last executing test programs: 5.153801083s ago: executing program 3 (id=3100): r0 = syz_clone(0xa00200, 0x0, 0xfffffffffffffef2, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) syz_open_procfs(r0, &(0x7f0000000180)='attr/fscreate\x00') 5.032969389s ago: executing program 3 (id=3102): r0 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0185648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f903, 0x0, '\x00', @p_u16=0x0}}) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast]}, 0x48) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r2, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r2, &(0x7f0000002580)={0x1e0, 0x0, r3, [{0x1400000000000007, 0x1000000, 0x1b7, 0x0, '\x7f\xb4\xe4\xa3\xe8$I\x88\x8c\n}\xac\xa9\x0e\x92\x04\xbc\xd4\xba\xdb\xc6\xf9K\x0eS\x00\xbdu\xb9;\xcd\xeb\x1aL\xec?\x7f\\N\xe1E\x89\xc9f\xd1\x8ax\xf3\x81\x04KJ\v\xe9\x19H+\xdf\xe3\xdb\xa42Lh\xb8\xe4nL\xfe1\xd5`\x86Cc\xdd\xf2n\x0e\xa7\xf5\x86\x03\xee\xec8\xad\x06\xa8\xd70\xba\xa9\xae(\xc0\x063\xd5\xb6i\xeb\xae\xe2>f\xa1\xc7\xe8_\xd9\xae,\x8d\xb0\x01\xf0<\xd6_e\xa4F\x10\xc0\xc6\x10=\x17\x16\x1a\xd9\x8b\xafq\x1e_\xee \xbb\x92\x9f\x89\n\x1b\xaf\xa2DDi\xe4\x9begcv\xa1\xe4E\x8fs\x8e\xc6[.\x98\x0f;\xc3H5\xfb\x0e\xe8\xb2<>\r\xeb\x9b\f\xf6\x15\xf2\xc0&L\xec;\xca\xc0\xa3\xb6\x84\xc7h\x9c\x9d\xfdUY-o3\xce\x00\x003\x90\xdc\x9f\x95,\xb2\xa5\r\xcc\x98\xf5\x00\x00\x00\x00\x00\x00\x00\x00J\xf4\xa9\xd02S\fZ\xfb\xfc !e\x0e/\xeb\xc5\xfa\xe3\xf5\x9e\x91\xadJ\xbd+-n\xb4\xb8a4\xbc\xdf\x1d\xd8\xc1D\xff|G$\xf6\r\xf3\xad5O~\xa9q\t\xb4\x83\n\x06f\xf0\xb3\xa6\x04\xa7\xec\xfdz\xf3\xdaX\xc1SA\xe4x\xa1\xd9j\xaa\xbdT\xbe\xc7\x94\xa8\xe5w\x97\x11\b\f\xfc\xe6\x9ax\x11\x03R\x81\xc9\x90\x1fQ\xf7\xae(h\xd2\x8fj\tp\xf8VdY0\xa8\xc6|M?2J\x03\xff\xfaI\x9av\xf6^\x01R\xce@\xb4\xe5\b\x00!To\xdb}\xdd\x9d&|L+U\xb2\x10\xaeo\xe6\xf5\xcf\xb2\xb1\x10\x84\xd0\"\x96\xa8FstV\xb5:\xd7\x8cE\x95\x0e\fgJ\xba\xee\x17\x8b\xc2\xc1<@c\xc1\a\x17\b\x94\xb2\x06\xfb\x8e4\x0f\xcaT\xe1M\x98\x06M|\xa9\xb7\x9a\x82\xf4'}]}, 0x1e0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r5 = accept4(r1, 0x0, 0x0, 0x80800) sendto$inet6(r5, &(0x7f0000000080)="428e830c7a2bcef7a6d5cda9ebc3be79", 0x10, 0x80, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYRES32=r7, @ANYRES16=r7, @ANYRES64, @ANYRES32=r8, @ANYBLOB="0c0099e0fe07000070200000140006007379246b616c6c6572300000b0040000000008f1040006"], 0x44}, 0x1, 0x0, 0x0, 0x4095}, 0x24044884) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000140)={'syzkaller0\x00', @link_local}) r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r11 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r11, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) ioctl$RTC_AIE_ON(r11, 0x7001) write$rfkill(r10, &(0x7f0000000080)={0xff, 0x1, 0x3, 0x1, 0x4}, 0x8) recvmmsg(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x10000, 0x0) sendmsg$nl_route_sched_retired(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000900)=@newtclass={0x24, 0x28, 0x110, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x6, 0x9}, {0xffe0, 0xa}, {0x3, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x2c8f3e733966a024) 4.76917353s ago: executing program 3 (id=3103): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0xfffffffc) openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1d, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_INFO(r4, 0x0, 0x60, 0x0, &(0x7f0000000780)) r5 = memfd_create(&(0x7f0000000300)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xae\xd1md\xc8\x85\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;2\xb5\xe1jS\xeb\xbf%||\xa0\x8e\x01\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x4) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) mq_open(&(0x7f00000001c0)='/dev/snd/midXC#D#\x00]\xb0\xc0T#\x8fi\x96*\xcen\x8a\xa5M\xe75\xa1\xc4\x05:7\xcaD\v\xbc6.C\n\xb6\xfe-\xcb?\x00\x00\x00\x00\x00\x00\x00\x00', 0x1, 0x52, &(0x7f0000000180)={0x2079f, 0x10, 0x7, 0x3}) creat(&(0x7f0000000280)='./file0\x00', 0xac) accept4(r0, 0x0, 0x0, 0x800) pipe2$9p(&(0x7f00000000c0), 0x880) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121) dup(r6) 3.642162012s ago: executing program 3 (id=3110): r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDSIGACCEPT(r2, 0x400455c8, 0x9) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd) ioctl$TCSETS(r0, 0x5402, 0x0) ioctl$mixer_OSS_ALSAEMULVER(r2, 0x80044df9, 0x0) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) ioctl$COMEDI_LOCK(r3, 0x6405) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x20, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x16}, 0x94) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='\a\x00'/12, @ANYRES32, @ANYBLOB="5d11e2ff7c75d3e9e8fa624e57ff1372d02424939091be220c92e3c2dd1f42cb15fce0295668a12fca57b339594cdf639ead5560495c7445d7ab2b346c812a4e487429b509a5ed690245821690736415c96a8125411c800a99a7c7fb00"/103, @ANYRES64=0x0], 0x10) r6 = syz_open_dev$usbfs(&(0x7f0000002000), 0xd, 0x20041) r7 = openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x0) r8 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x7fff, 0x40080) ioctl$VIDIOC_ENUM_FREQ_BANDS(r8, 0xc0405665, &(0x7f0000000200)={0x3, 0x2, 0xa, 0x20, 0x8001, 0x6, 0x6}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r7, 0xc0505350, &(0x7f0000000140)={{0x0, 0x1}, {0xf}}) ioctl$BTRFS_IOC_DEFRAG_RANGE(r6, 0x40309410, &(0x7f0000000180)={0x8, 0x9, 0x2, 0x5, 0x2, [0xffffd0fe, 0x3ff, 0x1000, 0x10000]}) r9 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r9, 0x11b, 0x7, &(0x7f00000003c0), &(0x7f0000000400)=0x2f) ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, 0x0) ioctl$USBDEVFS_REAPURB(r6, 0x4008550c, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x0, 0x1}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10) r10 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r10, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r10, &(0x7f0000000140)={0x0, 0x20d302, 0x0}, 0x0) 3.276925575s ago: executing program 2 (id=3111): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000180)) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r5 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r5, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @ipv4=@empty}]}, 0x1c}}, 0x20000000) 3.043050701s ago: executing program 0 (id=3113): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, &(0x7f0000000000)=0x9, 0x4) (fail_nth: 4) 2.956880861s ago: executing program 0 (id=3114): sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x138, 0x0, 0x8, 0x70bd26, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x138}, 0x1, 0x0, 0x0, 0x40}, 0x40052) syz_open_dev$tty20(0xc, 0x4, 0x1) 2.862868254s ago: executing program 0 (id=3117): mbind(&(0x7f0000a07000/0x1000)=nil, 0x1000, 0x4, 0x0, 0x3ff, 0x0) getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1}], 0x1, 0x0) 2.812657668s ago: executing program 1 (id=3119): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000580)={0x0, 0x0, 0x0, 'queue0\x00'}) 2.812011431s ago: executing program 1 (id=3120): setresuid(0xee00, 0xee01, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x2c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) openat$drirender128(0xffffff9c, &(0x7f0000000000), 0x10002, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000040)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, [], [], [0x0, 0x0, 0x0, 0xd]}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48) close(0x3) read$qrtrtun(0xffffffffffffffff, &(0x7f00000007c0)=""/227, 0xe3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200"], 0x48) mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x2000, 0x1) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r6, 0x400, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r7, 0x20, &(0x7f0000000040)={&(0x7f00000005c0)=""/193, 0xc1, 0x0, &(0x7f00000006c0)=""/150, 0x96}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xa, 0x0, 0x0, 0x0, 0x4, 0x90, &(0x7f00000002c0)=""/144, 0x41100, 0x10, '\x00', 0x0, @fallback=0x15, r7, 0x8, &(0x7f0000000440)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000480)={0x4, 0x10000004, 0x101}, 0x10, r8, r7, 0x0, &(0x7f00000004c0), 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8}, 0x94) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r8, 0x4) rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file1\x00') r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r9}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r10}, 0x10) r11 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r11, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r12, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r11, 0xc06864ce, &(0x7f0000000440)={r13}) close_range(r1, 0xffffffffffffffff, 0x0) 2.692851255s ago: executing program 1 (id=3121): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)="580000001500192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='btrfs\x00', 0x208000, 0x0) 2.523170749s ago: executing program 1 (id=3122): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x1001, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x30}}, 0xe) syz_clone(0x60000400, 0x0, 0x0, 0x0, 0x0, 0x0) fanotify_init(0x2, 0x41002) r1 = getpgid(0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r4 = syz_pidfd_open(r1, 0x0) pidfd_send_signal(r4, 0x8000025, 0x0, 0x4) 2.332428545s ago: executing program 1 (id=3123): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@private1, @in6=@ipv4={""/10, ""/2, @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={""/10, ""/2, @dev}}, 0x0, @in6=@loopback}}, &(0x7f0000000240)=0xe4) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') read$FUSE(r5, &(0x7f0000004180)={0x2020}, 0x2020) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x24, 0x2b, 0xb, 0x0, 0x0, {0x6}, [@typed={0x4, 0x3}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @uid=r4}]}]}, 0x24}}, 0x8405) mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x800008, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [{@fowner_eq={'fowner', 0x3d, r4}}]}}) r6 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x8916, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x4c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x22, 0x33, @data_frame={@msdu=@type11={{}, {}, @device_b, @device_a, @broadcast, {}, @device_b}, @a_msdu}}]}, 0x4c}}, 0x0) 2.243195352s ago: executing program 1 (id=3124): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x14, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}}], {0x14}}, 0x68}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r1, 0x45527000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000440)='+\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) r6 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) read$FUSE(r6, &(0x7f000000c400)={0x2020}, 0xfffffffffffffce1) syz_usb_connect(0x3, 0x1c, 0x0, 0x0) r7 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='7>', @ANYRES16=r8, @ANYBLOB="030300000000fddbdf253d000000"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x0) 1.65776451s ago: executing program 2 (id=3125): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="190000000400000004000000ffff010000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) 1.582945635s ago: executing program 2 (id=3126): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a18010000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000002cd40009800800014000000006c80002800c00018008000140000000032400018008000140000000070800014000000008080001400000000908000140000000080c000180080001400000000a240001800800014000000006"], 0x140}}, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$kcm(0xa, 0x922000000003, 0x11) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000480)=ANY=[@ANYRESDEC=r2, @ANYRES16=r0, @ANYRES16=0x0, @ANYRES32=0x0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x133ed6f9bcb9a15e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='inet_sk_error_report\x00', r5}, 0x18) r6 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, 0x0, &(0x7f00000005c0)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000840)={0x0, @in={{0x2, 0x4e22, @local}}, 0x2, 0x2, 0x2614, 0x1, 0xd, 0x7, 0x4}, 0x9c) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) 1.582681383s ago: executing program 0 (id=3127): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) getresgid(&(0x7f0000000040), &(0x7f0000000180)=0x0, &(0x7f0000000240)) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r1]) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file1/../file0/file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f000000abc0)="1195ac9218230be8698e3c32212a907ef4ebdb358a3845acde78d80602e932aff327ea7fa73f792c40cebdba37cecd38ed8a684e8e7e17c283a4a8133578350204e227bc8b66e6e3e496a9058407be3b1c02fe6a537132a7dbb038450582558bc290991aa904db098add7df0dfbb1872456b02af0baa9d727d628215805b913a4a76742f8086dc1d4aeafee73a85593ad0b5894773faa16ba06cf2f5a42ff342dd413b65c59ee263d078e5224bfa88f40e834878bb4ddc596a258558f4faef188fcb81f6de204fa4c275aec29c3d198c8918c230e80cbbffb8b4847d949783042e0aa097ac44b197332210e6f983f88f077b8e9e98ab605534a19e2c7099bad58f5d45cc9e9132320a2c53696f9011a9e6410046f32556f58cacbd56b22e38206ae6f3b09eefd692c89d1434ec54964aaba6c6704863aba623d0a6f99ee44b353a29b1e0b3311509200ee9052c8a98127b2f60b73d8390a5ea306879122e314431dbebce943b924e2b02c6b7cae0ccf680fca614bd21e3d04fbda26ec22518ce189371a0757b334332f21f028571779919a1562a0c9fbcb2161060a4491761a5d1c75725665db8078cfbe681a5a486fdad7f53a300e8fe749c54be9807e2a1bea17a8b4e75f0f6e66d0b73b2db67b985c9fb0464343b4d8a4f7e3f7cf99ae2ccb5140791863f765b6334c08bb123ac632c0326db66baa39006083c9afe2573da0191b6866c089223271e3914cdf6806795e2ab2fc9f78cd6527088cce01447266c0773120b71d72a03a110d142277c4324330dee504d11fe46bf3b13ee94e8d3266dd27207ebae0da9559f7198165aa5d962272465dde32e68017341bc7a8baaa727c279db496bfa3427628aa4a2ac26300c117607d9e771c70408c9a1fc8fc01d6a7c4e53374e249f0d77d93d8f5e065981e2001e8d3eb6e7db05547abb747b7c405de291f383a048bf15e5ab07527ea8cf32aa96980494b8c540ec04fa2f498d469afda8dcf289521a459e532054e62aa42a97f912627449ef20f30e6ca203fc3d2a84eb115898744e65790253d5b2813e5c7b8b27ab17c7562964baa46589a46868eb79491d7309eb2a87958619825d4a0971d34962fc48ad762e0fbc0e0f3217d88950199c4e4c00322509f9a1d03f2f375b1ec77190df881ea468c62baa4ec4caba3302e5442157a63596e723f04fb40b6b1e6740e2af48820f0b53ebe9031f2ec6b59810ee5abb6ae2d1ce2372eba86db69e313ff7a6f17d15b8ddc2170c24bdb065dd6baf0edc38f41e37473a66e4dbc4b1ffde72f5450716bd88c5992f0a61953234965ec5d1e031df13cdefabdcf89b6521996dd1b1392813dd4c845a939dc6e629e72f967e7d0bcdd0f1af46335a581f8bad4146f48907c36cee6d7a9c449f122c56956768f2a5658506bba553683724a7c36fa9d5f3ae9064f9a67ad964c2d8442f3812aed7ce0941a11309f80c69d478beb9c8c88332693645bbfce9987e61ca2fd008bb5f5296c842d80b367c0dc49da3ebcc8b7c2cbfebc656e546c0bd9b9422d4c49f13cfc8152958ae75a03174d693eb4d5df1a45a0ac12481053b7874b08b6701e85c4f058cba81cbae4ff8bd426f625ee2884bf719f490795fba7927765c4299b6c2c03c3521e74a19130dfe76dbb26f4aef2689060a6ea83956e2af600c87c894b79f2d172d9ffb572ec7731662ff5f38129dac6bbe75176e56d3e4d01bcd94343bdecac0047d916b09a5a0cd9bae339f481e085c900f1ac282ae8f6eb04c4fbecdc697227247ee5c9d632c50e33d716cbd6d60d90182fc0235f92aa7480b2ebfba9fb6e3e2a175ad83fb5bddd8e7fd539bdcc9388a2e59a4f6b445c60210d30d66d652be1d705f26809291c43f78c028af6dbe38cb3f1635bb671e1d36183a32047f80959e489441c24ce546abea2aee04cd742e9fcec01760197b914a9cd677e5862b748c1e6f8b760fc1d6add31578176b0c149ced98a4379f115990bb629107914498e933bfb1bad94098063bcab75b2b8667df6fab15d3460fe3bbfd09157f860eacf75a23b4a4744af043bccf4aa3c3f3180130bf2a1de45f8304bdbaca1be46bcfddaa1e8524f40523c8c2bf1249f4bb8cd811a24e1b6f820c7daa8b6b9367554f97f7f3f68634ad6de0a59256d58b4e5cbba2524ff2cf97c3afa90e529e9d802ec9ad5ff49e9a1ac4151abc68e7ce7c03673c3513736925420c6f667a5e68adbbe8d062b4fc163ff20748055c152a42412b980ca3c692bfe759a6e0b2ce14f2c5f470927e6ce00ee18ddfee2de194e3793b1921f9039a90147ebe9902bd0d0e1541a9c7cc803492394a13645aa94ebd712f8908070ad8daf1a6b58e74caad344eeda72315b2fc3db4455d46dfbec77d0aeece7a7f6f566e636dcbdbdd872341b0bf8ee54b46471da2ce085afabada91cfd1785f5e2d1824d55844a42c99a94fae9acdde0e22da26cee563a0421512fd60605709d8fe4b6a6166617982d28529dc73232ab55b19e65ebeecf47a921d6e60be3f3049d93694baf5a93a4af602a37cfcb6f9801765e5fac20fe221ef4a083fa4e01bb6c7836b3691aa4ef846b18e8181f8a73fb81437c0f1400eae9866c43eca0393e5628b85f03e5706d223ac4cb58919f4a906f3e3a225cb139e1f2feef448f173c778978757edbb9fa8cc9777c51bb1c6a5f45e7769fb7c1134df864599449a4dbe80c6fa944a1e21ca31fc0cdae18eaf88999c9c196967dd3de189e6ff8d04dcdf7cd11a73cd80904b5e3f5d1c5383103ccb549d194d97b9dfabfc51e07e80a64565c1d8683ea5803f81e54e1dee4004d56eefeed1a96dbcbc98a5bdeb9b327216ae3334b78a48f5a8d45aabe7931f08c4b13fe4719d3119d4ad59ed094c1f38fefc6afca15bc8027401a0ca65bae1f3d4be2327d776c4f3dd0de91aa4acbbe1166577e9eab77ddafd055b1ae6e9c2653faacda733f850bc97ed023e66922346c3ae3b20b46a7caca216eeb65c35bef91a1910f96696d1addb5e71090757db69e7799eb6924c331db23ba05db7a1a8e51262925c9d71aa238676499bdf0150c43a0e19a184d861f66f9d8c422e6aa64f49d4c0b802dd4f7b36f4743d3872ee32761b5984f6c04a19ac52d44edb701f8349bf8bb3a753bbae71e042b89936747d13d75c681bd8e79a76edba119389464c267af8fb237ca3ff2a8e3e577da6f6480ead48e0958638e28769ccf4aa93be482513ebe87a15d127b46f526599b60e9f771a1fa2513c790ea1f8ee09ac98316b7f461a0dcbaab6c3bc4f92709cde1a4021ece3f9801c1bf08d875d97b4728bc903f18b45cf4d57c0ef1003bc7a3df29a648b152f0d9571d38f1c16dfb289bcd8a1dc9499dfa15ff73ebf844f749b6508d250adcaee0fd01ba3de01ed05be515c814c5e9879a12e540dfc44df0298bc5ead95cec9ed47c0a26a3805ca1cd7a98f7d4e46da93c4e7108ed562ca0c31fd8bb1d55ab0f759e4229fe34129c65267973869fefca9c1d3e839db40c897cce4e7fbe147e2a063f3647a085807d34afc1971724ec56497e91b79fd3353562dd604cced748c45429d6e30269b19380c567fe2aa4a6149fc6476c31050cc82af709ec4f62e5fb6faa51c86f3cd6fb81dc64a6bccb739f0e9f559ba9d4acf882c3e77d1401f824c702af544a29eb05edde2f0ae10dbb4a2edd9d78933444932e7e4a278372643d01743ff954abbeb4f9946b74ca37086cd3faf4680e809202cd2c2bbd50cd936f4a8a3d4f9df8ae90a568f3ac6f6788541b202ae298df9a69ac09f68c1f8364850f67b2b5a69172ac8c4fdfc097a3d02c13e04578f6c766c5d3f1e6c3db86ffb4510718a267d8bbe00ca2b17a5c1cfc046c906c08010ed4981a1bc4e10d71f9148dcdf8524d939f86a3fb1f64a8e3de5544a8779dac4a43709240f36288b14d39ec68e59b9063f61bdfd7d20d98da5766a95bed463a564d38c263ecc9a3b2e4022941611c8975f2b3ca232ba5e4fa9d6b371a816fcc9ab66a52c9ada22c735d312d7846c4674afdd58ce7965f1c93c43feef6f558483f91c575525f09ef7f0713bdacf60415527efdcf12f09b6641fa058a13ff76fe7af55a15e39bed26c45c2c3464d503f6ff2b6b95e3d4101ef1aa4e0aa6b60248c4f26c72497b026a9f0f8a25ca38f358624ae18258aa3594d3d0596a8b66b3c5e259168bb5f61881eaa4b9733119474a64b28f61a18c049d2514f9ca508af4aaacc005965d3fe68538cbdcf17e4aa9e82fef208d2fd3d9b6f7099337631ec8268b83b90279e5f8c18572b2c15edf1b1e08fc00fb2b38c856e66a79885d61d2f1bd04c93bb892ef5343d9dd04eb75db7a4cf2a25f3be77369937d802f57c4fed0860f6f721892d9ba5324a3aa6d5231f54d07fb0a1450c4c708c996bfcf3fd6a79c8050b2fd34652655681869c5ea07c1f9c3228add4089be8593a6ea05193719221a99e4c90f400e5c3d59bfdbdc6ea3c56687267a9a48a8aa636acb99f07ed893f7ae3f7d50f82217166140ba0b003c23cae03aa1445c0025e92e67b342dc37acf5795fdc802da80900e1cd9a84cb6f749752bae73ac05f9a5778a4679927d7ec777fbb8d5edcd230846f74079018fd494d657e9a099f4e0d8cd70d1c60d37972998b3a83abf35d1b8c090afa28c56999381008d23a7dac91a196a316c7d5e284cec002d1ff145f569abb70910fd9abbd9d017bed22ef0c5f48466d70e386ea4ee50cce142cf4e562b80b4e17ba1282701ca36a917d4bbd98a8795c120b0e7c38cdaa4bfd86d9860442a60f955ac03a9db8503884fadd3f8dcc0174570c145e0f22859667a6f44ca297bce84b2192bd0bd5e4cd006ee43a9bb77474414ba8f96a3fc940d41cb6bc05eb90d3025e57c9c6697485d5dc6d9be64705684602433fcde9303289bb23db0739a6db6dc7682ea6aab49c5077f66fa21e8af5cd01833654cead3646d48184bbb68bdd897b8026f3580d538fad7dce7c7e9f163a09e8edffa5cfbee9ac743e4d97a2a1461fc945c4541be3e4b940c73d64e69471adeeb7b2bfb3c5fefacc68414b24c7cc5e124aa51430618ed69c496440651bfb95aa766bb3336eabc3a817c82c39c4b81acbb6d97f623ca1fdd3fbeef5ef7e6cefd09e16391f1d409a3ed1305b79c82b3d29077849b8d584c5edcfe08dcb0361684c7d4f56e408cb745e11196ad0fcea32866140a181c17ddb0097ba22b714bd49f228bc6b57fd6fea29475f3f61e1d68330e6015539eda198e3cf85ac9b5012e8f5f44a272c61ca3af2c3040ea0cb425dc43d02e0641d831369b96eae13bbe494d08a49409f7d9ba07642ad0bce66d22ba548acebf527c09f8d0bf8167215ce0844241e91978ab487cf84e4ddcf49213a360ca8dfd060f345ac9a177bff55e41247663b4db3f874026149c81f3281193d0d634f056aab00bf4a56bfb9ff9c50e4260ec224cfbdb06ba8ccddd3c46cbc1482e3c3d121dd783b11b5a4af3956259b943e4054b9e5d8954aef77f7f0d997324969c63631e157be36d082c6fe9090012fadd6384c8ac4a915346aac0e6c033b13fa1a50d2d13baa70ad596fd841d0711cc5465d7fa5ee72b0734fc570dececfdc62356fd5f97aaba7c1ffc89b73ecd4ff69a3aba137648b1ef8022bac30aad32393acaa5fa16c976a809f1572f7c766bbd36f9886dbc477501c412b966edd8751dc603e0dafec7fdb020a21701fa27b250f88662cc934775b82e788f9847425c21a9d93276d572213a5dbea46155b747a03e5e9126a1c2710b3d3be575d1d4c40fe10efda14606a7203585314ff929c636221fc4bb17f5243f61d4b877917e11b2956cf785f5b3e2a154b6cf9fe7694f2829983801b79ec796f4d47407f75eed168826c489e9f295c78546e8c628785e9fc2989fc30ec2416782bb78ebaeea24bc4b20699db6150e28984cfb809f1adb18fbd5dcf7ea4d3c248d99324806c9c27e644a88a1193c26eaf692f33edbe9f6de2ab448d1683b98cd82d6990b6b105ec77a36c81260d525b0f75dd3f1da8f75072fa90b31b15caa883eb60026d2a4dc80c84e169f4a6d50f1a3f083043a8cfa01e47b83b7d8a15c73a416c035692e3612664b253de522846d12f82d90c7d7a1a1c41ba04e19859f527b47ca588632fb18cf45a06a58d85e08f61f77a4bf1fdd68a4ea06d75b4d6ad2f0f26b9e72b37e5104e17240c40fc5e4c1c9f6145715c0529baee5a3cd72ab30ef31ab61b38bc91ab6279e48351268680eb3cad3481cd550cb64654bc90f073149786ef959f94f9390184250ce0268ad6221b43efaf14a11de971c45a370a2db06d592c742e84917550ef2b37b9b68966e802f95a2c00da784afe8e62a6deb1d6976a08db1008093418dd35e4d4ba8a0f9f2bfa20c7d0b3c2afffe755cf1296b5ab84393248bce17ac3cd71eec5966801e3b3b1d2de47131e59f487587767485edfbfe6ff037531e57e1db1b61921d7b702dceff03b925d14d205f9b8697110490ccbb383ef911dc6b6a16b617902da843d27747cef1ef311157b25cb1cdd9231aaf86647d343ca36c85c4059f59fe8a7508f466c6240476d867ae06883ac7f45c50613e56b337692cce24ba24efad08ef93920119fb2b0879474d3f0ba61da5a4f3299ca80d2cb65fc905ab5271303db67ac86723203071b354d45945f342c9821a9845bc0ba3df7ed61c12f88512f692d5757a30911072af8e0fa95142315c6be38726f390d696cd4938d2d9bf357064513cc90510a0422be150e1218fb22a5b71de6e8c313a565c939cb48a6b1ac1b75638e3ae00a4caec8834c16c297df319508441e7f063d67c6e4062b1ad606b18e039da59e7167dd3a0b34356f95f9f52093939106180a0071533bf71ab47086263bd96c7b4004085779bc813c2186b5f44f84aecab71b78027f7fcca02be7d149db4c0f17835201ef03c9ca6fbcca3a1353d5d94fc366bc2fda593280ca7daec8ae12815f854fc84cc1c3e40b4412850baec19331413fb4d19b2a51769af14c51b98e9bb8575d0a066a060f9bc44202f22183a1ba2713453259599690bd70392782fef5b7c5e3f8e6379ea84a3b602273e372805f9acc7994dd745bbb9ab401035b6d042c9e0a1fa329502e2e0f17ee9d34b96c255a3305b6e311fe4893d144c10afd860d74218ee78d83f252d4620964a1d7bccf718fad9df3baf5dd5bfec7448e52601f598e78665546ad09ccbc9e1b96debdada7a570ba6ff018fff9a589111ab45b71b9daa9f068a8fb09a16a1c1a6f6e22296ccad7d5d968821794236a79a62262e5edc5756c99c7e733e88ab78120da5f844968d02fa0b9e2fc3763dd16f354117b9ce848c21992b2b391137a7a8c31f2226d4c0669a8334ce6d5d85fac701bb0b23452453ff766373f18dc9c44b80151ef728e256656b40baf747b9292489de5e20184a9c022c1ed330003454f4b686a393e68b0db21e8fd931aca596ba3f51243101250fe78de2ebd95f4f333ad25edd6f80406a00dee774121da8f8b23b6eb7f2c657852fc777122753bf2fe4566ce403b6c0ef0b8bd0c53823d9f60bc44d0ddd6ac788e8888df28f322ad0fb6fd9b6d88b6530be372d29050d2f1b1e8273fb7a1ca6395c882090422af5ca6f803877f172fa3e3bba15facb5bcef8fa89a5e3c661b835b11e02b19f6d5c872bdc4917913458c5972b4e2cd3aaa08cb2ec668c0ec2692eb53d61988f63c8460aa945a2975ad59abfe00ad67242739b653e8ad422675a37026396f6e7d9bdc9f311ee667ddbc64c4afb4166316ea167780c718d541846d29202113b869ae8ef66811edb958cda474195542b7a0becbe351ccc7ef78f6b572af15e431b59fc5f82d47265372c4f3fc18da44c9aee246bcc248de3533f20a60b61d8a4b8324dca11ec571028271a7d1bc83183e92be5385ed4b2e94343452468f50f747c3a4b172e34c947b9a40415602d44469dcf426087ccb2a3977a8698c5c1190e1a84f70366b544c89fab78146b7b6daace5676067a48e00fb90a6073167be04341ebf2181575559cfbc03a9871617cd7718ce1a46c52dd3faf79babd1a01fbeaf89d8b59fa9dc6400766cd102db6cd6132e8f5daf25061614042f9dc254f91a4ed14031992476021a0cfe5b7cd8a8410391d80572c19404c43d5328fe9c96e7feedde6b3741d04b524e11a41dd3131d5b2c36b5824a899d7aa1918fce06dc08d3cb2b29581553ff352b8f606db5fbfcca1a154c4613de096ab5c7f4eb6250096d964b270ebe242850c359686114b1bcfeb715c7154f04a772973c41ca9399b61841d7fdaeee47745cfce51f842f7cf412022d006567f58fb49dfb3eba342191ea6ed037d32e6a92123d7e58777ad352c2bc27da93ed46c378ff631a7dce38d94fd8d865b5ce62de4c67af96bfee74018671be2fedd63823306c3492320fe530b099b5cdd144608b6cb14aa79f5482b01f828b8aadb6e98415daea029984e470f8b28b2655b2ac753d33b8035963b4a5c00bb0cfda3372b2782590596d6d03c237e95a4ab347531d2819c9ac9ba37f642298f6a999fdaaa13778e10d07e3fc9c1387a0a76016a4b30317fb3d8ddeb4433d0b04d17d30c29615aacf0f8697255a6a55e6b47d64fa45d7171a8ca4af78b32047acb2b7c5c70969e530828882287a16ad460c3f372cce00404ba06b2fe64166d70dcb4f6bb636fd53a267be9a13beb9a1d8253dbc9e49028981f7479488eb40ccb58cfa1c0c9fd61437ef0e84f51ed5f788d8e9595e5955faa744c700d6677bfe3c5e52f0ecf70270b9e62610d5cbd53b2321033a7aa3bd70ad8a9506545f0da4cfce3aac6e9a03051ad703a0f564685ef2b1e5f203637edd5c30ba505f81666012e2cae3b3a815d33ae97b0767e8b48f3d42272f9d326e8bcf176f852a8aeb0603a11fe12b5e04c3c5ab4cab621eedfb5e86436661bb279459e3d874ba0fba92e55fcc763cb8b732b5cd9286e8f3147d3cadf5f342dc9313f64bd83ed828fc426b69761179ce732a3009194b8777a10eb2d3f4881129478b994e55abaf73965d62d846b8c4976f91d009b73738ca1c81f055e0936aeb527cb4002daa96ddd8cefe2e390bb5f90eca8e6d6997ade6819be3b44b2e346d533f7ca8f3c031f3c5ebbe9e17ee00d0e0823c61d850c6fea943fbdb4caa6539e3f7903e05a304e7cdf24b989908ba2f41b8bf67cec6a83ebdddeca2ec954e70c7816d8241d703b8109029869f3cb58c62e1e7c9fee329af5a3ec5d8a12db1f00fb579fad7ff18fe5a72bf1b185f52cdae932df12744b5eb24a0c3e4e5706c880f5f6b64ffdf6b71a17985fc4d2cea77860196f378ccf5b2b235b93b0278fb69fc7f460f21472cb90ec54d16d168a5caf2337d63b8ebf11012568d2ea0d92e91e83cd6cbbc88afba1097a84cd1af3948a2388891225237b30b4704d2fefb6bc7bf6adf6dd86b7a65c511637d96a3397096217c3a9743050133bf836b8333519d001947230cd25ade2e2e4e9b8a1227ae4283b2052b2c3a58a11bf7edc534bc11113c329791cea22dc5b71f3b4702d1529d965f4ed81951ce99a61779452751bca8d3a0070c47b1f8fb636ae6bef93514950f607c1746f5d9afa96902effd960b770a26aedad55aa5ad869d18c98e24b470c99b901badbaee298d93c2458303104e5c2dc3077b93c39ff46f0e81440a6f9d2a267f05f533c3c0943b6bfe50906944d2325143d84e5c12d528841ec611014d2768b116992fe1483c1764467eab1446b14adce8e366ec1615f7ad0fcc272355ade823771ea79db57f2dfba3335a50dd0c1c6105ec51f245e096c1492ba4230a752871e4c16e8ee301bf5960e97fdc948c7d54697f7c01439f18f97cfd01c4b74022607e9459fbdcd10243239b4b7f29dbc217a0caafc0b613e43e9689dc1bb2e135e9deca88bebfc61cffdea1ee33df41967cf96ef72a9d87c45084fb105077273109aeba2e3384ef27b604f356984401a8643c493acbc56e3780f0f0ce868db37c0f0f91d403e99951e9c33ec808ac1107a133109588e065162ccb0fa254c8fdc3fc89bfba51a17c975ba3cfc4d1f0faac685619bd5453ea2acaa8a3dcf34b2cac31447d77a89ad8adc9b1c0c620b6b72230a02f978a5407572fc3994c59b764b27221aece8b8ce9faed1d6c442672c102d7f2d28059173b6b6b188dbad05273ff852e0b9f14380f2ba94a34859092407449b9118a7d54201890c216a4720001f026306a9f8e57d0bdb9c29b9eea019e0bdef92e5e6a93852dd3e26cd3eda7a27cf479e88dab17bae6d339f2519b76824f1e5549304dd01333b393082274655b8c3dc00e602aea10f35793d6882069ce5a4debf9884c51d38aa1d83c91a92c0606d38076a1dbd7bd4c0cc5ad01dfb2b04b0dcdb1cfa9cb08c498ec9481559f0b5fdfca94ef3f2f07de6b541ccc5b287904d0344ba8b5b51c535644e8d459d15166c3af4bf36cfdccfd1ac83ebf540d61db77069f13152f27f17757d68536fa52473dee6b1db107f7c9aca2d6a98ab5e537b9fdc5625e7febe87c2127dbe140a94018dd26a640fd42a769bba8e6ffa284d5435d6c57a1f950933a6f6b45d2c7faf19ae2e8f2d2a96b946f1f6d2aeb335aeee909a746a5944f7dcd85f9cef487e9b182ed90cc03d9b170c1173cbdb0e9c40382e0cbdac38bbe8c3ffeee255c009f0423efc3d8135f9f7c949d12d4b700d2aff5bd3c0fa3c9f30a6054959b4f609c2ec8e235f5652d6416be3d13abcb84fe2db79e304757ffcbfbe286a1c8b4c0f8aa19d846608f6fd7f8a34acad860a73588593eb1cf7cc6f3586356747d43726982a38a527f3d94dcc25849ab71286b89c5a30cea07b8cb255dfe1b86b54d077960db18eaa30cae8101b4a61fef2147f1f38a5e83e40e262e2484bc552b728879d1c169a81713db17379c4bf5f9dcdbfd0196228a7afa3b181d401d98ac322c5ec619b0d504e28aa71a450b259c0c89fa2ba1ba7a7356da009b58085bb6e25fe5cd0097d822d39f9f3c9b39da1041c58ac1a4556de9d34f452c995ec21d1034e959218e8fe002d2b757c674848eb7ac84e8bd457a312c4378303ebb3184d4c90108e0604cca678487bcdd0be37facdd7c6b17e740a098fa4b38091b10f1536df1f297902bdb5f02d69f25e4e84d3f4700070f63189440a2a39b9bab6d4f3dbc23634867aeeca99dba4aec39ee94e701ccb77ead02aed1012f7eaa84eb44ad3e625d5619aec5ef76172213ab1d66680d42872e8ce8846e057329fe5937757e3ca7c1be1f3db31305f48978a178a043eb8d4a060d125dcc202e6d8c75205fdb2e42b0b0d215e768c73832d58ecceca993f7d5cca8c3ea340a8c1e722b806c865ed1380a1cd83b8b5e93ad4e2ea1d66cc7979fbac5fa26a2bf881b6db305bb60eb05a39edafbbed715e6aee84245b1cf950a2cb69dd631d95365e1c731ba5756b2ae1fdba6384cea97d7d74f9be62cb83fa7ea1287b6f26eb6f24532c6dad7f7869eff58b8a3448a5a6b0c4f45d8c1eb277174e3636aff670d8f169e040a445dce4b33f6c33b3be3e01", 0x2000, &(0x7f0000001480)={&(0x7f0000000480)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x441410}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd1, &(0x7f0000000000)=0x9, 0x4) 723.412534ms ago: executing program 2 (id=3128): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_LIST(r0, &(0x7f00000000c0)={0x0, 0xfffffffffffffe52, &(0x7f0000000080)={&(0x7f0000000340)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x20044040) 723.188116ms ago: executing program 0 (id=3129): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_LIST(r0, &(0x7f00000000c0)={0x0, 0xfffffffffffffe52, &(0x7f0000000080)={&(0x7f0000000340)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x20044040) (fail_nth: 1) 671.417467ms ago: executing program 2 (id=3130): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4) getsockname$packet(r4, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001940)=@newtfilter={0x68, 0x28, 0x575ac7824d421509, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r5, {0x10}, {0xffe0}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x3c, 0x2, [@TCA_BPF_ACT={0x38, 0x1, [@m_tunnel_key={0x34, 0x4, 0x0, 0x0, {{0xf}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x68}}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r6, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) close(r0) syslog(0x9, &(0x7f00000000c0)=""/1, 0x1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r7 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f0000000000)={{0x2, 0x4e23, @broadcast}, {0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}}, 0x6f631b4376e74f0c, {0x2, 0x0, @rand_addr=0x44010100}}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$sock_inet_SIOCSARP(r7, 0x8953, &(0x7f0000000000)={{0x2, 0xfdfd, @dev}, {0x0, @local}, 0x4a, {0x2, 0x4e22, @broadcast}, 'syz_tun\x00'}) 671.256328ms ago: executing program 0 (id=3131): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x7, 0x0, 0x34324142, 0x2, 0x9, 0x1, 0x5, 0x8, 0x0, 0x2, 0x0, 0x2}}) prlimit64(0x0, 0xe, 0x0, 0x0) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x104) clock_settime(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read(r4, &(0x7f00000003c0)=""/4096, 0x1000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) 578.857733ms ago: executing program 2 (id=3132): write(0xffffffffffffffff, &(0x7f00000000c0)="240000001e00cd0214fffffffffffff80765", 0x12) openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {0x8}, {}, {}, {}, {0x1000, 0xfffffffe}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0) read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="38000000031404002ab1000f4938c29ebda883bd7000ffdbdf250900020073797a32000000000800410073697700140033007465616d5f73"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000400000000000000008500000030000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002a00000095"], &(0x7f0000000080)='GPL\x00'}, 0x94) writev(r1, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setresuid(0x0, 0xee00, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) connect$inet6(r5, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r6, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r6, 0x540a, 0x2) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x9}}}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 153.452648ms ago: executing program 3 (id=3133): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b0000000180100002020782500000000f01f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='workqueue_queue_work\x00', r1}, 0x18) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r2, r0, 0x0) 0s ago: executing program 3 (id=3134): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="190000000400000004000000ffff010000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) 0s ago: executing program 3 (id=3135): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b0000000180100002020782500000000f01f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='workqueue_queue_work\x00', r1}, 0x18) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r2, r0, 0x0) (fail_nth: 1) kernel console output (not intermixed with test programs): mm: syz.1.2738 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 537.660895][T15998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 537.660903][T15998] Call Trace: [ 537.660907][T15998] [ 537.660912][T15998] dump_stack_lvl+0x16c/0x1f0 [ 537.660927][T15998] should_fail_ex+0x512/0x640 [ 537.660941][T15998] _copy_from_user+0x2e/0xd0 [ 537.660954][T15998] move_addr_to_kernel+0x65/0x170 [ 537.660971][T15998] __get_compat_msghdr+0x3f1/0x4d0 [ 537.660985][T15998] get_compat_msghdr+0xd2/0x170 [ 537.660996][T15998] ? __pfx_get_compat_msghdr+0x10/0x10 [ 537.661009][T15998] ? __pfx__kstrtoull+0x10/0x10 [ 537.661027][T15998] ___sys_sendmsg+0x1ae/0x1d0 [ 537.661040][T15998] ? __pfx____sys_sendmsg+0x10/0x10 [ 537.661051][T15998] ? __lock_acquire+0x622/0x1c90 [ 537.661097][T15998] __sys_sendmmsg+0x2f9/0x420 [ 537.661112][T15998] ? __pfx___sys_sendmmsg+0x10/0x10 [ 537.661128][T15998] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 537.661147][T15998] ? fput+0x70/0xf0 [ 537.661160][T15998] ? ksys_write+0x1ac/0x250 [ 537.661170][T15998] ? __pfx_ksys_write+0x10/0x10 [ 537.661183][T15998] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 537.661195][T15998] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 537.661207][T15998] __do_fast_syscall_32+0x7c/0x3a0 [ 537.661221][T15998] do_fast_syscall_32+0x32/0x80 [ 537.661234][T15998] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 537.661248][T15998] RIP: 0023:0xf70be579 [ 537.661257][T15998] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 537.661268][T15998] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 537.661279][T15998] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080007240 [ 537.661285][T15998] RDX: 0000000000000001 RSI: 000000003001d090 RDI: 0000000000000000 [ 537.661292][T15998] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 537.661298][T15998] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 537.661305][T15998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 537.661318][T15998] [ 537.736880][T15985] team0: Port device team_slave_1 added [ 537.795201][T15985] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 537.798078][T15985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 537.811624][T15985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 537.815965][T15985] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 537.818206][T15985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 537.826606][T15985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 537.959712][T15985] hsr_slave_0: entered promiscuous mode [ 537.972439][T15985] hsr_slave_1: entered promiscuous mode [ 537.998504][T15985] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 538.001048][T15985] Cannot create hsr debugfs directory [ 538.057426][ T10] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 538.231233][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 538.241818][ T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 538.247412][ T10] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 538.250386][ T10] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 538.259897][ T10] usb 7-1: Product: syz [ 538.262579][ T10] usb 7-1: Manufacturer: syz [ 538.270073][ T10] usb 7-1: SerialNumber: syz [ 538.276313][ T10] usb 7-1: config 0 descriptor?? [ 538.279667][T16000] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 538.288448][ T10] hub 7-1:0.0: bad descriptor, ignoring hub [ 538.290407][ T10] hub 7-1:0.0: probe with driver hub failed with error -5 [ 538.470563][ T93] bond0 (unregistering): Released all slaves [ 538.479970][ T93] bond1 (unregistering): Released all slaves [ 538.570757][ T93] bond2 (unregistering): Released all slaves [ 538.645728][ T93] bond3 (unregistering): Released all slaves [ 538.720033][ T93] bond4 (unregistering): Released all slaves [ 538.811718][ T93] bond5 (unregistering): Released all slaves [ 538.984523][ T10] usb 7-1: USB disconnect, device number 8 [ 539.014640][ T93] tipc: Disabling bearer [ 539.019018][ T93] tipc: Left network mode [ 539.031710][ T5967] Bluetooth: hci1: command tx timeout [ 539.143597][ T10] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 539.342734][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 539.348884][ T10] usb 7-1: string descriptor 0 read error: -22 [ 539.351541][ T10] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 539.362444][ T10] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 539.368796][ T10] usb 7-1: config 0 descriptor?? [ 539.375885][T16018] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 539.380428][ T10] hub 7-1:0.0: bad descriptor, ignoring hub [ 539.384348][ T10] hub 7-1:0.0: probe with driver hub failed with error -5 [ 539.610233][T15985] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 539.613738][T16000] xt_CT: You must specify a L4 protocol and not use inversions on it [ 539.622525][T15985] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 539.627086][T15985] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 539.638087][T15985] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 539.715730][T15985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 539.726765][T15985] 8021q: adding VLAN 0 to HW filter on device team0 [ 539.733046][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.736132][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 539.741730][ T55] usb 7-1: USB disconnect, device number 9 [ 539.756686][ T1234] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.759002][ T1234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 539.907342][ T93] hsr_slave_0: left promiscuous mode [ 539.910653][ T93] hsr_slave_1: left promiscuous mode [ 541.111293][ T5967] Bluetooth: hci1: command tx timeout [ 541.656569][T16066] team0: Mode changed to "loadbalance" [ 541.715144][T16089] FAULT_INJECTION: forcing a failure. [ 541.715144][T16089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 541.719203][T16089] CPU: 0 UID: 0 PID: 16089 Comm: syz.1.2753 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 541.719219][T16089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 541.719226][T16089] Call Trace: [ 541.719231][T16089] [ 541.719235][T16089] dump_stack_lvl+0x16c/0x1f0 [ 541.719255][T16089] should_fail_ex+0x512/0x640 [ 541.719270][T16089] _copy_to_user+0x32/0xd0 [ 541.719283][T16089] simple_read_from_buffer+0xcb/0x170 [ 541.719302][T16089] proc_fail_nth_read+0x197/0x270 [ 541.719318][T16089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 541.719335][T16089] ? rw_verify_area+0xcf/0x680 [ 541.719351][T16089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 541.719366][T16089] vfs_read+0x1e4/0xc60 [ 541.719376][T16089] ? fdget_pos+0x2a2/0x370 [ 541.719388][T16089] ? __pfx_vfs_read+0x10/0x10 [ 541.719397][T16089] ? find_held_lock+0x2b/0x80 [ 541.719413][T16089] ? __fget_files+0x20e/0x3c0 [ 541.719434][T16089] ksys_read+0x12a/0x250 [ 541.719444][T16089] ? __pfx_ksys_read+0x10/0x10 [ 541.719455][T16089] ? rcu_is_watching+0x12/0xc0 [ 541.719469][T16089] __do_fast_syscall_32+0x7c/0x3a0 [ 541.719482][T16089] do_fast_syscall_32+0x32/0x80 [ 541.719494][T16089] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 541.719508][T16089] RIP: 0023:0xf70be579 [ 541.719517][T16089] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 541.719527][T16089] RSP: 002b:00000000f50ae590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 541.719538][T16089] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50ae620 [ 541.719545][T16089] RDX: 000000000000000f RSI: 00000000f7424ff4 RDI: 0000000000000000 [ 541.719552][T16089] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 541.719558][T16089] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 541.719565][T16089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 541.719579][T16089] [ 541.961825][T15985] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.016984][T15985] veth0_vlan: entered promiscuous mode [ 542.101700][T15985] veth1_vlan: entered promiscuous mode [ 542.212018][T15985] veth0_macvtap: entered promiscuous mode [ 542.216435][T15985] veth1_macvtap: entered promiscuous mode [ 542.228427][T15985] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.235700][T15985] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 542.245750][T15985] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.246499][ T93] IPVS: stop unused estimator thread 0... [ 542.248560][T15985] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.253620][T15985] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.257039][T15985] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.319116][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.323136][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.342292][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.346060][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.405534][T16110] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2736'. [ 542.588849][T16104] syz.3.2755 (16104): attempted to duplicate a private mapping with mremap. This is not supported. [ 543.135009][T16125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2759'. [ 543.201345][ T5963] Bluetooth: hci1: command tx timeout [ 544.231366][ T5963] Bluetooth: hci2: command 0xfc11 tx timeout [ 544.231470][ T5967] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 544.540256][T16141] fuse: Unknown parameter 'group_i{' [ 544.631449][ T5318] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 544.631497][ T5967] Bluetooth: hci5: command 0xfc11 tx timeout [ 544.876883][T16150] overlayfs: failed to resolve './file1': -2 [ 544.892203][T16150] overlayfs: failed to resolve './file1': -2 [ 545.281274][ T5318] Bluetooth: hci1: command tx timeout [ 546.577055][T16177] FAULT_INJECTION: forcing a failure. [ 546.577055][T16177] name failslab, interval 1, probability 0, space 0, times 0 [ 546.580880][T16177] CPU: 3 UID: 0 PID: 16177 Comm: syz.2.2775 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 546.580895][T16177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 546.580903][T16177] Call Trace: [ 546.580907][T16177] [ 546.580912][T16177] dump_stack_lvl+0x16c/0x1f0 [ 546.580927][T16177] should_fail_ex+0x512/0x640 [ 546.580939][T16177] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 546.580952][T16177] should_failslab+0xc2/0x120 [ 546.580965][T16177] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 546.580977][T16177] ? sock_alloc_inode+0x25/0x1c0 [ 546.580993][T16177] ? __pfx_sock_alloc_inode+0x10/0x10 [ 546.581006][T16177] sock_alloc_inode+0x25/0x1c0 [ 546.581019][T16177] alloc_inode+0x61/0x240 [ 546.581034][T16177] sock_alloc+0x40/0x280 [ 546.581047][T16177] __sock_create+0xc1/0x8d0 [ 546.581080][T16177] mptcp_subflow_create_socket+0xf5/0xed0 [ 546.581104][T16177] ? aa_label_sk_perm+0x19b/0x5a0 [ 546.581135][T16177] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 546.581160][T16177] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 546.581186][T16177] __mptcp_nmpc_sk+0x182/0x7d0 [ 546.581210][T16177] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 546.581234][T16177] ? register_lock_class+0x41/0x4c0 [ 546.581264][T16177] mptcp_connect+0x7d/0xaf0 [ 546.581291][T16177] __inet_stream_connect+0x917/0xf60 [ 546.581326][T16177] ? __pfx___inet_stream_connect+0x10/0x10 [ 546.581352][T16177] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 546.581381][T16177] ? __pfx_inet_stream_connect+0x10/0x10 [ 546.581409][T16177] ? __local_bh_enable_ip+0xa4/0x120 [ 546.581434][T16177] ? __pfx_inet_stream_connect+0x10/0x10 [ 546.581455][T16177] inet_stream_connect+0x57/0xa0 [ 546.581472][T16177] __sys_connect_file+0x13e/0x1a0 [ 546.581491][T16177] __sys_connect+0x13b/0x160 [ 546.581508][T16177] ? __pfx___sys_connect+0x10/0x10 [ 546.581524][T16177] ? handle_mm_fault+0x230/0xd10 [ 546.581545][T16177] ? __pfx_ksys_write+0x10/0x10 [ 546.581559][T16177] __ia32_sys_connect+0x71/0xb0 [ 546.581575][T16177] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 546.581588][T16177] __do_fast_syscall_32+0x7c/0x3a0 [ 546.581601][T16177] do_fast_syscall_32+0x32/0x80 [ 546.581613][T16177] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 546.581627][T16177] RIP: 0023:0xf7f87579 [ 546.581635][T16177] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 546.581646][T16177] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 546.581657][T16177] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 546.581664][T16177] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 546.581670][T16177] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 546.581677][T16177] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 546.581683][T16177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 546.581696][T16177] [ 546.681908][T16177] socket: no more sockets [ 546.755391][T16183] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2776'. [ 546.798688][T16183] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.890936][T16183] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.012440][T16183] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.163785][T16183] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.296770][T16183] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.306625][T16183] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.313588][T16183] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.332022][T16183] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.872294][T16219] FAULT_INJECTION: forcing a failure. [ 549.872294][T16219] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 549.876490][T16219] CPU: 3 UID: 0 PID: 16219 Comm: syz.2.2786 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 549.876506][T16219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 549.876513][T16219] Call Trace: [ 549.876517][T16219] [ 549.876522][T16219] dump_stack_lvl+0x16c/0x1f0 [ 549.876537][T16219] should_fail_ex+0x512/0x640 [ 549.876552][T16219] _copy_from_iter+0x29f/0x16f0 [ 549.876566][T16219] ? __alloc_skb+0x200/0x380 [ 549.876577][T16219] ? __pfx__copy_from_iter+0x10/0x10 [ 549.876591][T16219] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 549.876609][T16219] netlink_sendmsg+0x829/0xdd0 [ 549.876625][T16219] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.876639][T16219] ? __import_iovec+0x1dd/0x650 [ 549.876655][T16219] ____sys_sendmsg+0xa95/0xc70 [ 549.876672][T16219] ? __pfx_____sys_sendmsg+0x10/0x10 [ 549.876686][T16219] ? get_compat_msghdr+0x11a/0x170 [ 549.876704][T16219] ___sys_sendmsg+0x134/0x1d0 [ 549.876717][T16219] ? __pfx____sys_sendmsg+0x10/0x10 [ 549.876734][T16219] ? find_held_lock+0x2b/0x80 [ 549.876755][T16219] __sys_sendmsg+0x16d/0x220 [ 549.876766][T16219] ? __pfx___sys_sendmsg+0x10/0x10 [ 549.876783][T16219] ? rcu_is_watching+0x12/0xc0 [ 549.876798][T16219] __do_fast_syscall_32+0x7c/0x3a0 [ 549.876811][T16219] do_fast_syscall_32+0x32/0x80 [ 549.876822][T16219] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 549.876836][T16219] RIP: 0023:0xf7f87579 [ 549.876845][T16219] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 549.876856][T16219] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 549.876866][T16219] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 549.876873][T16219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 549.876880][T16219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 549.876886][T16219] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 549.876892][T16219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 549.876905][T16219] [ 552.409892][ T1140] Bluetooth: hci2: Frame reassembly failed (-84) [ 553.675236][T16255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2794'. [ 553.678506][T16255] bridge_slave_1: left allmulticast mode [ 553.682025][T16255] bridge_slave_1: left promiscuous mode [ 553.685039][T16255] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.753227][T16255] bridge_slave_0: left allmulticast mode [ 553.759148][T16255] bridge_slave_0: left promiscuous mode [ 553.764942][T16255] bridge0: port 1(bridge_slave_0) entered disabled state [ 553.820304][ T5967] Bluetooth: Unexpected start frame (len 12) [ 553.871145][ T24] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 554.021267][ T24] usb 8-1: Using ep0 maxpacket: 32 [ 554.024663][ T24] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 554.029543][ T24] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 554.032560][ T24] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 554.035202][ T24] usb 8-1: Product: syz [ 554.036606][ T24] usb 8-1: Manufacturer: syz [ 554.038125][ T24] usb 8-1: SerialNumber: syz [ 554.040938][ T24] usb 8-1: config 0 descriptor?? [ 554.043123][T16257] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 554.046044][ T24] hub 8-1:0.0: bad descriptor, ignoring hub [ 554.048019][ T24] hub 8-1:0.0: probe with driver hub failed with error -5 [ 554.471208][ T5318] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 554.471381][ T5967] Bluetooth: hci2: command 0xfc11 tx timeout [ 554.964207][ T54] usb 8-1: USB disconnect, device number 16 [ 555.091155][ T54] usb 8-1: new full-speed USB device number 17 using dummy_hcd [ 555.242929][ T54] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 555.248541][ T54] usb 8-1: string descriptor 0 read error: -22 [ 555.250406][ T54] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 555.254600][ T54] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 555.258154][ T54] usb 8-1: config 0 descriptor?? [ 555.262456][T16266] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 555.265469][ T54] hub 8-1:0.0: bad descriptor, ignoring hub [ 555.267265][ T54] hub 8-1:0.0: probe with driver hub failed with error -5 [ 555.475774][T16257] xt_CT: You must specify a L4 protocol and not use inversions on it [ 555.581673][ T54] usb 8-1: USB disconnect, device number 17 [ 558.276662][T16287] netlink: 'syz.0.2804': attribute type 2 has an invalid length. [ 558.279234][T16287] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2804'. [ 558.336316][T16287] usb usb8: usbfs: process 16287 (syz.0.2804) did not claim interface 0 before use [ 558.344955][T16287] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2804'. [ 558.867317][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 558.934403][T16310] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2811'. [ 559.181372][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 559.235401][ T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 559.338049][ T10] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 559.346963][ T10] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 559.350062][ T10] usb 5-1: Product: syz [ 559.352055][ T10] usb 5-1: Manufacturer: syz [ 559.353645][ T10] usb 5-1: SerialNumber: syz [ 559.406829][ T10] usb 5-1: config 0 descriptor?? [ 559.420623][T16299] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 559.435148][ T10] hub 5-1:0.0: bad descriptor, ignoring hub [ 559.437064][ T10] hub 5-1:0.0: probe with driver hub failed with error -5 [ 560.355855][ T24] usb 5-1: USB disconnect, device number 17 [ 560.491268][ T24] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 560.652585][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 560.658521][ T24] usb 5-1: string descriptor 0 read error: -22 [ 560.661277][ T24] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 560.664251][ T24] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 560.668047][ T24] usb 5-1: config 0 descriptor?? [ 560.670229][T16317] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 560.674385][ T24] hub 5-1:0.0: bad descriptor, ignoring hub [ 560.676478][ T24] hub 5-1:0.0: probe with driver hub failed with error -5 [ 560.885708][T16299] xt_CT: You must specify a L4 protocol and not use inversions on it [ 560.906323][T16334] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2817'. [ 560.917104][T16336] binder: 16335:16336 ioctl c0306201 80000180 returned -14 [ 560.984579][T16334] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 561.001693][ T6008] usb 5-1: USB disconnect, device number 18 [ 561.717561][T16345] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2821'. [ 562.347726][T16363] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2822'. [ 562.825723][T16370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2826'. [ 562.829504][T16370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2826'. [ 563.955528][T16387] input: syz0 as /devices/virtual/input/input33 [ 563.963199][T16387] FAULT_INJECTION: forcing a failure. [ 563.963199][T16387] name failslab, interval 1, probability 0, space 0, times 0 [ 563.968652][T16387] CPU: 1 UID: 0 PID: 16387 Comm: syz.2.2834 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 563.968677][T16387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 563.968688][T16387] Call Trace: [ 563.968696][T16387] [ 563.968704][T16387] dump_stack_lvl+0x16c/0x1f0 [ 563.968729][T16387] should_fail_ex+0x512/0x640 [ 563.968748][T16387] ? fs_reclaim_acquire+0xae/0x150 [ 563.968777][T16387] should_failslab+0xc2/0x120 [ 563.968799][T16387] __kmalloc_cache_noprof+0x6a/0x3e0 [ 563.968827][T16387] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 563.968845][T16387] ? kobject_uevent_env+0x265/0x1870 [ 563.968873][T16387] kobject_uevent_env+0x265/0x1870 [ 563.968895][T16387] ? __pfx_dev_uevent_name+0x10/0x10 [ 563.968928][T16387] ? bus_to_subsys+0x131/0x160 [ 563.968957][T16387] device_del+0x623/0x9f0 [ 563.968978][T16387] ? __pfx_device_del+0x10/0x10 [ 563.969005][T16387] cdev_device_del+0x1d/0x110 [ 563.969028][T16387] evdev_disconnect+0x40/0xb0 [ 563.969053][T16387] __input_unregister_device+0x1f5/0x470 [ 563.969077][T16387] input_unregister_device+0xb9/0x100 [ 563.969097][T16387] uinput_destroy_device+0x1f4/0x260 [ 563.969126][T16387] uinput_ioctl_handler.isra.0+0x8a9/0x1df0 [ 563.969152][T16387] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 563.969198][T16387] ? find_held_lock+0x2b/0x80 [ 563.969226][T16387] ? __fput_deferred+0x480/0x480 [ 563.969249][T16387] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 563.969279][T16387] ? __pfx_uinput_compat_ioctl+0x10/0x10 [ 563.969302][T16387] __ia32_compat_sys_ioctl+0x23f/0x370 [ 563.969332][T16387] __do_fast_syscall_32+0x7c/0x3a0 [ 563.969354][T16387] do_fast_syscall_32+0x32/0x80 [ 563.969374][T16387] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 563.969396][T16387] RIP: 0023:0xf7f87579 [ 563.969411][T16387] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 563.969428][T16387] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 563.969446][T16387] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005502 [ 563.969457][T16387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 563.969467][T16387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 563.969478][T16387] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 563.969488][T16387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 563.969512][T16387] [ 563.985081][T16389] FAULT_INJECTION: forcing a failure. [ 563.985081][T16389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 564.060030][T16389] CPU: 0 UID: 0 PID: 16389 Comm: syz.1.2835 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 564.060046][T16389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 564.060054][T16389] Call Trace: [ 564.060058][T16389] [ 564.060062][T16389] dump_stack_lvl+0x16c/0x1f0 [ 564.060079][T16389] should_fail_ex+0x512/0x640 [ 564.060092][T16389] _copy_from_iter+0x29f/0x16f0 [ 564.060107][T16389] ? __alloc_skb+0x200/0x380 [ 564.060118][T16389] ? __pfx__copy_from_iter+0x10/0x10 [ 564.060131][T16389] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 564.060160][T16389] netlink_sendmsg+0x829/0xdd0 [ 564.060185][T16389] ? __pfx_netlink_sendmsg+0x10/0x10 [ 564.060202][T16389] ? __import_iovec+0x1dd/0x650 [ 564.060218][T16389] ____sys_sendmsg+0xa95/0xc70 [ 564.060234][T16389] ? __pfx_____sys_sendmsg+0x10/0x10 [ 564.060249][T16389] ? get_compat_msghdr+0x11a/0x170 [ 564.060267][T16389] ___sys_sendmsg+0x134/0x1d0 [ 564.060280][T16389] ? __pfx____sys_sendmsg+0x10/0x10 [ 564.060298][T16389] ? find_held_lock+0x2b/0x80 [ 564.060320][T16389] __sys_sendmsg+0x16d/0x220 [ 564.060332][T16389] ? __pfx___sys_sendmsg+0x10/0x10 [ 564.060350][T16389] ? rcu_is_watching+0x12/0xc0 [ 564.060364][T16389] __do_fast_syscall_32+0x7c/0x3a0 [ 564.060377][T16389] do_fast_syscall_32+0x32/0x80 [ 564.060389][T16389] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 564.060406][T16389] RIP: 0023:0xf70be579 [ 564.060419][T16389] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 564.060431][T16389] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 564.060442][T16389] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 564.060449][T16389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 564.060455][T16389] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 564.060461][T16389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 564.060468][T16389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 564.060481][T16389] [ 564.400204][T16405] input: syz0 as /devices/virtual/input/input34 [ 566.729244][T16460] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 566.731395][T16460] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 566.741171][T16460] vhci_hcd vhci_hcd.0: Device attached [ 566.777617][T16463] 9pnet_fd: Insufficient options for proto=fd [ 566.817082][T16466] FAULT_INJECTION: forcing a failure. [ 566.817082][T16466] name failslab, interval 1, probability 0, space 0, times 0 [ 566.821116][T16466] CPU: 2 UID: 0 PID: 16466 Comm: syz.0.2866 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 566.821131][T16466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 566.821138][T16466] Call Trace: [ 566.821142][T16466] [ 566.821147][T16466] dump_stack_lvl+0x16c/0x1f0 [ 566.821173][T16466] should_fail_ex+0x512/0x640 [ 566.821189][T16466] should_failslab+0xc2/0x120 [ 566.821207][T16466] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 566.821218][T16466] ? lock_acquire+0x179/0x350 [ 566.821234][T16466] ? dst_alloc+0x99/0x1a0 [ 566.821253][T16466] ? __pfx_ip6_dst_gc+0x10/0x10 [ 566.821270][T16466] dst_alloc+0x99/0x1a0 [ 566.821288][T16466] ip6_pol_route+0x96b/0x1230 [ 566.821305][T16466] ? __pfx_ip6_pol_route+0x10/0x10 [ 566.821326][T16466] ? __local_bh_enable_ip+0xa4/0x120 [ 566.821340][T16466] ? __pfx_ip6_pol_route_input+0x10/0x10 [ 566.821355][T16466] fib6_rule_lookup+0x536/0x720 [ 566.821371][T16466] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 566.821385][T16466] ? nf_nat_ipv6_fn+0xff/0x2e0 [ 566.821402][T16466] ? __pfx_nf_nat_ipv6_fn+0x10/0x10 [ 566.821420][T16466] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 566.821439][T16466] ip6_route_input+0x662/0xc00 [ 566.821457][T16466] ? __pfx_ip6_route_input+0x10/0x10 [ 566.821471][T16466] ? lock_acquire+0x179/0x350 [ 566.821494][T16466] ? sock_wfree+0x11c/0x880 [ 566.821506][T16466] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 566.821524][T16466] ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0 [ 566.821542][T16466] ipv6_rcv+0x1e8/0x680 [ 566.821558][T16466] ? __pfx_ipv6_rcv+0x10/0x10 [ 566.821572][T16466] __netif_receive_skb_one_core+0x12d/0x1e0 [ 566.821590][T16466] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 566.821609][T16466] ? lock_acquire+0x179/0x350 [ 566.821624][T16466] ? __phys_addr+0xe8/0x180 [ 566.821638][T16466] __netif_receive_skb+0x1d/0x160 [ 566.821656][T16466] netif_receive_skb+0x137/0x7b0 [ 566.821673][T16466] ? __pfx_netif_receive_skb+0x10/0x10 [ 566.821695][T16466] tun_rx_batched.isra.0+0x3ee/0x740 [ 566.821710][T16466] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 566.821726][T16466] ? tun_get_user+0x1c0d/0x3b80 [ 566.821739][T16466] ? rcu_is_watching+0x12/0xc0 [ 566.821753][T16466] tun_get_user+0x28a2/0x3b80 [ 566.821772][T16466] ? __pfx_tun_get_user+0x10/0x10 [ 566.821785][T16466] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 566.821802][T16466] ? find_held_lock+0x2b/0x80 [ 566.821813][T16466] ? tun_get+0x191/0x370 [ 566.821828][T16466] tun_chr_write_iter+0xdc/0x210 [ 566.821843][T16466] vfs_write+0x6c4/0x1150 [ 566.821854][T16466] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 566.821869][T16466] ? __pfx_vfs_write+0x10/0x10 [ 566.821878][T16466] ? find_held_lock+0x2b/0x80 [ 566.821897][T16466] ksys_write+0x12a/0x250 [ 566.821908][T16466] ? __pfx_ksys_write+0x10/0x10 [ 566.821919][T16466] ? rcu_is_watching+0x12/0xc0 [ 566.821932][T16466] __do_fast_syscall_32+0x7c/0x3a0 [ 566.821945][T16466] do_fast_syscall_32+0x32/0x80 [ 566.821959][T16466] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 566.821973][T16466] RIP: 0023:0xf707e579 [ 566.821982][T16466] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 566.821993][T16466] RSP: 002b:00000000f506e520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 566.822004][T16466] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000040 [ 566.822015][T16466] RDX: 0000000000000083 RSI: 00000000f73e4ff4 RDI: 0000000000000000 [ 566.822025][T16466] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 566.822034][T16466] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 566.822042][T16466] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 566.822056][T16466] [ 566.998081][T16473] FAULT_INJECTION: forcing a failure. [ 566.998081][T16473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 567.003689][T16473] CPU: 2 UID: 0 PID: 16473 Comm: syz.0.2860 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 567.003705][T16473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 567.003712][T16473] Call Trace: [ 567.003716][T16473] [ 567.003721][T16473] dump_stack_lvl+0x16c/0x1f0 [ 567.003735][T16473] should_fail_ex+0x512/0x640 [ 567.003750][T16473] _copy_from_iter+0x29f/0x16f0 [ 567.003764][T16473] ? __alloc_skb+0x200/0x380 [ 567.003777][T16473] ? __pfx__copy_from_iter+0x10/0x10 [ 567.003790][T16473] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 567.003808][T16473] netlink_sendmsg+0x829/0xdd0 [ 567.003824][T16473] ? __pfx_netlink_sendmsg+0x10/0x10 [ 567.003838][T16473] ? __import_iovec+0x1dd/0x650 [ 567.003853][T16473] ____sys_sendmsg+0xa95/0xc70 [ 567.003870][T16473] ? __pfx_____sys_sendmsg+0x10/0x10 [ 567.003884][T16473] ? get_compat_msghdr+0x11a/0x170 [ 567.003902][T16473] ___sys_sendmsg+0x134/0x1d0 [ 567.003914][T16473] ? __pfx____sys_sendmsg+0x10/0x10 [ 567.003932][T16473] ? find_held_lock+0x2b/0x80 [ 567.003953][T16473] __sys_sendmsg+0x16d/0x220 [ 567.003965][T16473] ? __pfx___sys_sendmsg+0x10/0x10 [ 567.003982][T16473] ? rcu_is_watching+0x12/0xc0 [ 567.004015][T16473] __do_fast_syscall_32+0x7c/0x3a0 [ 567.004028][T16473] do_fast_syscall_32+0x32/0x80 [ 567.004040][T16473] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 567.004054][T16473] RIP: 0023:0xf707e579 [ 567.004062][T16473] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 567.004073][T16473] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 567.004084][T16473] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 567.004091][T16473] RDX: 0000000020004804 RSI: 0000000000000000 RDI: 0000000000000000 [ 567.004097][T16473] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 567.004103][T16473] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 567.004109][T16473] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 567.004123][T16473] [ 567.121299][ T55] usb 44-1: SetAddress Request (2) to port 0 [ 567.123476][ T55] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 567.143709][T16476] FAULT_INJECTION: forcing a failure. [ 567.143709][T16476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 567.148709][T16476] CPU: 3 UID: 0 PID: 16476 Comm: syz.0.2861 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 567.148747][T16476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 567.148759][T16476] Call Trace: [ 567.148766][T16476] [ 567.148774][T16476] dump_stack_lvl+0x16c/0x1f0 [ 567.148796][T16476] should_fail_ex+0x512/0x640 [ 567.148818][T16476] _copy_from_iter+0x29f/0x16f0 [ 567.148841][T16476] ? __alloc_skb+0x200/0x380 [ 567.148858][T16476] ? __pfx__copy_from_iter+0x10/0x10 [ 567.148879][T16476] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 567.148908][T16476] netlink_sendmsg+0x829/0xdd0 [ 567.148932][T16476] ? __pfx_netlink_sendmsg+0x10/0x10 [ 567.148956][T16476] ? __import_iovec+0x1dd/0x650 [ 567.148981][T16476] ____sys_sendmsg+0xa95/0xc70 [ 567.149004][T16476] ? __bpf_trace_gfs2_promote+0x20/0xd0 [ 567.149029][T16476] ? __pfx_____sys_sendmsg+0x10/0x10 [ 567.149051][T16476] ? get_compat_msghdr+0x11a/0x170 [ 567.149082][T16476] ___sys_sendmsg+0x134/0x1d0 [ 567.149102][T16476] ? __pfx____sys_sendmsg+0x10/0x10 [ 567.149124][T16476] ? find_held_lock+0x2b/0x80 [ 567.149146][T16476] __sys_sendmsg+0x16d/0x220 [ 567.149158][T16476] ? __pfx___sys_sendmsg+0x10/0x10 [ 567.149176][T16476] ? rcu_is_watching+0x12/0xc0 [ 567.149190][T16476] __do_fast_syscall_32+0x7c/0x3a0 [ 567.149203][T16476] do_fast_syscall_32+0x32/0x80 [ 567.149220][T16476] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 567.149234][T16476] RIP: 0023:0xf707e579 [ 567.149244][T16476] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 567.149254][T16476] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 567.149266][T16476] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 567.149273][T16476] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 567.149279][T16476] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 567.149286][T16476] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 567.149292][T16476] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 567.149305][T16476] [ 567.559503][T16461] vhci_hcd: connection reset by peer [ 567.563678][ T93] vhci_hcd: stop threads [ 567.565109][ T93] vhci_hcd: release socket [ 567.566629][ T93] vhci_hcd: disconnect device [ 567.941230][ T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 568.041542][T16503] FAULT_INJECTION: forcing a failure. [ 568.041542][T16503] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.045703][T16503] CPU: 2 UID: 0 PID: 16503 Comm: syz.2.2872 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 568.045718][T16503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 568.045727][T16503] Call Trace: [ 568.045731][T16503] [ 568.045736][T16503] dump_stack_lvl+0x16c/0x1f0 [ 568.045752][T16503] should_fail_ex+0x512/0x640 [ 568.045765][T16503] _copy_from_iter+0x29f/0x16f0 [ 568.045780][T16503] ? __alloc_skb+0x200/0x380 [ 568.045792][T16503] ? __pfx__copy_from_iter+0x10/0x10 [ 568.045805][T16503] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 568.045824][T16503] netlink_sendmsg+0x829/0xdd0 [ 568.045839][T16503] ? __pfx_netlink_sendmsg+0x10/0x10 [ 568.045854][T16503] ? __import_iovec+0x1dd/0x650 [ 568.045870][T16503] ____sys_sendmsg+0xa95/0xc70 [ 568.045886][T16503] ? __pfx_____sys_sendmsg+0x10/0x10 [ 568.045901][T16503] ? get_compat_msghdr+0x11a/0x170 [ 568.045923][T16503] ___sys_sendmsg+0x134/0x1d0 [ 568.045936][T16503] ? __pfx____sys_sendmsg+0x10/0x10 [ 568.045954][T16503] ? find_held_lock+0x2b/0x80 [ 568.045975][T16503] __sys_sendmsg+0x16d/0x220 [ 568.045987][T16503] ? __pfx___sys_sendmsg+0x10/0x10 [ 568.046004][T16503] ? rcu_is_watching+0x12/0xc0 [ 568.046018][T16503] __do_fast_syscall_32+0x7c/0x3a0 [ 568.046032][T16503] do_fast_syscall_32+0x32/0x80 [ 568.046043][T16503] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 568.046057][T16503] RIP: 0023:0xf7f87579 [ 568.046066][T16503] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 568.046077][T16503] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 568.046087][T16503] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000500 [ 568.046094][T16503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 568.046100][T16503] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 568.046107][T16503] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 568.046113][T16503] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 568.046126][T16503] [ 568.159015][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 568.163044][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 568.171219][ T24] usb 5-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00 [ 568.174245][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.208975][ T40] audit: type=1800 audit(1753742284.777:784): pid=16507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2873" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 568.209660][ T24] usb 5-1: config 0 descriptor?? [ 568.293588][T16499] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2870'. [ 568.454982][T16492] FAULT_INJECTION: forcing a failure. [ 568.454982][T16492] name failslab, interval 1, probability 0, space 0, times 0 [ 568.460614][T16492] CPU: 3 UID: 0 PID: 16492 Comm: syz.0.2868 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 568.460638][T16492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 568.460649][T16492] Call Trace: [ 568.460656][T16492] [ 568.460663][T16492] dump_stack_lvl+0x16c/0x1f0 [ 568.460687][T16492] should_fail_ex+0x512/0x640 [ 568.460705][T16492] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 568.460727][T16492] should_failslab+0xc2/0x120 [ 568.460748][T16492] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 568.460767][T16492] ? security_file_alloc+0x34/0x2b0 [ 568.460798][T16492] security_file_alloc+0x34/0x2b0 [ 568.460825][T16492] init_file+0x93/0x4c0 [ 568.460847][T16492] alloc_empty_file+0x73/0x1e0 [ 568.460885][T16492] path_openat+0xda/0x2cb0 [ 568.460903][T16492] ? do_fast_syscall_32+0x32/0x80 [ 568.460920][T16492] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 568.460951][T16492] ? __pfx_path_openat+0x10/0x10 [ 568.460976][T16492] do_filp_open+0x20b/0x470 [ 568.460994][T16492] ? __pfx_do_filp_open+0x10/0x10 [ 568.461029][T16492] ? _raw_spin_unlock+0x28/0x50 [ 568.461054][T16492] ? alloc_fd+0x471/0x7d0 [ 568.461105][T16492] do_sys_openat2+0x11b/0x1d0 [ 568.461128][T16492] ? __pfx_do_sys_openat2+0x10/0x10 [ 568.461157][T16492] ? __fget_files+0x20e/0x3c0 [ 568.461190][T16492] __ia32_compat_sys_openat+0x16d/0x210 [ 568.461214][T16492] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 568.461238][T16492] ? ksys_write+0x1ac/0x250 [ 568.461259][T16492] ? rcu_is_watching+0x12/0xc0 [ 568.461282][T16492] __do_fast_syscall_32+0x7c/0x3a0 [ 568.461303][T16492] do_fast_syscall_32+0x32/0x80 [ 568.461322][T16492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 568.461343][T16492] RIP: 0023:0xf707e579 [ 568.461357][T16492] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 568.461374][T16492] RSP: 002b:00000000f506e490 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 568.461392][T16492] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f506e4e0 [ 568.461417][T16492] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f73e4ff4 [ 568.461430][T16492] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 568.461441][T16492] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 568.461452][T16492] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 568.461477][T16492] [ 568.575134][ T24] usbhid 5-1:0.0: can't add hid device: -71 [ 568.577238][ T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 568.582080][ T24] usb 5-1: USB disconnect, device number 19 [ 569.173670][T16516] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2875'. [ 569.180605][T16528] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 569.186759][T16528] overlayfs: failed to set xattr on upper [ 569.189289][T16528] overlayfs: ...falling back to redirect_dir=nofollow. [ 569.193875][T16528] overlayfs: ...falling back to index=off. [ 569.196213][T16528] overlayfs: ...falling back to uuid=null. [ 569.211034][T16528] FAULT_INJECTION: forcing a failure. [ 569.211034][T16528] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 569.216918][T16528] CPU: 2 UID: 0 PID: 16528 Comm: syz.0.2878 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 569.216941][T16528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 569.216953][T16528] Call Trace: [ 569.216962][T16528] [ 569.216971][T16528] dump_stack_lvl+0x16c/0x1f0 [ 569.216994][T16528] should_fail_ex+0x512/0x640 [ 569.217015][T16528] strncpy_from_user+0x3b/0x2e0 [ 569.217044][T16528] getname_flags.part.0+0x8f/0x550 [ 569.217073][T16528] getname_flags+0x93/0xf0 [ 569.217100][T16528] __ia32_sys_renameat2+0xd4/0x130 [ 569.217123][T16528] __do_fast_syscall_32+0x7c/0x3a0 [ 569.217151][T16528] do_fast_syscall_32+0x32/0x80 [ 569.217186][T16528] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 569.217208][T16528] RIP: 0023:0xf707e579 [ 569.217221][T16528] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 569.217235][T16528] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000161 [ 569.217252][T16528] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 569.217263][T16528] RDX: 0000000000000004 RSI: 00000000800003c0 RDI: 0000000000000002 [ 569.217273][T16528] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 569.217282][T16528] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 569.217293][T16528] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 569.217315][T16528] [ 570.093437][T16548] 9pnet_virtio: no channels available for device syz [ 570.097439][T16548] FAULT_INJECTION: forcing a failure. [ 570.097439][T16548] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 570.102356][T16548] CPU: 2 UID: 0 PID: 16548 Comm: syz.1.2886 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 570.102371][T16548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 570.102378][T16548] Call Trace: [ 570.102383][T16548] [ 570.102388][T16548] dump_stack_lvl+0x16c/0x1f0 [ 570.102403][T16548] should_fail_ex+0x512/0x640 [ 570.102418][T16548] _copy_from_user+0x2e/0xd0 [ 570.102431][T16548] do_compat_fcntl64+0x2cd/0x710 [ 570.102446][T16548] ? __pfx_do_compat_fcntl64+0x10/0x10 [ 570.102462][T16548] ? fput+0x70/0xf0 [ 570.102474][T16548] ? ksys_write+0x1ac/0x250 [ 570.102487][T16548] ? rcu_is_watching+0x12/0xc0 [ 570.102500][T16548] __do_fast_syscall_32+0x7c/0x3a0 [ 570.102514][T16548] do_fast_syscall_32+0x32/0x80 [ 570.102525][T16548] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 570.102539][T16548] RIP: 0023:0xf70be579 [ 570.102548][T16548] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 570.102559][T16548] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000037 [ 570.102570][T16548] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000026 [ 570.102577][T16548] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 570.102583][T16548] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 570.102589][T16548] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 570.102596][T16548] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 570.102608][T16548] [ 570.265892][T16555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2887'. [ 570.268947][T16555] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2887'. [ 570.272605][T16555] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2887'. [ 570.745510][T16559] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2889'. [ 571.586079][T16591] kvm: pic: non byte read [ 571.595949][T16591] kvm: pic: level sensitive irq not supported [ 571.597154][T16591] kvm: pic: non byte read [ 571.604790][T16591] kvm: pic: level sensitive irq not supported [ 571.605026][T16591] kvm: pic: non byte read [ 571.612724][T16591] kvm: pic: level sensitive irq not supported [ 571.612982][T16591] kvm: pic: non byte read [ 572.111790][T16598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2898'. [ 572.161327][ T55] usb 44-1: device descriptor read/8, error -110 [ 572.564291][ T55] usb usb44-port1: attempt power cycle [ 573.080125][T16613] FAULT_INJECTION: forcing a failure. [ 573.080125][T16613] name failslab, interval 1, probability 0, space 0, times 0 [ 573.086446][T16613] CPU: 2 UID: 0 PID: 16613 Comm: syz.1.2902 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 573.086470][T16613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 573.086483][T16613] Call Trace: [ 573.086489][T16613] [ 573.086496][T16613] dump_stack_lvl+0x16c/0x1f0 [ 573.086518][T16613] should_fail_ex+0x512/0x640 [ 573.086537][T16613] ? __kmalloc_noprof+0xbf/0x510 [ 573.086555][T16613] ? ovl_get_redirect_xattr+0x237/0x740 [ 573.086575][T16613] should_failslab+0xc2/0x120 [ 573.086594][T16613] __kmalloc_noprof+0xd2/0x510 [ 573.086611][T16613] ? ovl_get_dir_xattr_val+0xd6/0x360 [ 573.086633][T16613] ovl_get_redirect_xattr+0x237/0x740 [ 573.086679][T16613] ovl_lookup_single+0x6af/0xfc0 [ 573.086710][T16613] ? __pfx_ovl_lookup_single+0x10/0x10 [ 573.086739][T16613] ovl_lookup_layer+0x3d4/0x480 [ 573.086762][T16613] ? __pfx_ovl_lookup_layer+0x10/0x10 [ 573.086778][T16613] ? __lock_acquire+0x622/0x1c90 [ 573.086803][T16613] ovl_lookup+0x5bc/0x21a0 [ 573.086828][T16613] ? __pfx_ovl_lookup+0x10/0x10 [ 573.086846][T16613] ? __lock_acquire+0xb8a/0x1c90 [ 573.086874][T16613] ? do_raw_spin_lock+0x12c/0x2b0 [ 573.086901][T16613] ? do_raw_spin_unlock+0x172/0x230 [ 573.086923][T16613] ? _raw_spin_unlock+0x28/0x50 [ 573.086949][T16613] lookup_one_qstr_excl_raw.part.0+0xef/0x160 [ 573.086970][T16613] ? lookup_dcache+0x66/0x170 [ 573.086989][T16613] lookup_one_qstr_excl+0x3e/0x120 [ 573.087010][T16613] filename_create+0x1e7/0x4a0 [ 573.087032][T16613] ? __pfx_filename_create+0x10/0x10 [ 573.087053][T16613] ? find_held_lock+0x2b/0x80 [ 573.087076][T16613] do_mkdirat+0xaa/0x3e0 [ 573.087094][T16613] ? __pfx_do_mkdirat+0x10/0x10 [ 573.087109][T16613] ? getname_flags.part.0+0x1c5/0x550 [ 573.087133][T16613] __ia32_sys_mkdirat+0x82/0xb0 [ 573.087149][T16613] __do_fast_syscall_32+0x7c/0x3a0 [ 573.087188][T16613] do_fast_syscall_32+0x32/0x80 [ 573.087205][T16613] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 573.087231][T16613] RIP: 0023:0xf70be579 [ 573.087243][T16613] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 573.087258][T16613] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000128 [ 573.087272][T16613] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000 [ 573.087281][T16613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 573.087289][T16613] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 573.087297][T16613] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 573.087305][T16613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 573.087323][T16613] [ 573.152383][ T55] usb usb44-port1: unable to enumerate USB device [ 573.849327][T16622] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2905'. [ 574.718591][T16639] ubi31: attaching mtd0 [ 574.723916][T16639] ubi31: scanning is finished [ 574.725546][T16639] ubi31: empty MTD device detected [ 574.761964][T16646] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2909'. [ 574.765036][T16646] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2909'. [ 574.847180][T16639] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 574.856100][T16639] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 574.867899][T16639] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 574.878021][T16639] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 574.885047][T16639] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 574.893757][T16639] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 574.903701][T16639] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 335878460 [ 574.916552][T16639] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 574.932088][T16650] ubi31: background thread "ubi_bgt31d" started, PID 16650 [ 575.567837][ T93] Bluetooth: hci2: Frame reassembly failed (-84) [ 575.580017][T16654] netlink: 'syz.0.2910': attribute type 1 has an invalid length. [ 575.583445][T16654] netlink: 396 bytes leftover after parsing attributes in process `syz.0.2910'. [ 575.587294][T16654] NCSI netlink: No device for ifindex 0 [ 575.659481][T16660] lo speed is unknown, defaulting to 1000 [ 575.662186][T16660] lo speed is unknown, defaulting to 1000 [ 576.041192][ T6008] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 576.158394][T16673] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2915'. [ 576.211183][ T6008] usb 7-1: Using ep0 maxpacket: 16 [ 576.214579][ T6008] usb 7-1: config 0 has an invalid interface number: 145 but max is 0 [ 576.217490][ T6008] usb 7-1: config 0 has no interface number 0 [ 576.221051][ T6008] usb 7-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 576.224122][ T6008] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.226706][ T6008] usb 7-1: Product: syz [ 576.228052][ T6008] usb 7-1: Manufacturer: syz [ 576.229575][ T6008] usb 7-1: SerialNumber: syz [ 576.233075][ T6008] usb 7-1: config 0 descriptor?? [ 576.240067][ T6008] hub 7-1:0.145: bad descriptor, ignoring hub [ 576.242571][ T6008] hub 7-1:0.145: probe with driver hub failed with error -5 [ 576.247700][ T6008] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.145/input/input35 [ 576.713773][ T24] usb 7-1: USB disconnect, device number 10 [ 577.591286][ T5967] Bluetooth: hci2: command 0xfc11 tx timeout [ 577.595780][ T5318] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 577.786155][T16692] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2920'. [ 578.046091][T16691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2919'. [ 578.653139][T16706] FAULT_INJECTION: forcing a failure. [ 578.653139][T16706] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 578.657927][T16706] CPU: 2 UID: 0 PID: 16706 Comm: syz.3.2923 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 578.657952][T16706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 578.657964][T16706] Call Trace: [ 578.657970][T16706] [ 578.657978][T16706] dump_stack_lvl+0x16c/0x1f0 [ 578.658002][T16706] should_fail_ex+0x512/0x640 [ 578.658025][T16706] _copy_to_user+0x32/0xd0 [ 578.658049][T16706] simple_read_from_buffer+0xcb/0x170 [ 578.658078][T16706] proc_fail_nth_read+0x197/0x270 [ 578.658104][T16706] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 578.658130][T16706] ? rw_verify_area+0xcf/0x680 [ 578.658155][T16706] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 578.658196][T16706] vfs_read+0x1e4/0xc60 [ 578.658213][T16706] ? fdget_pos+0x2a2/0x370 [ 578.658233][T16706] ? __pfx_vfs_read+0x10/0x10 [ 578.658248][T16706] ? find_held_lock+0x2b/0x80 [ 578.658274][T16706] ? __fget_files+0x20e/0x3c0 [ 578.658308][T16706] ksys_read+0x12a/0x250 [ 578.658324][T16706] ? __pfx_ksys_read+0x10/0x10 [ 578.658343][T16706] ? rcu_is_watching+0x12/0xc0 [ 578.658365][T16706] __do_fast_syscall_32+0x7c/0x3a0 [ 578.658387][T16706] do_fast_syscall_32+0x32/0x80 [ 578.658407][T16706] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 578.658429][T16706] RIP: 0023:0xf707e579 [ 578.658443][T16706] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 578.658460][T16706] RSP: 002b:00000000f506e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 578.658477][T16706] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f506e620 [ 578.658489][T16706] RDX: 000000000000000f RSI: 00000000f73e4ff4 RDI: 0000000000000000 [ 578.658499][T16706] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 578.658510][T16706] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 578.658520][T16706] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 578.658544][T16706] [ 578.884611][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 578.887278][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 579.339063][T16723] netlink: 'syz.1.2922': attribute type 10 has an invalid length. [ 579.389680][T16722] netlink: 'syz.1.2922': attribute type 10 has an invalid length. [ 579.392956][T16722] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2922'. [ 579.527338][T16723] batman_adv: batadv0: Adding interface: team0 [ 579.529352][T16723] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.541202][T16723] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 579.544679][T16722] team0: entered promiscuous mode [ 579.547391][T16722] 8021q: adding VLAN 0 to HW filter on device team0 [ 579.549774][T16722] batman_adv: batadv0: Interface activated: team0 [ 579.701329][T16722] batman_adv: batadv0: Interface deactivated: team0 [ 579.703980][T16722] batman_adv: batadv0: Removing interface: team0 [ 580.532994][T16740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2929'. [ 581.050713][T16751] netlink: 'syz.3.2930': attribute type 1 has an invalid length. [ 581.053913][T16751] netlink: 396 bytes leftover after parsing attributes in process `syz.3.2930'. [ 581.057161][T16751] NCSI netlink: No device for ifindex 0 [ 581.124120][T16753] lo speed is unknown, defaulting to 1000 [ 581.127286][T16753] lo speed is unknown, defaulting to 1000 [ 581.173132][ T5967] Bluetooth: hci2: sending frame failed (-49) [ 581.176183][ T5318] Bluetooth: hci2: Entering manufacturer mode failed (-49) [ 581.281385][T16761] tmpfs: Cannot enable swap on remount if it was disabled on first mount [ 581.840848][T16766] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.907148][T16766] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.069888][T16766] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.433156][T16766] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.542209][T16766] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.556857][T16766] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.565960][T16766] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.575848][T16766] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.666861][T16778] wireguard0: entered promiscuous mode [ 582.668707][T16778] wireguard0: entered allmulticast mode [ 583.094946][T16789] FAULT_INJECTION: forcing a failure. [ 583.094946][T16789] name failslab, interval 1, probability 0, space 0, times 0 [ 583.099006][T16789] CPU: 1 UID: 0 PID: 16789 Comm: syz.0.2938 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 583.099030][T16789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 583.099040][T16789] Call Trace: [ 583.099046][T16789] [ 583.099052][T16789] dump_stack_lvl+0x16c/0x1f0 [ 583.099074][T16789] should_fail_ex+0x512/0x640 [ 583.099091][T16789] ? fs_reclaim_acquire+0xae/0x150 [ 583.099115][T16789] ? tomoyo_encode2+0x100/0x3e0 [ 583.099129][T16789] should_failslab+0xc2/0x120 [ 583.099149][T16789] __kmalloc_noprof+0xd2/0x510 [ 583.099166][T16789] ? d_absolute_path+0x136/0x1a0 [ 583.099192][T16789] tomoyo_encode2+0x100/0x3e0 [ 583.099227][T16789] tomoyo_encode+0x29/0x50 [ 583.099242][T16789] tomoyo_realpath_from_path+0x18f/0x6e0 [ 583.099267][T16789] tomoyo_path_number_perm+0x245/0x580 [ 583.099284][T16789] ? tomoyo_path_number_perm+0x237/0x580 [ 583.099301][T16789] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 583.099332][T16789] ? find_held_lock+0x2b/0x80 [ 583.099344][T16789] ? hook_file_ioctl_common+0x145/0x410 [ 583.099362][T16789] ? __fget_files+0x20e/0x3c0 [ 583.099379][T16789] ? __fput_deferred+0x480/0x480 [ 583.099396][T16789] security_file_ioctl_compat+0x9b/0x240 [ 583.099413][T16789] __ia32_compat_sys_ioctl+0xc3/0x370 [ 583.099431][T16789] __do_fast_syscall_32+0x7c/0x3a0 [ 583.099445][T16789] do_fast_syscall_32+0x32/0x80 [ 583.099456][T16789] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 583.099470][T16789] RIP: 0023:0xf707e579 [ 583.099480][T16789] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 583.099490][T16789] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 583.099501][T16789] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c02c563a [ 583.099508][T16789] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 583.099515][T16789] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 583.099521][T16789] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 583.099528][T16789] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 583.099541][T16789] [ 583.101199][T16789] ERROR: Out of memory at tomoyo_realpath_from_path. [ 583.380909][T16795] netlink: 'syz.3.2936': attribute type 10 has an invalid length. [ 583.389551][T16795] batman_adv: batadv0: Adding interface: team0 [ 583.391787][T16795] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 583.399949][T16795] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 583.412846][T16795] netlink: 'syz.3.2936': attribute type 10 has an invalid length. [ 583.415781][T16795] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2936'. [ 583.418700][T16795] team0: entered promiscuous mode [ 583.420408][T16795] team_slave_0: entered promiscuous mode [ 583.423060][T16795] team_slave_1: entered promiscuous mode [ 583.427745][T16795] 8021q: adding VLAN 0 to HW filter on device team0 [ 583.430484][T16795] batman_adv: batadv0: Interface activated: team0 [ 583.433099][T16795] batman_adv: batadv0: Interface deactivated: team0 [ 583.435604][T16795] batman_adv: batadv0: Removing interface: team0 [ 583.950815][T16804] FAULT_INJECTION: forcing a failure. [ 583.950815][T16804] name failslab, interval 1, probability 0, space 0, times 0 [ 583.955229][T16804] CPU: 2 UID: 0 PID: 16804 Comm: syz.1.2942 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 583.955244][T16804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 583.955252][T16804] Call Trace: [ 583.955256][T16804] [ 583.955260][T16804] dump_stack_lvl+0x16c/0x1f0 [ 583.955276][T16804] should_fail_ex+0x512/0x640 [ 583.955287][T16804] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 583.955301][T16804] should_failslab+0xc2/0x120 [ 583.955314][T16804] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 583.955325][T16804] ? fcntl_setlk+0xaa/0xe20 [ 583.955342][T16804] fcntl_setlk+0xaa/0xe20 [ 583.955357][T16804] ? __pfx_fcntl_setlk+0x10/0x10 [ 583.955373][T16804] ? find_held_lock+0x2b/0x80 [ 583.955384][T16804] ? __might_fault+0xe3/0x190 [ 583.955395][T16804] ? __might_fault+0xe3/0x190 [ 583.955404][T16804] ? __might_fault+0x13b/0x190 [ 583.955420][T16804] do_compat_fcntl64+0x209/0x710 [ 583.955434][T16804] ? __pfx_do_compat_fcntl64+0x10/0x10 [ 583.955449][T16804] ? fput+0x70/0xf0 [ 583.955462][T16804] ? ksys_write+0x1ac/0x250 [ 583.955474][T16804] ? rcu_is_watching+0x12/0xc0 [ 583.955488][T16804] __do_fast_syscall_32+0x7c/0x3a0 [ 583.955501][T16804] do_fast_syscall_32+0x32/0x80 [ 583.955513][T16804] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 583.955526][T16804] RIP: 0023:0xf70be579 [ 583.955535][T16804] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 583.955546][T16804] RSP: 002b:00000000f508d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000037 [ 583.955557][T16804] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000007 [ 583.955564][T16804] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 583.955570][T16804] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 583.955576][T16804] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 583.955583][T16804] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 583.955596][T16804] [ 584.422344][T16825] FAULT_INJECTION: forcing a failure. [ 584.422344][T16825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 584.427752][T16825] CPU: 0 UID: 0 PID: 16825 Comm: syz.2.2949 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 584.427767][T16825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 584.427774][T16825] Call Trace: [ 584.427779][T16825] [ 584.427783][T16825] dump_stack_lvl+0x16c/0x1f0 [ 584.427798][T16825] should_fail_ex+0x512/0x640 [ 584.427810][T16825] ? page_copy_sane+0xcd/0x2d0 [ 584.427827][T16825] copy_folio_from_iter_atomic+0x375/0x1aa0 [ 584.427843][T16825] ? do_raw_read_unlock+0x44/0xe0 [ 584.427857][T16825] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 584.427871][T16825] ? shmem_write_begin+0x176/0x300 [ 584.427882][T16825] ? find_held_lock+0x2b/0x80 [ 584.427893][T16825] ? __pfx_shmem_write_begin+0x10/0x10 [ 584.427904][T16825] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 584.427920][T16825] ? __pfx_timestamp_truncate+0x10/0x10 [ 584.427934][T16825] generic_perform_write+0x22c/0x930 [ 584.427957][T16825] ? __pfx_generic_perform_write+0x10/0x10 [ 584.427975][T16825] ? inode_needs_update_time.part.0+0x191/0x270 [ 584.427992][T16825] shmem_file_write_iter+0x10e/0x140 [ 584.428006][T16825] vfs_write+0x6c4/0x1150 [ 584.428017][T16825] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 584.428032][T16825] ? __pfx_vfs_write+0x10/0x10 [ 584.428041][T16825] ? find_held_lock+0x2b/0x80 [ 584.428061][T16825] ksys_write+0x12a/0x250 [ 584.428071][T16825] ? __pfx_ksys_write+0x10/0x10 [ 584.428083][T16825] ? rcu_is_watching+0x12/0xc0 [ 584.428097][T16825] __do_fast_syscall_32+0x7c/0x3a0 [ 584.428111][T16825] do_fast_syscall_32+0x32/0x80 [ 584.428122][T16825] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 584.428136][T16825] RIP: 0023:0xf7f87579 [ 584.428145][T16825] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 584.428156][T16825] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 584.428167][T16825] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800004c0 [ 584.428174][T16825] RDX: 000000000208e24b RSI: 0000000000000000 RDI: 0000000000000000 [ 584.428181][T16825] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 584.428187][T16825] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 584.428193][T16825] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 584.428207][T16825] [ 585.417247][T16839] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 585.886647][T16848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2953'. [ 585.889692][T16848] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2953'. [ 585.903947][T16848] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2953'. [ 587.239582][T16854] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2954'. [ 587.766814][T16874] FAULT_INJECTION: forcing a failure. [ 587.766814][T16874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 587.773711][T16874] CPU: 1 UID: 0 PID: 16874 Comm: syz.1.2960 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 587.773727][T16874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 587.773734][T16874] Call Trace: [ 587.773739][T16874] [ 587.773743][T16874] dump_stack_lvl+0x16c/0x1f0 [ 587.773759][T16874] should_fail_ex+0x512/0x640 [ 587.773775][T16874] _copy_from_iter+0x29f/0x16f0 [ 587.773790][T16874] ? __alloc_skb+0x200/0x380 [ 587.773802][T16874] ? __pfx__copy_from_iter+0x10/0x10 [ 587.773815][T16874] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 587.773833][T16874] netlink_sendmsg+0x829/0xdd0 [ 587.773849][T16874] ? __pfx_netlink_sendmsg+0x10/0x10 [ 587.773864][T16874] ? __import_iovec+0x1dd/0x650 [ 587.773879][T16874] ____sys_sendmsg+0xa95/0xc70 [ 587.773896][T16874] ? __pfx_____sys_sendmsg+0x10/0x10 [ 587.773911][T16874] ? get_compat_msghdr+0x11a/0x170 [ 587.773929][T16874] ___sys_sendmsg+0x134/0x1d0 [ 587.773941][T16874] ? __pfx____sys_sendmsg+0x10/0x10 [ 587.773959][T16874] ? find_held_lock+0x2b/0x80 [ 587.773979][T16874] __sys_sendmsg+0x16d/0x220 [ 587.773991][T16874] ? __pfx___sys_sendmsg+0x10/0x10 [ 587.774008][T16874] ? rcu_is_watching+0x12/0xc0 [ 587.774026][T16874] __do_fast_syscall_32+0x7c/0x3a0 [ 587.774040][T16874] do_fast_syscall_32+0x32/0x80 [ 587.774051][T16874] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 587.774065][T16874] RIP: 0023:0xf70be579 [ 587.774074][T16874] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 587.774086][T16874] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 587.774097][T16874] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000a40 [ 587.774104][T16874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 587.774111][T16874] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 587.774117][T16874] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 587.774123][T16874] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 587.774137][T16874] [ 588.169264][T16884] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2964'. [ 588.266729][T16884] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 588.799376][T16890] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2966'. [ 588.804076][T16890] netlink: 'syz.1.2966': attribute type 1 has an invalid length. [ 588.840885][T16890] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 588.865458][ T1141] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 588.874645][T16890] 8021q: adding VLAN 0 to HW filter on device bond2 [ 588.951292][ T5318] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 588.970933][T16893] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2965'. [ 588.981227][ T71] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 589.447268][T16897] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2967'. [ 589.801348][T16908] FAULT_INJECTION: forcing a failure. [ 589.801348][T16908] name failslab, interval 1, probability 0, space 0, times 0 [ 589.806490][T16908] CPU: 3 UID: 0 PID: 16908 Comm: syz.2.2969 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 589.806533][T16908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 589.806545][T16908] Call Trace: [ 589.806552][T16908] [ 589.806561][T16908] dump_stack_lvl+0x16c/0x1f0 [ 589.806584][T16908] should_fail_ex+0x512/0x640 [ 589.806604][T16908] ? fs_reclaim_acquire+0xae/0x150 [ 589.806631][T16908] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 589.806650][T16908] should_failslab+0xc2/0x120 [ 589.806673][T16908] __kmalloc_noprof+0xd2/0x510 [ 589.806698][T16908] tomoyo_realpath_from_path+0xc2/0x6e0 [ 589.806718][T16908] ? tomoyo_profile+0x47/0x60 [ 589.806742][T16908] tomoyo_path_number_perm+0x245/0x580 [ 589.806766][T16908] ? tomoyo_path_number_perm+0x237/0x580 [ 589.806794][T16908] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 589.806844][T16908] ? find_held_lock+0x2b/0x80 [ 589.806864][T16908] ? hook_file_ioctl_common+0x145/0x410 [ 589.806893][T16908] ? __fget_files+0x20e/0x3c0 [ 589.806918][T16908] ? __fput_deferred+0x480/0x480 [ 589.806943][T16908] security_file_ioctl_compat+0x9b/0x240 [ 589.806976][T16908] __ia32_compat_sys_ioctl+0xc3/0x370 [ 589.807003][T16908] __do_fast_syscall_32+0x7c/0x3a0 [ 589.807024][T16908] do_fast_syscall_32+0x32/0x80 [ 589.807042][T16908] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 589.807064][T16908] RIP: 0023:0xf7f87579 [ 589.807076][T16908] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 589.807093][T16908] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 589.807109][T16908] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 589.807119][T16908] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 589.807129][T16908] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 589.807139][T16908] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 589.807149][T16908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 589.807172][T16908] [ 589.807713][T16908] ERROR: Out of memory at tomoyo_realpath_from_path. [ 590.798862][T16927] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2976'. [ 590.804223][T16927] netlink: 'syz.0.2976': attribute type 1 has an invalid length. [ 590.852559][T16927] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 590.878871][ T93] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 590.886973][T16927] 8021q: adding VLAN 0 to HW filter on device bond1 [ 591.004464][ T93] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 591.016865][ T5963] Bluetooth: hci2: sending frame failed (-49) [ 591.019514][ T5318] Bluetooth: hci2: Entering manufacturer mode failed (-49) [ 591.068238][T16945] FAULT_INJECTION: forcing a failure. [ 591.068238][T16945] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 591.072804][T16945] CPU: 2 UID: 0 PID: 16945 Comm: syz.0.2982 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 591.072821][T16945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 591.072829][T16945] Call Trace: [ 591.072833][T16945] [ 591.072838][T16945] dump_stack_lvl+0x16c/0x1f0 [ 591.072853][T16945] should_fail_ex+0x512/0x640 [ 591.072867][T16945] _copy_from_user+0x2e/0xd0 [ 591.072880][T16945] ucma_write+0x128/0x330 [ 591.072894][T16945] ? __pfx_ucma_write+0x10/0x10 [ 591.072905][T16945] ? bpf_lsm_file_permission+0x9/0x10 [ 591.072920][T16945] ? security_file_permission+0x71/0x210 [ 591.072938][T16945] ? rw_verify_area+0xcf/0x680 [ 591.072957][T16945] ? __pfx_ucma_write+0x10/0x10 [ 591.072968][T16945] vfs_write+0x29d/0x1150 [ 591.072981][T16945] ? __pfx_vfs_write+0x10/0x10 [ 591.072989][T16945] ? find_held_lock+0x2b/0x80 [ 591.073002][T16945] ? __fget_files+0x204/0x3c0 [ 591.073022][T16945] ? __fget_files+0x20e/0x3c0 [ 591.073038][T16945] ? handle_mm_fault+0x230/0xd10 [ 591.073058][T16945] ksys_write+0x1f8/0x250 [ 591.073068][T16945] ? __pfx_ksys_write+0x10/0x10 [ 591.073079][T16945] ? rcu_is_watching+0x12/0xc0 [ 591.073093][T16945] __do_fast_syscall_32+0x7c/0x3a0 [ 591.073106][T16945] do_fast_syscall_32+0x32/0x80 [ 591.073117][T16945] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 591.073131][T16945] RIP: 0023:0xf707e579 [ 591.073140][T16945] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 591.073151][T16945] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 591.073177][T16945] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 591.073184][T16945] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 591.073191][T16945] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 591.073197][T16945] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 591.073203][T16945] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 591.073217][T16945] [ 591.078067][T16946] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2977'. [ 591.193979][ T5318] Bluetooth: hci0: command 0x0406 tx timeout [ 592.041533][T16965] program syz.3.2990 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 592.045263][T16965] netlink: 'syz.3.2990': attribute type 3 has an invalid length. [ 592.070254][T16967] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 592.076146][T16967] FAULT_INJECTION: forcing a failure. [ 592.076146][T16967] name failslab, interval 1, probability 0, space 0, times 0 [ 592.081801][T16967] CPU: 3 UID: 0 PID: 16967 Comm: syz.0.2991 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 592.081839][T16967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 592.081851][T16967] Call Trace: [ 592.081856][T16967] [ 592.081860][T16967] dump_stack_lvl+0x16c/0x1f0 [ 592.081876][T16967] should_fail_ex+0x512/0x640 [ 592.081888][T16967] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 592.081902][T16967] should_failslab+0xc2/0x120 [ 592.081915][T16967] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 592.081926][T16967] ? copy_process+0x4b6/0x7650 [ 592.081941][T16967] ? _raw_spin_unlock_irq+0x23/0x50 [ 592.081959][T16967] copy_process+0x4b6/0x7650 [ 592.081984][T16967] ? __pfx_copy_process+0x10/0x10 [ 592.082000][T16967] ? lockdep_init_map_type+0x5c/0x280 [ 592.082017][T16967] ? lockdep_init_map_type+0x5c/0x280 [ 592.082033][T16967] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 592.082050][T16967] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 592.082063][T16967] vhost_task_create+0x1d2/0x2e0 [ 592.082080][T16967] ? __pfx_vhost_task_create+0x10/0x10 [ 592.082096][T16967] ? kvm_mmu_post_init_vm+0xb4/0x370 [ 592.082113][T16967] ? __pfx_vhost_task_fn+0x10/0x10 [ 592.082136][T16967] kvm_mmu_post_init_vm+0x1b7/0x370 [ 592.082152][T16967] kvm_arch_vcpu_ioctl_run+0x66/0x18c0 [ 592.082166][T16967] ? kvm_vcpu_ioctl+0x14c6/0x1690 [ 592.082182][T16967] kvm_vcpu_ioctl+0x5eb/0x1690 [ 592.082197][T16967] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 592.082211][T16967] ? tomoyo_path_number_perm+0x18d/0x580 [ 592.082229][T16967] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 592.082245][T16967] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 592.082263][T16967] ? do_vfs_ioctl+0x523/0x1a60 [ 592.082279][T16967] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 592.082305][T16967] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 592.082320][T16967] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 592.082334][T16967] ? __fget_files+0x20e/0x3c0 [ 592.082350][T16967] ? __fput_deferred+0x480/0x480 [ 592.082372][T16967] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 592.082393][T16967] __ia32_compat_sys_ioctl+0x23f/0x370 [ 592.082422][T16967] __do_fast_syscall_32+0x7c/0x3a0 [ 592.082444][T16967] do_fast_syscall_32+0x32/0x80 [ 592.082463][T16967] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 592.082494][T16967] RIP: 0023:0xf707e579 [ 592.082505][T16967] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 592.082516][T16967] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 592.082527][T16967] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 592.082534][T16967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 592.082540][T16967] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 592.082546][T16967] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 592.082553][T16967] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 592.082567][T16967] [ 592.819625][T16981] cgroup: fork rejected by pids controller in /syz3 [ 593.601899][T17059] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2997'. [ 593.622007][T17061] FAULT_INJECTION: forcing a failure. [ 593.622007][T17061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 593.626812][T17061] CPU: 0 UID: 0 PID: 17061 Comm: syz.1.3000 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 593.626836][T17061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 593.626847][T17061] Call Trace: [ 593.626854][T17061] [ 593.626862][T17061] dump_stack_lvl+0x16c/0x1f0 [ 593.626886][T17061] should_fail_ex+0x512/0x640 [ 593.626908][T17061] _copy_from_user+0x2e/0xd0 [ 593.626928][T17061] drm_ioctl+0x4fb/0xc30 [ 593.626952][T17061] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 593.626980][T17061] ? __pfx_drm_ioctl+0x10/0x10 [ 593.627018][T17061] drm_compat_ioctl+0x327/0x460 [ 593.627044][T17061] ? __pfx_drm_compat_ioctl+0x10/0x10 [ 593.627069][T17061] __ia32_compat_sys_ioctl+0x23f/0x370 [ 593.627098][T17061] __do_fast_syscall_32+0x7c/0x3a0 [ 593.627120][T17061] do_fast_syscall_32+0x32/0x80 [ 593.627139][T17061] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 593.627161][T17061] RIP: 0023:0xf70be579 [ 593.627175][T17061] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 593.627192][T17061] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 593.627209][T17061] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c03864bc [ 593.627221][T17061] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 593.627231][T17061] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 593.627242][T17061] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 593.627252][T17061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 593.627275][T17061] [ 593.689867][ C0] vkms_vblank_simulate: vblank timer overrun [ 593.780781][T17065] fuse: Bad value for 'fd' [ 595.168314][T17087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3008'. [ 595.993409][T17101] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 596.645351][T17107] 9pnet_fd: Insufficient options for proto=fd [ 596.804309][T17117] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3012'. [ 597.053628][T17120] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3015'. [ 597.056459][T17120] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3015'. [ 597.059240][T17120] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3015'. [ 598.689793][T17145] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3018'. [ 598.693585][T17145] openvswitch: netlink: nsh attr 5 is out of range max 3 [ 598.695931][T17145] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 598.802044][T17150] FAULT_INJECTION: forcing a failure. [ 598.802044][T17150] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 598.806109][T17150] CPU: 3 UID: 0 PID: 17150 Comm: syz.1.3023 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 598.806124][T17150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 598.806132][T17150] Call Trace: [ 598.806135][T17150] [ 598.806140][T17150] dump_stack_lvl+0x16c/0x1f0 [ 598.806155][T17150] should_fail_ex+0x512/0x640 [ 598.806168][T17150] _copy_to_user+0x32/0xd0 [ 598.806182][T17150] simple_read_from_buffer+0xcb/0x170 [ 598.806200][T17150] proc_fail_nth_read+0x197/0x270 [ 598.806216][T17150] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 598.806233][T17150] ? rw_verify_area+0xcf/0x680 [ 598.806248][T17150] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 598.806264][T17150] vfs_read+0x1e4/0xc60 [ 598.806274][T17150] ? fdget_pos+0x2a2/0x370 [ 598.806286][T17150] ? __pfx_vfs_read+0x10/0x10 [ 598.806295][T17150] ? find_held_lock+0x2b/0x80 [ 598.806310][T17150] ? __fget_files+0x20e/0x3c0 [ 598.806330][T17150] ksys_read+0x12a/0x250 [ 598.806340][T17150] ? __pfx_ksys_read+0x10/0x10 [ 598.806351][T17150] ? rcu_is_watching+0x12/0xc0 [ 598.806365][T17150] __do_fast_syscall_32+0x7c/0x3a0 [ 598.806378][T17150] do_fast_syscall_32+0x32/0x80 [ 598.806390][T17150] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 598.806403][T17150] RIP: 0023:0xf70be579 [ 598.806412][T17150] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 598.806439][T17150] RSP: 002b:00000000f50ae590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 598.806450][T17150] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50ae620 [ 598.806457][T17150] RDX: 000000000000000f RSI: 00000000f7424ff4 RDI: 0000000000000000 [ 598.806463][T17150] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 598.806469][T17150] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 598.806476][T17150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 598.806490][T17150] [ 598.855721][T17152] netlink: 9292 bytes leftover after parsing attributes in process `syz.1.3031'. [ 598.878995][ T40] audit: type=1326 audit(1753742315.457:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.887606][ T40] audit: type=1326 audit(1753742315.457:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.896245][ T40] audit: type=1326 audit(1753742315.457:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=314 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.908510][ T40] audit: type=1326 audit(1753742315.457:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.919413][ T40] audit: type=1326 audit(1753742315.457:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.922346][T17152] syz.1.3031: attempt to access beyond end of device [ 598.922346][T17152] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 598.930517][T17152] XFS (nbd1): SB validate failed with error -5. [ 598.933263][ T40] audit: type=1326 audit(1753742315.457:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.944478][ T40] audit: type=1326 audit(1753742315.457:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.961039][ T40] audit: type=1326 audit(1753742315.457:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.969983][ T40] audit: type=1326 audit(1753742315.457:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 598.982275][ T40] audit: type=1326 audit(1753742315.547:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17151 comm="syz.1.3031" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 599.502332][T17168] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3026'. [ 600.042240][T17172] ip6gre0: Master is either lo or non-ether device [ 600.227328][T17177] FAULT_INJECTION: forcing a failure. [ 600.227328][T17177] name failslab, interval 1, probability 0, space 0, times 0 [ 600.236732][T17177] CPU: 0 UID: 0 PID: 17177 Comm: syz.1.3030 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 600.236757][T17177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 600.236769][T17177] Call Trace: [ 600.236775][T17177] [ 600.236783][T17177] dump_stack_lvl+0x16c/0x1f0 [ 600.236806][T17177] should_fail_ex+0x512/0x640 [ 600.236825][T17177] ? __kvmalloc_node_noprof+0x124/0x620 [ 600.236856][T17177] should_failslab+0xc2/0x120 [ 600.236885][T17177] __kvmalloc_node_noprof+0x137/0x620 [ 600.236913][T17177] ? __pfx___mutex_lock+0x10/0x10 [ 600.236931][T17177] ? traverse.part.0.constprop.0+0x392/0x640 [ 600.236962][T17177] ? traverse.part.0.constprop.0+0x392/0x640 [ 600.236986][T17177] traverse.part.0.constprop.0+0x392/0x640 [ 600.237021][T17177] seq_read_iter+0x932/0x12c0 [ 600.237047][T17177] ? aa_file_perm+0x4d6/0xfb0 [ 600.237071][T17177] seq_read+0x39e/0x4e0 [ 600.237100][T17177] ? __pfx_seq_read+0x10/0x10 [ 600.237132][T17177] ? import_ubuf+0x1b6/0x220 [ 600.237163][T17177] ? __pfx_seq_read+0x10/0x10 [ 600.237188][T17177] proc_reg_read+0x23d/0x330 [ 600.237210][T17177] ? __pfx_proc_reg_read+0x10/0x10 [ 600.237227][T17177] vfs_readv+0x5c1/0x8b0 [ 600.237261][T17177] ? __pfx_vfs_readv+0x10/0x10 [ 600.237289][T17177] ? find_held_lock+0x2b/0x80 [ 600.237328][T17177] ? __fget_files+0x20e/0x3c0 [ 600.237364][T17177] ? do_preadv+0x1a6/0x270 [ 600.237389][T17177] do_preadv+0x1a6/0x270 [ 600.237417][T17177] ? __pfx_do_preadv+0x10/0x10 [ 600.237446][T17177] ? rcu_is_watching+0x12/0xc0 [ 600.237471][T17177] __do_fast_syscall_32+0x7c/0x3a0 [ 600.237493][T17177] do_fast_syscall_32+0x32/0x80 [ 600.237512][T17177] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 600.237534][T17177] RIP: 0023:0xf70be579 [ 600.237549][T17177] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 600.237566][T17177] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 600.237585][T17177] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 600.237596][T17177] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000000 [ 600.237606][T17177] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 600.237616][T17177] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 600.237626][T17177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 600.237650][T17177] [ 601.013285][T17191] FAULT_INJECTION: forcing a failure. [ 601.013285][T17191] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.017516][T17191] CPU: 0 UID: 0 PID: 17191 Comm: syz.3.3034 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 601.017531][T17191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 601.017539][T17191] Call Trace: [ 601.017544][T17191] [ 601.017549][T17191] dump_stack_lvl+0x16c/0x1f0 [ 601.017564][T17191] should_fail_ex+0x512/0x640 [ 601.017578][T17191] _copy_from_iter+0x29f/0x16f0 [ 601.017593][T17191] ? __alloc_skb+0x200/0x380 [ 601.017604][T17191] ? __pfx__copy_from_iter+0x10/0x10 [ 601.017618][T17191] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 601.017636][T17191] netlink_sendmsg+0x829/0xdd0 [ 601.017652][T17191] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.017666][T17191] ? __import_iovec+0x1dd/0x650 [ 601.017682][T17191] ____sys_sendmsg+0xa95/0xc70 [ 601.017700][T17191] ? __pfx_____sys_sendmsg+0x10/0x10 [ 601.017714][T17191] ? get_compat_msghdr+0x11a/0x170 [ 601.017732][T17191] ___sys_sendmsg+0x134/0x1d0 [ 601.017745][T17191] ? __pfx____sys_sendmsg+0x10/0x10 [ 601.017763][T17191] ? find_held_lock+0x2b/0x80 [ 601.017783][T17191] __sys_sendmsg+0x16d/0x220 [ 601.017795][T17191] ? __pfx___sys_sendmsg+0x10/0x10 [ 601.017813][T17191] ? rcu_is_watching+0x12/0xc0 [ 601.017826][T17191] __do_fast_syscall_32+0x7c/0x3a0 [ 601.017840][T17191] do_fast_syscall_32+0x32/0x80 [ 601.017852][T17191] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 601.017865][T17191] RIP: 0023:0xf707e579 [ 601.017876][T17191] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 601.017892][T17191] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 601.017906][T17191] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 601.017912][T17191] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 601.017919][T17191] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 601.017925][T17191] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 601.017931][T17191] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 601.017950][T17191] [ 601.311921][T17195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3036'. [ 601.315170][T17195] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3036'. [ 601.317984][T17195] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3036'. [ 601.750118][ T6008] lo speed is unknown, defaulting to 1000 [ 601.763107][ T6008] syz0: Port: 1 Link DOWN [ 602.270653][T17208] __nla_validate_parse: 3 callbacks suppressed [ 602.270665][T17208] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3039'. [ 602.276202][T17208] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3039'. [ 602.279011][T17208] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3039'. [ 602.594658][T17220] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3040'. [ 603.439106][T17230] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3046'. [ 603.443131][T17230] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3046'. [ 603.447091][T17230] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3046'. [ 604.236596][T17242] FAULT_INJECTION: forcing a failure. [ 604.236596][T17242] name failslab, interval 1, probability 0, space 0, times 0 [ 604.242577][T17242] CPU: 1 UID: 0 PID: 17242 Comm: syz.1.3048 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 604.242593][T17242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 604.242601][T17242] Call Trace: [ 604.242605][T17242] [ 604.242621][T17242] dump_stack_lvl+0x16c/0x1f0 [ 604.242638][T17242] should_fail_ex+0x512/0x640 [ 604.242652][T17242] should_failslab+0xc2/0x120 [ 604.242667][T17242] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 604.242679][T17242] ? dst_alloc+0x99/0x1a0 [ 604.242699][T17242] dst_alloc+0x99/0x1a0 [ 604.242717][T17242] rt_dst_alloc+0x35/0x3a0 [ 604.242733][T17242] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 604.242756][T17242] ip_route_output_key_hash+0x137/0x2e0 [ 604.242774][T17242] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 604.242792][T17242] ? __lock_acquire+0xb8a/0x1c90 [ 604.242813][T17242] tcp_v4_connect+0x806/0x1bd0 [ 604.242835][T17242] ? __pfx_tcp_v4_connect+0x10/0x10 [ 604.242850][T17242] ? mptcp_token_new_connect+0x1e9/0x600 [ 604.242874][T17242] mptcp_connect+0x472/0xaf0 [ 604.242891][T17242] __inet_stream_connect+0x917/0xf60 [ 604.242912][T17242] ? __pfx___inet_stream_connect+0x10/0x10 [ 604.242936][T17242] tcp_sendmsg_fastopen+0x3ed/0x750 [ 604.242956][T17242] mptcp_sendmsg+0x14b4/0x1eb0 [ 604.242968][T17242] ? __pfx___might_resched+0x10/0x10 [ 604.242981][T17242] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 604.243000][T17242] ? aa_sk_perm+0x2f4/0xb10 [ 604.243016][T17242] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 604.243030][T17242] ? __import_iovec+0x1dd/0x650 [ 604.243042][T17242] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 604.243053][T17242] inet_sendmsg+0x11c/0x140 [ 604.243071][T17242] ____sys_sendmsg+0x973/0xc70 [ 604.243088][T17242] ? __pfx_____sys_sendmsg+0x10/0x10 [ 604.243102][T17242] ? get_compat_msghdr+0x11a/0x170 [ 604.243121][T17242] ___sys_sendmsg+0x134/0x1d0 [ 604.243133][T17242] ? __pfx____sys_sendmsg+0x10/0x10 [ 604.243152][T17242] ? find_held_lock+0x2b/0x80 [ 604.243173][T17242] __sys_sendmsg+0x16d/0x220 [ 604.243185][T17242] ? __pfx___sys_sendmsg+0x10/0x10 [ 604.243203][T17242] ? rcu_is_watching+0x12/0xc0 [ 604.243217][T17242] __do_fast_syscall_32+0x7c/0x3a0 [ 604.243230][T17242] do_fast_syscall_32+0x32/0x80 [ 604.243242][T17242] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 604.243256][T17242] RIP: 0023:0xf70be579 [ 604.243265][T17242] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 604.243277][T17242] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 604.243287][T17242] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800017c0 [ 604.243294][T17242] RDX: 0000000020004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 604.243301][T17242] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 604.243307][T17242] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 604.243313][T17242] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 604.243327][T17242] [ 604.261895][T17243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3049'. [ 604.348042][T17243] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3049'. [ 604.352543][T17243] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3049'. [ 604.406193][T17250] FAULT_INJECTION: forcing a failure. [ 604.406193][T17250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 604.410332][T17250] CPU: 2 UID: 0 PID: 17250 Comm: syz.0.3051 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 604.410348][T17250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 604.410355][T17250] Call Trace: [ 604.410360][T17250] [ 604.410381][T17250] dump_stack_lvl+0x16c/0x1f0 [ 604.410398][T17250] should_fail_ex+0x512/0x640 [ 604.410412][T17250] _copy_from_iter+0x29f/0x16f0 [ 604.410427][T17250] ? __alloc_skb+0x200/0x380 [ 604.410438][T17250] ? __pfx__copy_from_iter+0x10/0x10 [ 604.410452][T17250] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 604.410470][T17250] netlink_sendmsg+0x829/0xdd0 [ 604.410486][T17250] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.410500][T17250] ? __import_iovec+0x1dd/0x650 [ 604.410516][T17250] ____sys_sendmsg+0xa95/0xc70 [ 604.410533][T17250] ? __pfx_____sys_sendmsg+0x10/0x10 [ 604.410547][T17250] ? get_compat_msghdr+0x11a/0x170 [ 604.410566][T17250] ___sys_sendmsg+0x134/0x1d0 [ 604.410582][T17250] ? __pfx____sys_sendmsg+0x10/0x10 [ 604.410600][T17250] ? find_held_lock+0x2b/0x80 [ 604.410620][T17250] __sys_sendmsg+0x16d/0x220 [ 604.410632][T17250] ? __pfx___sys_sendmsg+0x10/0x10 [ 604.410650][T17250] ? rcu_is_watching+0x12/0xc0 [ 604.410663][T17250] __do_fast_syscall_32+0x7c/0x3a0 [ 604.410677][T17250] do_fast_syscall_32+0x32/0x80 [ 604.410689][T17250] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 604.410702][T17250] RIP: 0023:0xf707e579 [ 604.410711][T17250] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 604.410723][T17250] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 604.410734][T17250] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800003c0 [ 604.410741][T17250] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 604.410747][T17250] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 604.410753][T17250] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 604.410760][T17250] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 604.410773][T17250] [ 605.771386][T17277] netlink: 'syz.0.3058': attribute type 1 has an invalid length. [ 606.124283][T17283] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 606.126451][T17283] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 606.132544][T17283] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 606.134918][T17283] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 606.139269][T17283] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 606.141342][T17283] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 606.154420][T17283] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 606.156389][T17283] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 606.434469][T17293] FAULT_INJECTION: forcing a failure. [ 606.434469][T17293] name failslab, interval 1, probability 0, space 0, times 0 [ 606.438716][T17293] CPU: 3 UID: 0 PID: 17293 Comm: syz.2.3063 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 606.438732][T17293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 606.438739][T17293] Call Trace: [ 606.438743][T17293] [ 606.438748][T17293] dump_stack_lvl+0x16c/0x1f0 [ 606.438763][T17293] should_fail_ex+0x512/0x640 [ 606.438775][T17293] ? __kmalloc_noprof+0xbf/0x510 [ 606.438787][T17293] ? io_cache_alloc_new+0x45/0xf0 [ 606.438798][T17293] should_failslab+0xc2/0x120 [ 606.438811][T17293] __kmalloc_noprof+0xd2/0x510 [ 606.438825][T17293] io_cache_alloc_new+0x45/0xf0 [ 606.438837][T17293] io_rsrc_node_alloc+0x221/0x2b0 [ 606.438849][T17293] io_sqe_buffer_register+0x104/0x2010 [ 606.438883][T17293] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 606.438897][T17293] ? rcu_is_watching+0x12/0xc0 [ 606.438913][T17293] ? trace_kmalloc+0x2b/0xd0 [ 606.438929][T17293] ? iovec_from_user+0xbb/0x140 [ 606.438944][T17293] io_sqe_buffers_register+0x1ed/0x860 [ 606.438960][T17293] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 606.438977][T17293] ? __pfx___mutex_trylock_common+0x10/0x10 [ 606.438996][T17293] __io_uring_register+0x21e2/0x23c0 [ 606.439007][T17293] ? trace_contention_end+0xdd/0x130 [ 606.439022][T17293] ? __pfx___io_uring_register+0x10/0x10 [ 606.439034][T17293] ? __ia32_sys_io_uring_register+0x159/0x280 [ 606.439046][T17293] ? __pfx___mutex_lock+0x10/0x10 [ 606.439074][T17293] ? __fget_files+0x20e/0x3c0 [ 606.439091][T17293] ? __fput_deferred+0x480/0x480 [ 606.439108][T17293] __ia32_sys_io_uring_register+0x169/0x280 [ 606.439121][T17293] __do_fast_syscall_32+0x7c/0x3a0 [ 606.439134][T17293] do_fast_syscall_32+0x32/0x80 [ 606.439146][T17293] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 606.439161][T17293] RIP: 0023:0xf7f87579 [ 606.439170][T17293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 606.439181][T17293] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 00000000000001ab [ 606.439192][T17293] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 606.439198][T17293] RDX: 0000000080000100 RSI: 0000000000000001 RDI: 0000000000000000 [ 606.439205][T17293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 606.439211][T17293] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 606.439218][T17293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 606.439231][T17293] [ 608.019867][T17322] __nla_validate_parse: 9 callbacks suppressed [ 608.019880][T17322] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3072'. [ 608.024853][T17322] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3072'. [ 608.027854][T17322] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3072'. [ 608.595145][T17315] kexec: Could not allocate control_code_buffer [ 608.629030][T17332] FAULT_INJECTION: forcing a failure. [ 608.629030][T17332] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.633320][T17332] CPU: 0 UID: 0 PID: 17332 Comm: syz.0.3075 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 608.633335][T17332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 608.633342][T17332] Call Trace: [ 608.633347][T17332] [ 608.633352][T17332] dump_stack_lvl+0x16c/0x1f0 [ 608.633367][T17332] should_fail_ex+0x512/0x640 [ 608.633381][T17332] _copy_to_user+0x32/0xd0 [ 608.633395][T17332] simple_read_from_buffer+0xcb/0x170 [ 608.633412][T17332] proc_fail_nth_read+0x197/0x270 [ 608.633429][T17332] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 608.633445][T17332] ? rw_verify_area+0xcf/0x680 [ 608.633461][T17332] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 608.633477][T17332] vfs_read+0x1e4/0xc60 [ 608.633487][T17332] ? fdget_pos+0x2a2/0x370 [ 608.633499][T17332] ? __pfx_vfs_read+0x10/0x10 [ 608.633508][T17332] ? find_held_lock+0x2b/0x80 [ 608.633523][T17332] ? __fget_files+0x20e/0x3c0 [ 608.633544][T17332] ksys_read+0x12a/0x250 [ 608.633560][T17332] ? __pfx_ksys_read+0x10/0x10 [ 608.633571][T17332] ? rcu_is_watching+0x12/0xc0 [ 608.633586][T17332] __do_fast_syscall_32+0x7c/0x3a0 [ 608.633599][T17332] do_fast_syscall_32+0x32/0x80 [ 608.633610][T17332] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 608.633624][T17332] RIP: 0023:0xf707e579 [ 608.633633][T17332] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 608.633644][T17332] RSP: 002b:00000000f506e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 608.633655][T17332] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f506e620 [ 608.633662][T17332] RDX: 000000000000000f RSI: 00000000f73e4ff4 RDI: 0000000000000000 [ 608.633668][T17332] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 608.633675][T17332] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 608.633681][T17332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 608.633694][T17332] [ 609.222765][T17341] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 609.224779][T17341] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 609.228111][T17341] vhci_hcd vhci_hcd.0: Device attached [ 609.471748][ T29] usb 37-1: new high-speed USB device number 22 using vhci_hcd [ 609.559287][T17349] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3079'. [ 609.706353][T17343] vhci_hcd: connection reset by peer [ 609.710584][ T1140] vhci_hcd: stop threads [ 609.714921][ T1140] vhci_hcd: release socket [ 609.721319][ T1140] vhci_hcd: disconnect device [ 610.572604][T17362] CUSE: unknown device info "KJ H+ۤ2LhnL1`Ccn80(3նi>f_ٮ,<_eF" [ 610.577566][T17362] CUSE: unknown device info "3ܟ,̘" [ 610.580099][T17362] CUSE: unknown device info "J2S Z !e/J+-na4D|G$5O~q [ 610.580099][T17362] fzXSAxjTǔw xRɐQ(hҏj pVdY0|M?2JIv^R@" [ 610.589991][T17362] CUSE: unknown device info "!To}ݝ&|L+Uoϲ"FstV:׌E gJ<@c4TMM|" [ 610.594305][T17362] CUSE: DEVNAME unspecified [ 610.596495][T17361] vlan1: entered promiscuous mode [ 610.598579][T17361] vlan1: entered allmulticast mode [ 610.600262][T17361] veth0_vlan: entered allmulticast mode [ 610.600727][T17364] FAULT_INJECTION: forcing a failure. [ 610.600727][T17364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 610.607378][T17364] CPU: 2 UID: 0 PID: 17364 Comm: syz.0.3084 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 610.607392][T17364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 610.607399][T17364] Call Trace: [ 610.607403][T17364] [ 610.607407][T17364] dump_stack_lvl+0x16c/0x1f0 [ 610.607423][T17364] should_fail_ex+0x512/0x640 [ 610.607437][T17364] _copy_from_user+0x2e/0xd0 [ 610.607451][T17364] video_usercopy+0x723/0x1440 [ 610.607464][T17364] ? __pfx___video_do_ioctl+0x10/0x10 [ 610.607475][T17364] ? __pfx_video_usercopy+0x10/0x10 [ 610.607492][T17364] ? hook_file_ioctl_common+0x145/0x410 [ 610.607510][T17364] v4l2_ioctl+0x1bd/0x250 [ 610.607520][T17364] ? __pfx_fput+0x1/0x10 [ 610.607541][T17364] v4l2_compat_ioctl32+0x214/0x2c0 [ 610.607557][T17364] ? __pfx_v4l2_compat_ioctl32+0x10/0x10 [ 610.607574][T17364] __ia32_compat_sys_ioctl+0x23f/0x370 [ 610.607592][T17364] __do_fast_syscall_32+0x7c/0x3a0 [ 610.607604][T17364] do_fast_syscall_32+0x32/0x80 [ 610.607616][T17364] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 610.607630][T17364] RIP: 0023:0xf707e579 [ 610.607638][T17364] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 610.607649][T17364] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 610.607659][T17364] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0845657 [ 610.607666][T17364] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000 [ 610.607672][T17364] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 610.607678][T17364] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 610.607685][T17364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 610.607697][T17364] [ 610.806749][T17371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3086'. [ 610.811018][T17371] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3086'. [ 610.820817][T17371] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3086'. [ 610.993726][ T1234] Bluetooth: hci2: Frame reassembly failed (-84) [ 611.544952][T17386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3088'. [ 611.790772][T17395] FAULT_INJECTION: forcing a failure. [ 611.790772][T17395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 611.795124][T17395] CPU: 2 UID: 0 PID: 17395 Comm: syz.2.3090 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 611.795139][T17395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 611.795147][T17395] Call Trace: [ 611.795151][T17395] [ 611.795155][T17395] dump_stack_lvl+0x16c/0x1f0 [ 611.795184][T17395] should_fail_ex+0x512/0x640 [ 611.795198][T17395] _copy_from_iter+0x29f/0x16f0 [ 611.795213][T17395] ? __alloc_skb+0x200/0x380 [ 611.795224][T17395] ? __pfx__copy_from_iter+0x10/0x10 [ 611.795238][T17395] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 611.795257][T17395] netlink_sendmsg+0x829/0xdd0 [ 611.795272][T17395] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.795287][T17395] ? __import_iovec+0x1dd/0x650 [ 611.795302][T17395] ____sys_sendmsg+0xa95/0xc70 [ 611.795318][T17395] ? __pfx_____sys_sendmsg+0x10/0x10 [ 611.795333][T17395] ? get_compat_msghdr+0x11a/0x170 [ 611.795351][T17395] ___sys_sendmsg+0x134/0x1d0 [ 611.795373][T17395] ? __pfx____sys_sendmsg+0x10/0x10 [ 611.795392][T17395] ? find_held_lock+0x2b/0x80 [ 611.795413][T17395] __sys_sendmsg+0x16d/0x220 [ 611.795424][T17395] ? __pfx___sys_sendmsg+0x10/0x10 [ 611.795442][T17395] ? rcu_is_watching+0x12/0xc0 [ 611.795456][T17395] __do_fast_syscall_32+0x7c/0x3a0 [ 611.795469][T17395] do_fast_syscall_32+0x32/0x80 [ 611.795481][T17395] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 611.795495][T17395] RIP: 0023:0xf7f87579 [ 611.795503][T17395] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 611.795518][T17395] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 611.795529][T17395] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 611.795536][T17395] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 611.795542][T17395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 611.795548][T17395] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 611.795555][T17395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 611.795568][T17395] [ 612.687341][T17402] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3091'. [ 613.101606][ T5318] Bluetooth: hci2: command 0xfc11 tx timeout [ 613.101819][ T5967] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 613.755626][T17419] tipc: Started in network mode [ 613.765145][T17419] tipc: Node identity b6f4513dccf8, cluster identity 4711 [ 613.767605][T17419] tipc: Enabled bearer , priority 0 [ 613.914095][T17411] tipc: Disabling bearer [ 614.130928][T17423] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3098'. [ 614.363521][T17441] CUSE: unknown device info "KJ H+ۤ2LhnL1`Ccn80(3նi>f_ٮ,<_eF" [ 614.367232][T17441] CUSE: unknown device info "3ܟ,̘" [ 614.369020][T17441] CUSE: unknown device info "J2S Z !e/J+-na4D|G$5O~q [ 614.369020][T17441] fzXSAxjTǔw xRɐQ(hҏj pVdY0|M?2JIv^R@" [ 614.375093][T17441] CUSE: unknown device info "!To}ݝ&|L+Uoϲ"FstV:׌E gJ<@c4TMM|" [ 614.378886][T17441] CUSE: DEVNAME unspecified [ 614.597807][T17449] FAULT_INJECTION: forcing a failure. [ 614.597807][T17449] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.611174][T17449] CPU: 0 UID: 0 PID: 17449 Comm: syz.2.3112 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 614.611190][T17449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 614.611197][T17449] Call Trace: [ 614.611202][T17449] [ 614.611206][T17449] dump_stack_lvl+0x16c/0x1f0 [ 614.611222][T17449] should_fail_ex+0x512/0x640 [ 614.611236][T17449] _copy_from_iter+0x29f/0x16f0 [ 614.611250][T17449] ? __alloc_skb+0x200/0x380 [ 614.611262][T17449] ? __pfx__copy_from_iter+0x10/0x10 [ 614.611280][T17449] netlink_sendmsg+0x829/0xdd0 [ 614.611296][T17449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 614.611311][T17449] ? __import_iovec+0x1dd/0x650 [ 614.611326][T17449] ____sys_sendmsg+0xa95/0xc70 [ 614.611342][T17449] ? __pfx_____sys_sendmsg+0x10/0x10 [ 614.611356][T17449] ? get_compat_msghdr+0x11a/0x170 [ 614.611374][T17449] ___sys_sendmsg+0x134/0x1d0 [ 614.611386][T17449] ? __pfx____sys_sendmsg+0x10/0x10 [ 614.611404][T17449] ? find_held_lock+0x2b/0x80 [ 614.611424][T17449] __sys_sendmsg+0x16d/0x220 [ 614.611436][T17449] ? __pfx___sys_sendmsg+0x10/0x10 [ 614.611453][T17449] ? rcu_is_watching+0x12/0xc0 [ 614.611467][T17449] __do_fast_syscall_32+0x7c/0x3a0 [ 614.611480][T17449] do_fast_syscall_32+0x32/0x80 [ 614.611492][T17449] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 614.611505][T17449] RIP: 0023:0xf7f87579 [ 614.611514][T17449] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 614.611525][T17449] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 614.611536][T17449] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 614.611543][T17449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 614.611549][T17449] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 614.611555][T17449] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 614.611561][T17449] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 614.611574][T17449] [ 614.711766][ T29] vhci_hcd: vhci_device speed not set [ 614.719995][T17452] mmap: syz.2.3104 (17452): VmData 46026752 exceed data ulimit 1. Update limits or use boot option ignore_rlimit_data. [ 614.862946][T17458] FAULT_INJECTION: forcing a failure. [ 614.862946][T17458] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.867104][T17458] CPU: 3 UID: 0 PID: 17458 Comm: syz.2.3105 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 614.867119][T17458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 614.867126][T17458] Call Trace: [ 614.867131][T17458] [ 614.867135][T17458] dump_stack_lvl+0x16c/0x1f0 [ 614.867151][T17458] should_fail_ex+0x512/0x640 [ 614.867165][T17458] _copy_to_user+0x32/0xd0 [ 614.867179][T17458] simple_read_from_buffer+0xcb/0x170 [ 614.867197][T17458] proc_fail_nth_read+0x197/0x270 [ 614.867213][T17458] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 614.867230][T17458] ? rw_verify_area+0xcf/0x680 [ 614.867245][T17458] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 614.867261][T17458] vfs_read+0x1e4/0xc60 [ 614.867271][T17458] ? fdget_pos+0x2a2/0x370 [ 614.867283][T17458] ? __pfx_vfs_read+0x10/0x10 [ 614.867292][T17458] ? find_held_lock+0x2b/0x80 [ 614.867307][T17458] ? __fget_files+0x20e/0x3c0 [ 614.867329][T17458] ksys_read+0x12a/0x250 [ 614.867338][T17458] ? __pfx_ksys_read+0x10/0x10 [ 614.867349][T17458] ? rcu_is_watching+0x12/0xc0 [ 614.867364][T17458] __do_fast_syscall_32+0x7c/0x3a0 [ 614.867377][T17458] do_fast_syscall_32+0x32/0x80 [ 614.867389][T17458] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 614.867403][T17458] RIP: 0023:0xf7f87579 [ 614.867411][T17458] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 614.867423][T17458] RSP: 002b:00000000f50a6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 614.867433][T17458] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50a6620 [ 614.867440][T17458] RDX: 000000000000000f RSI: 00000000f7414ff4 RDI: 0000000000000000 [ 614.867446][T17458] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 614.867452][T17458] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 614.867459][T17458] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 614.867472][T17458] [ 615.124198][T17463] : renamed from bridge_slave_0 (while UP) [ 615.771804][ T71] Bluetooth: hci2: Frame reassembly failed (-84) [ 616.226884][T17483] FAULT_INJECTION: forcing a failure. [ 616.226884][T17483] name failslab, interval 1, probability 0, space 0, times 0 [ 616.232235][T17483] CPU: 3 UID: 0 PID: 17483 Comm: syz.0.3113 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 616.232253][T17483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 616.232260][T17483] Call Trace: [ 616.232265][T17483] [ 616.232270][T17483] dump_stack_lvl+0x16c/0x1f0 [ 616.232286][T17483] should_fail_ex+0x512/0x640 [ 616.232298][T17483] ? __kvmalloc_node_noprof+0x124/0x620 [ 616.232319][T17483] should_failslab+0xc2/0x120 [ 616.232333][T17483] __kvmalloc_node_noprof+0x137/0x620 [ 616.232353][T17483] ? bucket_table_alloc.isra.0+0x83/0x460 [ 616.232368][T17483] ? bucket_table_alloc.isra.0+0x83/0x460 [ 616.232378][T17483] bucket_table_alloc.isra.0+0x83/0x460 [ 616.232391][T17483] rhashtable_init_noprof+0x41a/0x7e0 [ 616.232403][T17483] ? __pfx_ip6mr_new_table_set+0x10/0x10 [ 616.232420][T17483] rhltable_init_noprof+0x20/0x60 [ 616.232432][T17483] mr_table_alloc+0x116/0x2e0 [ 616.232447][T17483] ? __pfx_ipmr_expire_process+0x10/0x10 [ 616.232466][T17483] ip6_mroute_setsockopt+0x1db9/0x20d0 [ 616.232485][T17483] ? __lock_acquire+0xb8a/0x1c90 [ 616.232503][T17483] ? __pfx_ip6_mroute_setsockopt+0x10/0x10 [ 616.232526][T17483] ? find_held_lock+0x2b/0x80 [ 616.232537][T17483] ? __might_fault+0xe3/0x190 [ 616.232548][T17483] ? __might_fault+0xe3/0x190 [ 616.232559][T17483] ? __might_fault+0x13b/0x190 [ 616.232575][T17483] ? copy_from_sockptr_offset.constprop.0+0xe4/0x1a0 [ 616.232591][T17483] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 616.232611][T17483] ? do_ipv6_setsockopt+0x7b1/0x4300 [ 616.232626][T17483] do_ipv6_setsockopt+0x7b1/0x4300 [ 616.232644][T17483] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 616.232659][T17483] ? __lock_acquire+0x622/0x1c90 [ 616.232676][T17483] ? aa_label_sk_perm+0x19b/0x5a0 [ 616.232695][T17483] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 616.232712][T17483] ? find_held_lock+0x2b/0x80 [ 616.232724][T17483] ? get_pid_task+0xfc/0x250 [ 616.232747][T17483] ? __lock_acquire+0x622/0x1c90 [ 616.232763][T17483] ? __pfx___might_resched+0x10/0x10 [ 616.232779][T17483] ? ipv6_setsockopt+0xcb/0x170 [ 616.232799][T17483] ipv6_setsockopt+0xcb/0x170 [ 616.232815][T17483] rawv6_setsockopt+0xc2/0x510 [ 616.232829][T17483] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 616.232844][T17483] ? sock_common_setsockopt+0x2e/0xf0 [ 616.232860][T17483] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 616.232876][T17483] do_sock_setsockopt+0xf0/0x1d0 [ 616.232892][T17483] __sys_setsockopt+0x120/0x1a0 [ 616.232907][T17483] __ia32_sys_setsockopt+0xbc/0x160 [ 616.232917][T17483] ? lockdep_hardirqs_on+0x7c/0x110 [ 616.232929][T17483] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 616.232942][T17483] __do_fast_syscall_32+0x7c/0x3a0 [ 616.232956][T17483] do_fast_syscall_32+0x32/0x80 [ 616.232968][T17483] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 616.232983][T17483] RIP: 0023:0xf707e579 [ 616.232992][T17483] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 616.233004][T17483] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 616.233015][T17483] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029 [ 616.233023][T17483] RDX: 00000000000000d1 RSI: 0000000080000000 RDI: 0000000000000004 [ 616.233030][T17483] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 616.233037][T17483] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 616.233043][T17483] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 616.233058][T17483] [ 616.450201][T17490] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3116'. [ 616.877830][T17503] lo speed is unknown, defaulting to 1000 [ 616.882519][T17503] lo speed is unknown, defaulting to 1000 [ 617.032291][T17507] 9pnet_fd: Insufficient options for proto=fd [ 617.719972][T17515] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3126'. [ 617.723046][T17515] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3126'. [ 617.725875][T17515] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3126'. [ 617.831380][ T5967] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 617.832519][ T5318] Bluetooth: hci2: command 0xfc11 tx timeout [ 618.619904][T17524] FAULT_INJECTION: forcing a failure. [ 618.619904][T17524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 618.625798][T17524] CPU: 0 UID: 0 PID: 17524 Comm: syz.0.3129 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 618.625824][T17524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 618.625837][T17524] Call Trace: [ 618.625844][T17524] [ 618.625853][T17524] dump_stack_lvl+0x16c/0x1f0 [ 618.625877][T17524] should_fail_ex+0x512/0x640 [ 618.625901][T17524] _copy_from_user+0x2e/0xd0 [ 618.625922][T17524] get_compat_msghdr+0xa7/0x170 [ 618.625943][T17524] ? __pfx_get_compat_msghdr+0x10/0x10 [ 618.625972][T17524] ___sys_sendmsg+0x1ae/0x1d0 [ 618.625994][T17524] ? __pfx____sys_sendmsg+0x10/0x10 [ 618.626025][T17524] ? find_held_lock+0x2b/0x80 [ 618.626061][T17524] __sys_sendmsg+0x16d/0x220 [ 618.626081][T17524] ? __pfx___sys_sendmsg+0x10/0x10 [ 618.626111][T17524] ? rcu_is_watching+0x12/0xc0 [ 618.626135][T17524] __do_fast_syscall_32+0x7c/0x3a0 [ 618.626157][T17524] do_fast_syscall_32+0x32/0x80 [ 618.626177][T17524] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 618.626199][T17524] RIP: 0023:0xf707e579 [ 618.626213][T17524] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 618.626231][T17524] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 618.626272][T17524] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0 [ 618.626283][T17524] RDX: 0000000020044040 RSI: 0000000000000000 RDI: 0000000000000000 [ 618.626294][T17524] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 618.626305][T17524] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 618.626316][T17524] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 618.626342][T17524] [ 618.639537][T17526] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3130'. [ 619.090071][T17534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3132'. [ 619.412840][T17543] FAULT_INJECTION: forcing a failure. [ 619.412840][T17543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 619.413709][T17543] [ 619.413715][T17543] ====================================================== [ 619.413721][T17543] WARNING: possible circular locking dependency detected [ 619.413728][T17543] 6.16.0-syzkaller #0 Not tainted [ 619.413736][T17543] ------------------------------------------------------ [ 619.413741][T17543] syz.3.3135/17543 is trying to acquire lock: [ 619.413750][T17543] ffffffff8e4d2200 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0 [ 619.413798][T17543] [ 619.413798][T17543] but task is already holding lock: [ 619.413802][T17543] ffff88802b439358 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x6c9/0x10f0 [ 619.413846][T17543] [ 619.413846][T17543] which lock already depends on the new lock. [ 619.413846][T17543] [ 619.413852][T17543] [ 619.413852][T17543] the existing dependency chain (in reverse order) is: [ 619.413858][T17543] [ 619.413858][T17543] -> #3 (&pool->lock){-.-.}-{2:2}: [ 619.413881][T17543] _raw_spin_lock+0x2e/0x40 [ 619.413904][T17543] __queue_work+0x26b/0x10f0 [ 619.413926][T17543] queue_work_on+0x15f/0x1f0 [ 619.413949][T17543] rpm_suspend+0xeba/0x11d0 [ 619.413966][T17543] rpm_idle+0x5b4/0x730 [ 619.413981][T17543] __pm_runtime_idle+0xba/0x1a0 [ 619.413995][T17543] __device_attach+0x37e/0x4b0 [ 619.414010][T17543] bus_probe_device+0x17f/0x1c0 [ 619.414023][T17543] device_add+0x1148/0x1a70 [ 619.414042][T17543] serial_base_port_add+0x362/0x4c0 [ 619.414061][T17543] serial_core_register_port+0x13c/0x2570 [ 619.414081][T17543] serial8250_register_8250_port+0x159b/0x23c0 [ 619.414106][T17543] serial_pnp_probe+0x431/0x910 [ 619.414129][T17543] pnp_device_probe+0x2a5/0x4d0 [ 619.414150][T17543] really_probe+0x241/0xa90 [ 619.414166][T17543] __driver_probe_device+0x1de/0x440 [ 619.414183][T17543] driver_probe_device+0x4c/0x1b0 [ 619.414199][T17543] __driver_attach+0x283/0x580 [ 619.414215][T17543] bus_for_each_dev+0x13b/0x1d0 [ 619.414256][T17543] bus_add_driver+0x2e9/0x690 [ 619.414271][T17543] driver_register+0x15c/0x4b0 [ 619.414289][T17543] serial8250_init+0xc9/0x1e0 [ 619.414313][T17543] do_one_initcall+0x120/0x6e0 [ 619.414330][T17543] kernel_init_freeable+0x5c2/0x900 [ 619.414354][T17543] kernel_init+0x1c/0x2b0 [ 619.414373][T17543] ret_from_fork+0x5d4/0x6f0 [ 619.414395][T17543] ret_from_fork_asm+0x1a/0x30 [ 619.414411][T17543] [ 619.414411][T17543] -> #2 (&dev->power.lock){-...}-{3:3}: [ 619.414434][T17543] _raw_spin_lock_irqsave+0x3a/0x60 [ 619.414456][T17543] __pm_runtime_resume+0xa9/0x170 [ 619.414473][T17543] __uart_start+0x1b0/0x4c0 [ 619.414497][T17543] uart_write+0x218/0xb30 [ 619.414513][T17543] n_tty_write+0x40f/0x1160 [ 619.414534][T17543] file_tty_write.constprop.0+0x504/0x9b0 [ 619.414552][T17543] redirected_tty_write+0xd4/0x150 [ 619.414569][T17543] vfs_write+0x6c4/0x1150 [ 619.414583][T17543] ksys_write+0x12a/0x250 [ 619.414597][T17543] do_syscall_64+0xcd/0x490 [ 619.414613][T17543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.414630][T17543] [ 619.414630][T17543] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 619.414651][T17543] _raw_spin_lock_irqsave+0x3a/0x60 [ 619.414673][T17543] serial8250_console_write+0x181/0x1890 [ 619.414697][T17543] console_flush_all+0x801/0xc60 [ 619.414712][T17543] console_unlock+0xd8/0x210 [ 619.414727][T17543] vprintk_emit+0x418/0x6d0 [ 619.414743][T17543] _printk+0xc7/0x100 [ 619.414768][T17543] register_console+0xc2d/0x11b0 [ 619.414785][T17543] univ8250_console_init+0x5f/0x90 [ 619.414807][T17543] console_init+0x14f/0x680 [ 619.414831][T17543] start_kernel+0x29f/0x4d0 [ 619.414853][T17543] x86_64_start_reservations+0x18/0x30 [ 619.414877][T17543] x86_64_start_kernel+0x130/0x190 [ 619.414900][T17543] common_startup_64+0x13e/0x148 [ 619.414916][T17543] [ 619.414916][T17543] -> #0 (console_owner){-.-.}-{0:0}: [ 619.414937][T17543] __lock_acquire+0x126f/0x1c90 [ 619.414958][T17543] lock_acquire+0x179/0x350 [ 619.414979][T17543] console_lock_spinning_enable+0xb0/0xd0 [ 619.414994][T17543] console_flush_all+0x7aa/0xc60 [ 619.415010][T17543] console_unlock+0xd8/0x210 [ 619.415024][T17543] vprintk_emit+0x418/0x6d0 [ 619.415040][T17543] _printk+0xc7/0x100 [ 619.415061][T17543] should_fail_ex+0x4e7/0x640 [ 619.415077][T17543] strncpy_from_user+0x3b/0x2e0 [ 619.415102][T17543] strncpy_from_user_nofault+0x7f/0x180 [ 619.415122][T17543] bpf_probe_read_compat_str+0xe8/0x180 [ 619.415144][T17543] bpf_prog_879a8219fba439cb+0x8b/0x91 [ 619.415158][T17543] bpf_trace_run3+0x242/0x5a0 [ 619.415179][T17543] __bpf_trace_workqueue_queue_work+0x100/0x140 [ 619.415201][T17543] __queue_work+0x4fa/0x10f0 [ 619.415225][T17543] queue_work_on+0x1a4/0x1f0 [ 619.415249][T17543] binder_flush+0x14b/0x1a0 [ 619.415267][T17543] filp_flush+0x115/0x1c0 [ 619.415282][T17543] filp_close+0x1c/0x30 [ 619.415309][T17543] do_dup2+0x327/0x620 [ 619.415332][T17543] ksys_dup3+0x1ff/0x370 [ 619.415355][T17543] __ia32_sys_dup3+0x71/0xb0 [ 619.415370][T17543] __do_fast_syscall_32+0x7c/0x3a0 [ 619.415387][T17543] do_fast_syscall_32+0x32/0x80 [ 619.415403][T17543] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 619.415423][T17543] [ 619.415423][T17543] other info that might help us debug this: [ 619.415423][T17543] [ 619.415429][T17543] Chain exists of: [ 619.415429][T17543] console_owner --> &dev->power.lock --> &pool->lock [ 619.415429][T17543] [ 619.415454][T17543] Possible unsafe locking scenario: [ 619.415454][T17543] [ 619.415458][T17543] CPU0 CPU1 [ 619.415464][T17543] ---- ---- [ 619.415468][T17543] lock(&pool->lock); [ 619.415479][T17543] lock(&dev->power.lock); [ 619.415490][T17543] lock(&pool->lock); [ 619.415502][T17543] lock(console_owner); [ 619.415512][T17543] [ 619.415512][T17543] *** DEADLOCK *** [ 619.415512][T17543] [ 619.415515][T17543] 6 locks held by syz.3.3135/17543: [ 619.415525][T17543] #0: ffffffff901ec7c8 (binder_deferred_lock){+.+.}-{4:4}, at: binder_flush+0x41/0x1a0 [ 619.415563][T17543] #1: ffffffff8e5c4c80 (rcu_read_lock){....}-{1:3}, at: __queue_work+0xe7/0x10f0 [ 619.415608][T17543] #2: ffff88802b439358 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x6c9/0x10f0 [ 619.415653][T17543] #3: ffffffff8e5c4c80 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run3+0x1c5/0x5a0 [ 619.415695][T17543] #4: ffffffff8e5b2640 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100 [ 619.415737][T17543] #5: ffffffff8e5b26b0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60 [ 619.415778][T17543] [ 619.415778][T17543] stack backtrace: [ 619.415787][T17543] CPU: 2 UID: 0 PID: 17543 Comm: syz.3.3135 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 619.415807][T17543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 619.415818][T17543] Call Trace: [ 619.415824][T17543] [ 619.415831][T17543] dump_stack_lvl+0x116/0x1f0 [ 619.415849][T17543] print_circular_bug+0x275/0x350 [ 619.415872][T17543] check_noncircular+0x14c/0x170 [ 619.415898][T17543] __lock_acquire+0x126f/0x1c90 [ 619.415925][T17543] lock_acquire+0x179/0x350 [ 619.415947][T17543] ? console_lock_spinning_enable+0x9f/0xd0 [ 619.415965][T17543] ? console_lock_spinning_enable+0x88/0xd0 [ 619.415985][T17543] console_lock_spinning_enable+0xb0/0xd0 [ 619.416002][T17543] ? console_lock_spinning_enable+0x9f/0xd0 [ 619.416018][T17543] console_flush_all+0x7aa/0xc60 [ 619.416038][T17543] ? __pfx_console_flush_all+0x10/0x10 [ 619.416058][T17543] ? is_printk_cpu_sync_owner+0x32/0x40 [ 619.416080][T17543] console_unlock+0xd8/0x210 [ 619.416096][T17543] ? __pfx_console_unlock+0x10/0x10 [ 619.416112][T17543] ? do_raw_spin_unlock+0x90/0x230 [ 619.416139][T17543] ? _printk+0xc7/0x100 [ 619.416161][T17543] ? __down_trylock_console_sem+0xb0/0x140 [ 619.416187][T17543] vprintk_emit+0x418/0x6d0 [ 619.416205][T17543] ? __pfx_vprintk_emit+0x10/0x10 [ 619.416223][T17543] ? __kernel_text_address+0xd/0x40 [ 619.416249][T17543] ? unwind_get_return_address+0x59/0xa0 [ 619.416278][T17543] _printk+0xc7/0x100 [ 619.416300][T17543] ? __pfx__printk+0x10/0x10 [ 619.416324][T17543] ? __pfx____ratelimit+0x10/0x10 [ 619.416353][T17543] should_fail_ex+0x4e7/0x640 [ 619.416372][T17543] strncpy_from_user+0x3b/0x2e0 [ 619.416399][T17543] strncpy_from_user_nofault+0x7f/0x180 [ 619.416420][T17543] bpf_probe_read_compat_str+0xe8/0x180 [ 619.416444][T17543] bpf_prog_879a8219fba439cb+0x8b/0x91 [ 619.416458][T17543] bpf_trace_run3+0x242/0x5a0 [ 619.416481][T17543] ? __pfx_bpf_trace_run3+0x10/0x10 [ 619.416510][T17543] __bpf_trace_workqueue_queue_work+0x100/0x140 [ 619.416533][T17543] ? __pfx___bpf_trace_workqueue_queue_work+0x10/0x10 [ 619.416557][T17543] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 619.416583][T17543] ? __queue_work+0x6c0/0x10f0 [ 619.416611][T17543] __queue_work+0x4fa/0x10f0 [ 619.416639][T17543] queue_work_on+0x1a4/0x1f0 [ 619.416666][T17543] binder_flush+0x14b/0x1a0 [ 619.416684][T17543] ? __pfx_binder_flush+0x10/0x10 [ 619.416701][T17543] filp_flush+0x115/0x1c0 [ 619.416718][T17543] filp_close+0x1c/0x30 [ 619.416734][T17543] do_dup2+0x327/0x620 [ 619.416766][T17543] ksys_dup3+0x1ff/0x370 [ 619.416792][T17543] __ia32_sys_dup3+0x71/0xb0 [ 619.416810][T17543] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 619.416830][T17543] __do_fast_syscall_32+0x7c/0x3a0 [ 619.416848][T17543] do_fast_syscall_32+0x32/0x80 [ 619.416867][T17543] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 619.416886][T17543] RIP: 0023:0xf707e579 [ 619.416897][T17543] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 619.416913][T17543] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 000000000000014a [ 619.416928][T17543] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000003 [ 619.416939][T17543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 619.416949][T17543] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 619.416960][T17543] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 619.416969][T17543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 619.416986][T17543] [ 619.773174][T17543] CPU: 2 UID: 0 PID: 17543 Comm: syz.3.3135 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 619.773198][T17543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 619.773209][T17543] Call Trace: [ 619.773217][T17543] [ 619.773224][T17543] dump_stack_lvl+0x116/0x1f0 [ 619.773245][T17543] should_fail_ex+0x512/0x640 [ 619.773261][T17543] strncpy_from_user+0x3b/0x2e0 [ 619.773278][T17543] strncpy_from_user_nofault+0x7f/0x180 [ 619.773293][T17543] bpf_probe_read_compat_str+0xe8/0x180 [ 619.773309][T17543] bpf_prog_879a8219fba439cb+0x8b/0x91 [ 619.773318][T17543] bpf_trace_run3+0x242/0x5a0 [ 619.773333][T17543] ? __pfx_bpf_trace_run3+0x10/0x10 [ 619.773351][T17543] __bpf_trace_workqueue_queue_work+0x100/0x140 [ 619.773366][T17543] ? __pfx___bpf_trace_workqueue_queue_work+0x10/0x10 [ 619.773382][T17543] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 619.773399][T17543] ? __queue_work+0x6c0/0x10f0 [ 619.773417][T17543] __queue_work+0x4fa/0x10f0 [ 619.773439][T17543] queue_work_on+0x1a4/0x1f0 [ 619.773456][T17543] binder_flush+0x14b/0x1a0 [ 619.773469][T17543] ? __pfx_binder_flush+0x10/0x10 [ 619.773479][T17543] filp_flush+0x115/0x1c0 [ 619.773490][T17543] filp_close+0x1c/0x30 [ 619.773499][T17543] do_dup2+0x327/0x620 [ 619.773517][T17543] ksys_dup3+0x1ff/0x370 [ 619.773534][T17543] __ia32_sys_dup3+0x71/0xb0 [ 619.773544][T17543] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 619.773556][T17543] __do_fast_syscall_32+0x7c/0x3a0 [ 619.773569][T17543] do_fast_syscall_32+0x32/0x80 [ 619.773580][T17543] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 619.773595][T17543] RIP: 0023:0xf707e579 [ 619.773604][T17543] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 619.773615][T17543] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 000000000000014a [ 619.773627][T17543] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000003 [ 619.773633][T17543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 619.773640][T17543] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 619.773646][T17543] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 619.773652][T17543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 619.773662][T17543] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 620.166581][ T1234] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.262544][ T1234] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.374528][ T1234] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.443286][ T1234] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.599721][ T1234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 620.612251][ T1234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 620.615601][ T1234] bond0 (unregistering): Released all slaves [ 620.689986][ T1234] tipc: Left network mode [ 621.405184][ T1234] hsr_slave_0: left promiscuous mode [ 621.407215][ T1234] hsr_slave_1: left promiscuous mode [ 621.409023][ T1234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 621.411522][ T1234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 621.414270][ T1234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 621.416579][ T1234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 621.420624][ T1234] veth1_macvtap: left promiscuous mode [ 621.422753][ T1234] veth0_macvtap: left promiscuous mode [ 621.424585][ T1234] veth1_vlan: left promiscuous mode [ 621.426298][ T1234] veth0_vlan: left promiscuous mode [ 621.599993][ T1234] team_slave_1 (unregistering): left promiscuous mode [ 621.602692][ T1234] team0 (unregistering): Port device team_slave_1 removed [ 621.644549][ T1234] team_slave_0 (unregistering): left promiscuous mode [ 621.647149][ T1234] team0 (unregistering): Port device team_slave_0 removed [ 622.257122][ T1234] IPVS: stop unused estimator thread 0... [ 622.329292][ T1234] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.385735][ T1234] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.454244][ T1234] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.534798][ T1234] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.644106][ T1234] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.716094][ T1234] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.803528][ T1234] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.855316][ T1234] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.948466][ T1234] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.035245][ T1234] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.106678][ T1234] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.208072][ T1234] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.324154][ T1234] bond1 (unregistering): (slave ip6gretap1): Removing an active aggregator [ 623.328074][ T1234] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 623.467659][ T1234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 623.472955][ T1234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 623.477118][ T1234] bond0 (unregistering): Released all slaves [ 623.485917][ T1234] bond1 (unregistering): Released all slaves [ 623.536383][ T1234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 623.540111][ T1234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 623.546730][ T1234] bond0 (unregistering): Released all slaves [ 623.553517][ T1234] bond2 (unregistering): (slave ip6gretap1): Removing an active aggregator [ 623.556509][ T1234] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface [ 623.690515][ T1234] bond0 (unregistering): Released all slaves [ 623.767718][ T1234] bond1 (unregistering): (slave veth3): Releasing active interface [ 623.770905][ T1234] bond1 (unregistering): Released all slaves [ 623.777421][ T1234] bond2 (unregistering): Released all slaves [ 626.371046][ T1234] hsr_slave_0: left promiscuous mode [ 626.373911][ T1234] hsr_slave_1: left promiscuous mode [ 626.375885][ T1234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.378775][ T1234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.382512][ T1234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.385592][ T1234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.391509][ T1234] hsr_slave_0: left promiscuous mode [ 626.393572][ T1234] hsr_slave_1: left promiscuous mode [ 626.395511][ T1234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.398055][ T1234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.401147][ T1234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.403550][ T1234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.407738][ T1234] hsr_slave_0: left promiscuous mode [ 626.409765][ T1234] hsr_slave_1: left promiscuous mode [ 626.416039][ T1234] veth1_macvtap: left promiscuous mode [ 626.417921][ T1234] veth0_macvtap: left promiscuous mode [ 626.419796][ T1234] veth1_vlan: left promiscuous mode [ 626.421598][ T1234] veth0_vlan: left promiscuous mode [ 626.424474][ T1234] veth1_macvtap: left promiscuous mode [ 626.426457][ T1234] veth0_macvtap: left promiscuous mode [ 626.428224][ T1234] veth1_vlan: left promiscuous mode [ 626.430251][ T1234] veth1_macvtap: left promiscuous mode [ 626.432099][ T1234] veth0_macvtap: left promiscuous mode [ 626.434047][ T1234] veth1_vlan: left promiscuous mode [ 626.435790][ T1234] veth0_vlan: left promiscuous mode [ 626.579898][ T1234] team0 (unregistering): Port device team_slave_1 removed [ 626.621908][ T1234] team0 (unregistering): Port device team_slave_0 removed [ 626.988833][ T1234] team0 (unregistering): Port device team_slave_1 removed [ 627.025751][ T1234] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 22:38:56 Registers: info registers vcpu 0 CPU#0 EAX=f4c10d38 EBX=81b44c65 ECX=f4c10a78 EDX=81b44c65 ESI=00000000 EDI=ffffffff EBP=ffffffff ESP=ff948970 EIP=f70b7bbf EFL=00000297 [--S-APC] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c00000 GS =0063 56e22440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 00003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000331f8ff8 CR3=00000000504cd000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88802b3285f8 RCX=ffffffff81a88440 RDX=ffff88801deea440 RSI=ffffffff81a8849e RDI=0000000000000001 RBP=ffff88802b327d00 RSP=ffffc9000046fd48 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffffff9af9cd78 R12=ffffed10056650c5 R13=000000902ec110e2 R14=dffffc0000000000 R15=ffff88802b328628 RIP=ffffffff81bb5531 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809762d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008002b000 CR3=000000005e852000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8556d185 RDI=ffffffff9b09f540 RBP=ffffffff9b09f500 RSP=ffffc900077275f8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff9b09f500 R15=ffffffff8556d120 RIP=ffffffff8556d1af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 000fffff 00000000 GS =0063 ffff88809772d000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 000fffff 00000000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f506dfac CR3=00000000696f1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000a10e9c RBX=0000000000000003 RCX=ffffffff8b82bc69 RDX=ffffed10056a6646 RSI=ffffffff8c155de0 RDI=ffffffff819197c1 RBP=ffffed1003862000 RSP=ffffc9000048fdf8 R8 =0000000000000000 R9 =ffffed10056a6645 R10=ffff88802b53322b R11=0000000000000001 R12=0000000000000003 R13=ffff88801c310000 R14=ffffffff90a95d50 R15=0000000000000000 RIP=ffffffff8b82a7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809782d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=00000000248ab000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000