last executing test programs: 1.480745423s ago: executing program 0 (id=1687): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r0}, &(0x7f0000000200), &(0x7f00000002c0)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r5, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'}) ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f00000001c0)={'syzkaller0\x00', @random="110000000002"}) 1.398215142s ago: executing program 3 (id=1691): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x7, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) close(r3) 1.396506107s ago: executing program 0 (id=1692): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lsm, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r3}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c", 0xd4d}], 0x1}, 0x0) 1.338937387s ago: executing program 0 (id=1694): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb96f37538e486dd637208"], 0xe) 1.280159041s ago: executing program 2 (id=1698): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c", 0xd4d}], 0x1}, 0x0) 1.280012316s ago: executing program 1 (id=1699): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100006cc70000000000000000ea04850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xb, 0x42, 0x9c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.279756419s ago: executing program 2 (id=1700): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0x20}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040000000800"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) 1.218638618s ago: executing program 3 (id=1701): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.218492868s ago: executing program 1 (id=1702): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@typedef={0x4, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x61, 0x2e]}}, &(0x7f0000000700)=""/4096, 0x2b, 0x1000, 0x2, 0x0, 0x0, @void, @value}, 0x28) 1.217464068s ago: executing program 1 (id=1703): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0xa, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 1.158603133s ago: executing program 3 (id=1704): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) close(r0) 360.738998ms ago: executing program 2 (id=1705): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x35, 0x3, 0x3}, {}, {0x25}, {0x60}, {0x6}]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x200001ef, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x2101) sendmsg$unix(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f00000001c0)='D', 0x33fe0}], 0x1}, 0x20000040) sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg(r1, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0) 130.805951ms ago: executing program 1 (id=1706): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="04000000040000000400000002"], 0x48) close(r3) 130.606739ms ago: executing program 1 (id=1707): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000300)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000540)='task_rename\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20) 130.495075ms ago: executing program 0 (id=1708): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[], 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) close(0x3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$TUNGETDEVNETNS(r1, 0x8982, 0x20000000) 57.278161ms ago: executing program 1 (id=1709): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 56.945174ms ago: executing program 0 (id=1710): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 56.753688ms ago: executing program 2 (id=1711): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0x31) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x143ffe, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f00000000c0)={r2, &(0x7f0000000180), 0x0}, 0x20) 56.629747ms ago: executing program 3 (id=1712): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@struct={0x6, 0x0, 0x0, 0x4, 0x1, 0x8}]}, {0x0, [0x0, 0x2e, 0x0, 0x61, 0x2e, 0x2e]}}, &(0x7f00000001c0)=""/4096, 0x2c, 0x1000, 0x1, 0x0, 0x0, @void, @value}, 0x28) 56.401053ms ago: executing program 0 (id=1713): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001439) openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0) close(0xffffffffffffffff) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r3, 0x4004743d, 0x2000000b) close(r2) close(r3) 325.015µs ago: executing program 3 (id=1714): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sched_process_fork\x00', r1}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 168.158µs ago: executing program 2 (id=1715): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000000500000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) sendmsg$tipc(r1, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0) recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0) 79.807µs ago: executing program 2 (id=1716): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$ITER_CREATE(0x21, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 0s ago: executing program 3 (id=1717): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x10000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 0s ago: executing program 3 (id=1719): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) kernel console output (not intermixed with test programs): t: 128 [ 220.640894][ T9658] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 220.642668][ T9658] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 220.645259][ T9658] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 220.647829][ T9658] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 220.650508][ T9659] ubi0: detaching mtd0 [ 220.650517][ T9660] ubi0: background thread "ubi_bgt0d" started, PID 9660 [ 220.656526][ T9659] ubi0: mtd0 is detached [ 220.786088][ T9665] netlink: 'syz.3.1055': attribute type 1 has an invalid length. [ 220.862101][ T9667] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1055'. [ 220.986783][ T9673] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 220.989325][ T9673] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 220.991481][ T9673] vhci_hcd vhci_hcd.0: Device attached [ 220.996232][ T9676] vhci_hcd: connection closed [ 220.996285][ T5960] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 220.996549][ T13] vhci_hcd: stop threads [ 221.000735][ T13] vhci_hcd: release socket [ 221.001874][ T13] vhci_hcd: disconnect device [ 221.102253][ T9679] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1059'. [ 221.375471][ T35] usb 5-1: USB disconnect, device number 3 [ 221.774139][ T9699] syzkaller1: entered promiscuous mode [ 221.775757][ T9699] syzkaller1: entered allmulticast mode [ 222.757859][ T9713] FAULT_INJECTION: forcing a failure. [ 222.757859][ T9713] name failslab, interval 1, probability 0, space 0, times 0 [ 222.762131][ T9713] CPU: 3 UID: 0 PID: 9713 Comm: syz.0.1071 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 222.766118][ T9713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 222.770123][ T9713] Call Trace: [ 222.771378][ T9713] [ 222.772541][ T9713] dump_stack_lvl+0x16c/0x1f0 [ 222.774219][ T9713] should_fail_ex+0x497/0x5b0 [ 222.775899][ T9713] should_failslab+0xc2/0x120 [ 222.777578][ T9713] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 222.779461][ T9713] ? skb_clone+0x190/0x3f0 [ 222.781033][ T9713] skb_clone+0x190/0x3f0 [ 222.782483][ T9713] netlink_deliver_tap+0xafd/0xca0 [ 222.784296][ T9713] netlink_unicast+0x5e1/0x7f0 [ 222.786188][ T9713] ? __pfx_netlink_unicast+0x10/0x10 [ 222.788184][ T9713] ? __phys_addr_symbol+0x30/0x80 [ 222.790111][ T9713] ? __check_object_size+0x488/0x710 [ 222.792055][ T9713] netlink_sendmsg+0x8b8/0xd70 [ 222.793775][ T9713] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.795635][ T9713] ____sys_sendmsg+0x9ae/0xb40 [ 222.797344][ T9713] ? __pfx_____sys_sendmsg+0x10/0x10 [ 222.799188][ T9713] ? get_compat_msghdr+0x11b/0x170 [ 222.801018][ T9713] ___sys_sendmsg+0x135/0x1e0 [ 222.802692][ T9713] ? __pfx____sys_sendmsg+0x10/0x10 [ 222.804506][ T9713] ? __pfx_lock_release+0x10/0x10 [ 222.806189][ T9713] ? trace_lock_acquire+0x146/0x1e0 [ 222.808019][ T9713] ? __fget_files+0x206/0x3a0 [ 222.809603][ T9713] __sys_sendmsg+0x16e/0x220 [ 222.811126][ T9713] ? __pfx___sys_sendmsg+0x10/0x10 [ 222.812888][ T9713] __do_fast_syscall_32+0x73/0x120 [ 222.814721][ T9713] do_fast_syscall_32+0x32/0x80 [ 222.816429][ T9713] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 222.818541][ T9713] RIP: 0023:0xf7f64579 [ 222.819945][ T9713] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 222.825868][ T9713] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 222.828078][ T9713] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200012c0 [ 222.830252][ T9713] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 222.832662][ T9713] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 222.834614][ T9713] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 222.836701][ T9713] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 222.838925][ T9713] [ 223.010781][ T9724] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 223.012745][ T9724] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 223.015483][ T9724] vhci_hcd vhci_hcd.0: Device attached [ 223.018101][ T5960] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 223.018140][ T9725] vhci_hcd: connection closed [ 223.021264][ T13] vhci_hcd: stop threads [ 223.024363][ T13] vhci_hcd: release socket [ 223.026329][ T13] vhci_hcd: disconnect device [ 223.596173][ T9747] FAULT_INJECTION: forcing a failure. [ 223.596173][ T9747] name failslab, interval 1, probability 0, space 0, times 0 [ 223.600513][ T9747] CPU: 0 UID: 0 PID: 9747 Comm: syz.2.1081 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 223.604185][ T9747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 223.608129][ T9747] Call Trace: [ 223.609342][ T9747] [ 223.610404][ T9747] dump_stack_lvl+0x16c/0x1f0 [ 223.612060][ T9747] should_fail_ex+0x497/0x5b0 [ 223.613701][ T9747] should_failslab+0xc2/0x120 [ 223.615436][ T9747] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 223.617422][ T9747] ? skb_clone+0x190/0x3f0 [ 223.619072][ T9747] skb_clone+0x190/0x3f0 [ 223.620570][ T9747] netlink_deliver_tap+0xafd/0xca0 [ 223.622397][ T9747] netlink_unicast+0x5e1/0x7f0 [ 223.624234][ T9747] ? __pfx_netlink_unicast+0x10/0x10 [ 223.625810][ T9747] ? __phys_addr_symbol+0x30/0x80 [ 223.627208][ T9747] ? __check_object_size+0x488/0x710 [ 223.629135][ T9747] netlink_sendmsg+0x8b8/0xd70 [ 223.630893][ T9747] ? __pfx_netlink_sendmsg+0x10/0x10 [ 223.633038][ T9747] ____sys_sendmsg+0x9ae/0xb40 [ 223.634982][ T9747] ? __pfx_____sys_sendmsg+0x10/0x10 [ 223.636942][ T9747] ? get_compat_msghdr+0x11b/0x170 [ 223.638688][ T9747] ___sys_sendmsg+0x135/0x1e0 [ 223.640309][ T9747] ? __pfx____sys_sendmsg+0x10/0x10 [ 223.642071][ T9747] ? __pfx_lock_release+0x10/0x10 [ 223.643789][ T9747] ? trace_lock_acquire+0x146/0x1e0 [ 223.645643][ T9747] ? __fget_files+0x206/0x3a0 [ 223.647380][ T9747] __sys_sendmsg+0x16e/0x220 [ 223.649118][ T9747] ? __pfx___sys_sendmsg+0x10/0x10 [ 223.650936][ T9747] __do_fast_syscall_32+0x73/0x120 [ 223.652702][ T9747] do_fast_syscall_32+0x32/0x80 [ 223.654356][ T9747] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 223.656235][ T9747] RIP: 0023:0xf7fe7579 [ 223.657283][ T9747] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 223.662544][ T9747] RSP: 002b:00000000f516655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 223.664802][ T9747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0 [ 223.666894][ T9747] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.668971][ T9747] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.671283][ T9747] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 223.673923][ T9747] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.676844][ T9747] [ 223.678108][ C0] vkms_vblank_simulate: vblank timer overrun [ 223.754526][ T9755] ubi0: attaching mtd0 [ 223.758732][ T9755] ubi0: scanning is finished [ 223.814747][ T5960] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 223.818552][ T5960] Bluetooth: hci0: Injecting HCI hardware error event [ 223.822067][ T5968] Bluetooth: hci0: hardware error 0x00 [ 223.864702][ T9755] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 223.866804][ T9755] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 223.869475][ T9755] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 223.871736][ T9755] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 223.874556][ T9755] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 223.879512][ T9755] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 223.884590][ T9755] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 223.887531][ T9755] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 223.892706][ T9761] ubi0: background thread "ubi_bgt0d" started, PID 9761 [ 223.894513][ T9758] ubi0: detaching mtd0 [ 223.906224][ T9758] ubi0: mtd0 is detached [ 224.033860][ T9767] sp0: Synchronizing with TNC [ 224.045413][ T9767] ubi0: attaching mtd0 [ 224.047031][ T9767] ubi0: scanning is finished [ 224.071810][ T9771] fuse: Bad value for 'group_id' [ 224.073248][ T9771] fuse: Bad value for 'group_id' [ 224.073433][ T9765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1086'. [ 224.183095][ T9777] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 224.185328][ T9777] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 224.190563][ T9777] vhci_hcd vhci_hcd.0: Device attached [ 224.198608][ T5960] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 224.208988][ T9767] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 224.213776][ T9767] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 224.216125][ T9767] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 224.218095][ T9767] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 224.220318][ T9767] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 224.222329][ T9767] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 224.224605][ T9767] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 224.227246][ T9767] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 224.229975][ T9781] ubi0: background thread "ubi_bgt0d" started, PID 9781 [ 224.232332][ T9772] ubi0: detaching mtd0 [ 224.246283][ T9772] ubi0: mtd0 is detached [ 224.454130][ T5999] usb 39-1: new high-speed USB device number 6 using vhci_hcd [ 224.530975][ T9790] syzkaller1: entered promiscuous mode [ 224.535565][ T9790] syzkaller1: entered allmulticast mode [ 224.956880][ T9779] vhci_hcd: connection reset by peer [ 224.959318][ T13] vhci_hcd: stop threads [ 224.960909][ T13] vhci_hcd: release socket [ 224.963158][ T13] vhci_hcd: disconnect device [ 225.008259][ T9797] ubi0: attaching mtd0 [ 225.012480][ T9797] ubi0: scanning is finished [ 225.076234][ T9797] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 225.078287][ T9797] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 225.080101][ T9797] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 225.081832][ T9797] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 225.083646][ T9797] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 225.085431][ T9797] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 225.087680][ T9797] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 225.090523][ T9797] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 225.093539][ T9801] ubi0: background thread "ubi_bgt0d" started, PID 9801 [ 225.096006][ T9800] ubi0: detaching mtd0 [ 225.100707][ T9800] ubi0: mtd0 is detached [ 225.892887][ T9817] syzkaller1: entered promiscuous mode [ 225.894515][ T5968] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 225.896376][ T9817] syzkaller1: entered allmulticast mode [ 226.041282][ T9822] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 226.234584][ T9839] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 226.237122][ T9839] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 226.245037][ T9839] vhci_hcd vhci_hcd.0: Device attached [ 226.249083][ T5968] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 226.276013][ T9843] ubi0: attaching mtd0 [ 226.277707][ T9843] ubi0: scanning is finished [ 226.280344][ T9844] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1105'. [ 226.419550][ T9843] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 226.422520][ T9843] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 226.425457][ T9843] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 226.427398][ T9843] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 226.429506][ T9843] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 226.431478][ T9843] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 226.433886][ T9843] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 226.437428][ T9843] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 226.440390][ T9847] ubi0: background thread "ubi_bgt0d" started, PID 9847 [ 226.440716][ T9845] ubi0: detaching mtd0 [ 226.447384][ T9845] ubi0: mtd0 is detached [ 226.494119][ T35] usb 37-1: new high-speed USB device number 4 using vhci_hcd [ 227.009177][ T9840] vhci_hcd: connection reset by peer [ 227.011105][ T11] vhci_hcd: stop threads [ 227.013284][ T11] vhci_hcd: release socket [ 227.019670][ T11] vhci_hcd: disconnect device [ 227.398736][ T9863] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 227.809174][ T9886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1120'. [ 227.823039][ T9887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1119'. [ 227.921509][ T9889] syzkaller1: entered promiscuous mode [ 227.923296][ T9889] syzkaller1: entered allmulticast mode [ 228.229373][ T9895] ubi0: attaching mtd0 [ 228.235457][ T9895] ubi0: scanning is finished [ 228.331414][ T9895] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 228.334806][ T9895] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 228.337969][ T9895] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 228.340883][ T9895] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 228.344474][ T9895] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 228.347045][ T9895] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 228.350313][ T9895] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 228.354988][ T9895] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 228.358821][ T9897] ubi0: background thread "ubi_bgt0d" started, PID 9897 [ 228.361715][ T9896] ubi0: detaching mtd0 [ 228.385860][ T9896] ubi0: mtd0 is detached [ 228.567956][ T9900] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 228.791103][ T9903] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 228.793021][ T9903] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 228.796976][ T9903] vhci_hcd vhci_hcd.0: Device attached [ 228.800897][ T5968] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 229.266501][ T39] audit: type=1326 audit(1732430787.825:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9918 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 229.266694][ T39] audit: type=1326 audit(1732430787.825:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9918 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 229.316990][ T9922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 229.476745][ T9925] ubi0: attaching mtd0 [ 229.479042][ T9925] ubi0: scanning is finished [ 229.550973][ T9925] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 229.553587][ T9925] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 229.556070][ T9925] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 229.557037][ T9904] vhci_hcd: connection reset by peer [ 229.557946][ T9925] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 229.559720][ T42] vhci_hcd: stop threads [ 229.561816][ T9925] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 229.563014][ T42] vhci_hcd: release socket [ 229.563574][ T42] vhci_hcd: disconnect device [ 229.565252][ T9925] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 229.570054][ T9925] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 229.573096][ T9925] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 229.576365][ T9927] ubi0: background thread "ubi_bgt0d" started, PID 9927 [ 229.576429][ T9926] ubi0: detaching mtd0 [ 229.581329][ T9926] ubi0: mtd0 is detached [ 229.624335][ T5999] vhci_hcd: vhci_device speed not set [ 229.938950][ T39] audit: type=1326 audit(1732430788.495:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.1132" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 229.954598][ T39] audit: type=1326 audit(1732430788.495:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9928 comm="syz.3.1132" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 230.250247][ T39] audit: type=1326 audit(1732430788.805:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9938 comm="syz.2.1134" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe7579 code=0x0 [ 230.482353][ T9950] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1136'. [ 231.125011][ T9954] FAULT_INJECTION: forcing a failure. [ 231.125011][ T9954] name failslab, interval 1, probability 0, space 0, times 0 [ 231.128460][ T9954] CPU: 3 UID: 0 PID: 9954 Comm: syz.3.1138 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 231.132439][ T9954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 231.136274][ T9954] Call Trace: [ 231.137415][ T9954] [ 231.138467][ T9954] dump_stack_lvl+0x16c/0x1f0 [ 231.140204][ T9954] should_fail_ex+0x497/0x5b0 [ 231.141881][ T9954] ? fs_reclaim_acquire+0xae/0x150 [ 231.143734][ T9954] should_failslab+0xc2/0x120 [ 231.145522][ T9954] __kmalloc_cache_noprof+0x6b/0x310 [ 231.147490][ T9954] ? binder_transaction+0xb92/0x9ab0 [ 231.149344][ T9954] binder_transaction+0xb92/0x9ab0 [ 231.151140][ T9954] ? __pfx_mark_lock+0x10/0x10 [ 231.152810][ T9954] ? __pfx___lock_acquire+0x10/0x10 [ 231.154654][ T9954] ? hlock_class+0x4e/0x130 [ 231.155941][ T9954] ? __pfx_binder_transaction+0x10/0x10 [ 231.157381][ T9954] ? __pfx___lock_acquire+0x10/0x10 [ 231.158820][ T9954] ? mark_lock+0xb5/0xc60 [ 231.160067][ T9954] ? find_held_lock+0x2d/0x110 [ 231.161447][ T9954] ? __might_fault+0x13b/0x190 [ 231.162690][ T9954] ? __pfx_lock_release+0x10/0x10 [ 231.163891][ T9954] ? trace_lock_acquire+0x146/0x1e0 [ 231.165278][ T9954] ? __pfx_lock_release+0x10/0x10 [ 231.166549][ T9954] ? lock_acquire+0x2f/0xb0 [ 231.167753][ T9954] ? __might_fault+0xe3/0x190 [ 231.169003][ T9954] ? __might_fault+0xe3/0x190 [ 231.170215][ T9954] binder_thread_write+0xab4/0x4c70 [ 231.171645][ T9954] ? __pfx___lock_acquire+0x10/0x10 [ 231.173027][ T9954] ? __kasan_slab_free+0x51/0x70 [ 231.174353][ T9954] ? __pfx_binder_thread_write+0x10/0x10 [ 231.175769][ T9954] ? find_held_lock+0x2d/0x110 [ 231.176956][ T9954] ? binder_debug+0xdf/0x1b0 [ 231.178180][ T9954] ? __pfx_binder_debug+0x10/0x10 [ 231.179586][ T9954] ? lock_acquire+0x2f/0xb0 [ 231.180838][ T9954] ? __might_fault+0xe3/0x190 [ 231.182074][ T9954] binder_ioctl+0x269d/0x7080 [ 231.183255][ T9954] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 231.184699][ T9954] ? tomoyo_path_number_perm+0x190/0x5b0 [ 231.186206][ T9954] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 231.187843][ T9954] ? __pfx_binder_ioctl+0x10/0x10 [ 231.189164][ T9954] ? do_vfs_ioctl+0x513/0x1950 [ 231.190448][ T9954] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 231.191717][ T9954] ? trace_lock_acquire+0x146/0x1e0 [ 231.193051][ T9954] ? __fget_files+0x206/0x3a0 [ 231.194237][ T9954] ? __pfx_binder_ioctl+0x10/0x10 [ 231.195448][ T9954] compat_ptr_ioctl+0x6b/0xa0 [ 231.196642][ T9954] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 231.198008][ T9954] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 231.199348][ T9954] __do_fast_syscall_32+0x73/0x120 [ 231.200691][ T9954] do_fast_syscall_32+0x32/0x80 [ 231.202181][ T9954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 231.203752][ T9954] RIP: 0023:0xf7fd6579 [ 231.204809][ T9954] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 231.209597][ T9954] RSP: 002b:00000000f515655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 231.211682][ T9954] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 231.213593][ T9954] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 231.215631][ T9954] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 231.217950][ T9954] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 231.220166][ T9954] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 231.222256][ T9954] [ 231.297198][ T9961] FAULT_INJECTION: forcing a failure. [ 231.297198][ T9961] name failslab, interval 1, probability 0, space 0, times 0 [ 231.300768][ T9961] CPU: 0 UID: 0 PID: 9961 Comm: syz.3.1141 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 231.303557][ T9961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 231.307323][ T9961] Call Trace: [ 231.308246][ T9961] [ 231.309507][ T9961] dump_stack_lvl+0x16c/0x1f0 [ 231.311223][ T9961] should_fail_ex+0x497/0x5b0 [ 231.313014][ T9961] should_failslab+0xc2/0x120 [ 231.315163][ T9961] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 231.316954][ T9961] ? skb_clone+0x190/0x3f0 [ 231.318608][ T9961] skb_clone+0x190/0x3f0 [ 231.319775][ T9961] netlink_deliver_tap+0xafd/0xca0 [ 231.321208][ T9961] netlink_unicast+0x5e1/0x7f0 [ 231.322460][ T9961] ? __pfx_netlink_unicast+0x10/0x10 [ 231.323823][ T9961] ? __phys_addr_symbol+0x30/0x80 [ 231.325112][ T9961] ? __check_object_size+0x488/0x710 [ 231.326592][ T9961] netlink_sendmsg+0x8b8/0xd70 [ 231.327892][ T9961] ? __pfx_netlink_sendmsg+0x10/0x10 [ 231.329408][ T9961] ____sys_sendmsg+0x9ae/0xb40 [ 231.330653][ T9961] ? __pfx_____sys_sendmsg+0x10/0x10 [ 231.331999][ T9961] ? get_compat_msghdr+0x11b/0x170 [ 231.333364][ T9961] ___sys_sendmsg+0x135/0x1e0 [ 231.334693][ T9961] ? __pfx____sys_sendmsg+0x10/0x10 [ 231.336092][ T9961] ? __pfx_lock_release+0x10/0x10 [ 231.337520][ T9961] ? trace_lock_acquire+0x146/0x1e0 [ 231.339135][ T9961] ? __fget_files+0x206/0x3a0 [ 231.340615][ T9961] __sys_sendmsg+0x16e/0x220 [ 231.341851][ T9961] ? __pfx___sys_sendmsg+0x10/0x10 [ 231.343210][ T9961] __do_fast_syscall_32+0x73/0x120 [ 231.344479][ T9961] do_fast_syscall_32+0x32/0x80 [ 231.345686][ T9961] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 231.347272][ T9961] RIP: 0023:0xf7fd6579 [ 231.348362][ T9961] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 231.353645][ T9961] RSP: 002b:00000000f515655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 231.356007][ T9961] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 231.358352][ T9961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 231.360453][ T9961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 231.362478][ T9961] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 231.364542][ T9961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 231.366701][ T9961] [ 231.367694][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.374779][ T9961] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1141'. [ 231.694105][ T35] vhci_hcd: vhci_device speed not set [ 232.316210][ T9979] ubi0: attaching mtd0 [ 232.317908][ T9979] ubi0: scanning is finished [ 232.390427][ T9979] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 232.393037][ T9979] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 232.395529][ T9979] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 232.398650][ T9979] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 232.401277][ T9979] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 232.403170][ T9979] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 232.405346][ T9979] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 232.407953][ T9979] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 232.410583][ T9982] ubi0: background thread "ubi_bgt0d" started, PID 9982 [ 232.413045][ T9981] ubi0: detaching mtd0 [ 232.424613][ T9981] ubi0: mtd0 is detached [ 232.459891][ T9985] FAULT_INJECTION: forcing a failure. [ 232.459891][ T9985] name failslab, interval 1, probability 0, space 0, times 0 [ 232.463661][ T9985] CPU: 3 UID: 0 PID: 9985 Comm: syz.1.1148 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 232.466448][ T9985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 232.469197][ T9985] Call Trace: [ 232.470077][ T9985] [ 232.470862][ T9985] dump_stack_lvl+0x16c/0x1f0 [ 232.472099][ T9985] should_fail_ex+0x497/0x5b0 [ 232.473291][ T9985] should_failslab+0xc2/0x120 [ 232.474487][ T9985] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 232.476129][ T9985] ? skb_clone+0x190/0x3f0 [ 232.477325][ T9985] skb_clone+0x190/0x3f0 [ 232.478824][ T9985] netlink_deliver_tap+0xafd/0xca0 [ 232.480648][ T9985] netlink_unicast+0x5e1/0x7f0 [ 232.482379][ T9985] ? __pfx_netlink_unicast+0x10/0x10 [ 232.484265][ T9985] ? __phys_addr_symbol+0x30/0x80 [ 232.486098][ T9985] ? __check_object_size+0x488/0x710 [ 232.488077][ T9985] netlink_sendmsg+0x8b8/0xd70 [ 232.489779][ T9985] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.491627][ T9985] ____sys_sendmsg+0x9ae/0xb40 [ 232.493415][ T9985] ? __pfx_____sys_sendmsg+0x10/0x10 [ 232.495338][ T9985] ? get_compat_msghdr+0x11b/0x170 [ 232.497245][ T9985] ___sys_sendmsg+0x135/0x1e0 [ 232.498789][ T9985] ? __pfx____sys_sendmsg+0x10/0x10 [ 232.500314][ T9985] ? __pfx_lock_release+0x10/0x10 [ 232.502057][ T9985] ? trace_lock_acquire+0x146/0x1e0 [ 232.503837][ T9985] ? __fget_files+0x206/0x3a0 [ 232.505481][ T9985] __sys_sendmsg+0x16e/0x220 [ 232.507140][ T9985] ? __pfx___sys_sendmsg+0x10/0x10 [ 232.509090][ T9985] __do_fast_syscall_32+0x73/0x120 [ 232.511033][ T9985] do_fast_syscall_32+0x32/0x80 [ 232.512908][ T9985] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 232.515252][ T9985] RIP: 0023:0xf742e579 [ 232.516743][ T9985] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 232.522911][ T9985] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 232.525253][ T9985] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 232.527844][ T9985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 232.530628][ T9985] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 232.533618][ T9985] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 232.536623][ T9985] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 232.539467][ T9985] [ 232.597819][ T9993] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 232.836657][T10001] syz.1.1151: attempt to access beyond end of device [ 232.836657][T10001] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 232.842474][T10001] syz.1.1151: attempt to access beyond end of device [ 232.842474][T10001] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 232.847591][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 232.851047][T10001] syz.1.1151: attempt to access beyond end of device [ 232.851047][T10001] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 232.854824][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 232.858565][T10001] syz.1.1151: attempt to access beyond end of device [ 232.858565][T10001] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 232.863122][T10001] syz.1.1151: attempt to access beyond end of device [ 232.863122][T10001] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 232.864084][T10000] nbd1: detected capacity change from 0 to 20 [ 232.868739][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 232.875453][T10001] block nbd1: Send control failed (result -89) [ 232.879364][T10001] block nbd1: Request send failed, requeueing [ 232.882417][ T5968] block nbd1: Receive control failed (result -32) [ 232.884905][ T6306] block nbd1: Dead connection, failed to find a fallback [ 232.887490][ T6306] block nbd1: shutting down sockets [ 232.889311][ T6306] blk_print_req_error: 174 callbacks suppressed [ 232.889322][ T6306] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.896984][ T9375] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.900313][ T9375] buffer_io_error: 158 callbacks suppressed [ 232.900323][ T9375] Buffer I/O error on dev nbd1, logical block 0, async page read [ 232.909772][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=0, location=0 [ 232.912042][ T9375] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.916866][ T9375] Buffer I/O error on dev nbd1, logical block 1, async page read [ 232.920158][T10001] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.925038][ T9375] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.928238][ T9375] Buffer I/O error on dev nbd1, logical block 0, async page read [ 232.932476][ T9375] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.936117][ T9375] Buffer I/O error on dev nbd1, logical block 1, async page read [ 232.939260][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=1, location=1 [ 232.942463][ T9375] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.944064][ T6070] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 232.945854][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 232.950875][ T9375] Buffer I/O error on dev nbd1, logical block 0, async page read [ 232.954214][ T9375] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.957532][ T9375] Buffer I/O error on dev nbd1, logical block 1, async page read [ 232.961055][ T9375] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.964131][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 232.964237][T10001] I/O error, dev nbd1, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 232.967417][ T9375] Buffer I/O error on dev nbd1, logical block 0, async page read [ 232.970349][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=1, location=1 [ 232.977999][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=0, location=0 [ 232.978067][ T9375] Buffer I/O error on dev nbd1, logical block 0, async page read [ 232.980921][T10001] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 232.983441][ T9375] Buffer I/O error on dev nbd1, logical block 0, async page read [ 232.987169][T10001] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 232.989501][ T9375] Buffer I/O error on dev nbd1, logical block 0, async page read [ 232.994619][ T9375] ldm_validate_partition_table(): Disk read failed. [ 232.997242][ T9375] Dev nbd1: unable to read RDB block 0 [ 232.999419][ T9375] nbd1: unable to read partition table [ 233.002162][ T9375] nbd1: partition table beyond EOD, truncated [ 233.014984][ T9375] ldm_validate_partition_table(): Disk read failed. [ 233.017736][ T9375] Dev nbd1: unable to read RDB block 0 [ 233.019674][ T9375] nbd1: unable to read partition table [ 233.021343][ T9375] nbd1: partition table beyond EOD, truncated [ 233.104016][ T6070] usb 7-1: Using ep0 maxpacket: 32 [ 233.110070][T10005] 9pnet: p9_errstr2errno: server reported unknown error œæç [ 233.110646][ T6070] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 233.120729][ T6070] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 233.123179][ T6070] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 233.126410][ T6070] usb 7-1: Product: syz [ 233.128540][ T6070] usb 7-1: Manufacturer: syz [ 233.129868][ T6070] usb 7-1: SerialNumber: syz [ 233.138103][ T6070] usb 7-1: config 0 descriptor?? [ 233.140564][ T9998] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 233.473804][T10014] virtio-fs: tag <(null)> not found [ 234.025125][T10018] ubi0: attaching mtd0 [ 234.027473][T10018] ubi0: scanning is finished [ 234.100037][T10018] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 234.102139][T10018] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 234.104525][T10018] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 234.106505][T10018] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 234.108505][T10018] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 234.110399][T10018] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 234.112597][T10018] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 234.115420][T10018] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 234.118179][T10020] ubi0: background thread "ubi_bgt0d" started, PID 10020 [ 234.118294][T10019] ubi0: detaching mtd0 [ 234.123828][T10019] ubi0: mtd0 is detached [ 234.545997][T10030] syzkaller1: entered promiscuous mode [ 234.547604][T10030] syzkaller1: entered allmulticast mode [ 234.686017][T10036] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 234.872651][T10040] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1165'. [ 235.309375][ T39] audit: type=1326 audit(1732430793.865:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10041 comm="syz.1.1166" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x0 [ 235.926282][ T6070] usb 7-1: USB disconnect, device number 7 [ 236.119406][T10054] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1167'. [ 237.097416][T10067] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1173'. [ 237.511097][T10075] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 237.954071][ T39] audit: type=1326 audit(1732430796.465:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10081 comm="syz.2.1177" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 237.954101][ T39] audit: type=1326 audit(1732430796.465:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10081 comm="syz.2.1177" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 238.010606][T10090] ubi0: attaching mtd0 [ 238.011394][T10090] ubi0: scanning is finished [ 238.190197][T10090] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 238.190212][T10090] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 238.190222][T10090] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 238.190231][T10090] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 238.190239][T10090] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 238.190248][T10090] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 238.190256][T10090] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 238.190266][T10090] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 238.190315][T10091] ubi0: detaching mtd0 [ 238.194209][T10091] ubi0: mtd0 is detached [ 238.324832][T10096] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 238.326896][T10096] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 238.329797][T10096] vhci_hcd vhci_hcd.0: Device attached [ 238.333593][ T5968] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 238.591053][ T6021] usb 39-1: new high-speed USB device number 7 using vhci_hcd [ 239.100221][T10097] vhci_hcd: connection reset by peer [ 239.101978][ T42] vhci_hcd: stop threads [ 239.103253][ T42] vhci_hcd: release socket [ 239.104591][ T42] vhci_hcd: disconnect device [ 239.914267][ T831] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 240.304109][ T831] usb 6-1: Using ep0 maxpacket: 32 [ 240.309981][ T831] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 240.312159][ T831] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 240.315296][ T831] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 240.318798][ T831] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 240.321382][ T831] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 240.324933][ T831] usb 6-1: config 0 interface 0 has no altsetting 0 [ 240.329102][ T831] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 240.331477][ T831] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 240.334190][ T831] usb 6-1: Product: syz [ 240.335339][ T831] usb 6-1: Manufacturer: syz [ 240.336673][ T831] usb 6-1: SerialNumber: syz [ 240.339506][ T831] usb 6-1: config 0 descriptor?? [ 240.348266][ T831] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 240.362254][ T831] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 240.441692][T10135] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1192'. [ 240.529075][T10137] ubi0: attaching mtd0 [ 240.530697][T10137] ubi0: scanning is finished [ 240.592990][T10137] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 240.595277][T10137] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 240.597311][T10137] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 240.599193][T10137] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 240.601102][T10137] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 240.602829][T10137] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 240.605062][T10137] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 240.607722][T10137] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 240.610384][T10139] ubi0: detaching mtd0 [ 240.610415][T10138] ubi0: background thread "ubi_bgt0d" started, PID 10138 [ 240.615564][T10139] ubi0: mtd0 is detached [ 240.627457][T10125] ldusb 6-1:0.0: Couldn't submit interrupt_in_urb -90 [ 240.659544][T10142] fuse: Unknown parameter 'grou00000000000000000000' [ 240.664928][ T5848] usb 6-1: USB disconnect, device number 5 [ 240.813285][ T5848] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 240.851520][T10148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1195'. [ 241.417236][T10154] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 241.419043][T10154] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 241.424129][T10154] vhci_hcd vhci_hcd.0: Device attached [ 241.444118][ T5960] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 242.082157][T10155] vhci_hcd: connection closed [ 242.082776][ T6696] vhci_hcd: stop threads [ 242.085050][ T6696] vhci_hcd: release socket [ 242.086200][ T6696] vhci_hcd: disconnect device [ 242.646618][T10177] ubi0: attaching mtd0 [ 242.649162][T10177] ubi0: scanning is finished [ 242.689493][T10178] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1202'. [ 242.706536][T10177] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 242.708708][T10177] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 242.710737][T10177] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 242.712755][T10177] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 242.715846][T10177] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 242.717669][T10177] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 242.719789][T10177] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 242.722482][T10177] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 242.725432][T10181] ubi0: background thread "ubi_bgt0d" started, PID 10181 [ 242.727673][T10182] ubi0: detaching mtd0 [ 242.731433][T10182] ubi0: mtd0 is detached [ 243.110656][T10189] FAULT_INJECTION: forcing a failure. [ 243.110656][T10189] name failslab, interval 1, probability 0, space 0, times 0 [ 243.115634][T10189] CPU: 3 UID: 0 PID: 10189 Comm: syz.3.1206 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 243.119439][T10189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 243.122705][T10189] Call Trace: [ 243.124025][T10189] [ 243.124829][T10189] dump_stack_lvl+0x16c/0x1f0 [ 243.126118][T10189] should_fail_ex+0x497/0x5b0 [ 243.127419][T10189] ? fs_reclaim_acquire+0xae/0x150 [ 243.128838][T10189] should_failslab+0xc2/0x120 [ 243.130192][T10189] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 243.131591][T10189] ? skb_clone+0x190/0x3f0 [ 243.133169][T10189] skb_clone+0x190/0x3f0 [ 243.134856][T10189] pfkey_process+0xc7/0x840 [ 243.136571][T10189] ? rcu_is_watching+0x12/0xc0 [ 243.138341][T10189] ? __pfx_pfkey_process+0x10/0x10 [ 243.139992][T10189] ? __virt_addr_valid+0x5e/0x590 [ 243.141426][T10189] ? __phys_addr_symbol+0x30/0x80 [ 243.143268][T10189] pfkey_sendmsg+0x43b/0x840 [ 243.145055][T10189] ____sys_sendmsg+0x9ae/0xb40 [ 243.146374][T10189] ? __pfx_____sys_sendmsg+0x10/0x10 [ 243.147758][T10189] ? get_compat_msghdr+0x11b/0x170 [ 243.149141][T10189] ___sys_sendmsg+0x135/0x1e0 [ 243.150385][T10189] ? __pfx____sys_sendmsg+0x10/0x10 [ 243.151884][T10189] ? trace_lock_acquire+0x146/0x1e0 [ 243.153303][T10189] __sys_sendmmsg+0x2fa/0x420 [ 243.154539][T10189] ? __pfx___sys_sendmmsg+0x10/0x10 [ 243.155950][T10189] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 243.157915][T10189] ? fput+0x67/0x440 [ 243.159111][T10189] ? ksys_write+0x1ba/0x250 [ 243.160442][T10189] ? __pfx_ksys_write+0x10/0x10 [ 243.161870][T10189] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 243.163357][T10189] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 243.165069][T10189] __do_fast_syscall_32+0x73/0x120 [ 243.166425][T10189] do_fast_syscall_32+0x32/0x80 [ 243.167716][T10189] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 243.169426][T10189] RIP: 0023:0xf7fd6579 [ 243.170531][T10189] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 243.175582][T10189] RSP: 002b:00000000f515655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 243.177857][T10189] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000180 [ 243.179916][T10189] RDX: 000000000400008a RSI: 0000000000000000 RDI: 0000000000000000 [ 243.182102][T10189] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 243.184345][T10189] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 243.186485][T10189] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 243.188555][T10189] [ 243.405811][T10198] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 243.507486][T10201] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 243.509861][T10201] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 243.512787][T10201] vhci_hcd vhci_hcd.0: Device attached [ 243.744048][ T6021] vhci_hcd: vhci_device speed not set [ 243.744177][ T5999] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 244.285961][T10202] vhci_hcd: connection reset by peer [ 244.287662][ T11] vhci_hcd: stop threads [ 244.288944][ T11] vhci_hcd: release socket [ 244.290240][ T11] vhci_hcd: disconnect device [ 244.521783][T10222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1217'. [ 244.784058][ T831] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 244.825575][ T39] audit: type=1326 audit(1732430803.385:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.831189][ T39] audit: type=1326 audit(1732430803.385:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.837752][ T39] audit: type=1326 audit(1732430803.385:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.839267][T10231] AppArmor: change_hat: Invalid input '0' [ 244.843346][ T39] audit: type=1326 audit(1732430803.385:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.851398][ T39] audit: type=1326 audit(1732430803.385:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.857090][ T39] audit: type=1326 audit(1732430803.385:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.865788][ T39] audit: type=1326 audit(1732430803.385:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.873230][ T39] audit: type=1326 audit(1732430803.385:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.882872][ T39] audit: type=1326 audit(1732430803.385:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.890435][ T39] audit: type=1326 audit(1732430803.385:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.0.1220" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 244.955661][ T831] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 244.959310][ T831] usb 6-1: config 0 has no interface number 0 [ 244.961762][ T831] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 244.965782][ T831] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 244.969905][ T831] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 244.974568][ T831] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 244.979619][ T831] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 244.983602][ T831] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 244.987346][ T831] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.992689][ T831] usb 6-1: config 0 descriptor?? [ 244.995763][T10226] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 245.004181][ T831] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 246.667165][ T831] usb 6-1: USB disconnect, device number 6 [ 246.669597][ T831] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 246.710896][T10275] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1229'. [ 246.817137][T10277] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1230'. [ 247.167301][T10281] fuse: Bad value for 'fd' [ 248.854366][ T5999] vhci_hcd: vhci_device speed not set [ 249.089361][T10321] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1243'. [ 249.774280][ T5960] Bluetooth: hci3: unexpected event for opcode 0x0419 [ 249.777591][ T5960] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 250.374057][ T5999] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 250.409978][T10336] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1247'. [ 250.544061][ T5999] usb 7-1: Using ep0 maxpacket: 16 [ 250.546647][ T5999] usb 7-1: config 0 has no interfaces? [ 250.549674][ T5999] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 250.552613][ T5999] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.554881][ T5999] usb 7-1: Product: syz [ 250.555997][ T5999] usb 7-1: Manufacturer: syz [ 250.557213][ T5999] usb 7-1: SerialNumber: syz [ 250.559213][ T5999] usb 7-1: config 0 descriptor?? [ 250.664225][T10340] FAULT_INJECTION: forcing a failure. [ 250.664225][T10340] name failslab, interval 1, probability 0, space 0, times 0 [ 250.667630][T10340] CPU: 2 UID: 0 PID: 10340 Comm: syz.0.1248 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 250.670395][T10340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 250.673401][T10340] Call Trace: [ 250.674366][T10340] [ 250.675197][T10340] dump_stack_lvl+0x16c/0x1f0 [ 250.676608][T10340] should_fail_ex+0x497/0x5b0 [ 250.677907][T10340] ? fs_reclaim_acquire+0xae/0x150 [ 250.679272][T10340] should_failslab+0xc2/0x120 [ 250.680659][T10340] __kmalloc_noprof+0xcb/0x410 [ 250.681960][T10340] lsm_blob_alloc+0x68/0x90 [ 250.683206][T10340] security_sk_alloc+0x30/0x270 [ 250.684534][T10340] sk_prot_alloc+0x1c7/0x2a0 [ 250.685828][T10340] sk_alloc+0x36/0xb90 [ 250.686960][T10340] bpf_prog_test_run_skb+0x335/0x22c0 [ 250.688438][T10340] ? __fget_files+0x40/0x3a0 [ 250.689708][T10340] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 250.691357][T10340] ? fput+0x67/0x440 [ 250.692468][T10340] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 250.694032][T10340] __sys_bpf+0x1921/0x57a0 [ 250.695227][T10340] ? __pfx_lock_release+0x10/0x10 [ 250.696609][T10340] ? __pfx___sys_bpf+0x10/0x10 [ 250.697890][T10340] ? vfs_write+0x306/0x1150 [ 250.699150][T10340] ? __mutex_unlock_slowpath+0x164/0x690 [ 250.700726][T10340] ? fput+0x67/0x440 [ 250.701822][T10340] ? ksys_write+0x1ba/0x250 [ 250.703082][T10340] ? __pfx_ksys_write+0x10/0x10 [ 250.704444][T10340] __ia32_sys_bpf+0x76/0xe0 [ 250.705678][T10340] __do_fast_syscall_32+0x73/0x120 [ 250.707072][T10340] do_fast_syscall_32+0x32/0x80 [ 250.708348][T10340] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 250.710091][T10340] RIP: 0023:0xf7f64579 [ 250.711258][T10340] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 250.716568][T10340] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 250.718863][T10340] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200002c0 [ 250.720949][T10340] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 250.722985][T10340] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 250.725045][T10340] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 250.727133][T10340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 250.729528][T10340] [ 250.730609][ C2] vkms_vblank_simulate: vblank timer overrun [ 250.732535][ C2] hpet_rtc_timer_reinit: 60 callbacks suppressed [ 250.732543][ C2] hpet: Lost 3 RTC interrupts [ 250.791809][ T35] usb 7-1: USB disconnect, device number 8 [ 251.294805][T10351] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 251.396860][T10363] syzkaller1: entered promiscuous mode [ 251.398540][T10363] syzkaller1: entered allmulticast mode [ 251.478964][T10371] FAULT_INJECTION: forcing a failure. [ 251.478964][T10371] name failslab, interval 1, probability 0, space 0, times 0 [ 251.482624][T10371] CPU: 2 UID: 0 PID: 10371 Comm: syz.1.1258 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 251.485313][T10371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 251.488180][T10371] Call Trace: [ 251.491044][T10371] [ 251.491054][T10371] dump_stack_lvl+0x16c/0x1f0 [ 251.491075][T10371] should_fail_ex+0x497/0x5b0 [ 251.491088][T10371] should_failslab+0xc2/0x120 [ 251.491103][T10371] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 251.491117][T10371] ? dst_alloc+0x99/0x1a0 [ 251.491133][T10371] dst_alloc+0x99/0x1a0 [ 251.491148][T10371] rt_dst_alloc+0x35/0x3a0 [ 251.491161][T10371] ip_route_output_key_hash_rcu+0x8a5/0x2770 [ 251.491181][T10371] ip_route_output_key_hash+0x138/0x2e0 [ 251.491195][T10371] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 251.491209][T10371] ? lockdep_hardirqs_on+0x7c/0x110 [ 251.491226][T10371] ? dst_release+0x1f8/0x270 [ 251.491241][T10371] ip_route_output_flow+0x27/0x150 [ 251.491256][T10371] udp_tunnel_dst_lookup+0x24c/0x3b0 [ 251.491269][T10371] ? __pfx_udp_tunnel_dst_lookup+0x10/0x10 [ 251.491282][T10371] ? geneve_xmit+0x123/0x5730 [ 251.491299][T10371] geneve_xmit+0x1045/0x5730 [ 251.491313][T10371] ? lock_acquire.part.0+0x11b/0x380 [ 251.491324][T10371] ? find_held_lock+0x2d/0x110 [ 251.491343][T10371] ? __pfx_geneve_xmit+0x10/0x10 [ 251.491357][T10371] ? dev_queue_xmit_nit+0x8d7/0xbc0 [ 251.491372][T10371] ? dev_hard_start_xmit+0x9a/0x7b0 [ 251.491385][T10371] dev_hard_start_xmit+0x9a/0x7b0 [ 251.491401][T10371] __dev_queue_xmit+0x7f0/0x43e0 [ 251.491417][T10371] ? __pfx_lock_release+0x10/0x10 [ 251.491426][T10371] ? trace_lock_acquire+0x146/0x1e0 [ 251.491440][T10371] ? __pfx___dev_queue_xmit+0x10/0x10 [ 251.491455][T10371] ? __might_fault+0xe0/0x190 [ 251.491466][T10371] ? _copy_from_iter+0x159/0x1400 [ 251.491478][T10371] ? skb_copy_bits+0x5b3/0x870 [ 251.491495][T10371] ? __pfx_packet_parse_headers+0x10/0x10 [ 251.491511][T10371] ? lock_acquire+0x2f/0xb0 [ 251.491522][T10371] packet_xmit+0x23e/0x360 [ 251.491538][T10371] packet_sendmsg+0x2700/0x5660 [ 251.491548][T10371] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 251.491564][T10371] ? __pfx___might_resched+0x10/0x10 [ 251.491575][T10371] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 251.491595][T10371] ? __pfx_packet_sendmsg+0x10/0x10 [ 251.491606][T10371] ? aa_label_strn_parse+0xe70/0x11c0 [ 251.491624][T10371] __sys_sendto+0x488/0x4f0 [ 251.491635][T10371] ? __pfx___sys_sendto+0x10/0x10 [ 251.491656][T10371] ? ksys_write+0x1ba/0x250 [ 251.491668][T10371] ? __pfx_ksys_write+0x10/0x10 [ 251.491681][T10371] __ia32_sys_sendto+0xdd/0x1b0 [ 251.491690][T10371] ? lockdep_hardirqs_on+0x7c/0x110 [ 251.491704][T10371] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 251.491718][T10371] __do_fast_syscall_32+0x73/0x120 [ 251.491756][T10371] do_fast_syscall_32+0x32/0x80 [ 251.491772][T10371] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 251.491784][T10371] RIP: 0023:0xf742e579 [ 251.491793][T10371] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 251.491803][T10371] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 251.491814][T10371] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000040 [ 251.491821][T10371] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000020000200 [ 251.491826][T10371] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000 [ 251.491832][T10371] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 251.491838][T10371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 251.491850][T10371] [ 251.508247][T10372] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1257'. [ 251.516423][T10367] /dev/sr0: Can't open blockdev [ 251.697660][T10375] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 251.881351][T10380] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 251.920726][ T6696] bond0: (slave bond_slave_0): interface is now down [ 251.924925][ T6696] bond0: (slave bond_slave_1): interface is now down [ 251.930284][ T6696] bond0: now running without any active interface! [ 252.360521][T10401] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1266'. [ 252.793169][T10405] syzkaller1: entered promiscuous mode [ 252.804095][T10405] syzkaller1: entered allmulticast mode [ 253.851367][T10425] FAULT_INJECTION: forcing a failure. [ 253.851367][T10425] name failslab, interval 1, probability 0, space 0, times 0 [ 253.855942][T10425] CPU: 0 UID: 0 PID: 10425 Comm: syz.1.1276 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 253.859171][T10425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 253.862041][T10425] Call Trace: [ 253.862948][T10425] [ 253.863757][T10425] dump_stack_lvl+0x16c/0x1f0 [ 253.865032][T10425] should_fail_ex+0x497/0x5b0 [ 253.866293][T10425] ? fs_reclaim_acquire+0xae/0x150 [ 253.867645][T10425] should_failslab+0xc2/0x120 [ 253.868897][T10425] __kmalloc_noprof+0xcb/0x410 [ 253.870183][T10425] lsm_blob_alloc+0x68/0x90 [ 253.871334][T10425] security_sk_alloc+0x30/0x270 [ 253.872637][T10425] sk_prot_alloc+0x1c7/0x2a0 [ 253.873900][T10425] sk_alloc+0x36/0xb90 [ 253.875027][T10425] bpf_prog_test_run_skb+0x335/0x22c0 [ 253.876409][T10425] ? __fget_files+0x40/0x3a0 [ 253.877627][T10425] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 253.879258][T10425] ? fput+0x67/0x440 [ 253.880319][T10425] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 253.881861][T10425] __sys_bpf+0x1921/0x57a0 [ 253.883031][T10425] ? __pfx_lock_release+0x10/0x10 [ 253.884486][T10425] ? __pfx___sys_bpf+0x10/0x10 [ 253.885801][T10425] ? vfs_write+0x306/0x1150 [ 253.887057][T10425] ? __mutex_unlock_slowpath+0x164/0x690 [ 253.888561][T10425] ? fput+0x67/0x440 [ 253.889596][T10425] ? ksys_write+0x1ba/0x250 [ 253.890787][T10425] ? __pfx_ksys_write+0x10/0x10 [ 253.892083][T10425] __ia32_sys_bpf+0x76/0xe0 [ 253.893289][T10425] __do_fast_syscall_32+0x73/0x120 [ 253.894733][T10425] do_fast_syscall_32+0x32/0x80 [ 253.896033][T10425] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 253.897810][T10425] RIP: 0023:0xf742e579 [ 253.899006][T10425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 253.904097][T10425] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 253.906263][T10425] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000240 [ 253.908267][T10425] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 253.910417][T10425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 253.912482][T10425] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 253.914520][T10425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 253.916623][T10425] [ 254.854638][T10443] syzkaller1: entered promiscuous mode [ 254.856254][T10443] syzkaller1: entered allmulticast mode [ 254.943777][T10446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1284'. [ 255.096089][ T1407] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.098374][ T1407] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.381321][T10455] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1287'. [ 255.544772][T10466] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 255.547269][T10466] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 255.551335][T10466] vhci_hcd vhci_hcd.0: Device attached [ 255.554587][ T5960] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 255.727902][T10472] FAULT_INJECTION: forcing a failure. [ 255.727902][T10472] name failslab, interval 1, probability 0, space 0, times 0 [ 255.731885][T10472] CPU: 3 UID: 0 PID: 10472 Comm: syz.0.1293 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 255.735826][T10472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 255.738890][T10472] Call Trace: [ 255.739784][T10472] [ 255.740565][T10472] dump_stack_lvl+0x16c/0x1f0 [ 255.741884][T10472] should_fail_ex+0x497/0x5b0 [ 255.743507][T10472] ? fs_reclaim_acquire+0xae/0x150 [ 255.744967][T10472] should_failslab+0xc2/0x120 [ 255.746310][T10472] __kmalloc_cache_noprof+0x6b/0x310 [ 255.747816][T10472] ? sctp_add_bind_addr+0x9d/0x3e0 [ 255.749210][T10472] sctp_add_bind_addr+0x9d/0x3e0 [ 255.750565][T10472] sctp_copy_one_addr.part.0+0xd6/0x120 [ 255.752166][T10472] sctp_bind_addr_copy+0x1b4/0x530 [ 255.754163][T10472] sctp_connect_new_asoc+0x1d8/0x790 [ 255.756073][T10472] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 255.757803][T10472] ? lock_acquire+0x2f/0xb0 [ 255.758982][T10472] ? sctp_endpoint_lookup_assoc+0xac/0x2a0 [ 255.760528][T10472] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 255.761976][T10472] sctp_sendmsg+0x162a/0x1f10 [ 255.763673][T10472] ? __pfx___lock_acquire+0x10/0x10 [ 255.765684][T10472] ? __pfx_sctp_sendmsg+0x10/0x10 [ 255.767280][T10472] ? __pfx_aa_sk_perm+0x10/0x10 [ 255.768932][T10472] ? __pfx_sctp_sendmsg+0x10/0x10 [ 255.770562][T10472] inet_sendmsg+0x119/0x140 [ 255.771969][T10472] __sys_sendto+0x42a/0x4f0 [ 255.773636][T10472] ? __pfx___sys_sendto+0x10/0x10 [ 255.775377][T10472] ? ksys_write+0x1ba/0x250 [ 255.777137][T10472] ? __pfx_ksys_write+0x10/0x10 [ 255.778879][T10472] __ia32_sys_sendto+0xdd/0x1b0 [ 255.780557][T10472] ? lockdep_hardirqs_on+0x7c/0x110 [ 255.782365][T10472] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 255.784013][ T5999] usb 39-1: new high-speed USB device number 8 using vhci_hcd [ 255.784636][T10472] __do_fast_syscall_32+0x73/0x120 [ 255.789167][T10472] do_fast_syscall_32+0x32/0x80 [ 255.791098][T10472] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 255.793389][T10472] RIP: 0023:0xf7f64579 [ 255.794800][T10472] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 255.801830][T10472] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 255.804890][T10472] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 255.807897][T10472] RDX: 0000000000000003 RSI: 0000000020000050 RDI: 0000000020000100 [ 255.810598][T10472] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000 [ 255.813294][T10472] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 255.815672][T10472] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 255.817973][T10472] [ 255.819155][ C3] vkms_vblank_simulate: vblank timer overrun [ 255.985787][T10483] 9pnet_virtio: no channels available for device syz [ 255.990072][ T39] audit: type=1800 audit(1732430814.545:999): pid=10483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1296" name="file0" dev="9p" ino=36049813 res=0 errno=0 [ 256.006413][T10483] overlay: ./file1 is not a directory [ 256.114986][T10485] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1299'. [ 256.119417][T10485] netlink: 'syz.2.1299': attribute type 10 has an invalid length. [ 256.130393][T10485] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 256.315439][T10467] vhci_hcd: connection reset by peer [ 256.317286][ T13] vhci_hcd: stop threads [ 256.318515][ T13] vhci_hcd: release socket [ 256.319810][ T13] vhci_hcd: disconnect device [ 256.933350][T10500] tipc: Started in network mode [ 256.935105][T10500] tipc: Node identity ac1414aa, cluster identity 4711 [ 256.938334][T10500] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 256.940772][T10500] tipc: Enabled bearer , priority 10 [ 256.957792][T10505] snd_dummy snd_dummy.0: control 0:2048:8:syz1:65535 is already present [ 256.974803][T10507] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 256.977038][T10507] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 256.979473][T10507] vhci_hcd vhci_hcd.0: Device attached [ 257.057381][T10512] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1307'. [ 257.060371][ T831] IPVS: starting estimator thread 0... [ 257.062210][T10512] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1307'. [ 257.072352][T10512] FAULT_INJECTION: forcing a failure. [ 257.072352][T10512] name failslab, interval 1, probability 0, space 0, times 0 [ 257.076118][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 257.078791][T10512] CPU: 3 UID: 0 PID: 10512 Comm: syz.2.1307 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 257.080679][T10510] afs: Unknown parameter 'obj_user9!]' [ 257.081889][T10512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 257.081900][T10512] Call Trace: [ 257.081904][T10512] [ 257.081909][T10512] dump_stack_lvl+0x16c/0x1f0 [ 257.081929][T10512] should_fail_ex+0x497/0x5b0 [ 257.081940][T10512] ? fs_reclaim_acquire+0xae/0x150 [ 257.081954][T10512] should_failslab+0xc2/0x120 [ 257.081975][T10512] __kmalloc_noprof+0xcb/0x410 [ 257.081988][T10512] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 257.082002][T10512] tomoyo_realpath_from_path+0xbf/0x710 [ 257.082019][T10512] ? tomoyo_path_number_perm+0x235/0x5b0 [ 257.082033][T10512] tomoyo_path_number_perm+0x248/0x5b0 [ 257.082045][T10512] ? tomoyo_path_number_perm+0x235/0x5b0 [ 257.082061][T10512] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 257.082165][T10512] ? __pfx_lock_release+0x10/0x10 [ 257.082178][T10512] ? trace_lock_acquire+0x146/0x1e0 [ 257.082192][T10512] ? lock_acquire+0x2f/0xb0 [ 257.082201][T10512] ? __fget_files+0x40/0x3a0 [ 257.082216][T10512] ? __fget_files+0x206/0x3a0 [ 257.082230][T10512] security_file_ioctl_compat+0x9b/0x240 [ 257.082246][T10512] __do_compat_sys_ioctl+0x4e/0x2c0 [ 257.082258][T10512] __do_fast_syscall_32+0x73/0x120 [ 257.082277][T10512] do_fast_syscall_32+0x32/0x80 [ 257.082291][T10512] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 257.082307][T10512] RIP: 0023:0xf7fe7579 [ 257.082321][T10512] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 257.082331][T10512] RSP: 002b:00000000f516655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 257.082343][T10512] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000400454cd [ 257.082350][T10512] RDX: 0000000000000308 RSI: 0000000000000000 RDI: 0000000000000000 [ 257.082357][T10512] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 257.082363][T10512] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 257.082369][T10512] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 257.140972][T10512] [ 257.141936][ C3] vkms_vblank_simulate: vblank timer overrun [ 257.144653][T10512] ERROR: Out of memory at tomoyo_realpath_from_path. [ 257.147825][T10512] syzkaller0: entered allmulticast mode [ 257.204097][T10513] IPVS: using max 38 ests per chain, 91200 per kthread [ 257.214137][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 257.354080][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 257.504017][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 257.613463][ T39] audit: type=1326 audit(1732430816.165:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10521 comm="syz.2.1311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 257.619991][ T39] audit: type=1326 audit(1732430816.165:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10521 comm="syz.2.1311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 257.644042][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 257.784066][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 257.805304][T10508] vhci_hcd: connection closed [ 257.805635][ T11] vhci_hcd: stop threads [ 257.808995][ T11] vhci_hcd: release socket [ 257.810961][ T11] vhci_hcd: disconnect device [ 257.924083][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 258.064059][ T6066] tipc: Node number set to 2886997162 [ 258.204108][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 258.296283][T10533] ubi0: attaching mtd0 [ 258.297869][T10533] ubi0: scanning is finished [ 258.484022][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 258.518280][T10533] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 258.520965][T10533] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 258.522857][T10533] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 258.526300][T10533] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 258.528668][T10533] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 258.530716][T10533] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 258.532956][T10533] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 258.536022][T10533] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 258.538586][T10540] ubi0: background thread "ubi_bgt0d" started, PID 10540 [ 258.540662][T10535] ubi0: detaching mtd0 [ 258.544149][T10535] ubi0: mtd0 is detached [ 258.576183][T10542] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 258.852445][ T39] audit: type=1326 audit(1732430817.405:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.0.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 258.858237][ T39] audit: type=1326 audit(1732430817.405:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.0.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 258.864102][ T831] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 258.864509][ T39] audit: type=1326 audit(1732430817.405:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.0.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=343 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 258.872249][ T39] audit: type=1326 audit(1732430817.405:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.0.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 258.878159][ T39] audit: type=1326 audit(1732430817.405:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.0.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 258.887146][ T39] audit: type=1326 audit(1732430817.405:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.0.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 258.895290][ T39] audit: type=1326 audit(1732430817.405:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.0.1316" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 259.015660][ T831] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 259.019710][ T831] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 259.023331][ T831] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 259.026143][ T831] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 259.029663][ T831] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 259.032081][ T831] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.036070][ T831] usb 7-1: config 0 descriptor?? [ 259.253157][ T831] usbhid 7-1:0.0: can't add hid device: -71 [ 259.255387][ T831] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 259.264485][ T831] usb 7-1: USB disconnect, device number 9 [ 259.406372][T10563] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1320'. [ 259.580858][T10573] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1322'. [ 260.414716][T10579] binder: 10578:10579 ioctl c0306201 200003c0 returned -14 [ 260.417623][T10579] binder: 10578:10579 ioctl 80085504 20000140 returned -22 [ 260.432604][T10579] binder: 10578:10579 ioctl c0306201 200001c0 returned -14 [ 260.823740][T10597] FAULT_INJECTION: forcing a failure. [ 260.823740][T10597] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.827449][T10597] CPU: 2 UID: 0 PID: 10597 Comm: syz.2.1328 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 260.830272][T10597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 260.833374][T10597] Call Trace: [ 260.834281][T10597] [ 260.835202][T10597] dump_stack_lvl+0x16c/0x1f0 [ 260.836568][T10597] should_fail_ex+0x497/0x5b0 [ 260.837831][T10597] _copy_to_user+0x32/0xd0 [ 260.839000][T10597] simple_read_from_buffer+0xd0/0x160 [ 260.840516][T10597] proc_fail_nth_read+0x198/0x270 [ 260.841845][T10597] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 260.843319][T10597] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 260.844832][T10597] vfs_read+0x1df/0xbe0 [ 260.845965][T10597] ? __fget_files+0x1fc/0x3a0 [ 260.847235][T10597] ? __pfx___mutex_lock+0x10/0x10 [ 260.848565][T10597] ? __pfx_vfs_read+0x10/0x10 [ 260.849722][T10597] ? __fget_files+0x206/0x3a0 [ 260.850889][T10597] ksys_read+0x12b/0x250 [ 260.851976][T10597] ? __pfx_ksys_read+0x10/0x10 [ 260.853207][T10597] __do_fast_syscall_32+0x73/0x120 [ 260.854677][T10597] do_fast_syscall_32+0x32/0x80 [ 260.856083][T10597] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 260.857785][T10597] RIP: 0023:0xf7fe7579 [ 260.858953][T10597] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 260.864295][T10597] RSP: 002b:00000000f5166590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 260.866660][T10597] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5166620 [ 260.868790][T10597] RDX: 000000000000000f RSI: 00000000f746dff4 RDI: 0000000000000000 [ 260.870780][T10597] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 260.872963][T10597] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 260.875310][T10597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 260.877549][T10597] [ 260.944227][ T5999] vhci_hcd: vhci_device speed not set [ 260.990967][T10606] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 261.118167][T10615] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1334'. [ 261.120576][T10615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1334'. [ 261.122886][T10615] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1334'. [ 261.392113][T10625] ubi0: attaching mtd0 [ 261.393684][T10625] ubi0: scanning is finished [ 261.436823][T10629] FAULT_INJECTION: forcing a failure. [ 261.436823][T10629] name failslab, interval 1, probability 0, space 0, times 0 [ 261.440232][T10629] CPU: 2 UID: 0 PID: 10629 Comm: syz.0.1340 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 261.442918][T10629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 261.446152][T10629] Call Trace: [ 261.447252][T10629] [ 261.448490][T10629] dump_stack_lvl+0x16c/0x1f0 [ 261.450278][T10629] should_fail_ex+0x497/0x5b0 [ 261.451678][T10629] ? fs_reclaim_acquire+0xae/0x150 [ 261.453065][T10629] should_failslab+0xc2/0x120 [ 261.454330][T10629] __kmalloc_noprof+0xcb/0x410 [ 261.455726][T10629] lsm_blob_alloc+0x68/0x90 [ 261.456943][T10629] security_sk_alloc+0x30/0x270 [ 261.458665][T10629] sk_prot_alloc+0x1c7/0x2a0 [ 261.460169][T10629] sk_alloc+0x36/0xb90 [ 261.461366][T10629] bpf_prog_test_run_skb+0x335/0x22c0 [ 261.462802][T10629] ? __fget_files+0x40/0x3a0 [ 261.464040][T10629] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 261.465631][T10629] ? fput+0x67/0x440 [ 261.466661][T10629] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 261.468180][T10629] __sys_bpf+0x1921/0x57a0 [ 261.469371][T10629] ? __pfx_lock_release+0x10/0x10 [ 261.470758][T10629] ? __pfx___sys_bpf+0x10/0x10 [ 261.472088][T10629] ? vfs_write+0x306/0x1150 [ 261.473353][T10629] ? __mutex_unlock_slowpath+0x164/0x690 [ 261.474926][T10629] ? fput+0x67/0x440 [ 261.476223][T10629] ? ksys_write+0x1ba/0x250 [ 261.477432][T10629] ? __pfx_ksys_write+0x10/0x10 [ 261.478788][T10629] __ia32_sys_bpf+0x76/0xe0 [ 261.480003][T10629] __do_fast_syscall_32+0x73/0x120 [ 261.481341][T10629] do_fast_syscall_32+0x32/0x80 [ 261.482774][T10629] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 261.484502][T10629] RIP: 0023:0xf7f64579 [ 261.485822][T10629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 261.491192][T10629] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 261.493359][T10629] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000000 [ 261.495439][T10629] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 261.497493][T10629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 261.499530][T10629] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 261.501593][T10629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 261.503698][T10629] [ 261.504766][ C2] vkms_vblank_simulate: vblank timer overrun [ 261.506866][ C2] hpet_rtc_timer_reinit: 29 callbacks suppressed [ 261.506876][ C2] hpet: Lost 4 RTC interrupts [ 261.522781][T10625] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 261.524771][T10625] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 261.527113][T10625] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 261.529232][T10625] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 261.531514][T10625] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 261.533430][T10625] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 261.536467][T10625] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 261.539613][T10625] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 261.542892][T10630] ubi0: detaching mtd0 [ 261.544075][T10632] ubi0: background thread "ubi_bgt0d" started, PID 10632 [ 261.552146][T10630] ubi0: mtd0 is detached [ 261.649102][T10644] ubi0: attaching mtd0 [ 261.650703][T10644] ubi0: scanning is finished [ 261.704674][T10644] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 261.707332][T10644] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 261.710174][T10644] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 261.712613][T10644] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 261.715537][T10644] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 261.717856][T10644] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 261.720678][T10644] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 261.723582][T10644] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 261.728993][T10647] ubi0: background thread "ubi_bgt0d" started, PID 10647 [ 261.729013][T10646] ubi0: detaching mtd0 [ 261.733621][T10646] ubi0: mtd0 is detached [ 261.882342][T10653] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1346'. [ 262.144053][ C3] net_ratelimit: 3 callbacks suppressed [ 262.144067][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 262.549523][ T39] audit: type=1326 audit(1732430821.105:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10661 comm="syz.2.1350" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 262.559574][ T39] audit: type=1326 audit(1732430821.105:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10661 comm="syz.2.1350" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 263.184030][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 263.222094][ T39] audit: type=1326 audit(1732430821.775:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10672 comm="syz.2.1353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 263.228825][ T39] audit: type=1326 audit(1732430821.775:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10672 comm="syz.2.1353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 263.235565][ T39] audit: type=1326 audit(1732430821.775:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10672 comm="syz.2.1353" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 263.244309][ T39] audit: type=1326 audit(1732430821.785:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10672 comm="syz.2.1353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 263.252317][ T39] audit: type=1326 audit(1732430821.785:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10672 comm="syz.2.1353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 263.260550][ T39] audit: type=1326 audit(1732430821.795:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10672 comm="syz.2.1353" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 263.268357][ T39] audit: type=1326 audit(1732430821.795:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10672 comm="syz.2.1353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 263.943868][T10672] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 264.120229][T10692] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 264.197098][T10687] xt_CT: You must specify a L4 protocol and not use inversions on it [ 264.224125][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 264.677970][T10703] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1362'. [ 265.264058][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 265.518989][T10711] syzkaller1: entered promiscuous mode [ 265.520963][T10711] syzkaller1: entered allmulticast mode [ 265.672976][T10714] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1365'. [ 266.007618][T10721] ubi0: attaching mtd0 [ 266.017112][T10721] ubi0: scanning is finished [ 266.169119][T10721] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 266.171320][T10721] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 266.173516][T10721] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 266.175878][T10721] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 266.178697][T10721] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 266.180655][T10721] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 266.182985][T10721] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 266.186736][T10721] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 266.190261][T10724] ubi0: background thread "ubi_bgt0d" started, PID 10724 [ 266.192617][T10722] ubi0: detaching mtd0 [ 266.294117][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 266.310071][T10722] ubi0: mtd0 is detached [ 266.457426][T10736] syzkaller1: entered promiscuous mode [ 266.459550][T10736] syzkaller1: entered allmulticast mode [ 266.466735][T10735] ubi0: attaching mtd0 [ 266.470496][T10735] ubi0: scanning is finished [ 266.539169][T10735] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 266.539267][T10735] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 266.539356][T10735] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 266.539368][T10735] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 266.539378][T10735] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 266.539387][T10735] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 266.539397][T10735] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 266.539408][T10735] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 266.539465][T10738] ubi0: background thread "ubi_bgt0d" started, PID 10738 [ 266.539509][T10737] ubi0: detaching mtd0 [ 266.572099][T10737] ubi0: mtd0 is detached [ 266.714946][T10743] vivid-002: disconnect [ 267.288788][T10759] afs: Unknown parameter ')Œ“^' [ 267.292065][T10759] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 267.334124][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 267.583790][T10742] vivid-002: reconnect [ 267.640240][T10771] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1383'. [ 268.219052][T10785] fuse: Unknown parameter 'user_i00000000000000000000' [ 268.384128][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 268.762590][T10810] ubi0: attaching mtd0 [ 268.764255][T10810] ubi0: scanning is finished [ 268.872002][T10810] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 268.875003][T10810] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 268.877379][T10810] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 268.880050][T10810] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 268.882760][T10810] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 268.885160][T10810] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 268.887789][T10810] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2906436432 [ 268.891533][T10810] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 268.895544][T10812] ubi0: detaching mtd0 [ 268.895546][T10815] ubi0: background thread "ubi_bgt0d" started, PID 10815 [ 268.907933][T10812] ubi0: mtd0 is detached [ 269.414046][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 269.479809][T10829] FAULT_INJECTION: forcing a failure. [ 269.479809][T10829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.483478][T10829] CPU: 3 UID: 0 PID: 10829 Comm: syz.0.1401 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 269.486130][T10829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 269.488987][T10829] Call Trace: [ 269.489943][T10829] [ 269.490798][T10829] dump_stack_lvl+0x16c/0x1f0 [ 269.492186][T10829] should_fail_ex+0x497/0x5b0 [ 269.493428][T10829] _copy_from_user+0x2e/0xd0 [ 269.494586][T10829] get_compat_msghdr+0xa8/0x170 [ 269.495835][T10829] ? __pfx_get_compat_msghdr+0x10/0x10 [ 269.497275][T10829] ___sys_sendmsg+0x1b0/0x1e0 [ 269.498738][T10829] ? __pfx____sys_sendmsg+0x10/0x10 [ 269.500195][T10829] ? trace_lock_acquire+0x146/0x1e0 [ 269.501557][T10829] __sys_sendmmsg+0x2fa/0x420 [ 269.502963][T10829] ? __pfx___sys_sendmmsg+0x10/0x10 [ 269.504660][T10829] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 269.506417][T10829] ? fput+0x67/0x440 [ 269.507471][T10829] ? ksys_write+0x1ba/0x250 [ 269.508661][T10829] ? __pfx_ksys_write+0x10/0x10 [ 269.509914][T10829] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 269.511348][T10829] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 269.513031][T10829] __do_fast_syscall_32+0x73/0x120 [ 269.514448][T10829] do_fast_syscall_32+0x32/0x80 [ 269.515710][T10829] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 269.517423][T10829] RIP: 0023:0xf7f64579 [ 269.518540][T10829] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 269.524106][T10829] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 269.526411][T10829] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200002c0 [ 269.528504][T10829] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000 [ 269.530657][T10829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 269.532877][T10829] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 269.535015][T10829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 269.537180][T10829] [ 269.538082][ C3] vkms_vblank_simulate: vblank timer overrun [ 269.767596][T10843] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1404'. [ 269.876955][T10847] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1407'. [ 270.303743][T10854] binder: 10853:10854 ioctl c0306201 200003c0 returned -14 [ 270.310138][T10854] binder: 10853:10854 ioctl 80085504 20000140 returned -22 [ 270.324423][T10854] binder: 10853:10854 ioctl c0306201 200001c0 returned -14 [ 270.375134][T10857] binder: 10856:10857 ioctl c0306201 200003c0 returned -14 [ 270.378207][T10857] binder: 10856:10857 ioctl 80085504 20000140 returned -22 [ 270.383286][T10857] binder: 10856:10857 ioctl c0306201 200001c0 returned -14 [ 270.454327][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 270.578537][T10868] fuse: Unknown parameter 'user_i00000000000000000000' [ 270.715892][T10877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1415'. [ 270.724884][T10878] syzkaller1: entered promiscuous mode [ 270.728633][T10878] syzkaller1: entered allmulticast mode [ 271.485622][T10884] (syz.2.1418,10884,3):dlmfs_mkdir:420 ERROR: invalid domain name for directory. [ 271.494059][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 271.691222][T10890] FAULT_INJECTION: forcing a failure. [ 271.691222][T10890] name failslab, interval 1, probability 0, space 0, times 0 [ 271.696038][T10890] CPU: 3 UID: 0 PID: 10890 Comm: syz.2.1420 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 271.698936][T10890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 271.702240][T10890] Call Trace: [ 271.703382][T10890] [ 271.704372][T10890] dump_stack_lvl+0x16c/0x1f0 [ 271.705577][T10890] should_fail_ex+0x497/0x5b0 [ 271.706802][T10890] ? fs_reclaim_acquire+0xae/0x150 [ 271.708206][T10890] should_failslab+0xc2/0x120 [ 271.709911][T10890] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 271.711657][T10890] ? mas_alloc_nodes+0x18b/0x880 [ 271.713462][T10890] mas_alloc_nodes+0x18b/0x880 [ 271.714827][T10890] mas_node_count_gfp+0x105/0x130 [ 271.716233][T10890] mas_preallocate+0x53f/0xce0 [ 271.717771][T10890] ? __pfx_mas_preallocate+0x10/0x10 [ 271.719477][T10890] ? anon_vma_name+0x75/0x100 [ 271.719868][T10891] syzkaller1: entered promiscuous mode [ 271.720728][T10890] __split_vma+0x474/0x1210 [ 271.722227][T10891] syzkaller1: entered allmulticast mode [ 271.723372][T10890] ? __pfx___split_vma+0x10/0x10 [ 271.726119][T10890] ? mtree_range_walk+0x715/0xbe0 [ 271.727494][T10890] vma_modify.constprop.0+0x1f9/0x3b0 [ 271.728913][T10890] vma_modify_policy+0x203/0x2a0 [ 271.730196][T10890] ? __pfx_vma_modify_policy+0x10/0x10 [ 271.731702][T10890] mbind_range+0x17b/0x530 [ 271.732980][T10890] do_mbind+0x7df/0xe90 [ 271.734187][T10890] ? __pfx_do_mbind+0x10/0x10 [ 271.735669][T10890] ? vfs_write+0x306/0x1150 [ 271.737174][T10890] ? __mutex_unlock_slowpath+0x164/0x690 [ 271.738846][T10890] ? __pfx_get_nodes+0x10/0x10 [ 271.740506][T10890] ? __fget_files+0x206/0x3a0 [ 271.741811][T10890] kernel_mbind+0x1e8/0x200 [ 271.743094][T10890] ? __pfx_kernel_mbind+0x10/0x10 [ 271.744660][T10890] __do_fast_syscall_32+0x73/0x120 [ 271.746063][T10890] do_fast_syscall_32+0x32/0x80 [ 271.747590][T10890] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 271.749297][T10890] RIP: 0023:0xf7fe7579 [ 271.752440][T10890] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 271.752457][T10890] RSP: 002b:00000000f516655c EFLAGS: 00000296 ORIG_RAX: 0000000000000112 [ 271.752469][T10890] RAX: ffffffffffffffda RBX: 0000000020001000 RCX: 0000000000800000 [ 271.752475][T10890] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 271.752481][T10890] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 271.752487][T10890] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 271.752493][T10890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 271.752506][T10890] [ 271.752608][ C3] vkms_vblank_simulate: vblank timer overrun [ 271.895488][T10898] FAULT_INJECTION: forcing a failure. [ 271.895488][T10898] name failslab, interval 1, probability 0, space 0, times 0 [ 271.895569][T10898] CPU: 3 UID: 0 PID: 10898 Comm: syz.2.1423 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 271.895582][T10898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 271.895588][T10898] Call Trace: [ 271.895599][T10898] [ 271.895606][T10898] dump_stack_lvl+0x16c/0x1f0 [ 271.895625][T10898] should_fail_ex+0x497/0x5b0 [ 271.895636][T10898] ? fs_reclaim_acquire+0xae/0x150 [ 271.895649][T10898] should_failslab+0xc2/0x120 [ 271.895663][T10898] __kmalloc_noprof+0xcb/0x410 [ 271.895675][T10898] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 271.895688][T10898] tomoyo_realpath_from_path+0xbf/0x710 [ 271.895704][T10898] ? tomoyo_path_number_perm+0x235/0x5b0 [ 271.895718][T10898] tomoyo_path_number_perm+0x248/0x5b0 [ 271.895729][T10898] ? tomoyo_path_number_perm+0x235/0x5b0 [ 271.895742][T10898] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 271.895766][T10898] ? __pfx_lock_release+0x10/0x10 [ 271.895774][T10898] ? trace_lock_acquire+0x146/0x1e0 [ 271.895788][T10898] ? lock_acquire+0x2f/0xb0 [ 271.895796][T10898] ? __fget_files+0x40/0x3a0 [ 271.895810][T10898] ? __fget_files+0x206/0x3a0 [ 271.895823][T10898] security_file_ioctl_compat+0x9b/0x240 [ 271.895837][T10898] __do_compat_sys_ioctl+0x4e/0x2c0 [ 271.895849][T10898] __do_fast_syscall_32+0x73/0x120 [ 271.895865][T10898] do_fast_syscall_32+0x32/0x80 [ 271.895878][T10898] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 271.895890][T10898] RIP: 0023:0xf7fe7579 [ 271.895899][T10898] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 271.895909][T10898] RSP: 002b:00000000f516655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 271.895919][T10898] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0049364 [ 271.895925][T10898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 271.895931][T10898] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 271.895937][T10898] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 271.895942][T10898] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 271.895954][T10898] [ 271.895982][T10898] ERROR: Out of memory at tomoyo_realpath_from_path. [ 272.014654][T10902] syzkaller1: entered promiscuous mode [ 272.014667][T10902] syzkaller1: entered allmulticast mode [ 272.417643][T10904] binder: 10903:10904 ioctl c0306201 200003c0 returned -14 [ 272.419987][T10904] binder: 10903:10904 ioctl 80085504 20000140 returned -22 [ 272.425657][T10904] binder: 10903:10904 ioctl c0306201 200001c0 returned -14 [ 272.534119][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 272.663111][T10922] binder: 10921:10922 ioctl c0306201 200003c0 returned -14 [ 272.666582][T10922] binder: 10921:10922 ioctl c0306201 200001c0 returned -14 [ 272.724132][ T6066] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 272.804073][T10233] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 272.854036][ T6066] usb 5-1: device descriptor read/64, error -71 [ 272.934144][T10233] usb 7-1: device descriptor read/64, error -71 [ 273.104080][ T6066] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 273.194158][T10233] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 273.254042][ T6066] usb 5-1: device descriptor read/64, error -71 [ 273.324659][T10931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1435'. [ 273.334076][T10233] usb 7-1: device descriptor read/64, error -71 [ 273.375395][ T6066] usb usb5-port1: attempt power cycle [ 273.454262][T10233] usb usb7-port1: attempt power cycle [ 273.574151][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 273.724141][ T6066] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 273.744804][ T6066] usb 5-1: device descriptor read/8, error -71 [ 273.794058][T10233] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 273.815469][T10233] usb 7-1: device descriptor read/8, error -71 [ 273.817799][T10941] FAULT_INJECTION: forcing a failure. [ 273.817799][T10941] name failslab, interval 1, probability 0, space 0, times 0 [ 273.820987][T10941] CPU: 2 UID: 0 PID: 10941 Comm: syz.1.1439 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 273.824248][T10941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 273.827492][T10941] Call Trace: [ 273.828349][T10941] [ 273.829102][T10941] dump_stack_lvl+0x16c/0x1f0 [ 273.830330][T10941] should_fail_ex+0x497/0x5b0 [ 273.831504][T10941] ? fs_reclaim_acquire+0xae/0x150 [ 273.833113][T10941] should_failslab+0xc2/0x120 [ 273.834765][T10941] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 273.836656][T10941] ? getname_flags.part.0+0x4c/0x550 [ 273.838605][T10941] getname_flags.part.0+0x4c/0x550 [ 273.840434][T10941] getname_flags+0x93/0xf0 [ 273.842030][T10941] user_path_at+0x24/0x60 [ 273.843485][T10941] __do_sys_move_mount+0x1e5/0xe40 [ 273.845296][T10941] ? fput+0x67/0x440 [ 273.846749][T10941] ? __pfx___do_sys_move_mount+0x10/0x10 [ 273.848828][T10941] ? ksys_write+0x1ba/0x250 [ 273.850009][T10941] ? __pfx_ksys_write+0x10/0x10 [ 273.851262][T10941] __do_fast_syscall_32+0x73/0x120 [ 273.853011][T10941] do_fast_syscall_32+0x32/0x80 [ 273.854785][T10941] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 273.857050][T10941] RIP: 0023:0xf742e579 [ 273.858593][T10941] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 273.865609][T10941] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 00000000000001ad [ 273.868513][T10941] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000140 [ 273.871256][T10941] RDX: 00000000ffffff9c RSI: 0000000020000180 RDI: 0000000000000000 [ 273.874072][T10941] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 273.876966][T10941] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 273.879938][T10941] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 273.882756][T10941] [ 273.884373][ C2] hpet_rtc_timer_reinit: 22 callbacks suppressed [ 273.884386][ C2] hpet: Lost 4 RTC interrupts [ 273.938290][T10943] No such timeout policy "syz0" [ 274.024164][ T6066] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 274.054452][T10233] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 274.056874][ T6066] usb 5-1: device descriptor read/8, error -71 [ 274.085729][T10233] usb 7-1: device descriptor read/8, error -71 [ 274.096334][T10953] random: crng reseeded on system resumption [ 274.164303][ T6066] usb usb5-port1: unable to enumerate USB device [ 274.195644][T10233] usb usb7-port1: unable to enumerate USB device [ 274.624067][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 275.142288][T10968] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1449'. [ 275.649516][T10970] devpts: called with bogus options [ 275.664055][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 275.851637][T10991] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 276.085521][T11002] syzkaller1: entered promiscuous mode [ 276.087235][T11002] syzkaller1: entered allmulticast mode [ 276.694050][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 276.784593][T11008] fuse: Unknown parameter '0x0000000000000005' [ 276.860844][T11014] FAULT_INJECTION: forcing a failure. [ 276.860844][T11014] name failslab, interval 1, probability 0, space 0, times 0 [ 276.869782][T11014] CPU: 1 UID: 0 PID: 11014 Comm: syz.1.1463 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 276.873480][T11014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 276.879143][T11014] Call Trace: [ 276.880531][T11014] [ 276.881670][T11014] dump_stack_lvl+0x16c/0x1f0 [ 276.883138][T11014] should_fail_ex+0x497/0x5b0 [ 276.884504][T11014] should_failslab+0xc2/0x120 [ 276.885727][T11014] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 276.887322][T11014] ? skb_clone+0x190/0x3f0 [ 276.888487][T11014] skb_clone+0x190/0x3f0 [ 276.889596][T11014] netlink_deliver_tap+0xafd/0xca0 [ 276.891000][T11014] netlink_unicast+0x5e1/0x7f0 [ 276.892381][T11014] ? __pfx_netlink_unicast+0x10/0x10 [ 276.893792][T11014] ? __phys_addr_symbol+0x30/0x80 [ 276.895154][T11014] ? __check_object_size+0x488/0x710 [ 276.896552][T11014] netlink_sendmsg+0x8b8/0xd70 [ 276.897827][T11014] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.899270][T11014] ____sys_sendmsg+0x9ae/0xb40 [ 276.900613][T11014] ? __pfx_____sys_sendmsg+0x10/0x10 [ 276.902151][T11014] ? get_compat_msghdr+0x11b/0x170 [ 276.903969][T11014] ___sys_sendmsg+0x135/0x1e0 [ 276.905798][T11014] ? __pfx____sys_sendmsg+0x10/0x10 [ 276.907686][T11014] ? __pfx_lock_release+0x10/0x10 [ 276.909455][T11014] ? trace_lock_acquire+0x146/0x1e0 [ 276.911235][T11014] ? __fget_files+0x206/0x3a0 [ 276.913063][T11014] __sys_sendmsg+0x16e/0x220 [ 276.914370][T11014] ? __pfx___sys_sendmsg+0x10/0x10 [ 276.915890][T11014] __do_fast_syscall_32+0x73/0x120 [ 276.917290][T11014] do_fast_syscall_32+0x32/0x80 [ 276.918585][T11014] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 276.921392][T11014] RIP: 0023:0xf742e579 [ 276.921408][T11014] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 276.921418][T11014] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 276.921429][T11014] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400 [ 276.932695][T11014] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 276.934762][T11014] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 276.936818][T11014] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 276.938748][T11014] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 276.940640][T11014] [ 277.353197][T11045] FAULT_INJECTION: forcing a failure. [ 277.353197][T11045] name failslab, interval 1, probability 0, space 0, times 0 [ 277.357985][T11045] CPU: 3 UID: 0 PID: 11045 Comm: syz.2.1474 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 277.362095][T11045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 277.366092][T11045] Call Trace: [ 277.367298][T11045] [ 277.368263][T11045] dump_stack_lvl+0x16c/0x1f0 [ 277.369545][T11045] should_fail_ex+0x497/0x5b0 [ 277.370856][T11045] should_failslab+0xc2/0x120 [ 277.372211][T11045] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 277.373649][T11045] ? skb_clone+0x190/0x3f0 [ 277.374863][T11045] skb_clone+0x190/0x3f0 [ 277.376015][T11045] netlink_deliver_tap+0xafd/0xca0 [ 277.377364][T11045] netlink_unicast+0x5e1/0x7f0 [ 277.378616][T11045] ? __pfx_netlink_unicast+0x10/0x10 [ 277.380242][T11045] ? const_folio_flags.constprop.0+0x56/0x150 [ 277.381819][T11045] ? __phys_addr_symbol+0x30/0x80 [ 277.383152][T11045] ? __check_object_size+0x488/0x710 [ 277.384688][T11045] netlink_sendmsg+0x8b8/0xd70 [ 277.386085][T11045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.387584][T11045] ____sys_sendmsg+0x9ae/0xb40 [ 277.388914][T11045] ? __pfx_____sys_sendmsg+0x10/0x10 [ 277.390344][T11045] ? get_compat_msghdr+0x11b/0x170 [ 277.391689][T11045] ___sys_sendmsg+0x135/0x1e0 [ 277.392917][T11045] ? __pfx____sys_sendmsg+0x10/0x10 [ 277.394267][T11045] ? __pfx_lock_release+0x10/0x10 [ 277.395579][T11045] ? trace_lock_acquire+0x146/0x1e0 [ 277.396945][T11045] ? __fget_files+0x206/0x3a0 [ 277.398178][T11045] __sys_sendmsg+0x16e/0x220 [ 277.399458][T11045] ? __pfx___sys_sendmsg+0x10/0x10 [ 277.400806][T11045] __do_fast_syscall_32+0x73/0x120 [ 277.402166][T11045] do_fast_syscall_32+0x32/0x80 [ 277.403416][T11045] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 277.405162][T11045] RIP: 0023:0xf7fe7579 [ 277.406314][T11045] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 277.411356][T11045] RSP: 002b:00000000f516655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 277.413631][T11045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 277.415851][T11045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 277.417984][T11045] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 277.420097][T11045] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 277.422131][T11045] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 277.424375][T11045] [ 277.425263][ C3] vkms_vblank_simulate: vblank timer overrun [ 277.430971][T11045] netlink: 'syz.2.1474': attribute type 1 has an invalid length. [ 277.433207][T11045] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.1474'. [ 277.437296][T11045] netlink: 'syz.2.1474': attribute type 2 has an invalid length. [ 277.466502][T11047] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 277.734038][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 277.907775][T11057] syzkaller1: entered promiscuous mode [ 277.912590][T11057] syzkaller1: entered allmulticast mode [ 278.004016][ T10] usb 7-1: new full-speed USB device number 14 using dummy_hcd [ 278.063365][T11053] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1477'. [ 278.073526][T11059] binder: 11058:11059 ioctl c0306201 200001c0 returned -14 [ 278.120949][T11064] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 278.158668][ T10] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 278.160715][ T10] usb 7-1: can't read configurations, error -71 [ 278.187895][T11070] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 278.255367][T11072] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1483'. [ 278.317739][T11081] syzkaller1: entered promiscuous mode [ 278.319554][T11081] syzkaller1: entered allmulticast mode [ 278.774111][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 279.042221][T11097] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 279.648362][T11110] ptm ptm26: ldisc open failed (-12), clearing slot 26 [ 279.685588][T11105] tipc: Enabling of bearer rejected, media not registered [ 279.814052][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 280.762260][T11144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1506'. [ 280.854022][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 281.407768][T11151] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1508'. [ 281.411191][T11151] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1508'. [ 281.414936][T11151] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1508'. [ 281.478026][T11153] Cannot find del_set index 0 as target [ 281.689037][T11157] x_tables: ip_tables: DNAT target: only valid in nat table, not syz0 [ 281.692932][T11157] bpf: Bad value for 'uid' [ 281.745257][T10233] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 281.894074][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 281.894513][T10233] usb 6-1: Using ep0 maxpacket: 32 [ 281.899061][T10233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.902417][T10233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 281.905554][T10233] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 281.908841][T10233] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 281.911181][T10233] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.915590][T10233] usb 6-1: config 0 descriptor?? [ 281.967236][T11174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1515'. [ 282.034133][T11174] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 282.287267][T11199] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1519'. [ 282.323869][T10233] hid (null): invalid report_size 24421 [ 282.333367][T10233] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:0458:5011.0002/input/input8 [ 282.400394][T10233] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:0458:5011.0002/input/input9 [ 282.431339][T10233] kye 0003:0458:5011.0002: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0 [ 282.944049][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 283.377820][ C2] kye 0003:0458:5011.0002: usb_submit_urb(ctrl) failed: -1 [ 283.457352][ T39] audit: type=1326 audit(1732430842.015:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11215 comm="syz.0.1524" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 283.463339][ T39] audit: type=1326 audit(1732430842.015:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11215 comm="syz.0.1524" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000 [ 283.974046][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 284.024301][T11222] binder: 11221:11222 ioctl c0306201 200001c0 returned -14 [ 284.032764][T11225] syzkaller1: entered promiscuous mode [ 284.034461][T11225] syzkaller1: entered allmulticast mode [ 284.104904][T11227] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 284.331082][ T8015] usb 6-1: USB disconnect, device number 7 [ 284.353103][T11237] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 284.454099][ T35] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 284.625452][ T35] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.628393][ T35] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 284.630893][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 284.632786][ T35] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 284.635303][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.640795][ T35] usb 5-1: config 0 descriptor?? [ 285.024022][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 285.608113][T11263] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1538'. [ 285.610753][T11263] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1538'. [ 285.613160][T11263] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1538'. [ 285.797799][ T35] usbhid 5-1:0.0: can't add hid device: -71 [ 285.801187][ T35] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 285.809408][ T35] usb 5-1: USB disconnect, device number 8 [ 285.889046][T11267] syzkaller1: entered promiscuous mode [ 285.890605][T11267] syzkaller1: entered allmulticast mode [ 286.054043][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 286.206254][T11277] syzkaller1: entered promiscuous mode [ 286.207886][T11277] syzkaller1: entered allmulticast mode [ 286.840334][T11301] FAULT_INJECTION: forcing a failure. [ 286.840334][T11301] name failslab, interval 1, probability 0, space 0, times 0 [ 286.844935][T11301] CPU: 0 UID: 0 PID: 11301 Comm: syz.2.1553 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 286.848361][T11301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 286.851220][T11301] Call Trace: [ 286.852112][T11301] [ 286.853271][T11301] dump_stack_lvl+0x16c/0x1f0 [ 286.854631][T11301] should_fail_ex+0x497/0x5b0 [ 286.855872][T11301] should_failslab+0xc2/0x120 [ 286.857102][T11301] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 286.858534][T11301] ? skb_clone+0x190/0x3f0 [ 286.859776][T11301] skb_clone+0x190/0x3f0 [ 286.860924][T11301] netlink_deliver_tap+0xafd/0xca0 [ 286.862307][T11301] netlink_unicast+0x5e1/0x7f0 [ 286.863559][T11301] ? __pfx_netlink_unicast+0x10/0x10 [ 286.864927][T11301] ? __phys_addr_symbol+0x30/0x80 [ 286.866254][T11301] ? __check_object_size+0x488/0x710 [ 286.867639][T11301] netlink_sendmsg+0x8b8/0xd70 [ 286.868984][T11301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 286.870367][T11301] ____sys_sendmsg+0x9ae/0xb40 [ 286.871643][T11301] ? __pfx_____sys_sendmsg+0x10/0x10 [ 286.873086][T11301] ? get_compat_msghdr+0x11b/0x170 [ 286.874461][T11301] ___sys_sendmsg+0x135/0x1e0 [ 286.875733][T11301] ? __pfx____sys_sendmsg+0x10/0x10 [ 286.877114][T11301] ? __pfx_lock_release+0x10/0x10 [ 286.878417][T11301] ? trace_lock_acquire+0x146/0x1e0 [ 286.879777][T11301] ? __fget_files+0x206/0x3a0 [ 286.881011][T11301] __sys_sendmsg+0x16e/0x220 [ 286.882220][T11301] ? __pfx___sys_sendmsg+0x10/0x10 [ 286.883634][T11301] __do_fast_syscall_32+0x73/0x120 [ 286.884993][T11301] do_fast_syscall_32+0x32/0x80 [ 286.886282][T11301] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 286.887957][T11301] RIP: 0023:0xf7fe7579 [ 286.889063][T11301] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 286.894212][T11301] RSP: 002b:00000000f516655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 286.896372][T11301] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 286.898410][T11301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 286.900525][T11301] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 286.902556][T11301] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 286.904612][T11301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 286.906678][T11301] [ 286.944963][T11304] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.948363][T11304] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.951835][T11304] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.955492][T11304] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 287.049488][T11309] nfs4: Bad value for 'source' [ 287.094127][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 287.346969][T11312] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1555'. [ 287.766562][T11318] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1557'. [ 287.774454][T11318] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1557'. [ 287.777813][T11318] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1557'. [ 287.780533][T11318] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1557'. [ 287.800301][T11323] binder: 11321:11323 ioctl c0306201 200001c0 returned -14 [ 288.134107][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 288.691820][T11341] FAULT_INJECTION: forcing a failure. [ 288.691820][T11341] name failslab, interval 1, probability 0, space 0, times 0 [ 288.695685][T11341] CPU: 2 UID: 0 PID: 11341 Comm: syz.0.1566 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 288.698523][T11341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 288.701925][T11341] Call Trace: [ 288.703082][T11341] [ 288.704103][T11341] dump_stack_lvl+0x16c/0x1f0 [ 288.705872][T11341] should_fail_ex+0x497/0x5b0 [ 288.707346][T11341] should_failslab+0xc2/0x120 [ 288.708897][T11341] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 288.710481][T11341] ? skb_clone+0x190/0x3f0 [ 288.711887][T11341] skb_clone+0x190/0x3f0 [ 288.713076][T11341] netlink_deliver_tap+0xafd/0xca0 [ 288.714503][T11341] netlink_unicast+0x5e1/0x7f0 [ 288.715835][T11341] ? __pfx_netlink_unicast+0x10/0x10 [ 288.717319][T11341] ? __phys_addr_symbol+0x30/0x80 [ 288.718693][T11341] ? __check_object_size+0x488/0x710 [ 288.720273][T11341] netlink_sendmsg+0x8b8/0xd70 [ 288.721595][T11341] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.723514][T11341] ____sys_sendmsg+0x9ae/0xb40 [ 288.725033][T11341] ? __pfx_____sys_sendmsg+0x10/0x10 [ 288.726659][T11341] ? get_compat_msghdr+0x11b/0x170 [ 288.728083][T11341] ___sys_sendmsg+0x135/0x1e0 [ 288.729403][T11341] ? __pfx____sys_sendmsg+0x10/0x10 [ 288.730864][T11341] ? __pfx_lock_release+0x10/0x10 [ 288.732409][T11341] ? trace_lock_acquire+0x146/0x1e0 [ 288.734309][T11341] ? __fget_files+0x206/0x3a0 [ 288.735945][T11341] __sys_sendmsg+0x16e/0x220 [ 288.737813][T11341] ? __pfx___sys_sendmsg+0x10/0x10 [ 288.739712][T11341] __do_fast_syscall_32+0x73/0x120 [ 288.741612][T11341] do_fast_syscall_32+0x32/0x80 [ 288.743091][T11341] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 288.744852][T11341] RIP: 0023:0xf7f64579 [ 288.746046][T11341] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 288.751385][T11341] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 288.753612][T11341] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000a80 [ 288.755645][T11341] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 288.757698][T11341] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 288.759786][T11341] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 288.761984][T11341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 288.764296][T11341] [ 288.765674][ C2] hpet: Lost 4 RTC interrupts [ 288.771582][T11341] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1566'. [ 288.774546][T11341] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1566'. [ 288.777766][T11341] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1566'. [ 288.781212][T11341] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1566'. [ 288.900717][T11350] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1567'. [ 288.944210][T11352] FAULT_INJECTION: forcing a failure. [ 288.944210][T11352] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.949316][T11352] CPU: 2 UID: 0 PID: 11352 Comm: syz.0.1569 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 288.952292][T11352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 288.955131][T11352] Call Trace: [ 288.956029][T11352] [ 288.956915][T11352] dump_stack_lvl+0x16c/0x1f0 [ 288.958211][T11352] should_fail_ex+0x497/0x5b0 [ 288.959659][T11352] _copy_to_user+0x32/0xd0 [ 288.960906][T11352] simple_read_from_buffer+0xd0/0x160 [ 288.962465][T11352] proc_fail_nth_read+0x198/0x270 [ 288.963835][T11352] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 288.965289][T11352] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 288.966795][T11352] vfs_read+0x1df/0xbe0 [ 288.967900][T11352] ? __fget_files+0x1fc/0x3a0 [ 288.969132][T11352] ? __pfx___mutex_lock+0x10/0x10 [ 288.970447][T11352] ? __pfx_vfs_read+0x10/0x10 [ 288.971697][T11352] ? __fget_files+0x206/0x3a0 [ 288.973140][T11352] ksys_read+0x12b/0x250 [ 288.974447][T11352] ? __pfx_ksys_read+0x10/0x10 [ 288.975932][T11352] __do_fast_syscall_32+0x73/0x120 [ 288.977359][T11352] do_fast_syscall_32+0x32/0x80 [ 288.978648][T11352] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 288.980256][T11352] RIP: 0023:0xf7f64579 [ 288.981316][T11352] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 288.986461][T11352] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 288.988649][T11352] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50e6620 [ 288.990738][T11352] RDX: 000000000000000f RSI: 00000000f73edff4 RDI: 0000000000000000 [ 288.993421][T11352] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 288.996790][T11352] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 288.999146][T11352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 289.001249][T11352] [ 289.002363][ C2] hpet: Lost 2 RTC interrupts [ 289.174118][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 290.214097][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 290.258067][ T39] audit: type=1326 audit(1732430848.805:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.2.1575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 290.264582][ T39] audit: type=1326 audit(1732430848.805:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.2.1575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 290.291811][ T39] audit: type=1326 audit(1732430848.845:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.2.1575" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 290.297718][ T39] audit: type=1326 audit(1732430848.845:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.2.1575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 290.304282][ T39] audit: type=1326 audit(1732430848.845:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.2.1575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 290.311550][ T39] audit: type=1326 audit(1732430848.845:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.2.1575" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 290.319915][ T39] audit: type=1326 audit(1732430848.845:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.2.1575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 290.334088][ T39] audit: type=1326 audit(1732430848.845:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.2.1575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000 [ 290.664273][T11371] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 291.254041][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 292.294043][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 293.337433][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 294.178998][T11481] tap0: tun_chr_ioctl cmd 2147767507 [ 294.374121][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 295.424104][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 295.919434][T11559] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.921580][T11559] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.924853][T11559] bridge0: entered allmulticast mode [ 295.930079][T11559] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.931991][T11559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.934023][T11559] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.936048][T11559] bridge0: port 1(bridge_slave_0) entered forwarding state [ 295.941346][T11559] bridge0: entered promiscuous mode [ 295.978381][T11564] wg2: entered promiscuous mode [ 295.979755][T11564] wg2: entered allmulticast mode [ 296.195778][T11594] pim6reg1: entered promiscuous mode [ 296.197336][T11594] pim6reg1: entered allmulticast mode [ 296.262445][T11601] pim6reg1: entered promiscuous mode [ 296.264482][T11601] pim6reg1: entered allmulticast mode [ 296.302966][T11613] syz.3.1670[11613] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 296.303013][T11613] syz.3.1670[11613] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 296.308432][T11613] syz.3.1670[11613] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 296.455306][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 296.616619][T11653] pim6reg1: entered promiscuous mode [ 296.618147][T11653] pim6reg1: entered allmulticast mode [ 297.504262][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 298.080001][T11727] [ 298.080886][T11727] ============================= [ 298.082109][T11727] WARNING: suspicious RCU usage [ 298.083363][T11727] 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 Not tainted [ 298.086137][T11727] ----------------------------- [ 298.088158][T11727] kernel/events/callchain.c:162 suspicious rcu_dereference_check() usage! [ 298.090338][T11727] [ 298.090338][T11727] other info that might help us debug this: [ 298.090338][T11727] [ 298.093132][T11727] [ 298.093132][T11727] rcu_scheduler_active = 2, debug_locks = 1 [ 298.095444][T11727] 1 lock held by syz.3.1719/11727: [ 298.096816][T11727] #0: ffffffff8ddba5c0 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x345/0x770 [ 298.099581][T11727] [ 298.099581][T11727] stack backtrace: [ 298.101148][T11727] CPU: 3 UID: 0 PID: 11727 Comm: syz.3.1719 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 298.103962][T11727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 298.106680][T11727] Call Trace: [ 298.107546][T11727] [ 298.108310][T11727] dump_stack_lvl+0x16c/0x1f0 [ 298.109522][T11727] lockdep_rcu_suspicious+0x210/0x3c0 [ 298.110887][T11727] get_callchain_entry+0x26d/0x3e0 [ 298.112225][T11727] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 298.113685][T11727] get_perf_callchain+0xdb/0x760 [ 298.114940][T11727] ? __pfx_get_perf_callchain+0x10/0x10 [ 298.116418][T11727] __bpf_get_stack+0x4f1/0xa30 [ 298.117688][T11727] ? __pfx___bpf_get_stack+0x10/0x10 [ 298.119091][T11727] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 298.120547][T11727] bpf_get_stack+0x32/0x40 [ 298.121693][T11727] bpf_get_stack_raw_tp+0x124/0x160 [ 298.123005][T11727] bpf_prog_b8a90dd1efcc4ad9+0x46/0x4a [ 298.124419][T11727] bpf_prog_test_run_syscall+0x5b7/0x770 [ 298.125910][T11727] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 298.127494][T11727] ? fput+0x67/0x440 [ 298.128517][T11727] ? __bpf_prog_get+0xa0/0x290 [ 298.129746][T11727] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 298.131376][T11727] __sys_bpf+0x1921/0x57a0 [ 298.132443][T11727] ? __pfx___sys_bpf+0x10/0x10 [ 298.133632][T11727] ? __schedule+0xe60/0x5ad0 [ 298.134797][T11727] ? do_futex+0x123/0x350 [ 298.135878][T11727] ? __pfx_do_futex+0x10/0x10 [ 298.137032][T11727] ? xfd_validate_state+0x5d/0x180 [ 298.138293][T11727] ? rcu_is_watching+0x12/0xc0 [ 298.139496][T11727] __ia32_sys_bpf+0x76/0xe0 [ 298.140668][T11727] __do_fast_syscall_32+0x73/0x120 [ 298.141966][T11727] do_fast_syscall_32+0x32/0x80 [ 298.143179][T11727] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 298.144705][T11727] RIP: 0023:0xf7fd6579 [ 298.145710][T11727] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 298.150334][T11727] RSP: 002b:00000000f515655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 298.152371][T11727] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200004c0 [ 298.154524][T11727] RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000000 [ 298.156436][T11727] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 298.158346][T11727] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 298.160272][T11727] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 298.162176][T11727] [ 298.534144][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 299.574122][ C0] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 300.614136][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 301.654184][ C0] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 302.704179][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 303.744138][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 304.784109][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 305.814079][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 306.854128][ C3] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 307.894223][ C2] IPVS: lc: UDP 224.0.0.2:0 - no destination available VM DIAGNOSIS: 06:47:36 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000005 RBX=1ffff92000c40eea RCX=ffffc90006207790 RDX=0000000000000002 RSI=ffff88804e17a7b8 RDI=ffff888021408000 RBP=0000000000000007 RSP=ffffc90006207720 R8 =0000000000000000 R9 =fffffbfff2039f0a R10=ffffffff901cf857 R11=0000000000000002 R12=ffff88804e17a7b8 R13=ffff88804e17a7b8 R14=ffffc90006207790 R15=0000000000000001 RIP=ffffffff8169fd17 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7252290 CR3=000000006948a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc0652eb3492d134 17813b382bec1074 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e0cd6dc08f5524ce b41d1f83e4096190 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 907d83e939c429f0 4e6c8bd571eee18f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 af41e2f91471b9ac c5e7a0525e3aa55b ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000005200 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00b595fd00b596a8 31b800007b460000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00b5962e00b596ee 0000000200b59832 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000aa31520000 4a290000eb9a0000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5ef4000035b10000 00b5980117140000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 95397d476ba4f2ed d23bb6a92bebe396 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 dd2124ed6f9eb77c 13aba01294dd3774 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffffff8c8a90c0 RBX=000000000000000a RCX=1ffff11009cc2b60 RDX=1ffffffff203adde RSI=ffffffff88e48212 RDI=ffff88804e615a04 RBP=000000000000000a RSP=ffffc90002a0fce0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000080000000 R11=0000000000000000 R12=0000000000000001 R13=0000000000000000 R14=ffff88804e615a00 R15=ffffffff901d6ef0 RIP=ffffffff88e4827d RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73ee230 CR3=000000004bc86000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000035 RBX=0000000000000000 RCX=ffffffff816b6e5d RDX=ffff888022fd0000 RSI=ffffffff813326fc RDI=0000000000000000 RBP=000000000000000a RSP=ffffc90000548d00 R8 =0000000000000001 R9 =fffff520000a9190 R10=0000000000000003 R11=0000000000000002 R12=0000000000000046 R13=0000000000000000 R14=000000000000000a R15=ffff888044ac7000 RIP=ffffffff81332702 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005563b0596000 CR3=0000000076edc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=489e425ab528f78a bfea1a76d6fe45e1 489e425ab528f78a bfea1a76d6fe45e1 489e425ab528f78a bfea1a76d6fe45e1 489e425ab528f78a bfea1a76d6fe45e1 ZMM18=4e60ae8a9b0db786 c34473c81216ef2f 4e60ae8a9b0db786 c34473c81216ef2f 4e60ae8a9b0db786 c34473c81216ef2f 4e60ae8a9b0db786 c34473c81216ef2f ZMM19=0115000000000000 0000000000000011 0115000000000000 0000000000000010 0115000000000000 000000000000000f 0115000000000000 000000000000000e ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=bfea1a76bfea1a76 bfea1a76bfea1a76 bfea1a76bfea1a76 bfea1a76bfea1a76 bfea1a76bfea1a76 bfea1a76bfea1a76 bfea1a76bfea1a76 bfea1a76bfea1a76 ZMM22=b528f78ab528f78a b528f78ab528f78a b528f78ab528f78a b528f78ab528f78a b528f78ab528f78a b528f78ab528f78a b528f78ab528f78a b528f78ab528f78a ZMM23=489e425a489e425a 489e425a489e425a 489e425a489e425a 489e425a489e425a 489e425a489e425a 489e425a489e425a 489e425a489e425a 489e425a489e425a ZMM24=1216ef2f1216ef2f 1216ef2f1216ef2f 1216ef2f1216ef2f 1216ef2f1216ef2f 1216ef2f1216ef2f 1216ef2f1216ef2f 1216ef2f1216ef2f 1216ef2f1216ef2f ZMM25=c34473c8c34473c8 c34473c8c34473c8 c34473c8c34473c8 c34473c8c34473c8 c34473c8c34473c8 c34473c8c34473c8 c34473c8c34473c8 c34473c8c34473c8 ZMM26=9b0db7869b0db786 9b0db7869b0db786 9b0db7869b0db786 9b0db7869b0db786 9b0db7869b0db786 9b0db7869b0db786 9b0db7869b0db786 9b0db7869b0db786 ZMM27=4e60ae8a4e60ae8a 4e60ae8a4e60ae8a 4e60ae8a4e60ae8a 4e60ae8a4e60ae8a 4e60ae8a4e60ae8a 4e60ae8a4e60ae8a 4e60ae8a4e60ae8a 4e60ae8a4e60ae8a ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0115000001150000 0115000001150000 0115000001150000 0115000001150000 0115000001150000 0115000001150000 0115000001150000 0115000001150000 info registers vcpu 3 CPU#3 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84ff5c65 RDI=ffffffff9a65e2a0 RBP=ffffffff9a65e260 RSP=ffffc90006447478 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005 R12=0000000000000000 R13=0000000000000031 R14=ffffffff84ff5c00 R15=0000000000000000 RIP=ffffffff84ff5c8f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c306e81 CR3=0000000053504000 CR4=00352ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000