] ? __fdget_pos+0xeb/0x180 [ 497.721799][T12509] ? __pfx_vfs_read+0x10/0x10 [ 497.723801][T12509] ? __pfx___mutex_lock+0x10/0x10 [ 497.725933][T12509] ? __fget_files+0x256/0x400 [ 497.727641][T12509] ksys_read+0x12f/0x260 [ 497.729438][T12509] ? __pfx_ksys_read+0x10/0x10 [ 497.731318][T12509] ? syscall_user_dispatch+0x77/0x140 [ 497.733534][T12509] __do_fast_syscall_32+0x73/0x120 [ 497.735294][T12509] do_fast_syscall_32+0x32/0x80 [ 497.736975][T12509] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 497.739222][T12509] RIP: 0023:0xf7f26579 [ 497.740631][T12509] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 497.747696][T12509] RSP: 002b:00000000f56d65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 497.751413][T12509] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f56d6620 [ 497.754836][T12509] RDX: 000000000000000f RSI: 00000000f73acff4 RDI: 0000000000000000 [ 497.758173][T12509] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 497.761551][T12509] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 497.765017][T12509] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 497.768390][T12509] [ 497.774844][ C0] vkms_vblank_simulate: vblank timer overrun [ 499.022230][T12540] 9pnet_fd: Insufficient options for proto=fd [ 499.195760][T12541] netlink: 'syz.1.1566': attribute type 4 has an invalid length. [ 499.281947][T12543] FAULT_INJECTION: forcing a failure. [ 499.281947][T12543] name failslab, interval 1, probability 0, space 0, times 0 [ 499.289895][T12543] CPU: 1 UID: 0 PID: 12543 Comm: syz.2.1567 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 499.294564][T12543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 499.299303][T12543] Call Trace: [ 499.300813][T12543] [ 499.302123][T12543] dump_stack_lvl+0x16c/0x1f0 [ 499.304253][T12543] should_fail_ex+0x497/0x5b0 [ 499.306334][T12543] ? fs_reclaim_acquire+0xae/0x160 [ 499.308404][T12543] should_failslab+0xc2/0x120 [ 499.310360][T12543] kmem_cache_alloc_node_noprof+0x71/0x310 [ 499.312652][T12543] ? __alloc_skb+0x2b3/0x380 [ 499.314575][T12543] __alloc_skb+0x2b3/0x380 [ 499.316472][T12543] ? __pfx___alloc_skb+0x10/0x10 [ 499.318740][T12543] ? genl_rcv_msg+0x4bd/0x800 [ 499.320921][T12543] netlink_ack+0x164/0xb20 [ 499.322607][T12543] netlink_rcv_skb+0x327/0x410 [ 499.324588][T12543] ? __pfx_genl_rcv_msg+0x10/0x10 [ 499.326729][T12543] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 499.328958][T12543] ? down_read+0xc9/0x330 [ 499.330782][T12543] ? __pfx_down_read+0x10/0x10 [ 499.332806][T12543] ? netlink_deliver_tap+0x1ae/0xcf0 [ 499.335035][T12543] genl_rcv+0x28/0x40 [ 499.336651][T12543] netlink_unicast+0x544/0x830 [ 499.338517][T12543] ? __pfx_netlink_unicast+0x10/0x10 [ 499.340257][T12543] ? __phys_addr_symbol+0x30/0x80 [ 499.342003][T12543] ? __check_object_size+0x497/0x720 [ 499.344142][T12543] netlink_sendmsg+0x8b8/0xd70 [ 499.346112][T12543] ? __pfx_netlink_sendmsg+0x10/0x10 [ 499.348257][T12543] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 499.350408][T12543] ____sys_sendmsg+0x9b4/0xb50 [ 499.352333][T12543] ? __pfx_____sys_sendmsg+0x10/0x10 [ 499.354532][T12543] ? get_compat_msghdr+0x11b/0x170 [ 499.356654][T12543] ? __pfx___lock_acquire+0x10/0x10 [ 499.358856][T12543] ___sys_sendmsg+0x135/0x1e0 [ 499.360827][T12543] ? __pfx____sys_sendmsg+0x10/0x10 [ 499.362991][T12543] ? ksys_write+0x21c/0x260 [ 499.364946][T12543] ? __fget_light+0x173/0x210 [ 499.366946][T12543] __sys_sendmsg+0x117/0x1f0 [ 499.368896][T12543] ? __pfx___sys_sendmsg+0x10/0x10 [ 499.371038][T12543] __do_fast_syscall_32+0x73/0x120 [ 499.373196][T12543] do_fast_syscall_32+0x32/0x80 [ 499.375043][T12543] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 499.377530][T12543] RIP: 0023:0xf7f56579 [ 499.379254][T12543] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 499.387133][T12543] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 499.390492][T12543] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 499.393776][T12543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 499.397039][T12543] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 499.400315][T12543] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 499.403536][T12543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 499.406826][T12543] [ 500.519423][T12567] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1576'. [ 501.345926][T12587] FAULT_INJECTION: forcing a failure. [ 501.345926][T12587] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 501.356077][T12587] CPU: 3 UID: 0 PID: 12587 Comm: syz.1.1584 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 501.360804][T12587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 501.365275][T12587] Call Trace: [ 501.366754][T12587] [ 501.367740][T12587] dump_stack_lvl+0x16c/0x1f0 [ 501.369590][T12587] should_fail_ex+0x497/0x5b0 [ 501.371211][T12587] _copy_to_user+0x30/0xc0 [ 501.372896][T12587] simple_read_from_buffer+0xd0/0x160 [ 501.375054][T12587] proc_fail_nth_read+0x1b0/0x290 [ 501.376973][T12587] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 501.379357][T12587] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 501.381731][T12587] vfs_read+0x1d4/0xbd0 [ 501.383536][T12587] ? __fdget_pos+0xeb/0x180 [ 501.385533][T12587] ? __pfx_vfs_read+0x10/0x10 [ 501.387608][T12587] ? __pfx___mutex_lock+0x10/0x10 [ 501.389938][T12587] ? __fget_files+0x256/0x400 [ 501.391966][T12587] ksys_read+0x12f/0x260 [ 501.393761][T12587] ? __pfx_ksys_read+0x10/0x10 [ 501.395479][T12587] __do_fast_syscall_32+0x73/0x120 [ 501.397271][T12587] do_fast_syscall_32+0x32/0x80 [ 501.399081][T12587] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 501.401780][T12587] RIP: 0023:0xf7f66579 [ 501.403284][T12587] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 501.411159][T12587] RSP: 002b:00000000f57165a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 501.411197][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.414200][T12587] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5716620 [ 501.417040][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.420448][T12587] RDX: 000000000000000f RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 501.420464][T12587] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 501.420477][T12587] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 501.420489][T12587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 501.420517][T12587] [ 501.533039][T12593] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1586'. [ 501.784714][T12588] syz.0.1583 (12588): drop_caches: 2 [ 501.826279][T12588] syz.0.1583 (12588): drop_caches: 2 [ 501.915948][T12602] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1588'. [ 501.928471][T12602] tipc: Invalid UDP bearer configuration [ 501.928533][T12602] tipc: Enabling of bearer rejected, failed to enable media [ 502.644918][T12620] afs: Unknown parameter 'obj_user' [ 507.004750][T12705] FAULT_INJECTION: forcing a failure. [ 507.004750][T12705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 507.011722][T12705] CPU: 2 UID: 0 PID: 12705 Comm: syz.0.1621 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 507.016448][T12705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 507.021297][T12705] Call Trace: [ 507.022826][T12705] [ 507.024240][T12705] dump_stack_lvl+0x16c/0x1f0 [ 507.026492][T12705] should_fail_ex+0x497/0x5b0 [ 507.028626][T12705] _copy_from_user+0x30/0xf0 [ 507.030908][T12705] get_compat_msghdr+0xa8/0x170 [ 507.033106][T12705] ? __pfx_get_compat_msghdr+0x10/0x10 [ 507.035503][T12705] ? kfree+0x245/0x3b0 [ 507.037292][T12705] ? find_held_lock+0x2d/0x110 [ 507.039349][T12705] ___sys_recvmsg+0x193/0x1a0 [ 507.041129][T12705] ? __pfx____sys_recvmsg+0x10/0x10 [ 507.043489][T12705] ? __pfx___might_resched+0x10/0x10 [ 507.045813][T12705] ? __fget_light+0x173/0x210 [ 507.047932][T12705] do_recvmmsg+0x51a/0x750 [ 507.049957][T12705] ? __pfx_do_recvmmsg+0x10/0x10 [ 507.052171][T12705] ? __pfx_lock_release+0x10/0x10 [ 507.054508][T12705] ? vfs_write+0x14d/0x1140 [ 507.056586][T12705] __sys_recvmmsg+0x21e/0x280 [ 507.058703][T12705] ? __pfx___sys_recvmmsg+0x10/0x10 [ 507.061027][T12705] ? __pfx_ksys_write+0x10/0x10 [ 507.063202][T12705] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 507.065966][T12705] ? lockdep_hardirqs_on+0x7c/0x110 [ 507.068224][T12705] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 507.070737][T12705] __do_fast_syscall_32+0x73/0x120 [ 507.072430][T12705] do_fast_syscall_32+0x32/0x80 [ 507.074348][T12705] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 507.077038][T12705] RIP: 0023:0xf7f26579 [ 507.078741][T12705] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 507.087232][T12705] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 507.090918][T12705] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002440 [ 507.094353][T12705] RDX: 00000000ffffff67 RSI: 0000000000000000 RDI: 0000000000000000 [ 507.097776][T12705] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 507.101294][T12705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 507.104845][T12705] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 507.108355][T12705] [ 507.210947][ T5381] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 507.412305][ T5381] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 507.423669][ T5381] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 507.427802][ T5381] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.445972][ T5381] usb 7-1: config 0 descriptor?? [ 507.470404][ T5381] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 507.527985][T12710] FAULT_INJECTION: forcing a failure. [ 507.527985][T12710] name failslab, interval 1, probability 0, space 0, times 0 [ 507.537168][T12710] CPU: 0 UID: 0 PID: 12710 Comm: syz.3.1623 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 507.541288][T12710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 507.545063][T12710] Call Trace: [ 507.546549][T12710] [ 507.547862][T12710] dump_stack_lvl+0x16c/0x1f0 [ 507.549894][T12710] should_fail_ex+0x497/0x5b0 [ 507.551900][T12710] ? fs_reclaim_acquire+0xae/0x160 [ 507.554130][T12710] should_failslab+0xc2/0x120 [ 507.556293][T12710] __kmalloc_noprof+0xcb/0x410 [ 507.558439][T12710] ? __pfx_d_absolute_path+0x10/0x10 [ 507.560758][T12710] tomoyo_encode2+0x100/0x3e0 [ 507.562870][T12710] tomoyo_realpath_from_path+0x1a7/0x710 [ 507.565366][T12710] tomoyo_mount_acl+0x66d/0x880 [ 507.567480][T12710] ? hlock_class+0x4e/0x130 [ 507.569449][T12710] ? __lock_acquire+0x1620/0x3cb0 [ 507.571595][T12710] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 507.573947][T12710] ? __pfx___lock_acquire+0x10/0x10 [ 507.576207][T12710] ? do_fast_syscall_32+0x32/0x80 [ 507.578427][T12710] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 507.581280][T12710] ? tomoyo_domain+0xbb/0x150 [ 507.583368][T12710] ? tomoyo_profile+0x47/0x60 [ 507.585617][T12710] tomoyo_mount_permission+0x16b/0x410 [ 507.588222][T12710] ? tomoyo_mount_permission+0x146/0x410 [ 507.590584][T12710] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 507.592931][T12710] ? get_current_fs_domain+0x188/0x1f0 [ 507.595072][T12710] security_sb_mount+0x8d/0xe0 [ 507.596972][T12710] path_mount+0x129/0x1f10 [ 507.598691][T12710] ? __pfx_path_mount+0x10/0x10 [ 507.600537][T12710] ? putname+0x12e/0x170 [ 507.602751][T12710] ? putname+0x12e/0x170 [ 507.604573][T12710] __ia32_sys_mount+0x292/0x310 [ 507.606744][T12710] ? __pfx___ia32_sys_mount+0x10/0x10 [ 507.609922][T12710] __do_fast_syscall_32+0x73/0x120 [ 507.612211][T12710] do_fast_syscall_32+0x32/0x80 [ 507.614398][T12710] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 507.617181][T12710] RIP: 0023:0xf7fb0579 [ 507.618990][T12710] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 507.627411][T12710] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 507.630791][T12710] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000020000040 [ 507.633625][T12710] RDX: 0000000000000000 RSI: 0000000000081800 RDI: 0000000000000000 [ 507.636284][T12710] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 507.639315][T12710] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 507.642646][T12710] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 507.645712][T12710] [ 507.647161][ C0] vkms_vblank_simulate: vblank timer overrun [ 507.669195][T12710] ERROR: Out of memory at tomoyo_realpath_from_path. [ 507.739313][T12711] affs: Unrecognized mount option "ί" or missing value [ 507.743199][T12711] affs: Error parsing options [ 508.398192][T12725] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 508.419898][T12725] overlay: Unknown parameter 'subj_role' [ 508.449226][T12727] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1629'. [ 508.735626][T12743] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1633'. [ 508.739342][T12743] netlink: 'syz.3.1633': attribute type 11 has an invalid length. [ 508.743008][T12743] netlink: 'syz.3.1633': attribute type 5 has an invalid length. [ 509.108320][T12759] input: syz0 as /devices/virtual/input/input15 [ 509.938848][ T1416] usb 7-1: USB disconnect, device number 15 [ 512.124780][T12799] sp0: Synchronizing with TNC [ 516.092673][T12836] FAULT_INJECTION: forcing a failure. [ 516.092673][T12836] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 516.099182][T12836] CPU: 2 UID: 0 PID: 12836 Comm: syz.0.1662 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 516.103557][T12836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 516.108335][T12836] Call Trace: [ 516.110186][T12836] [ 516.111612][T12836] dump_stack_lvl+0x16c/0x1f0 [ 516.114368][T12836] should_fail_ex+0x497/0x5b0 [ 516.116568][T12836] _copy_from_user+0x30/0xf0 [ 516.118703][T12836] kstrtouint_from_user+0xd7/0x1c0 [ 516.121077][T12836] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 516.123634][T12836] ? __pfx_lock_acquire+0x10/0x10 [ 516.126314][T12836] proc_fail_nth_write+0x84/0x270 [ 516.128683][T12836] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 516.131189][T12836] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 516.133730][T12836] vfs_write+0x29a/0x1140 [ 516.135682][T12836] ? __fdget_pos+0xeb/0x180 [ 516.137785][T12836] ? __pfx_vfs_write+0x10/0x10 [ 516.139930][T12836] ? __pfx___mutex_lock+0x10/0x10 [ 516.142692][T12836] ? __fget_files+0x256/0x400 [ 516.145265][T12836] ksys_write+0x12f/0x260 [ 516.147752][T12836] ? __pfx_ksys_write+0x10/0x10 [ 516.150515][T12836] __do_fast_syscall_32+0x73/0x120 [ 516.153101][T12836] do_fast_syscall_32+0x32/0x80 [ 516.155384][T12836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 516.158260][T12836] RIP: 0023:0xf7f26579 [ 516.160107][T12836] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 516.168753][T12836] RSP: 002b:00000000f56d65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 516.172460][T12836] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f56d6620 [ 516.175993][T12836] RDX: 0000000000000001 RSI: 00000000f73acff4 RDI: 0000000000000000 [ 516.179512][T12836] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 516.182630][T12836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 516.185727][T12836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 516.188920][T12836] [ 518.632517][T12867] FAULT_INJECTION: forcing a failure. [ 518.632517][T12867] name failslab, interval 1, probability 0, space 0, times 0 [ 518.639218][T12867] CPU: 2 UID: 0 PID: 12867 Comm: syz.3.1671 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 518.643167][T12867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 518.647639][T12867] Call Trace: [ 518.649118][T12867] [ 518.650436][T12867] dump_stack_lvl+0x16c/0x1f0 [ 518.652586][T12867] should_fail_ex+0x497/0x5b0 [ 518.654511][T12867] ? fs_reclaim_acquire+0xae/0x160 [ 518.656579][T12867] should_failslab+0xc2/0x120 [ 518.658443][T12867] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 518.660396][T12867] ? vm_area_dup+0x53/0x300 [ 518.661985][T12867] vm_area_dup+0x53/0x300 [ 518.663670][T12867] ? __pfx_hugetlb_vm_op_split+0x10/0x10 [ 518.665941][T12867] __split_vma+0x181/0x11a0 [ 518.667743][T12867] ? __pfx___split_vma+0x10/0x10 [ 518.669688][T12867] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 518.671958][T12867] ? percpu_counter_add_batch+0xb5/0x1e0 [ 518.674147][T12867] do_vmi_align_munmap+0x2bf/0x19c0 [ 518.676182][T12867] ? mtree_range_walk+0x715/0xbe0 [ 518.678183][T12867] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 518.680495][T12867] do_vmi_munmap+0x231/0x410 [ 518.682323][T12867] do_munmap+0xb0/0xf0 [ 518.683917][T12867] ? __pfx_do_munmap+0x10/0x10 [ 518.685828][T12867] ? vfs_write+0x14d/0x1140 [ 518.687628][T12867] __do_sys_mremap+0xb84/0x1610 [ 518.689578][T12867] ? __pfx___do_sys_mremap+0x10/0x10 [ 518.691660][T12867] ? fput+0x32/0x390 [ 518.693209][T12867] ? ksys_write+0x1ab/0x260 [ 518.694984][T12867] ? __pfx_ksys_write+0x10/0x10 [ 518.696911][T12867] __do_fast_syscall_32+0x73/0x120 [ 518.698942][T12867] do_fast_syscall_32+0x32/0x80 [ 518.700871][T12867] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 518.703334][T12867] RIP: 0023:0xf7fb0579 [ 518.704934][T12867] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 518.712169][T12867] RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 00000000000000a3 [ 518.715411][T12867] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000a00000 [ 518.718500][T12867] RDX: 0000000000600000 RSI: 0000000000000003 RDI: 0000000020a00000 [ 518.721574][T12867] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 518.724651][T12867] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 518.727726][T12867] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 518.730802][T12867] [ 522.494770][T12919] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1688'. [ 523.909837][ T4767] Bluetooth: hci5: command 0x0406 tx timeout [ 524.178098][T12938] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 524.189862][T12938] overlayfs: failed to set xattr on upper [ 524.192488][T12938] overlayfs: ...falling back to redirect_dir=nofollow. [ 524.195741][T12938] overlayfs: ...falling back to index=off. [ 524.198844][T12938] overlayfs: ...falling back to uuid=null. [ 524.638015][T12938] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1694'. [ 524.644389][T12938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1694'. [ 525.446596][T12957] FAULT_INJECTION: forcing a failure. [ 525.446596][T12957] name failslab, interval 1, probability 0, space 0, times 0 [ 525.454787][T12957] CPU: 2 UID: 0 PID: 12957 Comm: syz.1.1701 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 525.461204][T12957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 525.466928][T12957] Call Trace: [ 525.469086][T12957] [ 525.470618][T12957] dump_stack_lvl+0x16c/0x1f0 [ 525.472695][T12957] should_fail_ex+0x497/0x5b0 [ 525.475543][T12957] should_failslab+0xc2/0x120 [ 525.478645][T12957] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 525.481690][T12957] ? __es_insert_extent+0x746/0x1470 [ 525.484987][T12957] __es_insert_extent+0x746/0x1470 [ 525.488086][T12957] ? __es_tree_search.isra.0+0x1aa/0x210 [ 525.491586][T12957] ext4_es_cache_extent+0x310/0x510 [ 525.494751][T12957] ? __pfx_ext4_es_cache_extent+0x10/0x10 [ 525.497750][T12957] ? __pfx___ext4_ext_check+0x10/0x10 [ 525.500431][T12957] ext4_cache_extents+0x22f/0x2d0 [ 525.502586][T12957] __read_extent_tree_block+0x4e6/0x630 [ 525.505293][T12957] ext4_ext_precache+0x2e8/0x610 [ 525.507669][T12957] __ext4_ioctl+0x244f/0x4770 [ 525.509722][T12957] ? tomoyo_path_number_perm+0x292/0x5b0 [ 525.512028][T12957] ? __pfx_lock_release+0x10/0x10 [ 525.514571][T12957] ? __pfx___ext4_ioctl+0x10/0x10 [ 525.516579][T12957] ? kfree+0x12a/0x3b0 [ 525.518478][T12957] ? tomoyo_path_number_perm+0x467/0x5b0 [ 525.521100][T12957] ? tomoyo_path_number_perm+0x190/0x5b0 [ 525.523608][T12957] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 525.526861][T12957] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 525.529864][T12957] ? do_vfs_ioctl+0x515/0x1a90 [ 525.531880][T12957] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 525.534020][T12957] ? __pfx_lock_release+0x10/0x10 [ 525.536405][T12957] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 525.539603][T12957] ext4_compat_ioctl+0xca/0x460 [ 525.541694][T12957] ? __pfx_ext4_compat_ioctl+0x10/0x10 [ 525.544169][T12957] ? __fget_files+0x256/0x400 [ 525.546847][T12957] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 525.550150][T12957] ? __pfx_ext4_compat_ioctl+0x10/0x10 [ 525.552787][T12957] __do_compat_sys_ioctl+0x2c3/0x330 [ 525.555367][T12957] __do_fast_syscall_32+0x73/0x120 [ 525.557885][T12957] do_fast_syscall_32+0x32/0x80 [ 525.560143][T12957] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 525.563108][T12957] RIP: 0023:0xf7f66579 [ 525.564826][T12957] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 525.573635][T12957] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 525.578078][T12957] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000006612 [ 525.582068][T12957] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 525.585595][T12957] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 525.588979][T12957] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 525.592595][T12957] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 525.597197][T12957] [ 526.009873][ T5216] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 526.193839][ T5216] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 526.211736][ T5216] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 526.229083][ T5216] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 526.246138][ T5216] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 526.258565][ T5216] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 526.271487][ T5216] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.301229][ T5216] usb 7-1: config 0 descriptor?? [ 526.308623][T12967] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 526.785142][T12967] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 526.845522][T12967] overlay: Unknown parameter 'subj_role' [ 526.865270][ T5216] usbhid 7-1:0.0: can't add hid device: -71 [ 526.907653][ T5216] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 526.930537][ T5216] usb 7-1: USB disconnect, device number 16 [ 531.246341][T13011] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 531.729812][ T4701] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 531.972003][ T4701] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 531.989777][ T4701] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 531.994562][ T4701] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 531.999280][ T4701] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 532.039901][ T4701] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 532.044178][ T4701] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.055779][ T4701] usb 7-1: config 0 descriptor?? [ 532.071452][T13013] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 532.513358][T13013] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 532.534462][T13013] overlay: Unknown parameter 'subj_role' [ 532.567975][ T4701] usbhid 7-1:0.0: can't add hid device: -71 [ 532.570402][ T4701] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 532.607691][ T4701] usb 7-1: USB disconnect, device number 17 [ 535.143248][T13067] FAULT_INJECTION: forcing a failure. [ 535.143248][T13067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 535.148563][T13067] CPU: 3 UID: 0 PID: 13067 Comm: syz.1.1733 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 535.153085][T13067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 535.157515][T13067] Call Trace: [ 535.159016][T13067] [ 535.160340][T13067] dump_stack_lvl+0x16c/0x1f0 [ 535.162456][T13067] should_fail_ex+0x497/0x5b0 [ 535.164510][T13067] _copy_to_user+0x30/0xc0 [ 535.166768][T13067] simple_read_from_buffer+0xd0/0x160 [ 535.169854][T13067] proc_fail_nth_read+0x1b0/0x290 [ 535.171880][T13067] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 535.173832][T13067] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 535.175717][T13067] vfs_read+0x1d4/0xbd0 [ 535.177285][T13067] ? lockdep_hardirqs_on+0x7c/0x110 [ 535.179353][T13067] ? __fdget_pos+0xeb/0x180 [ 535.181182][T13067] ? __pfx_vfs_read+0x10/0x10 [ 535.183017][T13067] ? __pfx___mutex_lock+0x10/0x10 [ 535.185044][T13067] ? __fget_files+0x256/0x400 [ 535.187132][T13067] ksys_read+0x12f/0x260 [ 535.189088][T13067] ? __pfx_ksys_read+0x10/0x10 [ 535.191152][T13067] __do_fast_syscall_32+0x73/0x120 [ 535.193385][T13067] do_fast_syscall_32+0x32/0x80 [ 535.195493][T13067] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 535.198056][T13067] RIP: 0023:0xf7f66579 [ 535.199769][T13067] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 535.208450][T13067] RSP: 002b:00000000f57165a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 535.212124][T13067] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5716620 [ 535.215683][T13067] RDX: 000000000000000f RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 535.218874][T13067] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 535.221993][T13067] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 535.225483][T13067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 535.229074][T13067] [ 536.229804][ T5397] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 536.411984][ T5397] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 536.416944][ T5397] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 536.426576][ T5397] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 536.431523][ T5397] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 536.436986][ T5397] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 536.441479][ T5397] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.450716][ T5397] usb 5-1: config 0 descriptor?? [ 536.453619][T13072] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 536.899386][T13072] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 536.911493][T13072] overlay: Unknown parameter 'subj_role' [ 536.923813][ T5397] usbhid 5-1:0.0: can't add hid device: -71 [ 536.926494][ T5397] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 536.939192][ T5397] usb 5-1: USB disconnect, device number 11 [ 537.649120][T13106] syz.1.1748[13106] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 537.649247][T13106] syz.1.1748[13106] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 537.897892][T13113] input: syz0 as /devices/virtual/input/input16 [ 537.925953][T13113] ipt_ECN: cannot use operation on non-tcp rule [ 538.810185][ T5216] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 538.993549][ T5216] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 538.998401][ T5216] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 539.014879][ T5216] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 539.024022][ T5216] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 539.033239][ T5216] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 539.037466][ T5216] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.047447][ T5216] usb 7-1: config 0 descriptor?? [ 539.054768][T13124] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 539.764766][T13124] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 539.800569][T13124] overlay: Unknown parameter 'subj_role' [ 539.834171][ T5216] usbhid 7-1:0.0: can't add hid device: -71 [ 539.842865][ T5216] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 539.888227][ T5216] usb 7-1: USB disconnect, device number 18 [ 544.528147][T13203] syzkaller0: entered promiscuous mode [ 544.536863][T13203] syzkaller0: entered allmulticast mode [ 544.862365][T13212] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 546.870036][ T5342] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 546.878415][T13220] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 547.051169][T13257] FAULT_INJECTION: forcing a failure. [ 547.051169][T13257] name failslab, interval 1, probability 0, space 0, times 0 [ 547.070304][T13257] CPU: 2 UID: 0 PID: 13257 Comm: syz.0.1796 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 547.076961][T13257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 547.083075][T13257] Call Trace: [ 547.084701][T13257] [ 547.086046][T13257] dump_stack_lvl+0x16c/0x1f0 [ 547.088205][T13257] should_fail_ex+0x497/0x5b0 [ 547.090199][T13257] ? fs_reclaim_acquire+0xae/0x160 [ 547.091905][T13257] should_failslab+0xc2/0x120 [ 547.093907][T13257] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 547.096035][T13257] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 547.098685][T13257] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 547.101018][T13257] mmu_topup_memory_caches+0x22/0xd0 [ 547.103293][T13257] kvm_mmu_load+0xda/0x20d0 [ 547.105150][T13257] ? mark_held_locks+0x9f/0xe0 [ 547.107210][T13257] ? kvm_apic_has_interrupt+0xb6/0x190 [ 547.109231][T13257] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 547.111416][T13257] ? kvm_guest_time_update+0x780/0xeb0 [ 547.113425][T13257] ? __pfx_kvm_mmu_load+0x10/0x10 [ 547.115609][T13257] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 547.118259][T13257] ? kvm_check_and_inject_events+0x646/0x1000 [ 547.120795][T13257] ? record_steal_time+0x41/0xba0 [ 547.122976][T13257] vcpu_run+0x2e03/0x4cf0 [ 547.124851][T13257] ? __pfx_vmx_vcpu_load_vmcs+0x10/0x10 [ 547.127262][T13257] ? __pfx_vcpu_run+0x10/0x10 [ 547.129324][T13257] ? __pfx_lock_acquire+0x10/0x10 [ 547.131457][T13257] ? mark_lock+0xc40/0xc60 [ 547.133369][T13257] ? fpu_swap_kvm_fpstate+0x1c8/0x420 [ 547.135705][T13257] ? __local_bh_enable_ip+0xa4/0x120 [ 547.138099][T13257] ? lockdep_hardirqs_on+0x7c/0x110 [ 547.140151][T13257] ? fpu_swap_kvm_fpstate+0x1c8/0x420 [ 547.142475][T13257] ? __local_bh_enable_ip+0xa4/0x120 [ 547.144833][T13257] ? kvm_arch_vcpu_ioctl_run+0x447/0x1730 [ 547.147141][T13257] kvm_arch_vcpu_ioctl_run+0x447/0x1730 [ 547.149425][T13257] kvm_vcpu_ioctl+0x6cd/0x1520 [ 547.151398][T13257] ? tomoyo_path_number_perm+0x467/0x5b0 [ 547.153702][T13257] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 547.155863][T13257] ? tomoyo_path_number_perm+0x190/0x5b0 [ 547.159523][T13257] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 547.162427][T13257] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 547.165207][T13257] ? do_vfs_ioctl+0x515/0x1a90 [ 547.167408][T13257] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 547.169833][T13257] ? __pfx_lock_release+0x10/0x10 [ 547.172103][T13257] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 547.174797][T13257] kvm_vcpu_compat_ioctl+0x216/0x3f0 [ 547.177171][T13257] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 547.179814][T13257] ? __fget_files+0x256/0x400 [ 547.182013][T13257] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 547.184457][T13257] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 547.186749][T13257] __do_compat_sys_ioctl+0x2c3/0x330 [ 547.188982][T13257] __do_fast_syscall_32+0x73/0x120 [ 547.191269][T13257] do_fast_syscall_32+0x32/0x80 [ 547.193390][T13257] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 547.195950][T13257] RIP: 0023:0xf7f26579 [ 547.197691][T13257] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 547.205732][T13257] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 547.209316][T13257] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80 [ 547.212860][T13257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 547.216153][T13257] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 547.218965][T13257] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 547.222040][T13257] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 547.225541][T13257] [ 549.125951][T13290] FAULT_INJECTION: forcing a failure. [ 549.125951][T13290] name failslab, interval 1, probability 0, space 0, times 0 [ 549.132381][T13290] CPU: 0 UID: 0 PID: 13290 Comm: syz.2.1806 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 549.137276][T13290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 549.141374][T13290] Call Trace: [ 549.142752][T13290] [ 549.144050][T13290] dump_stack_lvl+0x16c/0x1f0 [ 549.146690][T13290] should_fail_ex+0x497/0x5b0 [ 549.148708][T13290] ? fs_reclaim_acquire+0xae/0x160 [ 549.150672][T13290] should_failslab+0xc2/0x120 [ 549.152514][T13290] __kmalloc_noprof+0xcb/0x410 [ 549.154637][T13290] ? __pfx_lock_acquire+0x10/0x10 [ 549.159019][T13290] ? psi_task_switch+0x20c/0x900 [ 549.161237][T13290] tomoyo_realpath_from_path+0xbf/0x710 [ 549.163640][T13290] ? tomoyo_profile+0x47/0x60 [ 549.165726][T13290] tomoyo_path_number_perm+0x245/0x5b0 [ 549.168210][T13290] ? tomoyo_path_number_perm+0x232/0x5b0 [ 549.170414][T13290] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 549.173010][T13290] ? __switch_to+0x749/0x1180 [ 549.175079][T13290] ? __pfx___schedule+0x10/0x10 [ 549.177085][T13290] ? __fget_files+0x256/0x400 [ 549.179230][T13290] security_file_ioctl_compat+0x75/0xc0 [ 549.181639][T13290] __do_compat_sys_ioctl+0x5d/0x330 [ 549.184245][T13290] __do_fast_syscall_32+0x73/0x120 [ 549.186331][T13290] do_fast_syscall_32+0x32/0x80 [ 549.188318][T13290] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 549.191105][T13290] RIP: 0023:0xf7f56579 [ 549.192920][T13290] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 549.201197][T13290] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 549.204556][T13290] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800443d2 [ 549.207722][T13290] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 549.210896][T13290] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 549.214115][T13290] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 549.217303][T13290] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 549.220680][T13290] [ 549.221992][ C0] vkms_vblank_simulate: vblank timer overrun [ 549.235453][T13290] ERROR: Out of memory at tomoyo_realpath_from_path. [ 550.896340][ C0] vkms_vblank_simulate: vblank timer overrun [ 551.781946][T13343] FAULT_INJECTION: forcing a failure. [ 551.781946][T13343] name failslab, interval 1, probability 0, space 0, times 0 [ 551.790359][T13343] CPU: 3 UID: 0 PID: 13343 Comm: syz.1.1822 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 551.795146][T13343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 551.799251][T13343] Call Trace: [ 551.800639][T13343] [ 551.802046][T13343] dump_stack_lvl+0x16c/0x1f0 [ 551.804239][T13343] should_fail_ex+0x497/0x5b0 [ 551.806376][T13343] ? fs_reclaim_acquire+0xae/0x160 [ 551.808658][T13343] should_failslab+0xc2/0x120 [ 551.811040][T13343] __kmalloc_cache_noprof+0x6b/0x310 [ 551.813168][T13343] ? disk_seqf_start+0x68/0x180 [ 551.815115][T13343] disk_seqf_start+0x68/0x180 [ 551.817573][T13343] show_partition_start+0x1e/0xc0 [ 551.820035][T13343] seq_read_iter+0x2b1/0x12c0 [ 551.822618][T13343] proc_reg_read_iter+0x223/0x310 [ 551.825231][T13343] copy_splice_read+0x615/0xb80 [ 551.827960][T13343] ? __pfx_copy_splice_read+0x10/0x10 [ 551.830539][T13343] ? __pfx_register_lock_class+0x10/0x10 [ 551.833093][T13343] ? __pfx_copy_splice_read+0x10/0x10 [ 551.835470][T13343] do_splice_read+0x294/0x380 [ 551.837609][T13343] splice_direct_to_actor+0x2a4/0xa40 [ 551.839981][T13343] ? __pfx_direct_splice_actor+0x10/0x10 [ 551.842482][T13343] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 551.845146][T13343] ? __fget_files+0x24c/0x400 [ 551.847468][T13343] ? __pfx_lock_release+0x10/0x10 [ 551.849813][T13343] do_splice_direct+0x17e/0x250 [ 551.851798][T13343] ? __pfx_do_splice_direct+0x10/0x10 [ 551.854242][T13343] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 551.856888][T13343] do_sendfile+0xb1e/0xe50 [ 551.858919][T13343] ? __pfx_do_sendfile+0x10/0x10 [ 551.861266][T13343] ? __pfx___might_resched+0x10/0x10 [ 551.863661][T13343] ? __might_fault+0xe3/0x190 [ 551.865750][T13343] __ia32_compat_sys_sendfile+0x163/0x230 [ 551.868242][T13343] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 551.870945][T13343] __do_fast_syscall_32+0x73/0x120 [ 551.873213][T13343] do_fast_syscall_32+0x32/0x80 [ 551.875517][T13343] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 551.878733][T13343] RIP: 0023:0xf7f66579 [ 551.880979][T13343] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 551.892622][T13343] RSP: 002b:00000000f56f556c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 551.897561][T13343] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000005 [ 551.900932][T13343] RDX: 00000000200000c0 RSI: 0000000000000005 RDI: 0000000000000000 [ 551.904396][T13343] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 551.907960][T13343] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 551.911368][T13343] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 551.914840][T13343] [ 553.629158][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.388495][T13399] xt_connbytes: Forcing CT accounting to be enabled [ 555.403159][T13399] xt_CT: You must specify a L4 protocol and not use inversions on it [ 555.409895][T13399] FAULT_INJECTION: forcing a failure. [ 555.409895][T13399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 555.419238][T13399] CPU: 1 UID: 0 PID: 13399 Comm: syz.3.1839 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 555.424001][T13399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 555.430394][T13399] Call Trace: [ 555.432101][T13399] [ 555.433567][T13399] dump_stack_lvl+0x16c/0x1f0 [ 555.435815][T13399] should_fail_ex+0x497/0x5b0 [ 555.438087][T13399] _copy_from_user+0x30/0xf0 [ 555.440068][T13399] get_compat_msghdr+0xa8/0x170 [ 555.442233][T13399] ? __pfx_get_compat_msghdr+0x10/0x10 [ 555.444587][T13399] ? kfree+0x245/0x3b0 [ 555.446451][T13399] ? find_held_lock+0x2d/0x110 [ 555.448527][T13399] ___sys_recvmsg+0x193/0x1a0 [ 555.450592][T13399] ? __pfx____sys_recvmsg+0x10/0x10 [ 555.452907][T13399] ? __pfx___might_resched+0x10/0x10 [ 555.455185][T13399] ? __fget_light+0x173/0x210 [ 555.457244][T13399] do_recvmmsg+0x51a/0x750 [ 555.458990][T13399] ? __pfx_do_recvmmsg+0x10/0x10 [ 555.460822][T13399] ? __pfx_lock_release+0x10/0x10 [ 555.462936][T13399] ? vfs_write+0x14d/0x1140 [ 555.464813][T13399] __sys_recvmmsg+0x21e/0x280 [ 555.466675][T13399] ? __pfx___sys_recvmmsg+0x10/0x10 [ 555.468892][T13399] ? __pfx_ksys_write+0x10/0x10 [ 555.470978][T13399] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 555.473575][T13399] ? lockdep_hardirqs_on+0x7c/0x110 [ 555.475877][T13399] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 555.478820][T13399] __do_fast_syscall_32+0x73/0x120 [ 555.481101][T13399] do_fast_syscall_32+0x32/0x80 [ 555.483278][T13399] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 555.486077][T13399] RIP: 0023:0xf7fb0579 [ 555.487890][T13399] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 555.496241][T13399] RSP: 002b:00000000f56e456c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 555.500040][T13399] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000200066c0 [ 555.503390][T13399] RDX: 0000000000000a0d RSI: 0000000000000000 RDI: 0000000000000000 [ 555.506653][T13399] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 555.509842][T13399] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 555.512943][T13399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 555.516244][T13399] [ 556.044034][T13402] FAULT_INJECTION: forcing a failure. [ 556.044034][T13402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 556.088062][T13402] CPU: 3 UID: 0 PID: 13402 Comm: syz.1.1840 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 556.093960][T13402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 556.100377][T13402] Call Trace: [ 556.101845][T13402] [ 556.103125][T13402] dump_stack_lvl+0x16c/0x1f0 [ 556.105175][T13402] should_fail_ex+0x497/0x5b0 [ 556.107121][T13402] _copy_from_user+0x30/0xf0 [ 556.108786][T13402] bpf_test_init.isra.0+0xf1/0x150 [ 556.110658][T13402] bpf_prog_test_run_xdp+0x4f6/0x1530 [ 556.112856][T13402] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 556.115344][T13402] ? fput+0x32/0x390 [ 556.117002][T13402] ? __bpf_prog_get+0xa0/0x2f0 [ 556.119256][T13402] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 556.121517][T13402] __sys_bpf+0x141f/0x5600 [ 556.123204][T13402] ? __pfx___sys_bpf+0x10/0x10 [ 556.125281][T13402] ? ksys_write+0x12f/0x260 [ 556.127281][T13402] ? find_held_lock+0x2d/0x110 [ 556.129411][T13402] ? ksys_write+0x21c/0x260 [ 556.131770][T13402] ? __pfx_lock_release+0x10/0x10 [ 556.133933][T13402] ? vfs_write+0x14d/0x1140 [ 556.135874][T13402] ? __mutex_unlock_slowpath+0x164/0x650 [ 556.138359][T13402] ? fput+0x32/0x390 [ 556.140178][T13402] ? ksys_write+0x1ab/0x260 [ 556.142326][T13402] ? __pfx_ksys_write+0x10/0x10 [ 556.144452][T13402] __ia32_sys_bpf+0x76/0xe0 [ 556.146334][T13402] __do_fast_syscall_32+0x73/0x120 [ 556.148648][T13402] do_fast_syscall_32+0x32/0x80 [ 556.150755][T13402] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 556.153663][T13402] RIP: 0023:0xf7f66579 [ 556.155210][T13402] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 556.162678][T13402] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 556.166297][T13402] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200002c0 [ 556.169686][T13402] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000 [ 556.173108][T13402] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 556.176764][T13402] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 556.180372][T13402] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 556.183336][T13402] [ 558.932423][ T39] audit: type=1800 audit(1723265468.847:4518): pid=13452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.1854" name="/newroot/138/file0" dev="tmpfs" ino=861 res=0 errno=0 [ 559.610834][T13461] FAULT_INJECTION: forcing a failure. [ 559.610834][T13461] name failslab, interval 1, probability 0, space 0, times 0 [ 559.616215][T13461] CPU: 0 UID: 0 PID: 13461 Comm: syz.0.1856 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 559.620713][T13461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 559.624881][T13461] Call Trace: [ 559.626365][T13461] [ 559.627651][T13461] dump_stack_lvl+0x16c/0x1f0 [ 559.629798][T13461] should_fail_ex+0x497/0x5b0 [ 559.631832][T13461] ? fs_reclaim_acquire+0xae/0x160 [ 559.634037][T13461] should_failslab+0xc2/0x120 [ 559.636048][T13461] kmem_cache_alloc_node_noprof+0x71/0x310 [ 559.638543][T13461] ? __alloc_skb+0x2b3/0x380 [ 559.640589][T13461] __alloc_skb+0x2b3/0x380 [ 559.642373][T13461] ? __pfx___alloc_skb+0x10/0x10 [ 559.644384][T13461] ? __pfx___might_resched+0x10/0x10 [ 559.646639][T13461] netlink_alloc_large_skb+0x69/0x130 [ 559.648913][T13461] netlink_sendmsg+0x689/0xd70 [ 559.651051][T13461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 559.653379][T13461] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 559.655591][T13461] ____sys_sendmsg+0x9b4/0xb50 [ 559.657655][T13461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 559.659985][T13461] ? get_compat_msghdr+0x11b/0x170 [ 559.662271][T13461] ? __pfx___lock_acquire+0x10/0x10 [ 559.664463][T13461] ___sys_sendmsg+0x135/0x1e0 [ 559.666382][T13461] ? __pfx____sys_sendmsg+0x10/0x10 [ 559.668361][T13461] ? ksys_write+0x21c/0x260 [ 559.673728][T13461] ? __fget_light+0x173/0x210 [ 559.675897][T13461] __sys_sendmsg+0x117/0x1f0 [ 559.678507][T13461] ? __pfx___sys_sendmsg+0x10/0x10 [ 559.681808][T13461] __do_fast_syscall_32+0x73/0x120 [ 559.684961][T13461] do_fast_syscall_32+0x32/0x80 [ 559.687934][T13461] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 559.690663][T13461] RIP: 0023:0xf7f26579 [ 559.692380][T13461] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 559.701663][T13461] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 559.706370][T13461] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 559.709893][T13461] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 559.713198][T13461] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 559.716845][T13461] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 559.720622][T13461] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 559.724796][T13461] [ 559.727306][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.793839][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.798036][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.064859][T13491] (syz.1.1864,13491,3):dlmfs_mkdir:420 ERROR: invalid domain name for directory. [ 564.303509][T13510] fuse: Bad value for 'rootmode' [ 564.417054][T13510] FAULT_INJECTION: forcing a failure. [ 564.417054][T13510] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 564.422468][T13510] CPU: 3 UID: 0 PID: 13510 Comm: syz.0.1870 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 564.427221][T13510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 564.439816][T13510] Call Trace: [ 564.441469][T13510] [ 564.443282][T13510] dump_stack_lvl+0x16c/0x1f0 [ 564.446039][T13510] should_fail_ex+0x497/0x5b0 [ 564.448258][T13510] _copy_from_user+0x30/0xf0 [ 564.450352][T13510] __sys_bpf+0x239/0x5600 [ 564.452537][T13510] ? __pfx___sys_bpf+0x10/0x10 [ 564.455431][T13510] ? bstr_printf+0x336/0x1060 [ 564.457600][T13510] ? __pfx_bstr_printf+0x10/0x10 [ 564.460160][T13510] ? proc_fail_nth_write+0xa0/0x270 [ 564.462804][T13510] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 564.465639][T13510] ? rcu_is_watching+0x12/0xc0 [ 564.468214][T13510] ? trace_bpf_trace_printk+0x169/0x1e0 [ 564.471300][T13510] ? bpf_bprintf_cleanup+0x6d/0xd0 [ 564.474172][T13510] ? bpf_trace_printk+0x127/0x190 [ 564.477242][T13510] ? find_held_lock+0x2d/0x110 [ 564.480278][T13510] ? bpf_trace_run2+0x266/0x590 [ 564.482824][T13510] ? __pfx_lock_release+0x10/0x10 [ 564.485586][T13510] ? __pfx_vfs_write+0x10/0x10 [ 564.488196][T13510] ? ksys_write+0x1ab/0x260 [ 564.490380][T13510] __ia32_sys_bpf+0x76/0xe0 [ 564.493181][T13510] __do_fast_syscall_32+0x73/0x120 [ 564.496084][T13510] do_fast_syscall_32+0x32/0x80 [ 564.498294][T13510] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 564.501334][T13510] RIP: 0023:0xf7f26579 [ 564.503141][T13510] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 564.514089][T13510] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 564.518448][T13510] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000020000680 [ 564.522667][T13510] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 564.526887][T13510] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 564.530784][T13510] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 564.535146][T13510] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 564.539217][T13510] [ 564.667899][T13518] fuse: Bad value for 'rootmode' [ 567.599823][ T35] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 567.799780][ T35] usb 5-1: Using ep0 maxpacket: 32 [ 567.807702][ T35] usb 5-1: string descriptor 0 read error: -22 [ 567.812720][ T35] usb 5-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=b2.bf [ 567.816627][ T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.822884][ T35] usb 5-1: config 0 descriptor?? [ 568.043348][T13445] usb 5-1: USB disconnect, device number 12 [ 568.569912][ T10] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 568.679917][ T5216] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 568.751873][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 568.756153][ T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 568.765799][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 568.769879][ T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 568.776932][ T10] usb 7-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 568.781010][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.784655][ T10] usb 7-1: Product: syz [ 568.786453][ T10] usb 7-1: Manufacturer: syz [ 568.788386][ T10] usb 7-1: SerialNumber: syz [ 568.794059][ T10] usb 7-1: config 0 descriptor?? [ 568.798247][ T10] kvaser_usb 7-1:0.0: CMD_MAP_CHANNEL_REQ failed for CAN0 [ 568.801002][ T10] kvaser_usb 7-1:0.0: Failed to initialize card, error -90 [ 568.803885][ T10] kvaser_usb 7-1:0.0: probe with driver kvaser_usb failed with error -90 [ 568.860166][ T5216] usb 6-1: Using ep0 maxpacket: 32 [ 568.867016][ T5216] usb 6-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 568.871139][ T5216] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.874697][ T5216] usb 6-1: Product: syz [ 568.876336][ T5216] usb 6-1: Manufacturer: syz [ 568.877976][ T5216] usb 6-1: SerialNumber: syz [ 568.881002][ T5216] usb 6-1: config 0 descriptor?? [ 569.005154][T13445] usb 7-1: USB disconnect, device number 19 [ 569.496157][ T5216] (unnamed net_device) (uninitialized): Assigned a random MAC address: 8a:92:c7:b3:8b:08 [ 569.501378][T13554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 569.505338][T13554] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 569.537117][ T5216] rtl8150 6-1:0.0: eth2: rtl8150 is detected [ 569.548787][ T5216] usb 6-1: USB disconnect, device number 18 [ 569.859984][ T30] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 570.060638][ T30] usb 7-1: Using ep0 maxpacket: 8 [ 570.066513][ T30] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 570.070461][ T30] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 570.074799][ T30] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 570.079178][ T30] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 570.085188][ T30] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 570.092259][ T30] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 570.096569][ T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.339625][ T30] usb 7-1: GET_CAPABILITIES returned 0 [ 570.342976][ T30] usbtmc 7-1:16.0: can't read capabilities [ 570.545205][ T30] usb 7-1: USB disconnect, device number 20 [ 571.446935][T13603] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 575.258483][T13658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 575.410705][T13662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 575.423385][T13662] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1925'. [ 575.447615][T13662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 575.691568][T13673] netlink: 'syz.2.1930': attribute type 10 has an invalid length. [ 575.728869][T13673] team0: Port device wlan1 added [ 576.141350][T13684] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1927'. [ 576.937870][T13708] netlink: 'syz.1.1944': attribute type 10 has an invalid length. [ 576.947346][T13709] netlink: 'syz.3.1945': attribute type 3 has an invalid length. [ 576.949751][T13708] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1944'. [ 576.950934][T13709] netlink: 'syz.3.1945': attribute type 7 has an invalid length. [ 576.969818][T13709] netlink: 198180 bytes leftover after parsing attributes in process `syz.3.1945'. [ 577.608947][T13732] netlink: 'syz.1.1954': attribute type 10 has an invalid length. [ 577.623901][T13732] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.627624][T13732] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.664746][T13732] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.668417][T13732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.673323][T13732] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.676534][T13732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 577.708857][T13732] team0: Port device bridge0 added [ 580.169831][ T5397] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 580.361590][ T5397] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 580.369495][ T5397] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 580.378252][ T5397] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 580.385264][ T5397] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 580.392047][ T5397] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 580.395780][ T5397] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.411163][ T5397] usb 6-1: config 0 descriptor?? [ 580.414445][T13760] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 581.095987][T13760] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 581.135184][T13760] overlay: Unknown parameter 'subj_role' [ 581.167723][ T5397] usbhid 6-1:0.0: can't add hid device: -71 [ 581.176670][ T5397] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 581.264262][ T5397] usb 6-1: USB disconnect, device number 19 [ 585.039872][ T30] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 585.249823][ T30] usb 6-1: Using ep0 maxpacket: 32 [ 585.254509][ T30] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 585.258347][ T30] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 585.263028][ T30] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 585.267634][ T30] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 585.272775][ T30] usb 6-1: config 0 interface 0 has no altsetting 0 [ 585.277276][ T30] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 585.283106][ T30] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 585.286792][ T30] usb 6-1: Product: syz [ 585.288757][ T30] usb 6-1: Manufacturer: syz [ 585.290718][ T30] usb 6-1: SerialNumber: syz [ 585.296488][ T30] usb 6-1: config 0 descriptor?? [ 585.308427][ T30] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 585.315644][ T30] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 585.349933][ T4767] Bluetooth: hci1: command 0x0406 tx timeout [ 587.775549][T13445] usb 6-1: USB disconnect, device number 20 [ 587.785850][T13445] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 606.749853][ T5216] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 606.936835][ T5216] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 606.953417][ T5216] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 606.969044][ T5216] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 606.979937][ T5216] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 606.985347][ T5216] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 606.990233][ T5216] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.001131][ T5216] usb 5-1: config 0 descriptor?? [ 607.005765][T14159] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 607.441647][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.445421][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.448663][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.452478][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.456355][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.459593][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.462593][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.465634][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.476614][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.486051][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.494084][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.501347][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.507936][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.511852][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.517751][ T5216] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 607.523247][ T5216] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 607.532964][ T5216] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 607.667789][T14159] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 607.695035][T14159] overlay: Unknown parameter 'subj_role' [ 607.706303][ T5216] usb 5-1: USB disconnect, device number 13 [ 609.593538][ T5397] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 609.792086][ T5397] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 609.797202][ T5397] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 609.816878][ T5397] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 609.849499][ T5397] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 609.867706][ T5397] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 609.889309][ T5397] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.904528][ T5397] usb 5-1: config 0 descriptor?? [ 609.908213][T14200] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 610.340714][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.344158][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.347614][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.351024][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.355009][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.358408][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.362090][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.365467][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.368864][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.372743][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.376206][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.379589][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.383413][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.386655][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.390985][ T5397] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 610.394952][ T5397] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving [ 610.412096][ T5397] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 610.574214][T14200] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 610.590955][T14200] overlay: Unknown parameter 'subj_role' [ 610.603459][ T5396] usb 5-1: USB disconnect, device number 14 [ 612.569881][T13445] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 612.754095][T13445] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 612.759201][T13445] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 612.766517][T13445] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 612.771577][T13445] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 612.777233][T13445] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 612.781134][T13445] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.786254][T13445] usb 5-1: config 0 descriptor?? [ 612.790685][T14254] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 613.223467][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.226806][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.240464][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.243674][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.246820][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.260202][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.269912][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.273054][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.276136][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.279283][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.299803][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.302956][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.306078][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.309179][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.313327][T13445] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 613.317128][T13445] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 613.324147][T13445] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 613.445507][T14254] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 613.459979][T14254] overlay: Unknown parameter 'subj_role' [ 613.475635][ T5216] usb 5-1: USB disconnect, device number 15 [ 615.149994][ T6377] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 615.341852][ T6377] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 615.346804][ T6377] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 615.360020][ T6377] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 615.364159][ T6377] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 615.368479][ T6377] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 615.409320][ T6377] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.418691][ T6377] usb 5-1: config 0 descriptor?? [ 615.424029][T14306] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 615.852657][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.855615][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.858888][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.867750][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.870847][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.874202][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.877644][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.882481][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.888539][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.892374][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.895480][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.898842][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.902616][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.908981][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.915973][ T6377] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 615.920529][ T6377] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving [ 615.931572][ T6377] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 616.099581][T14306] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 616.116247][T14306] overlay: Unknown parameter 'subj_role' [ 616.127196][ T5216] usb 5-1: USB disconnect, device number 16 [ 618.691334][ T6377] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 618.888044][ T6377] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 618.899614][ T6377] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 618.904759][ T6377] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 618.909660][ T6377] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 618.917536][ T6377] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 618.927180][ T6377] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.933053][ T6377] usb 6-1: config 0 descriptor?? [ 618.936171][T14371] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 619.368995][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.372922][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.377565][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.380807][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.383893][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.387130][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.390358][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.393455][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.396541][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.400070][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.404418][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.407565][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.411137][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.414297][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.417481][ T6377] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 619.421927][ T6377] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving [ 619.428267][ T6377] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 619.604447][T14371] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 619.622088][T14371] overlay: Unknown parameter 'subj_role' [ 619.635201][T13445] usb 6-1: USB disconnect, device number 21 [ 621.823419][T14443] [ 621.824298][T14443] ====================================================== [ 621.826620][T14443] WARNING: possible circular locking dependency detected [ 621.828954][T14443] 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 Not tainted [ 621.831977][T14443] ------------------------------------------------------ [ 621.835467][T14443] syz.2.2175/14443 is trying to acquire lock: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 621.837705][T14443] ffff88803fffece0 (&pgdat->kswapd_wait){..-.}-{2:2}, at: __wake_up+0x1c/0x60 [ 621.840861][T14443] [ 621.840861][T14443] but task is already holding lock: [ 621.843440][T14443] ffff88807006a1f8 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xc7/0xdb0 [ 621.846875][T14443] [ 621.846875][T14443] which lock already depends on the new lock. [ 621.846875][T14443] [ 621.850774][T14443] [ 621.850774][T14443] the existing dependency chain (in reverse order) is: [ 621.854133][T14443] [ 621.854133][T14443] -> #3 (&trie->lock){....}-{2:2}: [ 621.856924][T14443] _raw_spin_lock_irqsave+0x3a/0x60 [ 621.859078][T14443] trie_delete_elem+0xb0/0x820 [ 621.861187][T14443] bpf_prog_fd1c08474244ab59+0x36/0x68 [ 621.863511][T14443] bpf_trace_run4+0x245/0x5a0 [ 621.865235][T14443] __traceiter_sched_switch+0x6c/0xc0 [ 621.866995][T14443] __schedule+0x17cf/0x5490 [ 621.868504][T14443] schedule_idle+0x59/0x90 [ 621.869997][T14443] do_idle+0x287/0x3f0 [ 621.871371][T14443] cpu_startup_entry+0x4f/0x60 [ 621.872964][T14443] start_secondary+0x220/0x2b0 [ 621.874527][T14443] common_startup_64+0x13e/0x148 [ 621.876171][T14443] [ 621.876171][T14443] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 621.878351][T14443] _raw_spin_lock_nested+0x31/0x40 [ 621.880050][T14443] raw_spin_rq_lock_nested+0x29/0x130 [ 621.881808][T14443] task_fork_fair+0x73/0x250 [ 621.883329][T14443] sched_cgroup_fork+0x3cf/0x510 [ 621.884962][T14443] copy_process+0x4710/0x6f50 [ 621.886507][T14443] kernel_clone+0xfd/0x980 [ 621.887921][T14443] user_mode_thread+0xb4/0xf0 [ 621.889325][T14443] rest_init+0x23/0x2b0 [ 621.890810][T14443] start_kernel+0x3df/0x4c0 [ 621.892314][T14443] x86_64_start_reservations+0x18/0x30 [ 621.894079][T14443] x86_64_start_kernel+0xb2/0xc0 [ 621.895691][T14443] common_startup_64+0x13e/0x148 [ 621.897310][T14443] [ 621.897310][T14443] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 621.899463][T14443] _raw_spin_lock_irqsave+0x3a/0x60 [ 621.901157][T14443] try_to_wake_up+0x9a/0x13e0 [ 621.902684][T14443] autoremove_wake_function+0x16/0x150 [ 621.904448][T14443] __wake_up_common+0x131/0x1e0 [ 621.906034][T14443] __wake_up+0x31/0x60 [ 621.907394][T14443] wakeup_kswapd+0x45e/0x640 [ 621.908910][T14443] get_page_from_freelist+0x9bb/0x2e50 [ 621.910694][T14443] __alloc_pages_noprof+0x22b/0x2460 [ 621.912420][T14443] alloc_pages_mpol_noprof+0x275/0x610 [ 621.914172][T14443] folio_alloc_mpol_noprof+0x36/0xd0 [ 621.915910][T14443] vma_alloc_folio_noprof+0xee/0x1b0 [ 621.917639][T14443] __handle_mm_fault+0x2d18/0x5360 [ 621.919299][T14443] handle_mm_fault+0x44e/0x7b0 [ 621.920900][T14443] do_user_addr_fault+0x60d/0x13f0 [ 621.922485][T14443] exc_page_fault+0x5c/0xc0 [ 621.924077][T14443] asm_exc_page_fault+0x26/0x30 [ 621.926067][T14443] [ 621.926067][T14443] -> #0 (&pgdat->kswapd_wait){..-.}-{2:2}: [ 621.929015][T14443] __lock_acquire+0x24ed/0x3cb0 [ 621.931003][T14443] lock_acquire+0x1b1/0x560 [ 621.932876][T14443] _raw_spin_lock_irqsave+0x3a/0x60 [ 621.935000][T14443] __wake_up+0x1c/0x60 [ 621.936723][T14443] wakeup_kswapd+0x45e/0x640 [ 621.938629][T14443] get_page_from_freelist+0x9bb/0x2e50 [ 621.940858][T14443] __alloc_pages_noprof+0x22b/0x2460 [ 621.943004][T14443] ___kmalloc_large_node+0x7f/0x1a0 [ 621.945126][T14443] __kmalloc_large_node_noprof+0x1c/0x70 [ 621.947391][T14443] __kmalloc_node_noprof.cold+0x5/0x5f [ 621.949643][T14443] bpf_map_kmalloc_node+0x98/0x4a0 [ 621.951745][T14443] trie_update_elem+0x1ef/0xdb0 [ 621.953714][T14443] bpf_map_update_value+0x2c1/0x6c0 [ 621.955843][T14443] generic_map_update_batch+0x454/0x5f0 [ 621.958114][T14443] bpf_map_do_batch+0x615/0x6e0 [ 621.960058][T14443] __sys_bpf+0x1fad/0x5600 [ 621.961633][T14443] __ia32_sys_bpf+0x76/0xe0 [ 621.963131][T14443] __do_fast_syscall_32+0x73/0x120 [ 621.964817][T14443] do_fast_syscall_32+0x32/0x80 [ 621.966416][T14443] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 621.968448][T14443] [ 621.968448][T14443] other info that might help us debug this: [ 621.968448][T14443] [ 621.971404][T14443] Chain exists of: [ 621.971404][T14443] &pgdat->kswapd_wait --> &rq->__lock --> &trie->lock [ 621.971404][T14443] [ 621.975132][T14443] Possible unsafe locking scenario: [ 621.975132][T14443] [ 621.977349][T14443] CPU0 CPU1 [ 621.978934][T14443] ---- ---- [ 621.980559][T14443] lock(&trie->lock); [ 621.981740][T14443] lock(&rq->__lock); [ 621.983664][T14443] lock(&trie->lock); [ 621.985592][T14443] lock(&pgdat->kswapd_wait); [ 621.987012][T14443] [ 621.987012][T14443] *** DEADLOCK *** [ 621.987012][T14443] [ 621.989386][T14443] 2 locks held by syz.2.2175/14443: [ 621.990958][T14443] #0: ffffffff8ddb9420 (rcu_read_lock){....}-{1:2}, at: bpf_map_update_value+0x24b/0x6c0 [ 621.993867][T14443] #1: ffff88807006a1f8 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xc7/0xdb0 [ 621.996773][T14443] [ 621.996773][T14443] stack backtrace: [ 621.998563][T14443] CPU: 0 UID: 0 PID: 14443 Comm: syz.2.2175 Not tainted 6.11.0-rc2-syzkaller-00194-gafdab700f65e #0 [ 622.001764][T14443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 622.004955][T14443] Call Trace: [ 622.005961][T14443] [ 622.006846][T14443] dump_stack_lvl+0x116/0x1f0 [ 622.008309][T14443] check_noncircular+0x31a/0x400 [ 622.009805][T14443] ? __pfx_check_noncircular+0x10/0x10 [ 622.011432][T14443] ? mark_lock+0xb5/0xc60 [ 622.012747][T14443] ? mark_lock+0xb5/0xc60 [ 622.014075][T14443] ? __lock_acquire+0xbdd/0x3cb0 [ 622.015597][T14443] ? lockdep_lock+0xc6/0x200 [ 622.017605][T14443] ? __pfx_lockdep_lock+0x10/0x10 [ 622.019128][T14443] __lock_acquire+0x24ed/0x3cb0 [ 622.020619][T14443] ? __pfx___lock_acquire+0x10/0x10 [ 622.022185][T14443] ? set_pfnblock_flags_mask+0x290/0x480 [ 622.023853][T14443] ? __mod_zone_page_state+0xcc/0x1a0 [ 622.025434][T14443] lock_acquire+0x1b1/0x560 [ 622.026789][T14443] ? __wake_up+0x1c/0x60 [ 622.028324][T14443] ? __pfx_lock_acquire+0x10/0x10 [ 622.029894][T14443] ? rcu_is_watching+0x12/0xc0 [ 622.031324][T14443] ? trace_mm_page_alloc_zone_locked+0x123/0x190 [ 622.033206][T14443] ? find_held_lock+0x2d/0x110 [ 622.034946][T14443] ? __zone_watermark_ok+0x252/0x4d0 [ 622.036530][T14443] _raw_spin_lock_irqsave+0x3a/0x60 [ 622.038094][T14443] ? __wake_up+0x1c/0x60 [ 622.039357][T14443] __wake_up+0x1c/0x60 [ 622.040613][T14443] wakeup_kswapd+0x45e/0x640 [ 622.041990][T14443] get_page_from_freelist+0x9bb/0x2e50 [ 622.043645][T14443] ? __pfx_get_page_from_freelist+0x10/0x10 [ 622.045388][T14443] ? prepare_alloc_pages.constprop.0+0x412/0x560 [ 622.047247][T14443] ? __pfx_mark_lock+0x10/0x10 [ 622.048673][T14443] __alloc_pages_noprof+0x22b/0x2460 [ 622.050253][T14443] ? hlock_class+0x4e/0x130 [ 622.051611][T14443] ? __lock_acquire+0xbdd/0x3cb0 [ 622.053097][T14443] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 622.054831][T14443] ? __pfx___lock_acquire+0x10/0x10 [ 622.056386][T14443] ? lock_acquire+0x1b1/0x560 [ 622.057803][T14443] ? find_held_lock+0x2d/0x110 [ 622.059225][T14443] ___kmalloc_large_node+0x7f/0x1a0 [ 622.060810][T14443] __kmalloc_large_node_noprof+0x1c/0x70 [ 622.062468][T14443] __kmalloc_node_noprof.cold+0x5/0x5f [ 622.064262][T14443] ? bpf_map_kmalloc_node+0x98/0x4a0 [ 622.065827][T14443] bpf_map_kmalloc_node+0x98/0x4a0 [ 622.067334][T14443] trie_update_elem+0x1ef/0xdb0 [ 622.068842][T14443] bpf_map_update_value+0x2c1/0x6c0 [ 622.070680][T14443] generic_map_update_batch+0x454/0x5f0 [ 622.072731][T14443] ? __pfx_generic_map_update_batch+0x10/0x10 [ 622.074954][T14443] ? __pfx_generic_map_update_batch+0x10/0x10 [ 622.077229][T14443] bpf_map_do_batch+0x615/0x6e0 [ 622.079031][T14443] __sys_bpf+0x1fad/0x5600 [ 622.080674][T14443] ? __pfx___sys_bpf+0x10/0x10 [ 622.082442][T14443] ? futex_wait+0x121/0x380 [ 622.084123][T14443] ? __pfx_futex_wait+0x10/0x10 [ 622.085916][T14443] ? __pfx_tty_ioctl+0x10/0x10 [ 622.087675][T14443] ? do_futex+0x123/0x350 [ 622.089261][T14443] ? __pfx_do_futex+0x10/0x10 [ 622.091057][T14443] ? __pfx___ia32_sys_futex_time32+0x10/0x10 [ 622.093269][T14443] __ia32_sys_bpf+0x76/0xe0 [ 622.094942][T14443] __do_fast_syscall_32+0x73/0x120 [ 622.096703][T14443] do_fast_syscall_32+0x32/0x80 [ 622.098162][T14443] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 622.100061][T14443] RIP: 0023:0xf7f56579 [ 622.101269][T14443] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 622.107040][T14443] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 622.109556][T14443] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000020000300 [ 622.111934][T14443] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 622.114419][T14443] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 622.117421][T14443] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 622.119815][T14443] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 622.122224][T14443] [ 622.123376][ C0] vkms_vblank_simulate: vblank timer overrun [ 622.548098][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.636402][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.708331][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.831966][ T13] bond0: (slave netdevsim0): Releasing backup interface [ 622.835538][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.919659][ T13] bridge_slave_1: left allmulticast mode [ 622.922223][ T13] bridge_slave_1: left promiscuous mode [ 622.924811][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.929363][ T13] bridge_slave_0: left allmulticast mode [ 622.931964][ T13] bridge_slave_0: left promiscuous mode [ 622.934635][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 623.145791][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 623.151233][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 623.156128][ T13] bond0 (unregistering): Released all slaves [ 623.478423][ T13] hsr_slave_0: left promiscuous mode [ 623.482241][ T13] hsr_slave_1: left promiscuous mode [ 623.485317][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 623.488716][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 623.493141][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 623.496796][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 623.502261][ T13] veth1_macvtap: left promiscuous mode [ 623.504820][ T13] veth0_macvtap: left promiscuous mode [ 623.507477][ T13] veth1_vlan: left promiscuous mode [ 623.511111][ T13] veth0_vlan: left promiscuous mode [ 623.575248][ T13] pimreg (unregistering): left allmulticast mode [ 623.756137][ T13] team0 (unregistering): Port device team_slave_1 removed [ 623.796333][ T13] team0 (unregistering): Port device team_slave_0 removed [ 624.233196][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.235368][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.322591][ T13] IPVS: stop unused estimator thread 0... [ 624.385106][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.449388][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.537323][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.584291][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.675902][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.760708][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.836808][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.906045][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.034756][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.087062][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.176084][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.245382][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.343367][ T13] bridge_slave_1: left allmulticast mode [ 625.345371][ T13] bridge_slave_1: left promiscuous mode [ 625.347342][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.352823][ T13] bridge_slave_0: left allmulticast mode [ 625.354782][ T13] bridge_slave_0: left promiscuous mode [ 625.356775][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.362171][ T13] bridge_slave_1: left allmulticast mode [ 625.364383][ T13] bridge_slave_1: left promiscuous mode [ 625.366383][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.369650][ T13] bridge_slave_0: left allmulticast mode [ 625.371905][ T13] bridge_slave_0: left promiscuous mode [ 625.374298][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.378638][ T13] bridge_slave_1: left allmulticast mode [ 625.381824][ T13] bridge_slave_1: left promiscuous mode [ 625.384195][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.387845][ T13] bridge_slave_0: left allmulticast mode [ 625.390429][ T13] bridge_slave_0: left promiscuous mode [ 625.392832][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.761580][ T13] team0: Port device bridge0 removed [ 625.835926][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.841868][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.846826][ T13] bond0 (unregistering): Released all slaves [ 625.858803][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.864389][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.869351][ T13] bond0 (unregistering): Released all slaves [ 625.880978][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.886435][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.893980][ T13] bond0 (unregistering): Released all slaves [ 626.005714][ T13] Κό: left promiscuous mode [ 626.283615][ T13] team0: Port device wlan1 removed [ 626.724892][ T13] hsr_slave_0: left promiscuous mode [ 626.727870][ T13] hsr_slave_1: left promiscuous mode [ 626.730262][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.732755][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.735665][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.738143][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.743352][ T13] hsr_slave_0: left promiscuous mode [ 626.745819][ T13] hsr_slave_1: left promiscuous mode [ 626.748863][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.754681][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.758582][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.762140][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.769090][ T13] hsr_slave_0: left promiscuous mode [ 626.774152][ T13] hsr_slave_1: left promiscuous mode [ 626.777226][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.780540][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.784761][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.788021][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.798707][ T13] veth1_macvtap: left promiscuous mode [ 626.802189][ T13] veth0_macvtap: left promiscuous mode [ 626.804780][ T13] veth1_vlan: left promiscuous mode [ 626.807171][ T13] veth0_vlan: left promiscuous mode [ 626.812049][ T13] veth1_macvtap: left promiscuous mode [ 626.814526][ T13] veth0_macvtap: left promiscuous mode [ 626.817089][ T13] veth1_vlan: left promiscuous mode [ 626.819496][ T13] veth0_vlan: left promiscuous mode [ 626.822950][ T13] veth1_macvtap: left promiscuous mode [ 626.825427][ T13] veth0_macvtap: left promiscuous mode [ 626.827976][ T13] veth1_vlan: left promiscuous mode [ 626.830671][ T13] veth0_vlan: left promiscuous mode [ 627.199147][ T13] team0 (unregistering): Port device team_slave_1 removed [ 627.250539][ T13] team0 (unregistering): Port device team_slave_0 removed [ 627.632401][ T13] team0 (unregistering): Port device team_slave_1 removed [ 627.676863][ T13] team0 (unregistering): Port device team_slave_0 removed [ 627.992036][ T13] team0 (unregistering): Port device team_slave_1 removed [ 628.033339][ T13] team0 (unregistering): Port device team_slave_0 removed [ 628.233826][ T13] smc: removing net device lo with user defined pnetid SYZ2 [ 629.248555][ T13] IPVS: stop unused estimator thread 0... [ 629.252432][ T13] IPVS: stop unused estimator thread 0... [ 629.255891][ T13] IPVS: stop unused estimator thread 0... VM DIAGNOSIS: 04:52:11 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fa72f5 RDI=ffffffff9511c340 RBP=ffffffff9511c300 RSP=ffffc90003fb6c88 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e31312e36 R12=0000000000000000 R13=0000000000000074 R14=ffffffff84fa7290 R15=0000000000000000 RIP=ffffffff84fa731f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c000000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000201c0000 CR3=0000000029698000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000001287a9c RBX=0000000000000001 RCX=ffffffff8b065bd9 RDX=ffffed1005826fda RSI=ffffffff8bb04760 RDI=ffffffff81634ddc RBP=ffffed1002ce1910 RSP=ffffc90000477e08 R8 =0000000000000000 R9 =ffffed1005826fd9 R10=ffff88802c137ecb R11=0000000000000001 R12=0000000000000001 R13=ffff88801670c880 R14=ffffffff901121d8 R15=0000000000000000 RIP=ffffffff8b066fcf RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002001d000 CR3=0000000051a42000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000002f0eec RBX=0000000000000002 RCX=ffffffff8b065bd9 RDX=ffffed1005846fda RSI=ffffffff8bb04760 RDI=ffffffff81634ddc RBP=ffffed1002cf4000 RSP=ffffc90000487e08 R8 =0000000000000000 R9 =ffffed1005846fd9 R10=ffff88802c237ecb R11=0000000000000001 R12=0000000000000002 R13=ffff8880167a0000 R14=ffffffff901121d8 R15=0000000000000000 RIP=ffffffff8b066fcf RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000562fbb653000 CR3=000000001cca8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000391000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb ZMM22=ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ZMM23=b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a ZMM24=eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 ZMM25=f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 ZMM26=181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 ZMM27=d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef ZMM28=000001f0000001ef 000001ee000001ed 000001ec000001eb 000001ea000001e9 000001e8000001e7 000001e6000001e5 000001e4000001e3 000001e2000001e1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 info registers vcpu 3 CPU#3 RAX=0000000000035215 RBX=ffffc9000317efb0 RCX=ffffffff813c904d RDX=000000000009f63f RSI=ffffffff813c905b RDI=ffffffff9159d80c RBP=0000000000000001 RSP=ffffc9000317ef30 R8 =0000000000000004 R9 =000000000000f236 R10=00000000000a4000 R11=dffffc0000000000 R12=ffffffff81f2363e R13=ffffffff90ae4032 R14=0000000000035215 R15=ffffc9000317efe5 RIP=ffffffff813c90ed RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ffa8a4dcd00 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000562fbb679000 CR3=000000001cca8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb d60b91cbd60b91cb ZMM22=ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ad6668b8ad6668b8 ZMM23=b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a b760223ab760223a ZMM24=eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 eb7fd3c2eb7fd3c2 ZMM25=f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 f505cf95f505cf95 ZMM26=181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 181d0066181d0066 ZMM27=d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef d816deefd816deef ZMM28=000001f0000001ef 000001ee000001ed 000001ec000001eb 000001ea000001e9 000001e8000001e7 000001e6000001e5 000001e4000001e3 000001e2000001e1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000 d61b0000d61b0000