last executing test programs: 7.369487996s ago: executing program 2 (id=1683): openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000002a80)={'exec ', ':\x00'}, 0x7) r1 = io_uring_setup(0x30d8, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xffffffff}) bind$alg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x7be, &(0x7f0000000080)={0x0, 0x0, 0x13580, 0x2, 0x18d, 0x0, r1}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, 0x0, 0x1) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_SYMLINKAT={0x26, 0x6, 0x0, 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00'}) io_uring_enter(r2, 0x54, 0x4, 0x1, 0x0, 0x0) r5 = syz_open_dev$I2C(&(0x7f00000003c0), 0x17f64000, 0x101101) ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000002740)={&(0x7f0000000000)=[{0x0, 0x0, 0x300, 0x0}], 0x1}) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r7 = syz_open_pts(r6, 0x40841) r8 = dup(r7) write$UHID_INPUT(r8, &(0x7f0000003b00)={0x9, {"a2e3ad21ed0d52f91b5a090987f70e06d038e7ff7fc6e5539b5b43078b089b3b073172090890e0878f0e1ac6e7049b3371959b6e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a8742a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31134ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f673abadea7662496bddbb42be6b922f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918ac126cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff26490678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32650cd56b56668103ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf342713800d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafff6210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfebe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c255fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b162dc48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e2a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa0b9d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c71568f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177acfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f797e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c0900000000000000e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a70900000048f95fd54acb5741259e8ce520efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897f3411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2de8a50ddefeb12c46342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d4427681f38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b994a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f02f4cded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) r10 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0x5885, 0x0, 0x4, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0}) r13 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r13, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000300)=0x14) rmdir(&(0x7f00000000c0)='./file1/file4\x00') io_uring_enter(r10, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 7.324129803s ago: executing program 2 (id=1684): open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='net/unix\x00') bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000300)={0x1, &(0x7f0000000080)=[{0x6, 0x18, 0x0, 0x6e19}]}) r2 = socket(0x2b, 0x80801, 0x1) getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000080)=0xc) mknod(&(0x7f0000000040)='./file0\x00', 0x8, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48) io_setup(0x8, &(0x7f0000002740)=0x0) io_getevents(r3, 0x4, 0x0, &(0x7f0000000580), 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x2002) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fcb09fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0xfffffffffffffffd]}}) ioctl$LOOP_GET_STATUS64(r5, 0x4c05, &(0x7f0000000400)) io_submit(r3, 0x1, &(0x7f0000000480)=[&(0x7f0000000880)={0x0, 0x0, 0x0, 0x7, 0x4, r4, 0x0, 0x0, 0x6}]) io_destroy(r3) r7 = socket$inet(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) dup3(0xffffffffffffffff, r1, 0x0) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x109383, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r8, 0x40186f40, 0x20000502) timerfd_settime(r8, 0x2, &(0x7f0000000200), &(0x7f0000000240)) 6.426812898s ago: executing program 2 (id=1687): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) fchown(r1, 0xffffffffffffffff, 0x0) r2 = openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 4.936127517s ago: executing program 1 (id=1692): r0 = add_key(&(0x7f0000000300)='keyring\x00', &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0) add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)={0x0, "3130baf0dcb6e5a02ff709ab37da9c87804d48b35802260359fe227c7a9628033404bddd45f167f4faf7666e652fab02ab3d59b6efe8ce719b37d95fba6cc83c"}, 0x48, r0) r1 = socket(0x10, 0x803, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x52f00, 0x0) eventfd2(0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) read$FUSE(r2, &(0x7f00000020c0)={0x2020}, 0x2020) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000002a40)) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4004005}, 0x800) ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x40603d07, &(0x7f0000000040)) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0xbc, 0x2c, 0xd2b, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {0x6}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x90, 0x2, [@TCA_U32_SEL={0x84, 0x5, {0x5, 0x9, 0x7, 0x4, 0x9, 0x4, 0x6, 0xfffffffb, [{0x6, 0xffb, 0x9, 0x2}, {0x1, 0x8, 0x1, 0x6}, {0xb00, 0x0, 0x80000001, 0x6}, {0xff, 0xffff, 0x1, 0x7962c5c8}, {0x9, 0x2, 0xf, 0xffffffeb}, {0x7, 0x1ff, 0xf8000000, 0x208}, {0x6, 0x1, 0xec8, 0x7}]}}, @TCA_U32_LINK={0x8, 0x3, 0x8c000000}]}}]}, 0xbc}}, 0x4044040) r10 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmmsg(r10, &(0x7f00000025c0)=[{{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000600)=""/108, 0x6c}, {&(0x7f0000000780)=""/242, 0xf2}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000440)=""/19, 0x13}, {&(0x7f0000002ac0)=""/113, 0x71}, {&(0x7f0000001880)=""/22, 0x16}, {&(0x7f00000018c0)=""/174, 0xae}], 0x7}, 0x60}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x6}], 0x3, 0x42, 0x0) 4.576518167s ago: executing program 3 (id=1694): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x20, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r5}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x5, &(0x7f0000000a00)=@framed={{}, [@jmp={0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x8}, @exit]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_kthread_stop\x00'}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x40}}, 0x0) io_setup(0x2, &(0x7f0000000180)=0x0) r8 = socket(0x10, 0x3, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_vlan={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x5}, @TCA_VLAN_PUSH_VLAN_ID={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x10) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) io_submit(r7, 0x0, &(0x7f0000000240)) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e21, 0x0, @loopback={0x100000000000000}}, 0x1c) 4.316227543s ago: executing program 2 (id=1695): r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000002500), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0x6805, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={r0}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0xa, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000dfffffff00000ec400002b2fbd319aa60000183500000300000000000000000000d1303fb3cc23e3ea20178f46cb22df951e723ce69b4b6f58fdbd0b1b540265cd2a0e795928313cd5f2b55320a3fd9849edea20cf180287f9480f003ab453667cf3d88e3c263a0eb2da9c656d391d2d0fb109a8f95307aae106151fc2962101938254c8b0b9d191530000000000", @ANYRES32=r0, @ANYBLOB="00000000000000008520000002000000180000000800000000000000fcffffff9500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f0000000080)=0x0, &(0x7f0000000300)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r6, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r8 = userfaultfd(0x801) ioctl$UFFDIO_API(r8, 0xc018aa3f, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket(0x2, 0x80805, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001200010200"/20, @ANYRES32=0x0, @ANYRES32], 0x28}, 0x1, 0x0, 0x0, 0x4048014}, 0x0) recvmmsg(r9, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000193, 0x48, 0x0) ioctl$TIOCSWINSZ(r2, 0x5414, &(0x7f0000000100)={0x5, 0xcd5a, 0x5}) 4.20638095s ago: executing program 1 (id=1696): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x6, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r3) r4 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r4, 0x11b, 0x7, &(0x7f0000001040), &(0x7f0000001080)=0x26) mkdirat(0xffffffffffffffff, &(0x7f0000000680)='./bus\x00', 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000088, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x1966cd75, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800003, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x641, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0xfffff122]}, 0x45c) r6 = memfd_create(&(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaaSc\xf3]WhI\xf4\x89\x85!mPl\x90\xa5\x93\x19\f\x9a\xae\xd5a\x9bU5\x1a\x86\x9d)5y\xef\x90\xea5\x81\xfeO;\xd4zh?\xbdW\xe0\x84\xe6\x9d\xcb\xcd\xb6\xad3\x7fWY\x02\xa2\x8baG\x00\x0e\x8e/\xc1\xaf\xd0\xbcH9\x04\x00\x00\x00z\x16\xdf\xf3hLpLaA\x89n]>,^M\x82\x8e\xe40\x97_\x809y)Z\xeb\x9d\xbawv\xe9\xc0\x16\xdc\xf5\xcb\xdb\x96\xd6\xba@\xa7\x1bl\xca\xe0\x1e3\x81\xc6S\x86\xf7\xf0\xba\x1b\x14N\xa2\x04\xdb\xb5X\xe4y\xef\xe8\xdb\xd5r\x11\xfb\xe4v\xbcV\xbb\x00\x96CR\xe0~5\x16=:A2\x9c\b\xd9\xa0CB\r\xe9\xb8$\xfe\x8d\xb1Gg\xa9\xac<\xbf\x10]\b9\xd9\x89\xaf\xa6\xd1\x10\x1fq\xba\x06_NW\xdb67Xv(\xa8\xce\x1b\xe6\xbd\x947\x8f)8\xe5\xb3\xac;\x7f+\xf67\xea\x1ei\x92w-)\xa1B/M\x0e7:9\xdb~V\xb7\xd5\x13^v\x14\xe6O\xea\x00\x87\x8dkG\xdf%\xebe\x83\xb97\x01| \xb3\xd8W\xe8o\x17\x97\xd9\x14o\x92\xb9\x9a\x8c\xd7\xcf\xa2\x11\xc3\xa5\xb3\xd2\xdeQ\xa7\x05\x7f\x99Lq(\xcd\\\xa2y\x14or\x1efn\xf2\x97\x96c\xda7\t,', 0x5) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x4010012, r6, 0x0) ftruncate(r6, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 3.66391172s ago: executing program 3 (id=1698): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$FBIOPUTCMAP(r0, 0x4605, &(0x7f00000002c0)={0x0, 0x1, &(0x7f00000001c0)=[0x0], &(0x7f00000000c0), &(0x7f0000000240), &(0x7f0000000140)=[0xec32]}) 3.663604366s ago: executing program 3 (id=1699): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) recvmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000400)=""/115, 0x73}], 0x1}}], 0x2, 0x60, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x32) r3 = socket(0x11, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe) r7 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r8 = add_key$user(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000d00)="3e12d23d3f6cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440f1988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d61436", 0x79, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r6, r7, r8}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}}) sendmsg$netlink(r3, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="020114008cdc18000e3580009f000114600000060600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0ab42e32a097dbd4be5ffca88faca"], 0xdd12}, {&(0x7f0000000600)=ANY=[], 0x10}], 0x2}, 0x20040011) 3.420179468s ago: executing program 2 (id=1704): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) copy_file_range(r0, &(0x7f0000000180)=0x3, r0, &(0x7f00000002c0)=0x6, 0xff2, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat$zero(0xffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x2000009d, 0x11e41e7a, 0x20000000, 0x0, 0xfffffff9}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x2}, 0x6) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f0000000240)={0x0, 0x1000000}) 2.946528551s ago: executing program 1 (id=1705): socket$alg(0x26, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x6, @pix_mp={0x5, 0x0, 0x34324948, 0x7, 0xa, [{0x2}, {0x10}, {}, {}, {}, {}, {0x10000005}], 0x0, 0x0, 0x0, 0x0, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setscheduler(0x0, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x110, 0x0, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(r1, 0x0, r1) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x3) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15) ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7) r4 = socket(0x11, 0xa, 0x0) getsockname$packet(r4, 0x0, &(0x7f00000001c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000000), 0x3a) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x9, 0x0, 0x2, 0x0, 0x40}) ioctl$TCFLSH(r3, 0x40204706, 0x20000000) 2.461877308s ago: executing program 2 (id=1707): syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="124e0f3506c487ae8e3c693c7b59d60100004e95debb4048652afd07fbe0da5feb8babd8d780b61e4d8c8e492940a80909021b00090000f61dd46ca368e65e2a3f7d418addb075bd79d6d92cf7a528867ea92ced36f94cb67d358bd9c17babc1dbf769bc2db9c36f15500b0be69353d7285ad76c37fed2b333a44d34c25adda73fc393749b58bc77d1986fd5193384ca39ad84d1ef5f86b573000000000000004044cc1336fdeb983111482a09cdc9b41dc5d93c75a95887b75a4c90fd5a272ed4a726a30300e8dc73c9579e411663947fed0d25fc75"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, 0x0, 0x0) syz_usb_connect$uac1(0x6, 0xc9, &(0x7f0000000140)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb7, 0x3, 0x1, 0xd, 0xf0, 0x8d, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x5c, 0x3, 0x0, 0x8, "1fcfcff642"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0xa0ca, 0x1, 0x6, "e682cd13d286192d"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x1, 0x3, 0x8, {0x7, 0x25, 0x1, 0x2, 0x2, 0x100}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x91, 0x2, 0x5, "9b"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x2, 0x3, 0x2, 0x1}, @as_header={0x7, 0x24, 0x1, 0x7f, 0x1, 0x1}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x2, 0x3, 0x10, 0x5, "77700967801f"}, @as_header={0x7, 0x24, 0x1, 0x9, 0x10, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xfc, 0x3, 0x7, 0xa, "e4cb09a1"}]}, {{0x9, 0x5, 0x82, 0x9, 0x1778241d696067f9, 0x5, 0x40, 0x7, {0x7, 0x25, 0x1, 0x81, 0x6, 0xff}}}}}}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x110, 0x6, 0x6, 0xf, 0xef, 0x1}, 0x2f, &(0x7f0000000240)={0x5, 0xf, 0x2f, 0x3, [@wireless={0xb, 0x10, 0x1, 0x2, 0x4, 0x4, 0xfe, 0x80, 0x10}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "895cf6ff6e77c504ff275e21c4592933"}, @wireless={0xb, 0x10, 0x1, 0x10, 0x28, 0xf1, 0x4, 0x4, 0x7}]}, 0x2, [{0x95, &(0x7f0000000280)=@string={0x95, 0x3, "f1491500df665dd1f972d8d6dafa1dfd6ed91fd61ab9098cc760f8657e2f64f5a30f4efcd86f5632491333009644af32675a4d807cc8e575ebe9cbf9e959b6c3b55f21f7e4a7c0fc98fdfa92fc2027d1bb29be7a850f3e7db27f92befd0c33510377b4e1f8f9d794e733f8d864946b41a4af41f26581cb3dd08a1f2f026ca369efdd53b09301339d02eeeb60e2654d74af2c2b"}}, {0x3f, &(0x7f0000000340)=@string={0x3f, 0x3, "5ec6cc68175fcce3f7809802de3dbcbf8938165f8b5a1fa0fa8f5215213f4dfbf7bb23abe14114ba9a12dc7e8998dbcc48221bf23e0589fb9ce6aee087"}}]}) 2.38657616s ago: executing program 0 (id=1708): open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='net/unix\x00') bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000300)={0x1, &(0x7f0000000080)=[{0x6, 0x18, 0x0, 0x6e19}]}) r2 = socket(0x2b, 0x80801, 0x1) getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000080)=0xc) mknod(&(0x7f0000000040)='./file0\x00', 0x8, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48) io_setup(0x8, &(0x7f0000002740)=0x0) io_getevents(r3, 0x4, 0x0, &(0x7f0000000580), 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x2002) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fcb09fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0xfffffffffffffffd]}}) ioctl$LOOP_GET_STATUS64(r5, 0x4c05, &(0x7f0000000400)) io_submit(r3, 0x1, &(0x7f0000000480)=[&(0x7f0000000880)={0x0, 0x0, 0x0, 0x7, 0x4, r4, 0x0, 0x0, 0x6}]) io_destroy(r3) r7 = socket$inet(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x9000, &(0x7f0000000200)={0x0, 0x1, 0x100000}, 0x20) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x109383, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r8, 0x40186f40, 0x20000502) timerfd_settime(r8, 0x2, &(0x7f0000000200), &(0x7f0000000240)) 2.066426739s ago: executing program 1 (id=1709): ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x80002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) (fail_nth: 6) 1.566545597s ago: executing program 3 (id=1710): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x35b6}], 0x1, 0x102, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f0000000400), r1) close_range(r0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) r3 = syz_io_uring_setup(0x5a36, &(0x7f0000000140)={0x0, 0xfad2}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f00000002c0)={0xf0f045, 0x800}) poll(&(0x7f0000000140)=[{r2, 0x19f23}], 0x1, 0x0) 1.514199831s ago: executing program 0 (id=1711): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a", 0xd2}], 0x1}, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private0, 0x1, 0x1, 0x2, 0x1a, 0xffff, 0x5}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x19}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000580)={@ifindex, r2, 0x22, 0x0, 0xffffffffffffffff, @void, @value}, 0x20) ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d3, &(0x7f0000000100)) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53048c4) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) dup(r3) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000015c0), r4) sendmsg$IEEE802154_LLSEC_DEL_DEV(r4, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000001600)={0x2c, r5, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x2c}}, 0x0) 1.434051889s ago: executing program 0 (id=1712): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x3, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={0x0}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) 1.433684199s ago: executing program 3 (id=1713): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x6, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r3) r4 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r4, 0x11b, 0x7, &(0x7f0000001040), &(0x7f0000001080)=0x26) mkdirat(0xffffffffffffffff, &(0x7f0000000680)='./bus\x00', 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000088, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x1966cd75, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800003, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x641, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0xfffff122]}, 0x45c) r6 = memfd_create(&(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaaSc\xf3]WhI\xf4\x89\x85!mPl\x90\xa5\x93\x19\f\x9a\xae\xd5a\x9bU5\x1a\x86\x9d)5y\xef\x90\xea5\x81\xfeO;\xd4zh?\xbdW\xe0\x84\xe6\x9d\xcb\xcd\xb6\xad3\x7fWY\x02\xa2\x8baG\x00\x0e\x8e/\xc1\xaf\xd0\xbcH9\x04\x00\x00\x00z\x16\xdf\xf3hLpLaA\x89n]>,^M\x82\x8e\xe40\x97_\x809y)Z\xeb\x9d\xbawv\xe9\xc0\x16\xdc\xf5\xcb\xdb\x96\xd6\xba@\xa7\x1bl\xca\xe0\x1e3\x81\xc6S\x86\xf7\xf0\xba\x1b\x14N\xa2\x04\xdb\xb5X\xe4y\xef\xe8\xdb\xd5r\x11\xfb\xe4v\xbcV\xbb\x00\x96CR\xe0~5\x16=:A2\x9c\b\xd9\xa0CB\r\xe9\xb8$\xfe\x8d\xb1Gg\xa9\xac<\xbf\x10]\b9\xd9\x89\xaf\xa6\xd1\x10\x1fq\xba\x06_NW\xdb67Xv(\xa8\xce\x1b\xe6\xbd\x947\x8f)8\xe5\xb3\xac;\x7f+\xf67\xea\x1ei\x92w-)\xa1B/M\x0e7:9\xdb~V\xb7\xd5\x13^v\x14\xe6O\xea\x00\x87\x8dkG\xdf%\xebe\x83\xb97\x01| \xb3\xd8W\xe8o\x17\x97\xd9\x14o\x92\xb9\x9a\x8c\xd7\xcf\xa2\x11\xc3\xa5\xb3\xd2\xdeQ\xa7\x05\x7f\x99Lq(\xcd\\\xa2y\x14or\x1efn\xf2\x97\x96c\xda7\t,', 0x5) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x4010012, r6, 0x0) ftruncate(r6, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 1.43334838s ago: executing program 0 (id=1714): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x6, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r3) r4 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r4, 0x11b, 0x7, &(0x7f0000001040), &(0x7f0000001080)=0x26) mkdirat(0xffffffffffffffff, &(0x7f0000000680)='./bus\x00', 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000088, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x1966cd75, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800003, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x641, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0xfffff122]}, 0x45c) r6 = memfd_create(&(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaaSc\xf3]WhI\xf4\x89\x85!mPl\x90\xa5\x93\x19\f\x9a\xae\xd5a\x9bU5\x1a\x86\x9d)5y\xef\x90\xea5\x81\xfeO;\xd4zh?\xbdW\xe0\x84\xe6\x9d\xcb\xcd\xb6\xad3\x7fWY\x02\xa2\x8baG\x00\x0e\x8e/\xc1\xaf\xd0\xbcH9\x04\x00\x00\x00z\x16\xdf\xf3hLpLaA\x89n]>,^M\x82\x8e\xe40\x97_\x809y)Z\xeb\x9d\xbawv\xe9\xc0\x16\xdc\xf5\xcb\xdb\x96\xd6\xba@\xa7\x1bl\xca\xe0\x1e3\x81\xc6S\x86\xf7\xf0\xba\x1b\x14N\xa2\x04\xdb\xb5X\xe4y\xef\xe8\xdb\xd5r\x11\xfb\xe4v\xbcV\xbb\x00\x96CR\xe0~5\x16=:A2\x9c\b\xd9\xa0CB\r\xe9\xb8$\xfe\x8d\xb1Gg\xa9\xac<\xbf\x10]\b9\xd9\x89\xaf\xa6\xd1\x10\x1fq\xba\x06_NW\xdb67Xv(\xa8\xce\x1b\xe6\xbd\x947\x8f)8\xe5\xb3\xac;\x7f+\xf67\xea\x1ei\x92w-)\xa1B/M\x0e7:9\xdb~V\xb7\xd5\x13^v\x14\xe6O\xea\x00\x87\x8dkG\xdf%\xebe\x83\xb97\x01| \xb3\xd8W\xe8o\x17\x97\xd9\x14o\x92\xb9\x9a\x8c\xd7\xcf\xa2\x11\xc3\xa5\xb3\xd2\xdeQ\xa7\x05\x7f\x99Lq(\xcd\\\xa2y\x14or\x1efn\xf2\x97\x96c\xda7\t,', 0x5) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x4010012, r6, 0x0) ftruncate(r6, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 1.055115999s ago: executing program 1 (id=1715): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x6, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r3) r4 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r4, 0x11b, 0x7, &(0x7f0000001040), &(0x7f0000001080)=0x26) mkdirat(0xffffffffffffffff, &(0x7f0000000680)='./bus\x00', 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000088, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x1966cd75, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800003, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x641, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0xfffff122]}, 0x45c) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x4010012, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 545.345352ms ago: executing program 3 (id=1716): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) recvmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000300)=@tipc=@id, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000000380)=""/248, 0xf8}, {&(0x7f0000000480)=""/8, 0x8}, {&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f00000005c0)=""/231, 0xe7}, {&(0x7f0000001780)=""/198, 0xc6}, {&(0x7f0000001880)=""/60, 0x3c}], 0x7, &(0x7f0000001a00)=""/169, 0xa9}}], 0x1, 0x40000021, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listen(r3, 0xfffbfffe) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0x40046f41, 0x20000502) r5 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket(0x10, 0x2, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r7}, 0x18) r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0xc0842) r9 = dup(r8) ioctl$USBDEVFS_CONTROL(r9, 0xc0185500, &(0x7f0000000240)={0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) io_setup(0x2007, &(0x7f0000000200)=0x0) io_submit(r11, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x2}]) write(r6, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r5, &(0x7f0000002ec0), 0x0, 0x2, &(0x7f00000001c0)={0x77359400}) 413.862638ms ago: executing program 0 (id=1717): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x17}]}}}]}]}], {0x14}}, 0xbc}}, 0x4000040) (fail_nth: 11) 326.082534ms ago: executing program 0 (id=1718): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) recvmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000400)=""/115, 0x73}], 0x1}}], 0x2, 0x60, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x32) r3 = socket(0x11, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000005c0)={'gre0\x00'}) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) r5 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe) r6 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r7 = add_key$user(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000d00)="3e12d23d3f6cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440f1988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d61436", 0x79, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r5, r6, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}}) sendmsg$netlink(r3, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="020114008cdc18000e3580009f000114600000060600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0ab42e32a097dbd4be5ffca88faca"], 0xdd12}, {&(0x7f0000000600)=ANY=[], 0x10}], 0x2}, 0x20040011) 0s ago: executing program 1 (id=1719): open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='net/unix\x00') bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000300)={0x1, &(0x7f0000000080)=[{0x6, 0x18, 0x0, 0x6e19}]}) r2 = socket(0x2b, 0x80801, 0x1) getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000080)=0xc) mknod(&(0x7f0000000040)='./file0\x00', 0x8, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48) io_setup(0x8, &(0x7f0000002740)=0x0) io_getevents(r3, 0x4, 0x0, &(0x7f0000000580), 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x2002) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fcb09fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0xfffffffffffffffd]}}) ioctl$LOOP_GET_STATUS64(r5, 0x4c05, &(0x7f0000000400)) io_submit(r3, 0x1, &(0x7f0000000480)=[&(0x7f0000000880)={0x0, 0x0, 0x0, 0x7, 0x4, r4, 0x0, 0x0, 0x6}]) io_destroy(r3) r7 = socket$inet(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x9000, &(0x7f0000000200)={0x0, 0x1, 0x100000}, 0x20) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x109383, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r8, 0x40186f40, 0x20000502) timerfd_settime(r8, 0x2, &(0x7f0000000200), &(0x7f0000000240)) kernel console output (not intermixed with test programs): pat=1 ip=0xf7f54579 code=0x7ffc0000 [ 263.116101][ T39] audit: type=1326 audit(1738127447.101:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12529 comm="syz.1.1078" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7f54579 code=0x7ffc0000 [ 263.128837][ T39] audit: type=1326 audit(1738127447.111:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12529 comm="syz.1.1078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x7ffc0000 [ 263.138072][ T39] audit: type=1326 audit(1738127447.111:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12529 comm="syz.1.1078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x7ffc0000 [ 263.147520][ T39] audit: type=1326 audit(1738127447.131:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12529 comm="syz.1.1078" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f54579 code=0x7ffc0000 [ 263.157378][ T39] audit: type=1326 audit(1738127447.131:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12529 comm="syz.1.1078" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x7ffc0000 [ 263.200235][T12538] fuse: Unknown parameter '' [ 263.489609][T12542] blktrace: Concurrent blktraces are not allowed on sg0 [ 264.100594][T12546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1082'. [ 264.294693][ T5948] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 265.567591][T12601] FAULT_INJECTION: forcing a failure. [ 265.567591][T12601] name failslab, interval 1, probability 0, space 0, times 0 [ 265.573472][T12601] CPU: 1 UID: 0 PID: 12601 Comm: syz.3.1090 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 265.573495][T12601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 265.573501][T12601] Call Trace: [ 265.573504][T12601] [ 265.573508][T12601] dump_stack_lvl+0x16c/0x1f0 [ 265.573524][T12601] should_fail_ex+0x50a/0x650 [ 265.573537][T12601] should_failslab+0xc2/0x120 [ 265.573549][T12601] __kmalloc_noprof+0xce/0x4f0 [ 265.573560][T12601] ? ___neigh_create+0x152b/0x2900 [ 265.573572][T12601] ___neigh_create+0x152b/0x2900 [ 265.573586][T12601] ? __pfx____neigh_create+0x10/0x10 [ 265.573595][T12601] ? ip_finish_output2+0x11e5/0x2170 [ 265.573606][T12601] ip_finish_output2+0x1b8a/0x2170 [ 265.573618][T12601] ? __pfx_ip_finish_output2+0x10/0x10 [ 265.573626][T12601] ? ip_skb_dst_mtu+0x3fc/0xc70 [ 265.573635][T12601] ? __pfx_ip_skb_dst_mtu+0x10/0x10 [ 265.573643][T12601] ? __pfx_nf_hook+0x10/0x10 [ 265.573653][T12601] __ip_finish_output+0x49e/0x950 [ 265.573664][T12601] ip_finish_output+0x35/0x380 [ 265.573674][T12601] ip_output+0x13b/0x2a0 [ 265.573682][T12601] ? __pfx_ip_output+0x10/0x10 [ 265.573691][T12601] ip_send_skb+0x3e5/0x560 [ 265.573701][T12601] udp_send_skb+0x71d/0x1590 [ 265.573715][T12601] udp_sendmsg+0x18d7/0x29f0 [ 265.573725][T12601] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 265.573736][T12601] ? __pfx_udp_sendmsg+0x10/0x10 [ 265.573754][T12601] ? lockdep_hardirqs_on+0x7c/0x110 [ 265.573770][T12601] ? udpv6_sendmsg+0x82a/0x3090 [ 265.573783][T12601] udpv6_sendmsg+0xfc4/0x3090 [ 265.573792][T12601] ? __switch_to+0x749/0x1190 [ 265.573802][T12601] ? __schedule+0xf4b/0x5890 [ 265.573818][T12601] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 265.573827][T12601] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 265.573843][T12601] ? __pfx___schedule+0x10/0x10 [ 265.573865][T12601] ? __pfx_aa_sk_perm+0x10/0x10 [ 265.573877][T12601] ? __import_iovec+0x1f2/0x6d0 [ 265.573889][T12601] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 265.573899][T12601] ? inet6_sendmsg+0x105/0x140 [ 265.573910][T12601] inet6_sendmsg+0x105/0x140 [ 265.573921][T12601] ____sys_sendmsg+0x649/0xb40 [ 265.573932][T12601] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.573941][T12601] ? get_compat_msghdr+0x11b/0x170 [ 265.573956][T12601] ___sys_sendmsg+0x135/0x1e0 [ 265.573969][T12601] ? __pfx____sys_sendmsg+0x10/0x10 [ 265.573986][T12601] ? trace_lock_acquire+0x14e/0x1f0 [ 265.574003][T12601] __sys_sendmmsg+0x2fa/0x420 [ 265.574017][T12601] ? __pfx___sys_sendmmsg+0x10/0x10 [ 265.574034][T12601] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 265.574050][T12601] ? fput+0x67/0x440 [ 265.574061][T12601] ? ksys_write+0x1ba/0x250 [ 265.574070][T12601] ? __pfx_ksys_write+0x10/0x10 [ 265.574080][T12601] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 265.574090][T12601] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 265.574102][T12601] __do_fast_syscall_32+0x73/0x120 [ 265.574115][T12601] do_fast_syscall_32+0x32/0x80 [ 265.574127][T12601] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 265.574142][T12601] RIP: 0023:0xf7f57579 [ 265.574149][T12601] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 265.574157][T12601] RSP: 002b:00000000f503455c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 265.574166][T12601] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000020003cc0 [ 265.574171][T12601] RDX: 0000000000000172 RSI: 0000000000000000 RDI: 0000000000000000 [ 265.574176][T12601] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 265.574180][T12601] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 265.574185][T12601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 265.574195][T12601] [ 266.513674][T12612] blktrace: Concurrent blktraces are not allowed on sg0 [ 266.704293][T12610] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1092'. [ 267.091809][T12620] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 269.202271][T12681] FAULT_INJECTION: forcing a failure. [ 269.202271][T12681] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.210437][T12681] CPU: 1 UID: 0 PID: 12681 Comm: syz.0.1105 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 269.210451][T12681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 269.210456][T12681] Call Trace: [ 269.210459][T12681] [ 269.210463][T12681] dump_stack_lvl+0x16c/0x1f0 [ 269.210479][T12681] should_fail_ex+0x50a/0x650 [ 269.210492][T12681] _copy_from_user+0x2e/0xd0 [ 269.210504][T12681] move_addr_to_kernel+0x68/0x160 [ 269.210515][T12681] __get_compat_msghdr+0x3f1/0x4d0 [ 269.210526][T12681] get_compat_msghdr+0xd3/0x170 [ 269.210535][T12681] ? __pfx_get_compat_msghdr+0x10/0x10 [ 269.210548][T12681] ___sys_sendmsg+0x1b0/0x1e0 [ 269.210561][T12681] ? __pfx____sys_sendmsg+0x10/0x10 [ 269.210577][T12681] ? trace_lock_acquire+0x14e/0x1f0 [ 269.210593][T12681] __sys_sendmmsg+0x2fa/0x420 [ 269.210606][T12681] ? __pfx___sys_sendmmsg+0x10/0x10 [ 269.210622][T12681] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 269.210639][T12681] ? fput+0x67/0x440 [ 269.210650][T12681] ? ksys_write+0x1ba/0x250 [ 269.210658][T12681] ? __pfx_ksys_write+0x10/0x10 [ 269.210668][T12681] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 269.210678][T12681] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 269.210690][T12681] __do_fast_syscall_32+0x73/0x120 [ 269.210703][T12681] do_fast_syscall_32+0x32/0x80 [ 269.210714][T12681] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 269.210728][T12681] RIP: 0023:0xf7f70579 [ 269.210735][T12681] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 269.210743][T12681] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 269.210752][T12681] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 0000000020000440 [ 269.210757][T12681] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 269.210761][T12681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 269.210766][T12681] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 269.210771][T12681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 269.210781][T12681] [ 270.062542][T12713] fuse: Unknown parameter '' [ 270.240436][T12716] netlink: 'syz.0.1110': attribute type 2 has an invalid length. [ 270.770603][T12722] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 273.084190][T12792] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 273.388729][T12806] erofs (device erofs): cannot find valid erofs superblock [ 273.620474][T12820] blktrace: Concurrent blktraces are not allowed on sg0 [ 273.977376][ T35] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 274.139773][ T35] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 274.142815][ T35] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 274.145471][ T35] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 274.148705][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.152211][ T35] usb 8-1: config 0 descriptor?? [ 274.155047][ T35] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 274.157250][ T35] dvb-usb: bulk message failed: -22 (3/0) [ 274.161896][ T35] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 274.164674][ T35] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 274.166906][ T35] usb 8-1: media controller created [ 274.169723][ T35] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 274.175203][ T35] dvb-usb: bulk message failed: -22 (6/0) [ 274.177041][ T35] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 274.180234][ T35] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input8 [ 274.187913][ T35] dvb-usb: schedule remote query interval to 150 msecs. [ 274.189988][ T35] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 274.349363][ T35] dvb-usb: bulk message failed: -22 (1/0) [ 274.352260][ T35] dvb-usb: error while querying for an remote control event. [ 274.361680][ T30] usb 8-1: USB disconnect, device number 3 [ 274.375440][ T30] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 274.952919][T12839] tmpfs: Bad value for 'mpol' [ 275.349255][T12846] blktrace: Concurrent blktraces are not allowed on sg0 [ 275.711705][T12849] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 276.070973][T12872] blktrace: Concurrent blktraces are not allowed on sg0 [ 276.136607][T12866] erofs (device erofs): cannot find valid erofs superblock [ 277.250218][T12891] capability: warning: `syz.0.1144' uses deprecated v2 capabilities in a way that may be insecure [ 277.516206][T12902] netlink: 'syz.1.1146': attribute type 1 has an invalid length. [ 277.518771][T12902] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1146'. [ 278.796614][T12921] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1150'. [ 278.800318][T12921] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1150'. [ 278.820169][T12922] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 280.031526][T12987] fuse: Unknown parameter '' [ 281.114924][T13023] FAULT_INJECTION: forcing a failure. [ 281.114924][T13023] name failslab, interval 1, probability 0, space 0, times 0 [ 281.118768][T13023] CPU: 3 UID: 0 PID: 13023 Comm: syz.3.1161 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 281.118780][T13023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 281.118785][T13023] Call Trace: [ 281.118788][T13023] [ 281.118792][T13023] dump_stack_lvl+0x16c/0x1f0 [ 281.118808][T13023] should_fail_ex+0x50a/0x650 [ 281.118818][T13023] ? fs_reclaim_acquire+0xae/0x150 [ 281.118833][T13023] ? alloc_netdev_mqs+0xdfe/0x13e0 [ 281.118845][T13023] should_failslab+0xc2/0x120 [ 281.118856][T13023] __kmalloc_cache_noprof+0x68/0x420 [ 281.118866][T13023] ? __xdp_rxq_info_reg+0x14f/0x260 [ 281.118880][T13023] alloc_netdev_mqs+0xdfe/0x13e0 [ 281.118894][T13023] rtnl_create_link+0xbed/0xf10 [ 281.118907][T13023] rtnl_newlink+0x14e6/0x1d70 [ 281.118921][T13023] ? __pfx_rtnl_newlink+0x10/0x10 [ 281.118935][T13023] ? __pfx___lock_acquire+0x10/0x10 [ 281.118946][T13023] ? kmem_cache_free+0x2e2/0x4d0 [ 281.118960][T13023] ? aa_get_newest_label+0x376/0x680 [ 281.118985][T13023] ? find_held_lock+0x2d/0x110 [ 281.119000][T13023] ? find_held_lock+0x2d/0x110 [ 281.119014][T13023] ? rtnetlink_rcv_msg+0x93a/0xea0 [ 281.119026][T13023] ? __pfx_lock_release+0x10/0x10 [ 281.119035][T13023] ? trace_lock_acquire+0x14e/0x1f0 [ 281.119062][T13023] ? __pfx_rtnl_newlink+0x10/0x10 [ 281.119074][T13023] rtnetlink_rcv_msg+0x95b/0xea0 [ 281.119087][T13023] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 281.119099][T13023] ? __pfx___dev_queue_xmit+0x10/0x10 [ 281.119114][T13023] netlink_rcv_skb+0x165/0x410 [ 281.119126][T13023] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 281.119139][T13023] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 281.119156][T13023] ? netlink_deliver_tap+0x1ae/0xca0 [ 281.119168][T13023] netlink_unicast+0x53c/0x7f0 [ 281.119180][T13023] ? __pfx_netlink_unicast+0x10/0x10 [ 281.119191][T13023] ? __phys_addr_symbol+0x30/0x80 [ 281.119204][T13023] ? __check_object_size+0x488/0x710 [ 281.119216][T13023] netlink_sendmsg+0x8b8/0xd70 [ 281.119228][T13023] ? __pfx_netlink_sendmsg+0x10/0x10 [ 281.119244][T13023] ____sys_sendmsg+0x9ae/0xb40 [ 281.119255][T13023] ? __pfx_____sys_sendmsg+0x10/0x10 [ 281.119264][T13023] ? get_compat_msghdr+0x11b/0x170 [ 281.119279][T13023] ___sys_sendmsg+0x135/0x1e0 [ 281.119292][T13023] ? __pfx____sys_sendmsg+0x10/0x10 [ 281.119310][T13023] ? __pfx_lock_release+0x10/0x10 [ 281.119319][T13023] ? trace_lock_acquire+0x14e/0x1f0 [ 281.119331][T13023] ? __fget_files+0x206/0x3a0 [ 281.119344][T13023] __sys_sendmsg+0x16e/0x220 [ 281.119356][T13023] ? __pfx___sys_sendmsg+0x10/0x10 [ 281.119377][T13023] __do_fast_syscall_32+0x73/0x120 [ 281.119390][T13023] do_fast_syscall_32+0x32/0x80 [ 281.119402][T13023] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 281.119416][T13023] RIP: 0023:0xf7f57579 [ 281.119423][T13023] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 281.119432][T13023] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 281.119440][T13023] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000300 [ 281.119445][T13023] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 281.119450][T13023] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 281.119454][T13023] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 281.119459][T13023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 281.119469][T13023] [ 281.267565][T13026] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 281.864982][T13056] blktrace: Concurrent blktraces are not allowed on sg0 [ 281.869183][T13056] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1164'. [ 282.189171][T13071] FAULT_INJECTION: forcing a failure. [ 282.189171][T13071] name failslab, interval 1, probability 0, space 0, times 0 [ 282.192945][T13071] CPU: 3 UID: 0 PID: 13071 Comm: syz.2.1167 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 282.192957][T13071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 282.192962][T13071] Call Trace: [ 282.192965][T13071] [ 282.192968][T13071] dump_stack_lvl+0x16c/0x1f0 [ 282.192984][T13071] should_fail_ex+0x50a/0x650 [ 282.192994][T13071] ? fs_reclaim_acquire+0xae/0x150 [ 282.193008][T13071] ? nf_tables_addchain.constprop.0+0xc28/0x1ab0 [ 282.193018][T13071] should_failslab+0xc2/0x120 [ 282.193029][T13071] __kmalloc_cache_noprof+0x68/0x420 [ 282.193038][T13071] ? nft_chain_lookup+0x3f5/0x8e0 [ 282.193050][T13071] nf_tables_addchain.constprop.0+0xc28/0x1ab0 [ 282.193063][T13071] ? nft_chain_lookup+0x404/0x8e0 [ 282.193074][T13071] ? __pfx_nf_tables_addchain.constprop.0+0x10/0x10 [ 282.193094][T13071] ? nla_strcmp+0xff/0x130 [ 282.193105][T13071] ? nft_table_lookup.part.0+0x1e3/0x230 [ 282.193116][T13071] nf_tables_newchain+0x1cc4/0x27f0 [ 282.193127][T13071] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 282.193139][T13071] ? __nla_validate_parse+0x605/0x2b10 [ 282.193152][T13071] ? __pfx_nf_tables_newchain+0x10/0x10 [ 282.193161][T13071] ? __pfx___nla_validate_parse+0x10/0x10 [ 282.193173][T13071] ? net_generic+0xea/0x2a0 [ 282.193184][T13071] ? __pfx_lock_release+0x10/0x10 [ 282.193197][T13071] ? __nla_parse+0x40/0x60 [ 282.193210][T13071] nfnetlink_rcv_batch+0x1a2a/0x24e0 [ 282.193227][T13071] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 282.193238][T13071] ? __pfx_lock_release+0x10/0x10 [ 282.193249][T13071] ? __local_bh_enable_ip+0xa4/0x120 [ 282.193261][T13071] ? lockdep_hardirqs_on+0x7c/0x110 [ 282.193279][T13071] ? __pfx___dev_queue_xmit+0x10/0x10 [ 282.193300][T13071] ? __nla_parse+0x40/0x60 [ 282.193313][T13071] nfnetlink_rcv+0x3c3/0x430 [ 282.193323][T13071] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 282.193337][T13071] netlink_unicast+0x53c/0x7f0 [ 282.193349][T13071] ? __pfx_netlink_unicast+0x10/0x10 [ 282.193360][T13071] ? __phys_addr_symbol+0x30/0x80 [ 282.193372][T13071] ? __check_object_size+0x488/0x710 [ 282.193384][T13071] netlink_sendmsg+0x8b8/0xd70 [ 282.193396][T13071] ? __pfx_netlink_sendmsg+0x10/0x10 [ 282.193411][T13071] ____sys_sendmsg+0x9ae/0xb40 [ 282.193421][T13071] ? __pfx_____sys_sendmsg+0x10/0x10 [ 282.193430][T13071] ? get_compat_msghdr+0x11b/0x170 [ 282.193445][T13071] ___sys_sendmsg+0x135/0x1e0 [ 282.193458][T13071] ? __pfx____sys_sendmsg+0x10/0x10 [ 282.193475][T13071] ? __pfx_lock_release+0x10/0x10 [ 282.193484][T13071] ? trace_lock_acquire+0x14e/0x1f0 [ 282.193495][T13071] ? __fget_files+0x206/0x3a0 [ 282.193507][T13071] __sys_sendmsg+0x16e/0x220 [ 282.193519][T13071] ? __pfx___sys_sendmsg+0x10/0x10 [ 282.193539][T13071] __do_fast_syscall_32+0x73/0x120 [ 282.193552][T13071] do_fast_syscall_32+0x32/0x80 [ 282.193563][T13071] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 282.193577][T13071] RIP: 0023:0xf7f15579 [ 282.193583][T13071] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 282.193592][T13071] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 282.193600][T13071] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 282.193605][T13071] RDX: 0000000004000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 282.193610][T13071] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 282.193614][T13071] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 282.193619][T13071] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 282.193629][T13071] [ 282.270360][T13076] fuse: Unknown parameter '' [ 282.271920][ T35] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 282.468539][ T35] usb 8-1: config 0 has no interfaces? [ 282.471419][ T35] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 282.474065][ T35] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 282.476279][ T35] usb 8-1: Product: syz [ 282.489464][ T35] usb 8-1: Manufacturer: syz [ 282.497524][ T35] usb 8-1: config 0 descriptor?? [ 282.704076][T13059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.707898][T13059] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.722073][ T35] usb 8-1: USB disconnect, device number 4 [ 282.791621][ T5948] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 282.901399][T13093] process 'syz.0.1173' launched '/dev/fd/6' with NULL argv: empty string added [ 283.515410][T13108] erofs (device erofs): cannot find valid erofs superblock [ 283.890044][ T5948] Bluetooth: hci3: unexpected event 0x01 length: 4 > 1 [ 283.974205][T13136] bridge6: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 284.597405][ T8159] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 284.749203][ T8159] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 284.753302][ T8159] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 284.756001][ T8159] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 284.759252][ T8159] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.763984][ T8159] usb 7-1: config 0 descriptor?? [ 284.767896][ T8159] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 284.771861][ T8159] dvb-usb: bulk message failed: -22 (3/0) [ 284.777635][ T8159] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 284.780743][ T8159] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 284.782857][ T8159] usb 7-1: media controller created [ 284.785550][ T8159] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 284.792244][ T8159] dvb-usb: bulk message failed: -22 (6/0) [ 284.794013][ T8159] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 284.799797][ T8159] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input9 [ 284.805393][ T8159] dvb-usb: schedule remote query interval to 150 msecs. [ 284.808618][ T8159] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 284.970740][ T35] dvb-usb: bulk message failed: -22 (1/0) [ 284.973244][ T35] dvb-usb: error while querying for an remote control event. [ 284.990161][T13152] dvb-usb: bulk message failed: -22 (2/0) [ 285.017034][ T5985] usb 7-1: USB disconnect, device number 5 [ 285.031685][ T5985] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 285.603981][T13175] fuse: Unknown parameter '' [ 285.817168][T13193] fuse: Unknown parameter '' [ 286.450763][ T5948] Bluetooth: hci3: unexpected event 0x01 length: 4 > 1 [ 286.524115][T13204] netlink: 'syz.2.1189': attribute type 21 has an invalid length. [ 286.532277][T13204] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1189'. [ 286.726078][T13216] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1191'. [ 286.729989][T13216] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1191'. [ 286.845757][T13221] batman_adv: batadv0: Adding interface: ip6gretap1 [ 286.849637][T13221] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 286.857255][T13221] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 287.827446][ T5985] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 287.960343][T13234] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 287.978960][ T5985] usb 6-1: Using ep0 maxpacket: 8 [ 287.982853][ T5985] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 287.985330][ T5985] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 287.991453][ T5985] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 287.994580][ T5985] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 288.000342][ T5985] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 288.004445][ T5985] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 288.008480][ T5985] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.233891][ T5985] usb 6-1: usb_control_msg returned -32 [ 288.239521][ T5985] usbtmc 6-1:16.0: can't read capabilities [ 288.514140][T13257] fuse: Unknown parameter '' [ 288.658288][T13259] usbtmc 6-1:16.0: usb_control_msg returned -32 [ 288.862108][ T5985] usb 6-1: USB disconnect, device number 4 [ 289.156814][ T5985] libceph: connect (1)[c::]:6789 error -101 [ 289.159886][ T5985] libceph: mon0 (1)[c::]:6789 connect error [ 289.195727][T13265] ceph: No mds server is up or the cluster is laggy [ 289.749062][T13282] erofs (device erofs): cannot find valid erofs superblock [ 290.163501][T13285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1206'. [ 290.168913][T13285] evm: overlay not supported [ 290.218394][T13287] netlink: 'syz.3.1208': attribute type 21 has an invalid length. [ 290.221671][T13287] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1208'. [ 290.815165][T13294] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 291.705398][T13352] 9pnet_fd: Insufficient options for proto=fd [ 291.789161][T13354] erofs (device erofs): cannot find valid erofs superblock [ 292.309998][T13364] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1220'. [ 292.315538][T13364] openvswitch: netlink: IP tunnel TTL not specified. [ 292.597344][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 293.077417][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 293.082482][ T9] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 293.088704][ T9] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 293.093111][ T9] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 293.096395][ T9] usb 5-1: config 250 has no interface number 0 [ 293.098632][ T9] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 293.103090][ T9] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 293.107520][ T9] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 293.110828][ T9] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 293.114208][ T9] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 293.119283][ T9] usb 5-1: config 250 interface 228 has no altsetting 0 [ 293.123156][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 293.128107][ T9] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 293.132134][ T9] usb 5-1: Product: syz [ 293.133501][ T9] usb 5-1: SerialNumber: syz [ 293.139847][ T9] hub 5-1:250.228: bad descriptor, ignoring hub [ 293.141768][ T9] hub 5-1:250.228: probe with driver hub failed with error -5 [ 293.338357][ T39] kauditd_printk_skb: 50 callbacks suppressed [ 293.338368][ T39] audit: type=1804 audit(1738127477.391:152): pid=13388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1228" name="/newroot/300/file1" dev="fuse" ino=1 res=1 errno=0 [ 293.339073][T13386] FAULT_INJECTION: forcing a failure. [ 293.339073][T13386] name failslab, interval 1, probability 0, space 0, times 0 [ 293.350348][T13386] CPU: 1 UID: 0 PID: 13386 Comm: syz.3.1228 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 293.350361][T13386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 293.350366][T13386] Call Trace: [ 293.350370][T13386] [ 293.350373][T13386] dump_stack_lvl+0x16c/0x1f0 [ 293.350390][T13386] should_fail_ex+0x50a/0x650 [ 293.350401][T13386] ? fs_reclaim_acquire+0xae/0x150 [ 293.350416][T13386] should_failslab+0xc2/0x120 [ 293.350427][T13386] __kmalloc_noprof+0xce/0x4f0 [ 293.350435][T13386] ? kasan_quarantine_put+0x10a/0x240 [ 293.350444][T13386] ? lockdep_hardirqs_on+0x7c/0x110 [ 293.350455][T13386] ? constrain_params_by_rules+0x176/0xca0 [ 293.350468][T13386] constrain_params_by_rules+0x176/0xca0 [ 293.350479][T13386] ? constrain_params_by_rules+0xa0e/0xca0 [ 293.350492][T13386] ? constrain_params_by_rules+0xa13/0xca0 [ 293.350504][T13386] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 293.350517][T13386] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 293.350531][T13386] ? snd_pcm_oss_change_params_locked+0x1376/0x3a50 [ 293.350543][T13386] ? snd_pcm_oss_make_ready+0xe6/0x1b0 [ 293.350553][T13386] ? snd_interval_refine+0x2fa/0x580 [ 293.350563][T13386] snd_pcm_hw_refine+0x7ec/0xad0 [ 293.350576][T13386] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 293.350589][T13386] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 293.350604][T13386] snd_pcm_hw_param_first+0x328/0x6b0 [ 293.350617][T13386] snd_pcm_hw_param_near.constprop.0+0x711/0x8f0 [ 293.350630][T13386] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 293.350640][T13386] ? kfree+0x2c4/0x4d0 [ 293.350647][T13386] ? calc_src_frames.isra.0+0x187/0x1d0 [ 293.350660][T13386] snd_pcm_oss_change_params_locked+0x1376/0x3a50 [ 293.350676][T13386] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 293.350687][T13386] ? __pfx___mutex_lock+0x10/0x10 [ 293.350703][T13386] ? snd_pcm_stream_unlock_irq+0x90/0xb0 [ 293.350715][T13386] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 293.350726][T13386] snd_pcm_oss_set_trigger.isra.0+0x211/0x6b0 [ 293.350736][T13386] ? lockdep_hardirqs_on+0x7c/0x110 [ 293.350748][T13386] snd_pcm_oss_poll+0x507/0xab0 [ 293.350757][T13386] ? lock_acquire+0x2f/0xb0 [ 293.350767][T13386] ? __pfx___pollwait+0x10/0x10 [ 293.350780][T13386] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 293.350793][T13386] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 293.350803][T13386] do_select+0xd88/0x17e0 [ 293.350819][T13386] ? __pfx_do_select+0x10/0x10 [ 293.350826][T13386] ? mark_lock+0xb5/0xc60 [ 293.350834][T13386] ? mark_lock+0xb5/0xc60 [ 293.350843][T13386] ? hlock_class+0x4e/0x130 [ 293.350854][T13386] ? __pfx___pollwait+0x10/0x10 [ 293.350868][T13386] ? __pfx_pollwake+0x10/0x10 [ 293.350883][T13386] ? __pfx_pollwake+0x10/0x10 [ 293.350891][T13386] ? __pfx_pollwake+0x10/0x10 [ 293.350900][T13386] ? __pfx_pollwake+0x10/0x10 [ 293.350919][T13386] ? compat_core_sys_select+0x1de/0x880 [ 293.350942][T13386] ? __pfx_lock_release+0x10/0x10 [ 293.350953][T13386] ? trace_lock_acquire+0x14e/0x1f0 [ 293.350964][T13386] ? compat_core_sys_select+0x687/0x880 [ 293.350971][T13386] compat_core_sys_select+0x687/0x880 [ 293.350982][T13386] ? __pfx_compat_core_sys_select+0x10/0x10 [ 293.350991][T13386] ? get_pid_task+0xfc/0x250 [ 293.351010][T13386] ? set_compat_user_sigmask+0x20f/0x2a0 [ 293.351021][T13386] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 293.351034][T13386] do_compat_pselect+0x202/0x240 [ 293.351043][T13386] ? __pfx_do_compat_pselect+0x10/0x10 [ 293.351056][T13386] __ia32_compat_sys_pselect6_time32+0x17c/0x240 [ 293.351067][T13386] ? __pfx___ia32_compat_sys_pselect6_time32+0x10/0x10 [ 293.351080][T13386] __do_fast_syscall_32+0x73/0x120 [ 293.351093][T13386] do_fast_syscall_32+0x32/0x80 [ 293.351105][T13386] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 293.351118][T13386] RIP: 0023:0xf7f57579 [ 293.351125][T13386] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 293.351134][T13386] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000134 [ 293.351142][T13386] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000200001c0 [ 293.351147][T13386] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000 [ 293.351155][T13386] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 293.351159][T13386] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 293.351164][T13386] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 293.351175][T13386] [ 293.352665][ T9] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 2 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 293.598087][ T35] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 293.624812][T13397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1231'. [ 293.683866][T13397] Cannot find add_set index 0 as target [ 293.748056][ T35] usb 6-1: Using ep0 maxpacket: 16 [ 293.758860][ T35] usb 6-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 29, changing to 8 [ 293.763802][ T35] usb 6-1: config 1 interface 0 has no altsetting 0 [ 293.772213][ T35] usb 6-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.40 [ 293.776387][ T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.780184][ T35] usb 6-1: Product: syz [ 293.782125][ T35] usb 6-1: Manufacturer: syz [ 293.784123][ T35] usb 6-1: SerialNumber: syz [ 293.874258][T13402] erofs (device erofs): cannot find valid erofs superblock [ 293.961240][T13369] usb 5-1: reset high-speed USB device number 2 using dummy_hcd [ 293.966754][T13369] usb 5-1: device reset changed ep0 maxpacket size! [ 293.974480][ T56] usb 5-1: USB disconnect, device number 2 [ 293.980220][ T56] usblp0: removed [ 294.010329][ T35] usbhid 6-1:1.0: can't add hid device: -71 [ 294.012815][ T35] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 294.017009][ T35] usb 6-1: USB disconnect, device number 5 [ 294.107410][ T56] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 294.257371][ T56] usb 5-1: Using ep0 maxpacket: 32 [ 294.286661][ T56] usb 5-1: unable to get BOS descriptor or descriptor too short [ 294.291324][ T56] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 294.294586][ T56] usb 5-1: can't read configurations, error -71 [ 294.605052][T13409] overlay: Unknown parameter 'ime [ 294.605052][T13409] string [ 294.605052][T13409] statistic [ 294.605052][T13409] state [ 294.605052][T13409] realm [ 294.605052][T13409] rateest [ 294.605052][T13409] quota [ 294.605052][T13409] pkttype [ 294.605052][T13409] physdev [ 294.605052][T13409] cgroup [ 294.605052][T13409] cgroup [ 294.605052][T13409] cgroup [ 294.605052][T13409] owner [ 294.605052][T13409] nfacct [ 294.605052][T13409] nfacct [ 294.605052][T13409] mac [ 294.605052][T13409] limit [ 294.605052][T13409] ipvs [ 294.605052][T13409] helper [ 294.605052][T13409] devgroup [ 294.605052][T13409] cpu [ 294.605052][T13409] conntrack [ 294.605052][T13409] conntrack [ 294.605052][T13409] conntrack [ 294.605052][T13409] connlabel [ 294.605052][T13409] connbytes [ 294.605052][T13409] comment [ 294.605052][T13409] bpf [ 294.605052][T13409] bpf [ 294.605052][T13409] connmark [ 294.605052][T13409] mark [ 294.605052][T13409] rpfilter [ 294.605052][T13409] ah [ 294.605052][T13409] tcpmss [ 294.605052][T13409] socket [ 294.605052][T13409] socket [ 294.605052][T13409] socket [ 294.605052][T13409] socket [ 294.605052][T13409] sctp [ 294.605052][T13409] recent [ 294.605052][T13409] recent [ 294.605052][T13409] policy [ 294.605052][T13409] osf [ 294.605052][T13409] multiport [ 294.605052][T13409] length [ 294.605052][T13409] l2tp [ 294.605052][T13409] iprange [ 294.605052][T13409] ipcomp [ 294.605052][T13409] ttl [ 294.605052][T13409] hashlimit [ 294.605052][T13409] hashlimit [ 294.605052][T13409] hashlimit [ 294.605052][T13409] esp [ 294.605052][T13409] ecn [ 294.605052][T13409] tos [ 294.605052][T13409] dscp [ 294.605052][T13409] dccp [ 294.605052][T13409] connlimit [ 294.605052][T13409] cluster [ 294.605052][T13409] addrtype [ 294.605052][T13409] addrtype [ 294.605052][T13409] set [ 294.605052][T13409] set [ 294.605052][T13409] set [ 294.605052][T13409] set [ 294.605052][T13409] set [ 294.605052][T13409] icmp [ 294.660618][ C2] vkms_vblank_simulate: vblank timer overrun [ 294.674198][ T5948] Bluetooth: hci0: unexpected event for opcode 0x0402 [ 294.725190][T13410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 294.756986][T13410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 294.763941][T13410] bond0 (unregistering): Released all slaves [ 294.830534][T13414] QAT: failed to copy from user cfg_data. [ 295.171262][T13425] blktrace: Concurrent blktraces are not allowed on sg0 [ 295.177976][T13425] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1236'. [ 295.901309][ T39] audit: type=1804 audit(1738127479.951:153): pid=13434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1242" name="/newroot/305/file1" dev="fuse" ino=1 res=1 errno=0 [ 296.243086][T13443] random: crng reseeded on system resumption [ 296.340177][T13439] Illegal XDP return value 4175141477 on prog (id 213) dev N/A, expect packet loss! [ 296.356863][T13439] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1244'. [ 296.370449][ T69] Bluetooth: hci4: Frame reassembly failed (-84) [ 296.375172][T13448] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 296.452655][T13452] netlink: zone id is out of range [ 296.454806][T13452] netlink: zone id is out of range [ 296.456865][T13452] netlink: zone id is out of range [ 296.460930][T13452] netlink: zone id is out of range [ 296.462522][T13452] netlink: zone id is out of range [ 296.464096][T13452] netlink: zone id is out of range [ 296.465648][T13452] netlink: zone id is out of range [ 296.467235][T13452] netlink: zone id is out of range [ 296.468899][T13452] netlink: zone id is out of range [ 297.439828][T13488] erofs (device erofs): cannot find valid erofs superblock [ 297.482937][T13489] blktrace: Concurrent blktraces are not allowed on sg0 [ 297.488011][T13489] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1255'. [ 298.437635][ T5938] Bluetooth: hci4: command 0x1003 tx timeout [ 298.441654][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 298.612117][T13504] FAULT_INJECTION: forcing a failure. [ 298.612117][T13504] name failslab, interval 1, probability 0, space 0, times 0 [ 298.615903][T13504] CPU: 1 UID: 0 PID: 13504 Comm: syz.1.1262 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 298.615916][T13504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 298.615921][T13504] Call Trace: [ 298.615924][T13504] [ 298.615928][T13504] dump_stack_lvl+0x16c/0x1f0 [ 298.615943][T13504] should_fail_ex+0x50a/0x650 [ 298.615954][T13504] ? fs_reclaim_acquire+0xae/0x150 [ 298.615968][T13504] should_failslab+0xc2/0x120 [ 298.615979][T13504] __kmalloc_noprof+0xce/0x4f0 [ 298.615989][T13504] ? d_absolute_path+0x137/0x1b0 [ 298.616000][T13504] ? tomoyo_encode2+0x100/0x3e0 [ 298.616011][T13504] tomoyo_encode2+0x100/0x3e0 [ 298.616021][T13504] tomoyo_realpath_from_path+0x1a7/0x710 [ 298.616034][T13504] tomoyo_path_number_perm+0x248/0x5b0 [ 298.616046][T13504] ? tomoyo_path_number_perm+0x235/0x5b0 [ 298.616059][T13504] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 298.616082][T13504] ? __pfx_lock_release+0x10/0x10 [ 298.616092][T13504] ? trace_lock_acquire+0x14e/0x1f0 [ 298.616102][T13504] ? lock_acquire+0x2f/0xb0 [ 298.616111][T13504] ? __fget_files+0x40/0x3a0 [ 298.616121][T13504] ? __fget_files+0x206/0x3a0 [ 298.616131][T13504] security_file_ioctl_compat+0x9b/0x240 [ 298.616141][T13504] __do_compat_sys_ioctl+0x4e/0x2c0 [ 298.616154][T13504] __do_fast_syscall_32+0x73/0x120 [ 298.616168][T13504] do_fast_syscall_32+0x32/0x80 [ 298.616179][T13504] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 298.616192][T13504] RIP: 0023:0xf7f54579 [ 298.616199][T13504] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 298.616207][T13504] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 298.616216][T13504] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000005523 [ 298.616221][T13504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 298.616226][T13504] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 298.616230][T13504] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 298.616235][T13504] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 298.616245][T13504] [ 298.616253][T13504] ERROR: Out of memory at tomoyo_realpath_from_path. [ 299.529549][T13513] sctp: [Deprecated]: syz.1.1264 (pid 13513) Use of int in maxseg socket option. [ 299.529549][T13513] Use struct sctp_assoc_value instead [ 299.652939][T13519] netlink: 'syz.0.1267': attribute type 21 has an invalid length. [ 299.655393][T13519] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1267'. [ 299.797341][ T5948] Bluetooth: hci3: command 0x0406 tx timeout [ 300.587665][ T39] audit: type=1804 audit(1738127484.641:154): pid=13536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1270" name="/newroot/320/file1" dev="fuse" ino=1 res=1 errno=0 [ 300.879498][T13537] erofs (device erofs): cannot find valid erofs superblock [ 300.947924][T13547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1274'. [ 301.159920][T13553] netlink: 'syz.0.1276': attribute type 21 has an invalid length. [ 301.163212][T13553] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1276'. [ 301.509627][T13559] blktrace: Concurrent blktraces are not allowed on sg0 [ 301.516316][T13559] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1277'. [ 301.844553][T13569] fuse: Bad value for 'user_id' [ 301.846071][T13569] fuse: Bad value for 'user_id' [ 303.497352][ T8] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 303.647346][ T8] usb 7-1: Using ep0 maxpacket: 8 [ 303.653271][ T8] usb 7-1: config index 0 descriptor too short (expected 5924, got 36) [ 303.655782][ T8] usb 7-1: config 250 has an invalid interface number: 228 but max is -1 [ 303.663728][ T8] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 303.673112][ T8] usb 7-1: config 250 has no interface number 0 [ 303.675200][ T8] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 303.683142][ T8] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 303.686383][ T8] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 303.690031][ T8] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 303.694151][ T8] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 303.705661][ T8] usb 7-1: config 250 interface 228 has no altsetting 0 [ 303.723738][ T8] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 303.726487][ T8] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 303.729328][ T8] usb 7-1: Product: syz [ 303.731276][ T8] usb 7-1: SerialNumber: syz [ 303.738379][ T8] hub 7-1:250.228: bad descriptor, ignoring hub [ 303.740378][ T8] hub 7-1:250.228: probe with driver hub failed with error -5 [ 303.983176][ T8] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 6 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 304.289350][ T8] usb 7-1: USB disconnect, device number 6 [ 304.304782][ T8] usblp0: removed [ 304.646874][T13647] fuse: Unknown parameter '' [ 304.657744][ T8] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 304.807766][ T8] usb 7-1: Using ep0 maxpacket: 32 [ 304.819245][ T8] usb 7-1: unable to get BOS descriptor or descriptor too short [ 304.823066][ T8] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 304.826151][ T8] usb 7-1: can't read configurations, error -71 [ 305.398118][T13657] FAULT_INJECTION: forcing a failure. [ 305.398118][T13657] name failslab, interval 1, probability 0, space 0, times 0 [ 305.403517][T13657] CPU: 3 UID: 0 PID: 13657 Comm: syz.3.1295 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 305.403538][T13657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 305.403549][T13657] Call Trace: [ 305.403554][T13657] [ 305.403561][T13657] dump_stack_lvl+0x16c/0x1f0 [ 305.403590][T13657] should_fail_ex+0x50a/0x650 [ 305.403609][T13657] ? fs_reclaim_acquire+0xae/0x150 [ 305.403638][T13657] should_failslab+0xc2/0x120 [ 305.403658][T13657] __kmalloc_node_noprof+0xd1/0x520 [ 305.403678][T13657] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 305.403694][T13657] ? lockdep_init_map_type+0x16d/0x7d0 [ 305.403719][T13657] __kvmalloc_node_noprof+0xad/0x1a0 [ 305.403737][T13657] bucket_table_alloc.isra.0+0x86/0x460 [ 305.403755][T13657] ? __raw_spin_lock_init+0x3a/0x110 [ 305.403785][T13657] rhashtable_init_noprof+0x43b/0x7d0 [ 305.403804][T13657] ? __init_waitqueue_head+0xca/0x150 [ 305.403832][T13657] rhltable_init_noprof+0x20/0x60 [ 305.403851][T13657] sta_info_init+0x5f/0x160 [ 305.403877][T13657] ieee80211_alloc_hw_nm+0x840/0x2260 [ 305.403893][T13657] ? __local_bh_enable_ip+0xa4/0x120 [ 305.403918][T13657] mac80211_hwsim_new_radio+0x201/0x56c0 [ 305.403942][T13657] ? do_fast_syscall_32+0x32/0x80 [ 305.403965][T13657] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 305.404009][T13657] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 305.404050][T13657] hwsim_new_radio_nl+0xb42/0x12b0 [ 305.404077][T13657] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 305.404110][T13657] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 305.404135][T13657] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 305.404164][T13657] genl_family_rcv_msg_doit+0x202/0x2f0 [ 305.404190][T13657] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 305.404213][T13657] ? trace_cap_capable+0x1a2/0x210 [ 305.404243][T13657] ? bpf_lsm_capable+0x9/0x10 [ 305.404265][T13657] ? security_capable+0x7e/0x260 [ 305.404289][T13657] ? ns_capable+0xd7/0x110 [ 305.404312][T13657] genl_rcv_msg+0x565/0x800 [ 305.404338][T13657] ? __pfx_genl_rcv_msg+0x10/0x10 [ 305.404361][T13657] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 305.404389][T13657] ? __pfx___lock_acquire+0x10/0x10 [ 305.404412][T13657] netlink_rcv_skb+0x165/0x410 [ 305.404432][T13657] ? __pfx_genl_rcv_msg+0x10/0x10 [ 305.404457][T13657] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 305.404488][T13657] ? down_read+0xc9/0x330 [ 305.404513][T13657] ? __pfx_down_read+0x10/0x10 [ 305.404537][T13657] ? netlink_deliver_tap+0x1ae/0xca0 [ 305.404562][T13657] genl_rcv+0x28/0x40 [ 305.404582][T13657] netlink_unicast+0x53c/0x7f0 [ 305.404606][T13657] ? __pfx_netlink_unicast+0x10/0x10 [ 305.404627][T13657] ? __phys_addr_symbol+0x30/0x80 [ 305.404652][T13657] ? __check_object_size+0x488/0x710 [ 305.404676][T13657] netlink_sendmsg+0x8b8/0xd70 [ 305.404701][T13657] ? __pfx_netlink_sendmsg+0x10/0x10 [ 305.404731][T13657] ____sys_sendmsg+0x9ae/0xb40 [ 305.404753][T13657] ? __pfx_____sys_sendmsg+0x10/0x10 [ 305.404772][T13657] ? get_compat_msghdr+0x11b/0x170 [ 305.404807][T13657] ___sys_sendmsg+0x135/0x1e0 [ 305.404833][T13657] ? __pfx____sys_sendmsg+0x10/0x10 [ 305.404868][T13657] ? __pfx_lock_release+0x10/0x10 [ 305.404885][T13657] ? trace_lock_acquire+0x14e/0x1f0 [ 305.404909][T13657] ? __fget_files+0x206/0x3a0 [ 305.404934][T13657] __sys_sendmsg+0x16e/0x220 [ 305.404958][T13657] ? __pfx___sys_sendmsg+0x10/0x10 [ 305.405000][T13657] __do_fast_syscall_32+0x73/0x120 [ 305.405026][T13657] do_fast_syscall_32+0x32/0x80 [ 305.405049][T13657] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 305.405074][T13657] RIP: 0023:0xf7f57579 [ 305.405087][T13657] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 305.405103][T13657] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 305.405119][T13657] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 305.405129][T13657] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 305.405138][T13657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 305.405147][T13657] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 305.405157][T13657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 305.405179][T13657] [ 305.819883][T13680] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1299'. [ 305.822858][T13680] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1299'. [ 307.305369][T13716] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1304'. [ 307.315264][T13716] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1304'. [ 308.903953][T13743] erofs (device erofs): cannot find valid erofs superblock [ 309.260724][T13750] binder: 13749:13750 ioctl 5000940b 20000540 returned -22 [ 309.303972][T13753] fuse: Unknown parameter '' [ 310.026102][T13760] netlink: 'syz.2.1318': attribute type 21 has an invalid length. [ 310.029383][T13760] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1318'. [ 310.288986][T13770] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1321'. [ 310.294935][T13770] net_ratelimit: 240 callbacks suppressed [ 310.294945][T13770] openvswitch: netlink: IP tunnel TTL not specified. [ 310.300576][T13768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1319'. [ 310.346864][T13776] blktrace: Concurrent blktraces are not allowed on sg0 [ 310.353763][T13776] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1317'. [ 310.737009][T13783] erofs (device erofs): cannot find valid erofs superblock [ 311.174270][T13794] netlink: 'syz.1.1327': attribute type 21 has an invalid length. [ 311.176799][T13794] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1327'. [ 311.240020][T13796] loop6: detected capacity change from 0 to 64 [ 311.242611][T13798] fuse: Unknown parameter '' [ 311.245908][ C0] blk_print_req_error: 7 callbacks suppressed [ 311.245917][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 1 [ 311.295139][ C2] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.298067][ C2] buffer_io_error: 7 callbacks suppressed [ 311.298074][ C2] Buffer I/O error on dev loop6, logical block 1, async page read [ 311.306467][ C3] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.309951][ C3] Buffer I/O error on dev loop6, logical block 1, async page read [ 311.314399][ C3] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.317193][ C3] Buffer I/O error on dev loop6, logical block 2, async page read [ 311.322946][ C3] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.326790][ C3] Buffer I/O error on dev loop6, logical block 2, async page read [ 311.330964][ C3] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.334737][ C3] Buffer I/O error on dev loop6, logical block 2, async page read [ 311.340463][ C3] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.343429][ C3] Buffer I/O error on dev loop6, logical block 2, async page read [ 311.347205][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.350097][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 311.352839][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.356293][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 311.361495][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 311.364454][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 311.368102][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 312.177214][T13816] erofs (device erofs): cannot find valid erofs superblock [ 312.303211][T13820] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1335'. [ 312.307462][T13820] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1335'. [ 313.153894][T13834] erofs (device erofs): cannot find valid erofs superblock [ 313.601710][T13842] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1340'. [ 313.607368][T13842] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1340'. [ 314.988060][T13885] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1348'. [ 315.282250][T13901] blktrace: Concurrent blktraces are not allowed on sg0 [ 315.289480][T13901] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1349'. [ 315.722758][T13916] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 315.943578][T13939] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1353'. [ 315.997936][T13935] blktrace: Concurrent blktraces are not allowed on sg0 [ 316.437367][ T30] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 316.592518][ T30] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 316.596232][ T30] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 316.602778][ T30] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 316.607072][ T30] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 316.610593][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.645975][ T30] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 316.659683][ T30] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 316.662823][ T30] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 316.699142][ T30] usb 5-1: Product: syz [ 316.700508][ T30] usb 5-1: Manufacturer: syz [ 316.730237][ T30] cdc_wdm 5-1:1.0: skipping garbage [ 316.731942][ T30] cdc_wdm 5-1:1.0: skipping garbage [ 316.740244][ T30] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 316.742164][ T30] cdc_wdm 5-1:1.0: Unknown control protocol [ 316.936355][ T30] usb 5-1: USB disconnect, device number 5 [ 316.957345][ T56] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 317.120293][ T56] usb 6-1: Using ep0 maxpacket: 32 [ 317.125687][ T56] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 317.148912][ T56] usb 6-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 317.152726][ T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.156050][ T56] usb 6-1: Product: syz [ 317.158831][ T56] usb 6-1: Manufacturer: syz [ 317.161271][ T56] usb 6-1: SerialNumber: syz [ 317.167257][ T56] usb 6-1: config 0 descriptor?? [ 317.170593][T13969] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 317.175412][ T56] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 317.437421][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 317.444237][T14017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1359'. [ 317.599005][ T9] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 317.601652][ T9] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 317.617920][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 317.620844][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 317.624178][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 317.629857][ T9] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 317.632601][ T9] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 317.635017][ T9] usb 5-1: Product: syz [ 317.636554][ T9] usb 5-1: Manufacturer: syz [ 317.644067][ T9] cdc_wdm 5-1:1.0: skipping garbage [ 317.645692][ T9] cdc_wdm 5-1:1.0: skipping garbage [ 317.648693][ T9] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 317.650531][ T9] cdc_wdm 5-1:1.0: Unknown control protocol [ 317.943930][T14029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1365'. [ 318.265220][T14053] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1367'. [ 318.268529][T14053] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1367'. [ 318.404363][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 318.407348][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 318.409942][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 318.412549][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 318.415719][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 318.418476][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 318.421235][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 318.423823][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 318.426263][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 318.428294][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 318.430272][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 318.433138][ T30] usb 5-1: USB disconnect, device number 6 [ 318.987372][ T5985] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 319.152032][ T5985] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 319.155543][ T5985] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 319.158631][ T5985] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 319.161438][ T5985] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.165833][T14056] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 319.175796][ T5985] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 319.492388][T14055] input: syz0 as /devices/virtual/input/input10 [ 319.720304][ T5936] Bluetooth: hci3: Invalid connection link type handle 0x00c9 [ 319.749244][ T63] usb 6-1: USB disconnect, device number 6 [ 320.007450][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 320.197624][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 320.201555][ T9] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 320.204025][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 320.209151][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 320.213220][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 320.217333][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 320.221407][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 320.225350][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 320.228366][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.233298][ T9] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 322.037642][ T56] usb 7-1: USB disconnect, device number 9 [ 322.073115][T14116] binder: 14114:14116 ioctl 5000940b 20000540 returned -22 [ 322.100179][T14112] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1375'. [ 322.109739][T14112] openvswitch: netlink: IP tunnel TTL not specified. [ 322.199025][T14125] overlayfs: failed to get index nlink (file1/bus, err=-61) [ 322.238604][T14125] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1378'. [ 322.734503][T14160] mmap: syz.2.1380 (14160) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 323.097597][ T63] usb 5-1: USB disconnect, device number 7 [ 323.204937][ T221] Bluetooth: hci4: Frame reassembly failed (-84) [ 323.260401][T14191] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 323.537346][ T63] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 323.698446][ T63] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 323.701786][ T63] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 323.704650][ T63] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 323.727309][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.733176][T14189] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 323.736594][ T63] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 323.875390][T14194] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 323.880292][ T1172] Bluetooth: hci5: Frame reassembly failed (-84) [ 324.016573][T14186] input: syz0 as /devices/virtual/input/input11 [ 325.237410][ T5936] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 325.237873][ T5938] Bluetooth: hci4: command 0x1003 tx timeout [ 325.907412][ T5948] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 326.155950][ T9] usb 5-1: USB disconnect, device number 8 [ 326.169188][T14207] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1391'. [ 326.175529][T14207] openvswitch: netlink: IP tunnel TTL not specified. [ 326.325464][T14217] fuse: Unknown parameter '' [ 326.412166][T14219] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 327.659278][T14243] fuse: Unknown parameter '' [ 327.909265][T14255] fuse: Unknown parameter '' [ 328.438449][ T5936] Bluetooth: hci4: command 0x1003 tx timeout [ 328.438668][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 328.867718][ T5985] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 328.984239][T14290] program syz.2.1404 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 329.022251][ T5985] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 329.031717][ T5985] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 329.034891][ T5985] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 329.038626][ T5985] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.052784][T14284] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 329.072007][ T5985] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 329.361943][T14280] input: syz0 as /devices/virtual/input/input12 [ 331.542453][ T35] usb 6-1: USB disconnect, device number 7 [ 332.071812][T14328] blktrace: Concurrent blktraces are not allowed on sg0 [ 332.076774][T14328] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1416'. [ 332.225340][T14332] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1417'. [ 332.357194][T14335] overlayfs: failed to resolve '/rt': -2 [ 332.609360][ T221] Bluetooth: hci4: Frame reassembly failed (-84) [ 332.612062][ T221] Bluetooth: hci4: Frame reassembly failed (-84) [ 332.623252][T14341] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 332.764755][T14345] erofs (device erofs): cannot find valid erofs superblock [ 334.053533][T14362] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 334.232523][T14372] blktrace: Concurrent blktraces are not allowed on sg0 [ 334.241495][T14372] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1426'. [ 334.445743][T14380] fuse: Unknown parameter '' [ 334.681755][ T5936] Bluetooth: hci4: command 0x1003 tx timeout [ 334.684848][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 338.171190][T14431] kvm: kvm [14414]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x20000000003 [ 338.505741][T14442] delete_channel: no stack [ 338.928313][T14452] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1450'. [ 339.057925][T14457] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.060371][T14457] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.103344][ T39] audit: type=1326 audit(1738127523.151:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14463 comm="syz.3.1454" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x0 [ 339.152729][T14438] delete_channel: no stack [ 339.264774][T14474] ubi0: attaching mtd0 [ 339.268800][T14474] ubi0: scanning is finished [ 339.270728][T14474] ubi0: empty MTD device detected [ 339.892365][T14474] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 339.895051][T14474] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 339.897758][T14474] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 339.900358][T14474] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 339.902900][T14474] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 339.906280][T14474] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 339.911435][T14474] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3132265289 [ 339.914744][T14474] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 339.919725][T14484] ubi0: background thread "ubi_bgt0d" started, PID 14484 [ 340.259908][T14495] netlink: 'syz.1.1460': attribute type 3 has an invalid length. [ 340.263235][T14495] netlink: 'syz.1.1460': attribute type 3 has an invalid length. [ 340.341392][ T69] Bluetooth: hci4: Frame reassembly failed (-84) [ 340.382277][T14501] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 341.108518][T14514] FAULT_INJECTION: forcing a failure. [ 341.108518][T14514] name failslab, interval 1, probability 0, space 0, times 0 [ 341.112585][T14514] CPU: 1 UID: 0 PID: 14514 Comm: syz.0.1465 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 341.112608][T14514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 341.112614][T14514] Call Trace: [ 341.112618][T14514] [ 341.112622][T14514] dump_stack_lvl+0x16c/0x1f0 [ 341.112638][T14514] should_fail_ex+0x50a/0x650 [ 341.112649][T14514] ? fs_reclaim_acquire+0xae/0x150 [ 341.112663][T14514] ? snd_seq_prioq_new+0x3f/0x110 [ 341.112676][T14514] should_failslab+0xc2/0x120 [ 341.112688][T14514] __kmalloc_cache_noprof+0x68/0x420 [ 341.112700][T14514] snd_seq_prioq_new+0x3f/0x110 [ 341.112712][T14514] snd_seq_queue_alloc+0x153/0x550 [ 341.112725][T14514] snd_seq_ioctl_create_queue+0xa9/0x310 [ 341.112735][T14514] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 341.112745][T14514] alloc_seq_queue+0xc2/0x160 [ 341.112755][T14514] ? __pfx_alloc_seq_queue+0x10/0x10 [ 341.112771][T14514] ? mark_held_locks+0x9f/0xe0 [ 341.112782][T14514] ? _raw_spin_unlock_irq+0x23/0x50 [ 341.112794][T14514] snd_seq_oss_open+0x38c/0xa20 [ 341.112806][T14514] odev_open+0x6f/0x90 [ 341.112813][T14514] ? __pfx_odev_open+0x10/0x10 [ 341.112822][T14514] soundcore_open+0x409/0x580 [ 341.112832][T14514] ? __pfx_soundcore_open+0x10/0x10 [ 341.112841][T14514] chrdev_open+0x237/0x6a0 [ 341.112851][T14514] ? __pfx_apparmor_file_open+0x10/0x10 [ 341.112865][T14514] ? __pfx_chrdev_open+0x10/0x10 [ 341.112875][T14514] ? file_set_fsnotify_mode+0x163/0x5d0 [ 341.112890][T14514] do_dentry_open+0x735/0x1c40 [ 341.112898][T14514] ? __pfx_chrdev_open+0x10/0x10 [ 341.112908][T14514] ? inode_permission+0xdd/0x5f0 [ 341.112921][T14514] vfs_open+0x82/0x3f0 [ 341.112931][T14514] ? may_open+0x1f2/0x400 [ 341.112943][T14514] path_openat+0x1e88/0x2d80 [ 341.112957][T14514] ? __pfx_path_openat+0x10/0x10 [ 341.112965][T14514] ? __pfx___lock_acquire+0x10/0x10 [ 341.112974][T14514] ? lock_acquire.part.0+0x11b/0x380 [ 341.112983][T14514] ? find_held_lock+0x2d/0x110 [ 341.112998][T14514] do_filp_open+0x20c/0x470 [ 341.113007][T14514] ? __pfx_do_filp_open+0x10/0x10 [ 341.113015][T14514] ? find_held_lock+0x2d/0x110 [ 341.113035][T14514] ? alloc_fd+0x41f/0x760 [ 341.113048][T14514] do_sys_openat2+0x17a/0x1e0 [ 341.113059][T14514] ? __pfx_do_sys_openat2+0x10/0x10 [ 341.113071][T14514] ? __fget_files+0x206/0x3a0 [ 341.113082][T14514] __ia32_compat_sys_openat+0x16e/0x210 [ 341.113094][T14514] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 341.113105][T14514] ? ksys_write+0x1ba/0x250 [ 341.113117][T14514] __do_fast_syscall_32+0x73/0x120 [ 341.113130][T14514] do_fast_syscall_32+0x32/0x80 [ 341.113147][T14514] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 341.113161][T14514] RIP: 0023:0xf7f70579 [ 341.113168][T14514] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 341.113176][T14514] RSP: 002b:00000000f505455c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 341.113184][T14514] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000040 [ 341.113189][T14514] RDX: 0000000000008002 RSI: 0000000000000000 RDI: 0000000000000000 [ 341.113194][T14514] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 341.113199][T14514] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 341.113203][T14514] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 341.113214][T14514] [ 341.215422][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.210074][ T8159] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 342.357471][ T5948] Bluetooth: hci4: command 0x1003 tx timeout [ 342.361107][ T5936] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 342.369322][ T8159] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 342.380167][ T8159] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 342.384067][ T8159] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 342.403571][ T8159] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.407717][T14525] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 342.412550][ T8159] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 342.485318][T14530] input: syz1 as /devices/virtual/input/input13 [ 342.592140][T14528] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 343.422659][T14524] input: syz0 as /devices/virtual/input/input14 [ 343.987669][ T57] usb 5-1: USB disconnect, device number 9 [ 343.998726][T14558] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1475'. [ 344.004542][T14558] nbd: illegal input index 65508 [ 344.103077][T14562] FAULT_INJECTION: forcing a failure. [ 344.103077][T14562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 344.107044][T14562] CPU: 3 UID: 0 PID: 14562 Comm: syz.2.1477 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 344.107059][T14562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 344.107064][T14562] Call Trace: [ 344.107067][T14562] [ 344.107071][T14562] dump_stack_lvl+0x16c/0x1f0 [ 344.107087][T14562] should_fail_ex+0x50a/0x650 [ 344.107099][T14562] _copy_to_user+0x32/0xd0 [ 344.107111][T14562] sg_ioctl+0x1e63/0x26c0 [ 344.107124][T14562] ? __pfx_sg_ioctl+0x10/0x10 [ 344.107134][T14562] ? __pfx_lock_release+0x10/0x10 [ 344.107144][T14562] ? trace_lock_acquire+0x14e/0x1f0 [ 344.107156][T14562] ? __fget_files+0x206/0x3a0 [ 344.107166][T14562] ? __pfx_sg_ioctl+0x10/0x10 [ 344.107175][T14562] compat_ptr_ioctl+0x6b/0xa0 [ 344.107187][T14562] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 344.107198][T14562] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 344.107210][T14562] __do_fast_syscall_32+0x73/0x120 [ 344.107223][T14562] do_fast_syscall_32+0x32/0x80 [ 344.107235][T14562] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 344.107249][T14562] RIP: 0023:0xf7f15579 [ 344.107256][T14562] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 344.107277][T14562] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 344.107285][T14562] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000002286 [ 344.107290][T14562] RDX: 0000000020007f40 RSI: 0000000000000000 RDI: 0000000000000000 [ 344.107296][T14562] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 344.107300][T14562] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 344.107305][T14562] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 344.107315][T14562] [ 344.657511][T14581] input: syz0 as /devices/virtual/input/input16 [ 344.882147][ T39] audit: type=1326 audit(1738127528.931:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14586 comm="syz.3.1482" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x0 [ 345.057083][T14590] ubi: mtd0 is already attached to ubi0 [ 345.111235][T14593] ebtables: wrong size: *len 120, entries_size 48, replsz 48 [ 345.512328][T14611] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1485'. [ 345.515348][T14611] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1485'. [ 345.520487][T14611] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 346.942588][ T39] audit: type=1326 audit(1738127530.991:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14694 comm="syz.2.1495" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x0 [ 347.040945][T14712] netlink: 'syz.1.1499': attribute type 21 has an invalid length. [ 347.044184][T14712] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1499'. [ 347.047079][T14710] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1498'. [ 347.051648][T14710] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1498'. [ 347.055257][T14710] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 347.121000][T14718] ubi: mtd0 is already attached to ubi0 [ 347.421677][T14735] block device autoloading is deprecated and will be removed. [ 347.425420][T14733] FAULT_INJECTION: forcing a failure. [ 347.425420][T14733] name failslab, interval 1, probability 0, space 0, times 0 [ 347.429622][T14733] CPU: 3 UID: 0 PID: 14733 Comm: syz.3.1506 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 347.429634][T14733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 347.429639][T14733] Call Trace: [ 347.429642][T14733] [ 347.429646][T14733] dump_stack_lvl+0x16c/0x1f0 [ 347.429661][T14733] should_fail_ex+0x50a/0x650 [ 347.429671][T14733] ? fs_reclaim_acquire+0xae/0x150 [ 347.429686][T14733] should_failslab+0xc2/0x120 [ 347.429696][T14733] __kmalloc_noprof+0xce/0x4f0 [ 347.429718][T14733] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 347.429731][T14733] ? tomoyo_realpath_from_path+0xbf/0x710 [ 347.429743][T14733] tomoyo_realpath_from_path+0xbf/0x710 [ 347.429753][T14733] ? tomoyo_path_number_perm+0x235/0x5b0 [ 347.429768][T14733] tomoyo_path_number_perm+0x248/0x5b0 [ 347.429780][T14733] ? tomoyo_path_number_perm+0x235/0x5b0 [ 347.429794][T14733] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 347.429817][T14733] ? __pfx_lock_release+0x10/0x10 [ 347.429827][T14733] ? trace_lock_acquire+0x14e/0x1f0 [ 347.429836][T14733] ? lock_acquire+0x2f/0xb0 [ 347.429845][T14733] ? __fget_files+0x40/0x3a0 [ 347.429856][T14733] ? __fget_files+0x206/0x3a0 [ 347.429867][T14733] security_file_ioctl_compat+0x9b/0x240 [ 347.429877][T14733] __do_compat_sys_ioctl+0x4e/0x2c0 [ 347.429891][T14733] __do_fast_syscall_32+0x73/0x120 [ 347.429905][T14733] do_fast_syscall_32+0x32/0x80 [ 347.429917][T14733] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.429931][T14733] RIP: 0023:0xf7f57579 [ 347.429938][T14733] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 347.429946][T14733] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 347.429955][T14733] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000935 [ 347.429960][T14733] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 347.429964][T14733] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 347.429969][T14733] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 347.429973][T14733] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.429984][T14733] [ 347.430043][T14733] ERROR: Out of memory at tomoyo_realpath_from_path. [ 347.902696][T14746] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1511'. [ 347.905504][T14746] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1511'. [ 347.965968][T14753] fuse: Unknown parameter '' [ 348.063870][T14756] block device autoloading is deprecated and will be removed. [ 348.124298][T14763] FAULT_INJECTION: forcing a failure. [ 348.124298][T14763] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 348.130005][T14763] CPU: 0 UID: 0 PID: 14763 Comm: syz.0.1516 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 348.130026][T14763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 348.130035][T14763] Call Trace: [ 348.130040][T14763] [ 348.130046][T14763] dump_stack_lvl+0x16c/0x1f0 [ 348.130072][T14763] should_fail_ex+0x50a/0x650 [ 348.130094][T14763] _copy_from_user+0x2e/0xd0 [ 348.130122][T14763] __sys_bpf+0x215/0x57a0 [ 348.130143][T14763] ? __pfx_lock_release+0x10/0x10 [ 348.130164][T14763] ? __pfx___sys_bpf+0x10/0x10 [ 348.130181][T14763] ? vfs_write+0x306/0x1150 [ 348.130202][T14763] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 348.130236][T14763] ? fput+0x67/0x440 [ 348.130255][T14763] ? ksys_write+0x1ba/0x250 [ 348.130270][T14763] ? __pfx_ksys_write+0x10/0x10 [ 348.130290][T14763] __ia32_sys_bpf+0x76/0xe0 [ 348.130313][T14763] __do_fast_syscall_32+0x73/0x120 [ 348.130354][T14763] do_fast_syscall_32+0x32/0x80 [ 348.130375][T14763] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 348.130401][T14763] RIP: 0023:0xf7f70579 [ 348.130433][T14763] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 348.130448][T14763] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 348.130463][T14763] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600 [ 348.130473][T14763] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 348.130481][T14763] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 348.130490][T14763] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 348.130499][T14763] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 348.130520][T14763] [ 348.142910][T14755] "syz.2.1510" (14755) uses obsolete ecb(arc4) skcipher [ 348.171058][T14744] netlink: 'syz.2.1510': attribute type 10 has an invalid length. [ 348.196278][T14744] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1510'. [ 348.211428][ T39] audit: type=1326 audit(1738127532.261:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14765 comm="syz.1.1517" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x0 [ 348.248382][T14771] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1519'. [ 348.316947][T14773] ubi: mtd0 is already attached to ubi0 [ 348.485799][T14777] FAULT_INJECTION: forcing a failure. [ 348.485799][T14777] name failslab, interval 1, probability 0, space 0, times 0 [ 348.490734][T14777] CPU: 1 UID: 0 PID: 14777 Comm: syz.2.1520 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 348.490748][T14777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 348.490753][T14777] Call Trace: [ 348.490756][T14777] [ 348.490760][T14777] dump_stack_lvl+0x16c/0x1f0 [ 348.490776][T14777] should_fail_ex+0x50a/0x650 [ 348.490787][T14777] ? fs_reclaim_acquire+0xae/0x150 [ 348.490801][T14777] should_failslab+0xc2/0x120 [ 348.490812][T14777] __kmalloc_noprof+0xce/0x4f0 [ 348.490822][T14777] ? lsm_blob_alloc+0x68/0x90 [ 348.490836][T14777] lsm_blob_alloc+0x68/0x90 [ 348.490846][T14777] security_sb_alloc+0x28/0x230 [ 348.490858][T14777] alloc_super+0x245/0xbd0 [ 348.490866][T14777] ? lock_acquire+0x2f/0xb0 [ 348.490878][T14777] ? __pfx_test_keyed_super+0x10/0x10 [ 348.490889][T14777] sget_fc+0x116/0xb90 [ 348.490896][T14777] ? __pfx_set_anon_super_fc+0x10/0x10 [ 348.490909][T14777] ? __pfx_nfsd_fill_super+0x10/0x10 [ 348.490921][T14777] get_tree_keyed+0x59/0x1d0 [ 348.490929][T14777] vfs_get_tree+0x8b/0x340 [ 348.490941][T14777] path_mount+0x6e1/0x1f00 [ 348.490951][T14777] ? kmem_cache_free+0x2e2/0x4d0 [ 348.490960][T14777] ? __pfx_path_mount+0x10/0x10 [ 348.490971][T14777] ? putname+0x13c/0x180 [ 348.490983][T14777] __ia32_sys_mount+0x28d/0x310 [ 348.490993][T14777] ? __pfx___ia32_sys_mount+0x10/0x10 [ 348.491006][T14777] __do_fast_syscall_32+0x73/0x120 [ 348.491019][T14777] do_fast_syscall_32+0x32/0x80 [ 348.491030][T14777] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 348.491049][T14777] RIP: 0023:0xf7f15579 [ 348.491056][T14777] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 348.491064][T14777] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 348.491073][T14777] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000040 [ 348.491078][T14777] RDX: 0000000020000000 RSI: 000000000000840d RDI: 0000000000000000 [ 348.491083][T14777] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 348.491088][T14777] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 348.491093][T14777] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 348.491103][T14777] [ 348.566231][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.073582][T14787] tty tty22: ldisc open failed (-12), clearing slot 21 [ 349.252212][T14793] FAULT_INJECTION: forcing a failure. [ 349.252212][T14793] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 349.258082][T14793] CPU: 3 UID: 0 PID: 14793 Comm: syz.0.1526 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 349.258103][T14793] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 349.258113][T14793] Call Trace: [ 349.258117][T14793] [ 349.258124][T14793] dump_stack_lvl+0x16c/0x1f0 [ 349.258151][T14793] should_fail_ex+0x50a/0x650 [ 349.258168][T14793] ? __pfx___might_resched+0x10/0x10 [ 349.258193][T14793] should_fail_alloc_page+0xe7/0x130 [ 349.258216][T14793] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 349.258243][T14793] ? register_lock_class+0xb1/0x1240 [ 349.258265][T14793] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 349.258297][T14793] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 349.258322][T14793] ? hlock_class+0x4e/0x130 [ 349.258346][T14793] ? mark_lock+0xb5/0xc60 [ 349.258372][T14793] ? mark_lock+0xb5/0xc60 [ 349.258422][T14793] ? hlock_class+0x4e/0x130 [ 349.258452][T14793] ? __pfx_mark_lock+0x10/0x10 [ 349.258475][T14793] ? page_ext_put+0x3e/0xd0 [ 349.258491][T14793] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 349.258515][T14793] ? policy_nodemask+0xea/0x4e0 [ 349.258537][T14793] alloc_pages_mpol+0x1fc/0x540 [ 349.258558][T14793] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 349.258586][T14793] alloc_pages_noprof+0x131/0x390 [ 349.258607][T14793] pte_alloc_one+0x20/0x390 [ 349.258630][T14793] __pte_alloc+0x6e/0x3d0 [ 349.258654][T14793] ? __pfx___pte_alloc+0x10/0x10 [ 349.258679][T14793] ? find_held_lock+0x2d/0x110 [ 349.258706][T14793] do_pte_missing+0x2828/0x3e10 [ 349.258733][T14793] __handle_mm_fault+0x1166/0x2c60 [ 349.258756][T14793] ? __pfx___handle_mm_fault+0x10/0x10 [ 349.258772][T14793] ? __lock_acquire+0x15a9/0x3c40 [ 349.258813][T14793] handle_mm_fault+0x3fa/0xaa0 [ 349.258835][T14793] __get_user_pages+0x773/0x36f0 [ 349.258861][T14793] ? __pfx___get_user_pages+0x10/0x10 [ 349.258876][T14793] ? down_read_killable+0xcc/0x380 [ 349.258898][T14793] ? __pfx_down_read_killable+0x10/0x10 [ 349.258921][T14793] ? mark_lock+0xb5/0xc60 [ 349.258936][T14793] ? __pfx___lock_acquire+0x10/0x10 [ 349.258956][T14793] __gup_longterm_locked+0x211/0x1870 [ 349.258978][T14793] ? __pfx___gup_longterm_locked+0x10/0x10 [ 349.258993][T14793] ? gup_fast_fallback+0x1218/0x2690 [ 349.259010][T14793] ? __pfx_lock_release+0x10/0x10 [ 349.259030][T14793] ? sanity_check_pinned_pages+0x23/0x11e0 [ 349.259049][T14793] gup_fast_fallback+0x1802/0x2690 [ 349.259079][T14793] ? __pfx_gup_fast_fallback+0x10/0x10 [ 349.259105][T14793] pin_user_pages_fast+0xa8/0x100 [ 349.259122][T14793] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 349.259144][T14793] iov_iter_extract_pages+0x3a5/0x2010 [ 349.259167][T14793] ? wp384_final+0x11/0xe0 [ 349.259192][T14793] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 349.259213][T14793] ? mark_held_locks+0x9f/0xe0 [ 349.259243][T14793] extract_iter_to_sg+0xf74/0x20b0 [ 349.259261][T14793] ? crypto_blake2b_update_generic+0x1cb/0x2e0 [ 349.259290][T14793] ? __pfx_extract_iter_to_sg+0x10/0x10 [ 349.259305][T14793] ? gup_put_folio+0x71/0x2a0 [ 349.259321][T14793] ? __pfx_unpin_user_page+0x10/0x10 [ 349.259341][T14793] ? af_alg_free_sg+0xa1/0x260 [ 349.259360][T14793] hash_sendmsg+0x43b/0x1180 [ 349.259395][T14793] sock_write_iter+0x4fe/0x5b0 [ 349.259414][T14793] ? __pfx_sock_write_iter+0x10/0x10 [ 349.259442][T14793] ? rw_verify_area+0xcf/0x680 [ 349.259469][T14793] vfs_write+0x5ae/0x1150 [ 349.259484][T14793] ? __pfx_sock_write_iter+0x10/0x10 [ 349.259505][T14793] ? __pfx_vfs_write+0x10/0x10 [ 349.259522][T14793] ? __fget_files+0x40/0x3a0 [ 349.259550][T14793] ksys_write+0x207/0x250 [ 349.259567][T14793] ? __pfx_ksys_write+0x10/0x10 [ 349.259593][T14793] __do_fast_syscall_32+0x73/0x120 [ 349.259621][T14793] do_fast_syscall_32+0x32/0x80 [ 349.259645][T14793] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 349.259670][T14793] RIP: 0023:0xf7f70579 [ 349.259682][T14793] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 349.259697][T14793] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 349.259713][T14793] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000040 [ 349.259724][T14793] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000000 [ 349.259734][T14793] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 349.259744][T14793] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 349.259754][T14793] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 349.259778][T14793] [ 349.477434][ T8159] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 349.551178][T14799] __nla_validate_parse: 4 callbacks suppressed [ 349.551189][T14799] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1529'. [ 349.558960][T14799] openvswitch: netlink: IP tunnel TTL not specified. [ 349.640003][ T8159] usb 6-1: Using ep0 maxpacket: 8 [ 349.647467][ T8159] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 349.662038][ T8159] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 349.666517][ T8159] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 349.675267][ T8159] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 349.680173][ T8159] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.692817][ T8159] usbtmc 6-1:16.0: bulk endpoints not found [ 349.987573][T14824] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1531'. [ 349.990553][T14824] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1531'. [ 350.411794][T14853] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 351.137081][ T5936] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 351.174211][T14887] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1539'. [ 351.315032][T14894] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 351.319250][ T69] Bluetooth: hci4: Frame reassembly failed (-84) [ 351.415018][T14897] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 352.144677][ T56] usb 6-1: USB disconnect, device number 8 [ 352.578337][ T56] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 352.729216][T14925] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 352.729216][T14925] program syz.2.1549 not setting count and/or reply_len properly [ 352.739333][ T56] usb 6-1: config 0 has no interfaces? [ 352.741771][ T56] usb 6-1: New USB device found, idVendor=0ac8, idProduct=332d, bcdDevice=8a.82 [ 352.745708][ T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.751038][ T56] usb 6-1: config 0 descriptor?? [ 352.938460][T14927] fuse: Unknown parameter '' [ 352.956626][ T56] usb 6-1: USB disconnect, device number 9 [ 353.317549][ T5936] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 354.116604][T14946] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1556'. [ 354.413295][T14954] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1559'. [ 354.420769][T14954] input: syz1 as /devices/virtual/input/input18 [ 354.469804][T14958] netlink: 'syz.2.1561': attribute type 18 has an invalid length. [ 354.495298][T14958] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 354.499126][T14958] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 354.502693][T14958] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 354.506123][T14958] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 354.649275][T14960] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1562'. [ 354.661120][T14960] openvswitch: netlink: IP tunnel TTL not specified. [ 354.990572][T14970] loop6: detected capacity change from 0 to 524287999 [ 354.992894][ C3] blk_print_req_error: 9 callbacks suppressed [ 354.992902][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 354.997585][ C3] buffer_io_error: 8 callbacks suppressed [ 354.997592][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.002403][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.005130][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.010940][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.013793][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.016154][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.018903][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.021669][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.024415][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.026947][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.029740][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.032801][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.035549][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.038732][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.041496][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.044079][T14970] ldm_validate_partition_table(): Disk read failed. [ 355.046166][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.048935][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.051732][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 355.055557][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 355.061017][T14970] Dev loop6: unable to read RDB block 0 [ 355.063433][T14970] loop6: unable to read partition table [ 355.065235][T14970] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 355.622704][T14995] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 355.622704][T14995] program syz.0.1570 not setting count and/or reply_len properly [ 357.274082][T15051] blktrace: Concurrent blktraces are not allowed on sg0 [ 357.278975][T15051] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1580'. [ 357.499633][T15060] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1582'. [ 357.504774][T15060] openvswitch: netlink: IP tunnel TTL not specified. [ 358.403063][T15080] FAULT_INJECTION: forcing a failure. [ 358.403063][T15080] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 358.407947][T15080] CPU: 3 UID: 0 PID: 15080 Comm: syz.3.1589 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 358.407959][T15080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 358.407964][T15080] Call Trace: [ 358.407967][T15080] [ 358.407971][T15080] dump_stack_lvl+0x16c/0x1f0 [ 358.407988][T15080] should_fail_ex+0x50a/0x650 [ 358.408000][T15080] _copy_to_user+0x32/0xd0 [ 358.408012][T15080] simple_read_from_buffer+0xd0/0x160 [ 358.408027][T15080] proc_fail_nth_read+0x198/0x270 [ 358.408039][T15080] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 358.408052][T15080] ? rw_verify_area+0xcf/0x680 [ 358.408064][T15080] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 358.408075][T15080] vfs_read+0x1df/0xbf0 [ 358.408083][T15080] ? __fget_files+0x1fc/0x3a0 [ 358.408093][T15080] ? __pfx___mutex_lock+0x10/0x10 [ 358.408105][T15080] ? __pfx_vfs_read+0x10/0x10 [ 358.408116][T15080] ? __fget_files+0x206/0x3a0 [ 358.408128][T15080] ksys_read+0x12b/0x250 [ 358.408135][T15080] ? __pfx_ksys_read+0x10/0x10 [ 358.408146][T15080] __do_fast_syscall_32+0x73/0x120 [ 358.408159][T15080] do_fast_syscall_32+0x32/0x80 [ 358.408171][T15080] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 358.408189][T15080] RIP: 0023:0xf7f57579 [ 358.408197][T15080] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 358.408205][T15080] RSP: 002b:00000000f5055590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 358.408213][T15080] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f5055620 [ 358.408219][T15080] RDX: 000000000000000f RSI: 00000000f73dcff4 RDI: 0000000000000000 [ 358.408224][T15080] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 358.408228][T15080] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 358.408233][T15080] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 358.408243][T15080] [ 358.598853][T15085] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1591'. [ 358.603402][T15085] openvswitch: netlink: IP tunnel TTL not specified. [ 358.723742][ T39] audit: type=1326 audit(1738127542.771:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15094 comm="syz.2.1596" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x0 [ 358.874558][T15101] ubi: mtd0 is already attached to ubi0 [ 359.773534][T15110] fuse: Unknown parameter '' [ 359.888500][T15111] FAULT_INJECTION: forcing a failure. [ 359.888500][T15111] name failslab, interval 1, probability 0, space 0, times 0 [ 359.892392][T15111] CPU: 3 UID: 0 PID: 15111 Comm: syz.2.1599 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 359.892404][T15111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 359.892419][T15111] Call Trace: [ 359.892423][T15111] [ 359.892427][T15111] dump_stack_lvl+0x16c/0x1f0 [ 359.892443][T15111] should_fail_ex+0x50a/0x650 [ 359.892455][T15111] should_failslab+0xc2/0x120 [ 359.892467][T15111] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 359.892477][T15111] ? skb_clone+0x190/0x3f0 [ 359.892493][T15111] skb_clone+0x190/0x3f0 [ 359.892505][T15111] netlink_deliver_tap+0xafd/0xca0 [ 359.892519][T15111] netlink_unicast+0x5e1/0x7f0 [ 359.892531][T15111] ? __pfx_netlink_unicast+0x10/0x10 [ 359.892542][T15111] ? __phys_addr_symbol+0x30/0x80 [ 359.892555][T15111] ? __check_object_size+0x488/0x710 [ 359.892568][T15111] netlink_sendmsg+0x8b8/0xd70 [ 359.892581][T15111] ? __pfx_netlink_sendmsg+0x10/0x10 [ 359.892596][T15111] ____sys_sendmsg+0x9ae/0xb40 [ 359.892606][T15111] ? __pfx_____sys_sendmsg+0x10/0x10 [ 359.892616][T15111] ? get_compat_msghdr+0x11b/0x170 [ 359.892632][T15111] ___sys_sendmsg+0x135/0x1e0 [ 359.892645][T15111] ? __pfx____sys_sendmsg+0x10/0x10 [ 359.892663][T15111] ? __pfx_lock_release+0x10/0x10 [ 359.892673][T15111] ? trace_lock_acquire+0x14e/0x1f0 [ 359.892685][T15111] ? __fget_files+0x206/0x3a0 [ 359.892698][T15111] __sys_sendmsg+0x16e/0x220 [ 359.892711][T15111] ? __pfx___sys_sendmsg+0x10/0x10 [ 359.892731][T15111] __do_fast_syscall_32+0x73/0x120 [ 359.892745][T15111] do_fast_syscall_32+0x32/0x80 [ 359.892757][T15111] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 359.892771][T15111] RIP: 0023:0xf7f15579 [ 359.892778][T15111] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 359.892786][T15111] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 359.892794][T15111] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000000 [ 359.892800][T15111] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 359.892804][T15111] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 359.892809][T15111] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 359.892814][T15111] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 359.892824][T15111] [ 360.455463][T15122] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 360.457567][T15122] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 360.463143][T15122] vhci_hcd vhci_hcd.0: Device attached [ 360.467904][T15123] vhci_hcd: unknown pdu 2 [ 360.473613][ T92] vhci_hcd: stop threads [ 360.475419][ T92] vhci_hcd: release socket [ 360.477097][ T92] vhci_hcd: disconnect device [ 360.517940][T15126] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ULvyآDUDw}z [ 360.924617][T15151] kAFS: unable to lookup cell 'sy>7 O-z1' [ 361.787680][T15122] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 361.790027][T15122] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 361.795367][T15122] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 361.797586][T15122] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 361.805240][T15122] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 361.807148][T15122] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 361.810310][T15122] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 361.812341][T15122] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 361.850426][T15157] blktrace: Concurrent blktraces are not allowed on sg0 [ 361.854969][T15157] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1609'. [ 362.587570][T15173] fuse: Unknown parameter '' [ 362.597344][ T5936] Bluetooth: hci0: command 0x0406 tx timeout [ 363.877426][ T5936] Bluetooth: hci3: command 0x0406 tx timeout [ 363.877527][ T5948] Bluetooth: hci2: command 0x0406 tx timeout [ 363.879272][ T5936] Bluetooth: hci1: command 0x0406 tx timeout [ 364.317909][T15204] FAULT_INJECTION: forcing a failure. [ 364.317909][T15204] name failslab, interval 1, probability 0, space 0, times 0 [ 364.321650][T15204] CPU: 3 UID: 0 PID: 15204 Comm: syz.3.1620 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 364.321663][T15204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 364.321669][T15204] Call Trace: [ 364.321672][T15204] [ 364.321676][T15204] dump_stack_lvl+0x16c/0x1f0 [ 364.321691][T15204] should_fail_ex+0x50a/0x650 [ 364.321702][T15204] ? fs_reclaim_acquire+0xae/0x150 [ 364.321716][T15204] ? __request_module+0x2c6/0x6c0 [ 364.321726][T15204] should_failslab+0xc2/0x120 [ 364.321737][T15204] __kmalloc_cache_noprof+0x68/0x420 [ 364.321746][T15204] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 364.321757][T15204] ? lockdep_hardirqs_on+0x7c/0x110 [ 364.321768][T15204] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 364.321779][T15204] __request_module+0x2c6/0x6c0 [ 364.321788][T15204] ? rtnl_newlink+0x133c/0x1d70 [ 364.321800][T15204] ? __pfx___request_module+0x10/0x10 [ 364.321810][T15204] ? find_held_lock+0x2d/0x110 [ 364.321827][T15204] ? lock_acquire+0x2f/0xb0 [ 364.321836][T15204] ? rtnl_link_ops_get+0x35/0x2c0 [ 364.321850][T15204] rtnl_newlink+0x133c/0x1d70 [ 364.321861][T15204] ? hlock_class+0x4e/0x130 [ 364.321872][T15204] ? __lock_acquire+0xcc5/0x3c40 [ 364.321883][T15204] ? __pfx_rtnl_newlink+0x10/0x10 [ 364.321896][T15204] ? __pfx___lock_acquire+0x10/0x10 [ 364.321905][T15204] ? kmem_cache_free+0x2e2/0x4d0 [ 364.321914][T15204] ? aa_get_newest_label+0x376/0x680 [ 364.321925][T15204] ? find_held_lock+0x2d/0x110 [ 364.321938][T15204] ? find_held_lock+0x2d/0x110 [ 364.321952][T15204] ? rtnetlink_rcv_msg+0x93a/0xea0 [ 364.321963][T15204] ? __pfx_lock_release+0x10/0x10 [ 364.321972][T15204] ? trace_lock_acquire+0x14e/0x1f0 [ 364.321982][T15204] ? __pfx_rtnl_newlink+0x10/0x10 [ 364.321994][T15204] rtnetlink_rcv_msg+0x95b/0xea0 [ 364.322006][T15204] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 364.322017][T15204] ? __pfx___dev_queue_xmit+0x10/0x10 [ 364.322032][T15204] netlink_rcv_skb+0x165/0x410 [ 364.322042][T15204] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 364.322055][T15204] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 364.322071][T15204] ? netlink_deliver_tap+0x1ae/0xca0 [ 364.322082][T15204] netlink_unicast+0x53c/0x7f0 [ 364.322094][T15204] ? __pfx_netlink_unicast+0x10/0x10 [ 364.322104][T15204] ? __phys_addr_symbol+0x30/0x80 [ 364.322116][T15204] ? __check_object_size+0x488/0x710 [ 364.322128][T15204] netlink_sendmsg+0x8b8/0xd70 [ 364.322140][T15204] ? __pfx_netlink_sendmsg+0x10/0x10 [ 364.322154][T15204] ____sys_sendmsg+0x9ae/0xb40 [ 364.322165][T15204] ? __pfx_____sys_sendmsg+0x10/0x10 [ 364.322174][T15204] ? get_compat_msghdr+0x11b/0x170 [ 364.322188][T15204] ___sys_sendmsg+0x135/0x1e0 [ 364.322200][T15204] ? __pfx____sys_sendmsg+0x10/0x10 [ 364.322217][T15204] ? __pfx_lock_release+0x10/0x10 [ 364.322230][T15204] ? trace_lock_acquire+0x14e/0x1f0 [ 364.322237][T15204] ? bpf_send_signal_common+0x39c/0x530 [ 364.322249][T15204] ? __fget_files+0x206/0x3a0 [ 364.322278][T15204] __sys_sendmsg+0x16e/0x220 [ 364.322290][T15204] ? __pfx___sys_sendmsg+0x10/0x10 [ 364.322307][T15204] ? rcu_is_watching+0x12/0xc0 [ 364.322321][T15204] __do_fast_syscall_32+0x73/0x120 [ 364.322333][T15204] do_fast_syscall_32+0x32/0x80 [ 364.322345][T15204] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 364.322359][T15204] RIP: 0023:0xf7f57579 [ 364.322366][T15204] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 364.322375][T15204] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 364.322383][T15204] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 364.322388][T15204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 364.322393][T15204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 364.322397][T15204] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 364.322402][T15204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 364.322412][T15204] [ 364.323816][T15204] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.440678][T15204] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.442787][T15204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 364.665460][T15216] netlink: 'syz.3.1625': attribute type 11 has an invalid length. [ 364.668190][T15216] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1625'. [ 364.677442][ T5938] Bluetooth: hci0: command 0x0406 tx timeout [ 364.690162][T15216] loop7: detected capacity change from 0 to 16384 [ 364.695122][T15218] fuse: Unknown parameter '' [ 364.847587][ T25] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 365.013235][T15184] syz.1.1617 (15184): drop_caches: 1 [ 365.058743][ T25] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 365.063318][ T25] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 365.067783][ T25] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 365.071610][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.079917][T15215] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 365.085415][ T25] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 365.284478][T15223] loop6: detected capacity change from 0 to 524287999 [ 365.289603][ C1] blk_print_req_error: 7 callbacks suppressed [ 365.289613][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.294180][ C1] buffer_io_error: 7 callbacks suppressed [ 365.294186][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.298434][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.301276][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.303796][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.306559][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.309821][T15213] input: syz0 as /devices/virtual/input/input19 [ 365.310776][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.314749][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.317171][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.320154][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.322852][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.325621][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.328986][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.331764][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.334198][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.334523][ T35] usb 7-1: USB disconnect, device number 10 [ 365.336975][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.341294][T15223] ldm_validate_partition_table(): Disk read failed. [ 365.343679][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.347074][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.352744][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 365.355543][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 365.361449][T15223] Dev loop6: unable to read RDB block 0 [ 365.363640][T15223] loop6: unable to read partition table [ 365.365426][T15223] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 365.410947][T15226] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 365.957435][ T5936] Bluetooth: hci2: command 0x0406 tx timeout [ 365.957470][ T5948] Bluetooth: hci3: command 0x0406 tx timeout [ 365.967439][ T5948] Bluetooth: hci1: command 0x0406 tx timeout [ 366.697374][T15245] blktrace: Concurrent blktraces are not allowed on sg0 [ 366.701878][T15245] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1633'. [ 366.836304][T15247] input: syz0 as /devices/virtual/input/input20 [ 367.477428][ T5938] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 367.477445][ T5948] Bluetooth: hci4: command 0x1003 tx timeout [ 367.551338][T15254] FAULT_INJECTION: forcing a failure. [ 367.551338][T15254] name failslab, interval 1, probability 0, space 0, times 0 [ 367.555379][T15254] CPU: 1 UID: 0 PID: 15254 Comm: syz.1.1635 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 367.555391][T15254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 367.555407][T15254] Call Trace: [ 367.555411][T15254] [ 367.555414][T15254] dump_stack_lvl+0x16c/0x1f0 [ 367.555431][T15254] should_fail_ex+0x50a/0x650 [ 367.555442][T15254] ? fs_reclaim_acquire+0xae/0x150 [ 367.555458][T15254] should_failslab+0xc2/0x120 [ 367.555469][T15254] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 367.555480][T15254] ? mas_alloc_nodes+0x18b/0x880 [ 367.555492][T15254] mas_alloc_nodes+0x18b/0x880 [ 367.555505][T15254] mas_node_count_gfp+0x105/0x130 [ 367.555516][T15254] mas_preallocate+0x53f/0xce0 [ 367.555531][T15254] ? __pfx_mas_preallocate+0x10/0x10 [ 367.555548][T15254] ? anon_vma_name+0x75/0x100 [ 367.555560][T15254] __split_vma+0x474/0x1210 [ 367.555572][T15254] ? __pfx___split_vma+0x10/0x10 [ 367.555587][T15254] vma_modify.constprop.0+0x2ed/0x3b0 [ 367.555598][T15254] vma_modify_flags+0x231/0x2d0 [ 367.555608][T15254] ? __pfx_vma_modify_flags+0x10/0x10 [ 367.555622][T15254] ? mas_next_slot+0xb28/0x10b0 [ 367.555636][T15254] mlock_fixup+0x282/0xfc0 [ 367.555649][T15254] apply_vma_lock_flags+0x262/0x390 [ 367.555660][T15254] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 367.555670][T15254] ? do_mlock+0x1b8/0x810 [ 367.555680][T15254] ? lock_acquire+0x2f/0xb0 [ 367.555690][T15254] ? do_mlock+0x1b8/0x810 [ 367.555702][T15254] ? __pfx_down_write_killable+0x10/0x10 [ 367.555719][T15254] do_mlock+0x2ab/0x810 [ 367.555728][T15254] ? __pfx___schedule+0x10/0x10 [ 367.555739][T15254] ? __fget_files+0x206/0x3a0 [ 367.555748][T15254] ? __pfx_do_mlock+0x10/0x10 [ 367.555759][T15254] ? fput+0x67/0x440 [ 367.555770][T15254] ? ksys_write+0x1ba/0x250 [ 367.555781][T15254] __ia32_sys_mlock+0x57/0x80 [ 367.555791][T15254] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 367.555804][T15254] __do_fast_syscall_32+0x73/0x120 [ 367.555817][T15254] do_fast_syscall_32+0x32/0x80 [ 367.555828][T15254] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 367.555850][T15254] RIP: 0023:0xf7f54579 [ 367.555858][T15254] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 367.555867][T15254] RSP: 002b:00000000f503455c EFLAGS: 00000296 ORIG_RAX: 0000000000000096 [ 367.555875][T15254] RAX: ffffffffffffffda RBX: 00000000207d8000 RCX: 0000000000800000 [ 367.555881][T15254] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 367.555885][T15254] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 367.555890][T15254] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 367.555894][T15254] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 367.555905][T15254] [ 367.638356][ C1] vkms_vblank_simulate: vblank timer overrun [ 367.901997][T15258] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 368.244401][ T39] audit: type=1326 audit(1738127552.291:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15264 comm="syz.1.1641" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x0 [ 368.403597][T15269] ubi: mtd0 is already attached to ubi0 [ 368.611121][T15276] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 368.615602][ T1172] Bluetooth: hci4: Frame reassembly failed (-84) [ 368.693072][T15278] usb usb1: usbfs: process 15278 (syz.0.1646) did not claim interface 0 before use [ 368.745049][T15280] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1647'. [ 369.196779][T15296] FAULT_INJECTION: forcing a failure. [ 369.196779][T15296] name failslab, interval 1, probability 0, space 0, times 0 [ 369.200744][T15296] CPU: 0 UID: 0 PID: 15296 Comm: syz.1.1651 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 369.200775][T15296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 369.200781][T15296] Call Trace: [ 369.200785][T15296] [ 369.200788][T15296] dump_stack_lvl+0x16c/0x1f0 [ 369.200805][T15296] should_fail_ex+0x50a/0x650 [ 369.200815][T15296] ? fs_reclaim_acquire+0xae/0x150 [ 369.200830][T15296] should_failslab+0xc2/0x120 [ 369.200841][T15296] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 369.200851][T15296] ? __pfx_mark_lock+0x10/0x10 [ 369.200861][T15296] ? vm_area_dup+0x21/0x300 [ 369.200874][T15296] vm_area_dup+0x21/0x300 [ 369.200885][T15296] __split_vma+0x181/0x1210 [ 369.200895][T15296] ? vma_merge_existing_range+0xaf8/0x2070 [ 369.200905][T15296] ? __pfx___split_vma+0x10/0x10 [ 369.200917][T15296] ? __schedule+0x3c6a/0x5890 [ 369.200932][T15296] ? lockdep_hardirqs_on+0x7c/0x110 [ 369.200945][T15296] vma_modify.constprop.0+0x2ed/0x3b0 [ 369.200956][T15296] vma_modify_flags+0x231/0x2d0 [ 369.200966][T15296] ? __pfx_vma_modify_flags+0x10/0x10 [ 369.200980][T15296] ? mas_next_slot+0xb28/0x10b0 [ 369.200994][T15296] mlock_fixup+0x282/0xfc0 [ 369.201007][T15296] apply_vma_lock_flags+0x262/0x390 [ 369.201017][T15296] ? rcu_is_watching+0x12/0xc0 [ 369.201031][T15296] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 369.201040][T15296] ? do_mlock+0x1b8/0x810 [ 369.201050][T15296] ? lock_acquire+0x2f/0xb0 [ 369.201059][T15296] ? do_mlock+0x1b8/0x810 [ 369.201071][T15296] ? __pfx_down_write_killable+0x10/0x10 [ 369.201084][T15296] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 369.201098][T15296] do_mlock+0x2ab/0x810 [ 369.201108][T15296] ? __fget_files+0x206/0x3a0 [ 369.201118][T15296] ? __pfx_do_mlock+0x10/0x10 [ 369.201129][T15296] ? native_tss_update_io_bitmap+0x2ec/0x610 [ 369.201141][T15296] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 369.201152][T15296] ? ksys_write+0x1ba/0x250 [ 369.201161][T15296] ? __pfx_ksys_write+0x10/0x10 [ 369.201171][T15296] __ia32_sys_mlock+0x57/0x80 [ 369.201181][T15296] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 369.201193][T15296] __do_fast_syscall_32+0x73/0x120 [ 369.201206][T15296] do_fast_syscall_32+0x32/0x80 [ 369.201218][T15296] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 369.201232][T15296] RIP: 0023:0xf7f54579 [ 369.201239][T15296] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 369.201248][T15296] RSP: 002b:00000000f505555c EFLAGS: 00000296 ORIG_RAX: 0000000000000096 [ 369.201256][T15296] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000800000 [ 369.201261][T15296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 369.201266][T15296] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 369.201270][T15296] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 369.201275][T15296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 369.201285][T15296] [ 369.861759][T15299] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1652'. [ 369.866626][T15299] ata3.00: invalid multi_count 1 ignored [ 369.922092][T15300] netlink: 'syz.3.1652': attribute type 1 has an invalid length. [ 370.012058][T15308] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1656'. [ 370.014759][T15308] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1656'. [ 370.018633][T15308] A link change request failed with some changes committed already. Interface ip6gre0 may have been left with an inconsistent configuration, please check. [ 370.144631][T15314] syz.3.1657 uses obsolete (PF_INET,SOCK_PACKET) [ 370.226428][T15316] input: syz0 as /devices/virtual/input/input21 [ 370.667153][T15320] loop7: detected capacity change from 0 to 16384 [ 370.677436][ T5948] Bluetooth: hci4: command 0x1003 tx timeout [ 370.680265][ T5938] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 370.812396][T15324] loop9: detected capacity change from 0 to 7 [ 370.907587][T15324] Dev loop9: unable to read RDB block 7 [ 370.909747][T15324] loop9: unable to read partition table [ 370.911539][T15324] loop9: partition table beyond EOD, truncated [ 370.913405][T15324] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 370.913405][T15324] ) failed (rc=-5) [ 371.233674][T15342] fuse: Unknown parameter '' [ 371.586087][T15362] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 371.588016][T15362] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 371.590942][T15362] vhci_hcd vhci_hcd.0: Device attached [ 371.859512][ T5948] Bluetooth: hci4: sending frame failed (-49) [ 371.862121][ T5938] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 371.867713][T15371] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 372.003932][T15380] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1668'. [ 372.131772][ T39] audit: type=1326 audit(1738127556.181:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.0.1669" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x0 [ 372.167371][ T8] vhci_hcd: vhci_device speed not set [ 372.237346][ T8] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 372.747852][T15363] vhci_hcd: connection reset by peer [ 372.751539][ T1172] vhci_hcd: stop threads [ 372.753739][ T1172] vhci_hcd: release socket [ 372.756405][ T1172] vhci_hcd: disconnect device [ 372.818135][T15389] fuse: Unknown parameter '' [ 373.161376][ T5938] Bluetooth: hci4: sending frame failed (-49) [ 373.164272][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 373.168247][T15403] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 373.328874][T15405] input: syz0 as /devices/virtual/input/input22 [ 374.035383][T15421] fuse: Unknown parameter '' [ 374.209997][ T39] audit: type=1326 audit(1738127558.261:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15425 comm="syz.2.1684" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x0 [ 374.336090][T15428] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 374.342027][ T69] Bluetooth: hci4: Frame reassembly failed (-84) [ 374.372517][T15430] ubi: mtd0 is already attached to ubi0 [ 374.399155][T15432] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1686'. [ 374.523634][T15434] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1686'. [ 375.453717][T15440] blktrace: Concurrent blktraces are not allowed on sg0 [ 375.457992][T15440] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1688'. [ 376.357397][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 376.357496][ T5938] Bluetooth: hci4: command 0x1003 tx timeout [ 376.682500][T15454] fuse: Unknown parameter '' [ 377.191695][T15459] wireguard0: entered promiscuous mode [ 377.408826][ T8] vhci_hcd: vhci_device speed not set [ 377.464578][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 377.469578][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 377.473572][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 377.477475][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 377.481427][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 377.485442][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 377.489293][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 377.756744][T15471] FAULT_INJECTION: forcing a failure. [ 377.756744][T15471] name failslab, interval 1, probability 0, space 0, times 0 [ 377.760488][T15471] CPU: 2 UID: 0 PID: 15471 Comm: syz.0.1697 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 377.760500][T15471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 377.760506][T15471] Call Trace: [ 377.760509][T15471] [ 377.760513][T15471] dump_stack_lvl+0x16c/0x1f0 [ 377.760528][T15471] should_fail_ex+0x50a/0x650 [ 377.760538][T15471] ? fs_reclaim_acquire+0xae/0x150 [ 377.760552][T15471] ? ovs_nla_get_identifier+0x158/0x270 [ 377.760565][T15471] should_failslab+0xc2/0x120 [ 377.760576][T15471] __kmalloc_cache_noprof+0x68/0x420 [ 377.760588][T15471] ovs_nla_get_identifier+0x158/0x270 [ 377.760602][T15471] ovs_flow_cmd_new+0x401/0xe30 [ 377.760616][T15471] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 377.760625][T15471] ? __kmalloc_noprof+0x21a/0x4f0 [ 377.760634][T15471] ? genl_family_rcv_msg_doit+0xbf/0x2f0 [ 377.760646][T15471] ? genl_rcv_msg+0x565/0x800 [ 377.760656][T15471] ? netlink_rcv_skb+0x165/0x410 [ 377.760666][T15471] ? ____sys_sendmsg+0x9ae/0xb40 [ 377.760675][T15471] ? ___sys_sendmsg+0x135/0x1e0 [ 377.760686][T15471] ? __sys_sendmsg+0x16e/0x220 [ 377.760697][T15471] ? __do_fast_syscall_32+0x73/0x120 [ 377.760708][T15471] ? do_fast_syscall_32+0x32/0x80 [ 377.760738][T15471] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 377.760750][T15471] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 377.760769][T15471] genl_family_rcv_msg_doit+0x202/0x2f0 [ 377.760781][T15471] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 377.760793][T15471] ? trace_cap_capable+0x1a2/0x210 [ 377.760807][T15471] ? bpf_lsm_capable+0x9/0x10 [ 377.760818][T15471] ? security_capable+0x7e/0x260 [ 377.760830][T15471] ? ns_capable+0xd7/0x110 [ 377.760842][T15471] genl_rcv_msg+0x565/0x800 [ 377.760855][T15471] ? __pfx_genl_rcv_msg+0x10/0x10 [ 377.760866][T15471] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 377.760881][T15471] netlink_rcv_skb+0x165/0x410 [ 377.760891][T15471] ? __pfx_genl_rcv_msg+0x10/0x10 [ 377.760903][T15471] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 377.760917][T15471] ? down_read+0xc9/0x330 [ 377.760929][T15471] ? __pfx_down_read+0x10/0x10 [ 377.760941][T15471] ? netlink_deliver_tap+0x1ae/0xca0 [ 377.760953][T15471] genl_rcv+0x28/0x40 [ 377.760963][T15471] netlink_unicast+0x53c/0x7f0 [ 377.760974][T15471] ? __pfx_netlink_unicast+0x10/0x10 [ 377.760984][T15471] ? __phys_addr_symbol+0x30/0x80 [ 377.760997][T15471] ? __check_object_size+0x488/0x710 [ 377.761009][T15471] netlink_sendmsg+0x8b8/0xd70 [ 377.761021][T15471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 377.761035][T15471] ____sys_sendmsg+0x9ae/0xb40 [ 377.761045][T15471] ? __pfx_____sys_sendmsg+0x10/0x10 [ 377.761054][T15471] ? get_compat_msghdr+0x11b/0x170 [ 377.761069][T15471] ___sys_sendmsg+0x135/0x1e0 [ 377.761082][T15471] ? __pfx____sys_sendmsg+0x10/0x10 [ 377.761099][T15471] ? __pfx_lock_release+0x10/0x10 [ 377.761108][T15471] ? trace_lock_acquire+0x14e/0x1f0 [ 377.761120][T15471] ? __fget_files+0x206/0x3a0 [ 377.761132][T15471] __sys_sendmsg+0x16e/0x220 [ 377.761145][T15471] ? __pfx___sys_sendmsg+0x10/0x10 [ 377.761164][T15471] __do_fast_syscall_32+0x73/0x120 [ 377.761176][T15471] do_fast_syscall_32+0x32/0x80 [ 377.761187][T15471] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.761201][T15471] RIP: 0023:0xf7f70579 [ 377.761207][T15471] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 377.761216][T15471] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 377.761224][T15471] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 377.761229][T15471] RDX: 0000000000004010 RSI: 0000000000000000 RDI: 0000000000000000 [ 377.761234][T15471] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 377.761238][T15471] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 377.761243][T15471] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 377.761253][T15471] [ 377.848194][T15475] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 377.895684][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.896935][ T221] Bluetooth: hci4: Frame reassembly failed (-84) [ 377.918184][T15477] netlink: 'syz.0.1700': attribute type 5 has an invalid length. [ 378.038611][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.333034][T15490] blktrace: Concurrent blktraces are not allowed on sg0 [ 379.158134][ T39] audit: type=1326 audit(1738127563.211:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.0.1708" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x0 [ 379.257412][ T25] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 379.327762][T15502] ubi: mtd0 is already attached to ubi0 [ 379.387394][ T25] usb 7-1: device descriptor read/64, error -71 [ 379.870233][ T25] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 379.877401][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 379.997415][ T25] usb 7-1: device descriptor read/64, error -71 [ 380.177976][ T25] usb usb7-port1: attempt power cycle [ 380.522370][ T25] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 380.537823][ T25] usb 7-1: device descriptor read/8, error -71 [ 380.570664][T15526] input: syz0 as /devices/virtual/input/input26 [ 380.778559][ T25] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 380.798254][ T25] usb 7-1: device descriptor read/8, error -71 [ 380.907956][ T25] usb usb7-port1: unable to enumerate USB device [ 381.158786][ T1172] Bluetooth: hci4: Frame reassembly failed (-84) [ 381.161233][T15534] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 381.530235][ T39] audit: type=1326 audit(1738127565.581:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15535 comm="syz.1.1719" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x0 [ 381.530766][T15530] ubi0: detaching mtd0 [ 381.544229][T15530] ubi0: mtd0 is detached [ 381.685241][T15538] ubi0: attaching mtd0 [ 381.687159][T15538] ubi0: scanning is finished [ 381.688944][T15538] ================================================================== [ 381.691406][T15538] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x3ac/0x420 [ 381.694464][T15538] Read of size 4 at addr ffff88806cd918d8 by task syz.1.1719/15538 [ 381.698876][T15538] [ 381.699624][T15538] CPU: 1 UID: 0 PID: 15538 Comm: syz.1.1719 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 381.699636][T15538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 381.699642][T15538] Call Trace: [ 381.699646][T15538] [ 381.699650][T15538] dump_stack_lvl+0x116/0x1f0 [ 381.699667][T15538] print_report+0xc3/0x620 [ 381.699679][T15538] ? __virt_addr_valid+0x5e/0x590 [ 381.699695][T15538] ? __phys_addr+0xc6/0x150 [ 381.699711][T15538] kasan_report+0xd9/0x110 [ 381.699725][T15538] ? notifier_chain_register+0x3ac/0x420 [ 381.699740][T15538] ? notifier_chain_register+0x3ac/0x420 [ 381.699755][T15538] notifier_chain_register+0x3ac/0x420 [ 381.699771][T15538] blocking_notifier_chain_register+0x76/0xd0 [ 381.699787][T15538] ubi_wl_init+0x1018/0x17b0 [ 381.699801][T15538] ubi_attach+0x1cdd/0x4dc0 [ 381.699816][T15538] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 381.699827][T15538] ? lockdep_init_map_type+0x16d/0x7d0 [ 381.699839][T15538] ? __pfx_ubi_attach+0x10/0x10 [ 381.699851][T15538] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 381.699866][T15538] ubi_attach_mtd_dev+0x158f/0x3590 [ 381.699882][T15538] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 381.699896][T15538] ? __pfx_get_mtd_device+0x10/0x10 [ 381.699907][T15538] ctrl_cdev_ioctl+0x339/0x3d0 [ 381.699920][T15538] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 381.699934][T15538] ? __fget_files+0x206/0x3a0 [ 381.699944][T15538] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 381.699960][T15538] compat_ptr_ioctl+0x6b/0xa0 [ 381.699975][T15538] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 381.699987][T15538] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 381.700000][T15538] __do_fast_syscall_32+0x73/0x120 [ 381.700014][T15538] do_fast_syscall_32+0x32/0x80 [ 381.700027][T15538] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 381.700042][T15538] RIP: 0023:0xf7f54579 [ 381.700049][T15538] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 381.700059][T15538] RSP: 002b:00000000f503455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 381.700067][T15538] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000040186f40 [ 381.700073][T15538] RDX: 0000000020000502 RSI: 0000000000000000 RDI: 0000000000000000 [ 381.700078][T15538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 381.700083][T15538] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 381.700088][T15538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 381.700096][T15538] [ 381.700099][T15538] [ 381.779800][T15538] Allocated by task 14474: [ 381.781153][T15538] kasan_save_stack+0x33/0x60 [ 381.782582][T15538] kasan_save_track+0x14/0x30 [ 381.783997][T15538] __kasan_kmalloc+0xaa/0xb0 [ 381.785394][T15538] ubi_attach_mtd_dev+0x3ce/0x3590 [ 381.786984][T15538] ctrl_cdev_ioctl+0x339/0x3d0 [ 381.788451][T15538] compat_ptr_ioctl+0x6b/0xa0 [ 381.789870][T15538] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 381.791481][T15538] __do_fast_syscall_32+0x73/0x120 [ 381.793023][T15538] do_fast_syscall_32+0x32/0x80 [ 381.794511][T15538] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 381.796448][T15538] [ 381.797175][T15538] Freed by task 15530: [ 381.798414][T15538] kasan_save_stack+0x33/0x60 [ 381.799823][T15538] kasan_save_track+0x14/0x30 [ 381.801220][T15538] kasan_save_free_info+0x3b/0x60 [ 381.802699][T15538] __kasan_slab_free+0x51/0x70 [ 381.804162][T15538] kfree+0x2c4/0x4d0 [ 381.805366][T15538] device_release+0xa1/0x240 [ 381.806839][T15538] kobject_put+0x1e4/0x5a0 [ 381.808199][T15538] put_device+0x1f/0x30 [ 381.809455][T15538] ubi_detach_mtd_dev+0x3e4/0x530 [ 381.810980][T15538] ctrl_cdev_ioctl+0x1f5/0x3d0 [ 381.812431][T15538] compat_ptr_ioctl+0x6b/0xa0 [ 381.813864][T15538] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 381.815456][T15538] __do_fast_syscall_32+0x73/0x120 [ 381.817051][T15538] do_fast_syscall_32+0x32/0x80 [ 381.818534][T15538] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 381.820437][T15538] [ 381.821164][T15538] The buggy address belongs to the object at ffff88806cd90000 [ 381.821164][T15538] which belongs to the cache kmalloc-8k of size 8192 [ 381.825309][T15538] The buggy address is located 6360 bytes inside of [ 381.825309][T15538] freed 8192-byte region [ffff88806cd90000, ffff88806cd92000) [ 381.829578][T15538] [ 381.830318][T15538] The buggy address belongs to the physical page: [ 381.832228][T15538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806cd94000 pfn:0x6cd90 [ 381.835226][T15538] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 381.838785][T15538] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff) [ 381.842479][T15538] page_type: f5(slab) [ 381.844255][T15538] raw: 04fff00000000240 ffff88801b043180 ffffea0001322e10 ffffea0001a05e10 [ 381.847936][T15538] raw: ffff88806cd94000 0000000000020001 00000000f5000000 0000000000000000 [ 381.851623][T15538] head: 04fff00000000240 ffff88801b043180 ffffea0001322e10 ffffea0001a05e10 [ 381.855287][T15538] head: ffff88806cd94000 0000000000020001 00000000f5000000 0000000000000000 [ 381.858861][T15538] head: 04fff00000000003 ffffea0001b36401 ffffffffffffffff 0000000000000000 [ 381.862524][T15538] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 381.866271][T15538] page dumped because: kasan: bad access detected [ 381.868266][T15538] page_owner tracks the page as allocated [ 381.869990][T15538] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5662, tgid 5662 (dhcpcd), ts 327636611729, free_ts 327606374917 [ 381.876241][T15538] post_alloc_hook+0x181/0x1b0 [ 381.877674][T15538] get_page_from_freelist+0xfce/0x2f80 [ 381.879308][T15538] __alloc_frozen_pages_noprof+0x221/0x2470 [ 381.881099][T15538] alloc_pages_mpol+0x1fc/0x540 [ 381.882569][T15538] new_slab+0x23d/0x330 [ 381.883806][T15538] ___slab_alloc+0xbfa/0x1600 [ 381.885225][T15538] __slab_alloc.constprop.0+0x56/0xb0 [ 381.886831][T15538] __kmalloc_node_track_caller_noprof+0x2ee/0x520 [ 381.888772][T15538] kmalloc_reserve+0xef/0x2c0 [ 381.890213][T15538] __alloc_skb+0x164/0x380 [ 381.891567][T15538] netlink_dump+0x2c1/0xd00 [ 381.892856][T15538] netlink_recvmsg+0xa1a/0xf30 [ 381.894463][T15538] sock_recvmsg+0x1f6/0x250 [ 381.895878][T15538] ____sys_recvmsg+0x219/0x6b0 [ 381.897314][T15538] ___sys_recvmsg+0x115/0x1a0 [ 381.898684][T15538] __sys_recvmsg+0x16b/0x220 [ 381.900081][T15538] page last free pid 14227 tgid 14226 stack trace: [ 381.901997][T15538] free_frozen_pages+0x6db/0xfb0 [ 381.903485][T15538] __put_partials+0x14c/0x170 [ 381.904904][T15538] qlist_free_all+0x4e/0x120 [ 381.906287][T15538] kasan_quarantine_reduce+0x195/0x1e0 [ 381.907903][T15538] __kasan_slab_alloc+0x69/0x90 [ 381.909479][T15538] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 381.911588][T15538] ptlock_alloc+0x1f/0x70 [ 381.913132][T15538] pte_alloc_one+0x74/0x390 [ 381.914740][T15538] __pte_alloc+0x6e/0x3d0 [ 381.916497][T15538] do_pte_missing+0x2828/0x3e10 [ 381.917983][T15538] __handle_mm_fault+0x1166/0x2c60 [ 381.919541][T15538] handle_mm_fault+0x3fa/0xaa0 [ 381.920989][T15538] do_user_addr_fault+0x7a3/0x13f0 [ 381.922534][T15538] exc_page_fault+0x5c/0xc0 [ 381.923932][T15538] asm_exc_page_fault+0x26/0x30 [ 381.925421][T15538] [ 381.926178][T15538] Memory state around the buggy address: [ 381.927869][T15538] ffff88806cd91780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 381.930275][T15538] ffff88806cd91800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 381.932666][T15538] >ffff88806cd91880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 381.935079][T15538] ^ [ 381.937166][T15538] ffff88806cd91900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 381.939585][T15538] ffff88806cd91980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 381.941959][T15538] ================================================================== [ 381.944403][ C1] vkms_vblank_simulate: vblank timer overrun [ 381.946509][T15538] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 381.948705][T15538] CPU: 0 UID: 0 PID: 15538 Comm: syz.1.1719 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 381.951801][T15538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 381.955005][T15538] Call Trace: [ 381.956013][T15538] [ 381.956908][T15538] dump_stack_lvl+0x3d/0x1f0 [ 381.958389][T15538] panic+0x71d/0x800 [ 381.959567][T15538] ? __pfx_panic+0x10/0x10 [ 381.960941][T15538] ? preempt_schedule_thunk+0x1a/0x30 [ 381.962564][T15538] ? preempt_schedule_common+0x44/0xc0 [ 381.964224][T15538] check_panic_on_warn+0xab/0xb0 [ 381.965738][T15538] end_report+0x117/0x180 [ 381.967054][T15538] kasan_report+0xe9/0x110 [ 381.968440][T15538] ? notifier_chain_register+0x3ac/0x420 [ 381.970134][T15538] ? notifier_chain_register+0x3ac/0x420 [ 381.971852][T15538] notifier_chain_register+0x3ac/0x420 [ 381.973512][T15538] blocking_notifier_chain_register+0x76/0xd0 [ 381.975389][T15538] ubi_wl_init+0x1018/0x17b0 [ 381.976826][T15538] ubi_attach+0x1cdd/0x4dc0 [ 381.978205][T15538] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 381.980096][T15538] ? lockdep_init_map_type+0x16d/0x7d0 [ 381.981740][T15538] ? __pfx_ubi_attach+0x10/0x10 [ 381.983210][T15538] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 381.984855][T15538] ubi_attach_mtd_dev+0x158f/0x3590 [ 381.986421][T15538] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 381.988074][T15538] ? __pfx_get_mtd_device+0x10/0x10 [ 381.989642][T15538] ctrl_cdev_ioctl+0x339/0x3d0 [ 381.991116][T15538] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 381.992700][T15538] ? __fget_files+0x206/0x3a0 [ 381.994177][T15538] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 381.995793][T15538] compat_ptr_ioctl+0x6b/0xa0 [ 381.997215][T15538] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 381.998830][T15538] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 382.000518][T15538] __do_fast_syscall_32+0x73/0x120 [ 382.002125][T15538] do_fast_syscall_32+0x32/0x80 [ 382.003558][T15538] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 382.005516][T15538] RIP: 0023:0xf7f54579 [ 382.006762][T15538] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 382.012512][T15538] RSP: 002b:00000000f503455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 382.015008][T15538] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000040186f40 [ 382.017378][T15538] RDX: 0000000020000502 RSI: 0000000000000000 RDI: 0000000000000000 [ 382.019759][T15538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 382.022139][T15538] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 382.024494][T15538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 382.026924][T15538] [ 382.028450][T15538] Kernel Offset: disabled [ 382.029746][T15538] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:04:12 Registers: info registers vcpu 0 CPU#0 RAX=0000000001295921 RBX=0000000000000000 RCX=ffffffff8b45af89 RDX=0000000000000000 RSI=ffffffff8b6cd200 RDI=ffffffff8bd28220 RBP=fffffbfff1bd2ef8 RSP=ffffffff8de07e20 R8 =0000000000000001 R9 =ffffed1005686f7d R10=ffff88802b437beb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de977c0 R14=ffffffff905ff710 R15=0000000000000000 RIP=ffffffff8b45c36f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f4f000 CR3=0000000064b98000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853811a5 RDI=ffffffff9aad2ea0 RBP=ffffffff9aad2e60 RSP=ffffc9000427f488 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3630383838666666 R12=0000000000000000 R13=0000000000000038 R14=ffffffff85381140 R15=0000000000000000 RIP=ffffffff853811cf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e9f1ffc CR3=0000000000e30000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000001f7011641 00000001db710641 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f116c36b00000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a4207ecf76fc316c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2ed2586dd86c8612 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=1ffffffff35372bc RSI=1ffff92000152ef0 RDI=ffffffff9a9b95e0 RBP=0000000000000000 RSP=ffffc90000a976f0 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff905ff717 R11=0000000000000004 R12=ffffffff9a9b95e0 R13=ffff88801f448000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8195dab8 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055ab988ffd08 CR3=000000004c760000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73bcff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000644abd RBX=0000000000000003 RCX=ffffffff8b45af89 RDX=0000000000000000 RSI=ffffffff8b6cd200 RDI=ffffffff8bd28220 RBP=ffffed1003ad2488 RSP=ffffc9000049fe08 R8 =0000000000000001 R9 =ffffed10056e6f7d R10=ffff88802b737beb R11=0000000000000000 R12=0000000000000003 R13=ffff88801d692440 R14=ffffffff905ff710 R15=0000000000000000 RIP=ffffffff8b45c36f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c2d0dea CR3=0000000000e30000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000