last executing test programs: 2.939308203s ago: executing program 3 (id=1636): r0 = syz_io_uring_setup(0xf82, &(0x7f0000000200)={0x0, 0x0, 0x200}, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CLOSE={0x13, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f0000000000)=0x1, 0xd, 0x0, &(0x7f0000000040), 0x0, 0x2) 2.870447294s ago: executing program 3 (id=1637): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r2, &(0x7f0000000040), 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) creat(0x0, 0x50) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0) pread64(r6, &(0x7f0000000080)=""/75, 0x8e, 0x0) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0) r7 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r7, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r7, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$EBT_SO_SET_COUNTERS(r8, 0x0, 0x81, &(0x7f0000000480)={'nat\x00', 0x0, 0x0, 0x0, [0x9, 0xeacc, 0x8, 0x0, 0xc2, 0x9], 0x1, &(0x7f0000000440)=[{}, {}], 0x0, [{}]}, 0x60) write$vhost_msg_v2(r7, &(0x7f0000000040)={0x2, 0x0, {&(0x7f0000000b40)=""/263, 0x107, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r7, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000540)=""/219, 0xdb, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r7, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000020301020000000000000000000000100800010001"], 0x1c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000006000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a3000"], 0x122}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x44}, @hci_rp_read_local_commands={{0x5}, {0xc8, "ce5fc043898429b803bede456950a8b40579640e2c7e9e768f111eb11e92ae99b71359a202601b55bbed87b5633554c5b279e5df8c429890e18a76fee451ed13"}}}}, 0x47) syz_io_uring_setup(0x71fe, &(0x7f0000000080)={0x0, 0x6b05, 0x0, 0x1, 0x194}, &(0x7f0000000100), &(0x7f0000000140)) 2.010018174s ago: executing program 3 (id=1655): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYRES16=r0], 0x7) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000647000/0x1000)=nil) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0800000004000000040000000900000000000000", @ANYRES32, @ANYBLOB="00004e0000000000000000000000000000000000bb4eddc2fc546d5ca5791d3cf63efc7450c1526dd4e563472809470642ce631c9c2994f1678d63351b5e405d96aade34728abd2f9b70e661647ab888335aa50f4f61775c30b0d9b8dc910c4b630e4c1341245e6dfb13a53b68c0e664ab8d751cd8adc616fda16b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES16=r2], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$peeksig(0x4209, r3, &(0x7f0000000040)={0x101, 0x1, 0x1}, &(0x7f0000000140)=[{}]) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) getdents64(r5, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000300)={'syztnl0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x29, 0x2, 0x40, 0x2, 0x40, @remote, @mcast1, 0x40, 0x20, 0x5, 0x8}}) sendmsg$nl_route(r4, &(0x7f0000000540)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)=@setlink={0x9c, 0x13, 0x800, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r6, 0xa00, 0x8000}, [@IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0xfffffffb}, @IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e20}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x9996c}, @IFLA_GRE_TOS={0x5, 0x9, 0x9}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e22}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x6}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0xa}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}, @IFLA_IFALIASn={0x4}, @IFLA_IFNAME={0x14, 0x3, 'syzkaller0\x00'}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x1}]}, 0x9c}}, 0x40000) getdents64(r5, &(0x7f0000000140)=""/111, 0x6f) 1.906762368s ago: executing program 3 (id=1657): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x10, 0x401, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x4, 0x0}}, 0x3}, 0x1c) dup2(r0, r0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000680)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0), 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2c2fc2, 0x0) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000180)=0x6) write$dsp(r3, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$key(0xf, 0x3, 0x2) recvfrom$packet(r5, 0x0, 0x0, 0x1, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1) accept4$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote}, 0x0, 0x800) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x3, 0x3bc, 0x1ac, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x2f4, 0x20a, 0x278, 0x2f4, 0x278, 0x3, 0x0, {[{{@uncond, 0x0, 0x188, 0x1ac, 0x0, {}, [@inet=@rpfilter={{0x24}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e291cd2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x1}}]}, @common=@inet=@TCPMSS={0x24}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'veth0_virt_wifi\x00'}, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@limit={{0x3c}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x418) r7 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r7, &(0x7f00000002c0)=ANY=[], 0x17) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='yeah\x00', 0x5) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r4, &(0x7f0000000200), 0xfffffd9d) socket$nl_route(0x10, 0x3, 0x0) 1.190389666s ago: executing program 2 (id=1659): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x2, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r3, {0xffff, 0xf}, {0x0, 0x6488}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.050355697s ago: executing program 2 (id=1662): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b80)=@newtaction={0xa8, 0x30, 0x1, 0x0, 0x0, {}, [{0x94, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x1}, 0x1}}]}, {0x4}, {0xc, 0x7, {0xe4ffffff}}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0xffffffffffffffe7}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa8}}, 0x0) 1.050212192s ago: executing program 2 (id=1663): r0 = openat$fb1(0xffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000380)={0x1d, 0x78, 0x3e, 0x3e, 0x1, 0x3e, 0x0, 0x0, {0x1f}, {}, {}, {}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) 1.049262416s ago: executing program 2 (id=1664): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x48) close(0x3) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00v\x00\t\x00'/20, @ANYRES32=0x0, @ANYBLOB="04000d800800010002"], 0x24}, 0x1, 0x5502000000000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x4, [@type_tag={0x2, 0x0, 0x0, 0x12, 0x4}, @const={0x10, 0x0, 0x0, 0xa, 0x5}, @volatile={0xb, 0x0, 0x0, 0x9, 0x2}]}, {0x0, [0x2e, 0x5f]}}, &(0x7f0000000080)=""/88, 0x40, 0x58, 0x0, 0x9, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000100)=ANY=[@ANYRES64=r0, @ANYRESHEX=r3, @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r4}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r5, 0x0, 0x0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r5, 0x8008f513, &(0x7f0000000340)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r7) sendmsg$NET_DM_CMD_START(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r8, 0x1}, 0x14}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r9, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="020300001b0000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000000000a00000000000000fc010000000000000000000000000000000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000aa0000000000000000030007000000000002004e21ac1414bb000000002000000002"], 0xd8}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) connect$unix(r10, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 1.000219521s ago: executing program 3 (id=1667): r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000002000000000000985801de85ea686c2d2277c4000000008350680129247b272b0b2fda8f2b2c1629af23c2eb5f13fcecd2af4b6d9f6480f4f358a857907d0318a382f9678192090dd507c50600000000000040c47cf42b1531f56b8f0be2e03ec9272725e2ef246d753a01020000000000000043ef9d67000000000000000000"], 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$bt_BT_SECURITY(r1, 0x10e, 0xc, 0x0, 0x20000000) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000140)={"9fcaa0504b38d5004b9277c079417ff857dc9b7ac770169aed764b4d2ada8bde"}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) getpid() openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0xc882, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)=ANY=[]) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0205647, &(0x7f0000000240)={0x4, 0x0, 0x133, 0xffffffffffffffff, 0x0, 0x0}) ioctl$VIDIOC_DV_TIMINGS_CAP(r4, 0xc0905664, &(0x7f0000000040)={0x0, 0x0, '\x00', @raw_data=[0xfffffff8, 0x9, 0x3, 0x4, 0x2882fe64, 0x6ca, 0xce9d, 0x5, 0x4, 0xffff0001, 0x1000, 0xffff7fff, 0x6, 0x3, 0x2, 0xffffff78, 0x9, 0x1000, 0xfff, 0x7, 0xfffffcec, 0x5, 0x10fff026, 0x1, 0x1, 0x1, 0x1, 0x6, 0x101, 0x1, 0x200, 0x3]}) 660.298385ms ago: executing program 0 (id=1673): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9, 0x2f00000000000000}}}, 0xb8}}, 0x4000) 600.630998ms ago: executing program 0 (id=1674): bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5) 600.49599ms ago: executing program 0 (id=1675): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0xb02, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000080)) readv(r2, &(0x7f00000000c0), 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x8}}) fcntl$getown(r1, 0x9) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000185e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 390.251654ms ago: executing program 0 (id=1676): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000045000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x4000, 0x0, 0xffffffffffffff89, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff89}, 0x50) 390.066452ms ago: executing program 0 (id=1677): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="a0000000210001000000000000000000fc020000000000000000000000000000fc02000000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="bb6b6e000000000050001100ac141400000000000000000000000000fe88000000000000715c705794b9fef5e7074a8200000000000000010a010100000000000000000000000000fc0200"/88], 0xa0}}, 0x0) 389.568728ms ago: executing program 0 (id=1678): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0cc5640, &(0x7f0000000540)={0x1, @sliced={0x0, [0x12a9, 0x400, 0xea, 0x8, 0xffff, 0x3, 0x6, 0x8, 0x83, 0x1, 0xe3c7, 0x5, 0x6, 0x8, 0x9, 0x200, 0xa, 0x9, 0x5, 0x3, 0x1ff, 0xad3f, 0x5, 0x4, 0x0, 0x7, 0x6, 0x8, 0x101, 0x515, 0x7, 0x2, 0x5, 0x9, 0x2, 0xfc00, 0x10, 0xfff, 0x9, 0x23, 0x38, 0x4, 0xfff4, 0x675, 0xa, 0x6, 0x800, 0x8], 0x3}}) syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5c, 0x80, 0x0, 0x89}, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0xac, r4, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_PEERS={0x60, 0x8, 0x0, 0x1, [{0x5c, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ALLOWEDIPS={0x2c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}]}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xac}, 0x1, 0x0, 0x0, 0x1000000}, 0x0) 219.450206ms ago: executing program 1 (id=1679): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)={0x44, 0x1, 0x1, 0x101, 0x0, 0x60, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback=0xac1414aa}, {0x8, 0x2, @private}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0xd}]}]}, 0x44}}, 0x0) 150.400138ms ago: executing program 1 (id=1680): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r1) sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20bd5fe29ff80ce7d69174f40f6d3ed2f45f3c00", @ANYRES16=r2, @ANYBLOB="0100adbd7000fddbdf25280000000a0001007770616e30000000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x10, 0x12, 0x1}, 0x10}}, 0x0) 150.224973ms ago: executing program 1 (id=1681): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000fffffffe000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c000280080007"], 0x3c}}, 0x0) 149.810252ms ago: executing program 1 (id=1682): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=ANY=[@ANYBLOB="6000000010000304f5c300"/20, @ANYRES32=0x0, @ANYBLOB="00050000000000003000128009000100766c616e00000000200002800c0002000a0000001f00000006000100000000000600050088a8000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x60}}, 0x0) 59.703329ms ago: executing program 3 (id=1683): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = dup(0xffffffffffffffff) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r1, 0x0, 0x0) write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c) getsockopt$inet6_mtu(r0, 0x29, 0x17, 0x0, 0x0) r2 = syz_io_uring_setup(0x1de4, &(0x7f00000006c0)={0x0, 0x0, 0x8}, &(0x7f0000000100), &(0x7f0000000140)=0x0) r4 = syz_io_uring_setup(0x5e2, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x2}, &(0x7f0000000180)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r5, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x2}) io_uring_enter(r2, 0x381b, 0x0, 0x0, 0x0, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0xc, 0x10, r4, 0x8000000) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r3, &(0x7f0000000340)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x4, r0, 0x0, 0x0, 0x0, 0x10022, 0x0, {0x0, r8}}) syz_io_uring_submit(r7, r6, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x6000, @fd=r2, 0x2, 0x0, 0x400, 0x1, 0x1, {0x3, r8}}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg2\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0xffffffff, 0x1, 0xfffffff6, 0x7eaa9a03779bc191, r0, 0xffffff81, '\x00', r9, r0, 0x2, 0x5, 0x0, 0x6, @value=r0, @void, @value=r0}, 0x50) r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r11 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r11, 0x4c0a, &(0x7f0000000440)={r10, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d6010100dfffffff000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38eb2a565ee9e83323695c58d600", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}}) ioctl$LOOP_SET_STATUS(r11, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x6000, 0x6, 0x4, 0x0, "cd0d05a286a8d9c7b438dd4350274fc803519e3d7d156d943d4034728428556b2b5a97d6203497d63e98ec46bc3116e3930f9b02cdc0f982e0d499db318cb04c", "e39fb4a6d3333aba8405d70d523a5a783847b8bc04869aad25d757c86a08e932", [0xd026, 0x52]}) ioctl$LOOP_CHANGE_FD(r11, 0x4c09, r10) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xcc, 0x0, 0x0, 0x70bd25, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x4}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x7}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x3}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40}, 0x80) r12 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r12, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r12, &(0x7f00000002c0)='\x00', 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r12, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x0, 0x20}, 0xc) sendmsg$inet6(r12, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x34000}], 0x1}, 0x0) writev(r12, &(0x7f0000000040)=[{&(0x7f0000000000)="e4", 0x1}], 0x1) 59.47606ms ago: executing program 2 (id=1684): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r2, @ANYBLOB="18005a8014000166"], 0x34}, 0x1, 0x0, 0x0, 0x1f}, 0x0) 59.156714ms ago: executing program 2 (id=1685): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x5) mkdir(&(0x7f0000000c80)='./file0\x00', 0x140) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=@newtaction={0xa4, 0x30, 0x1, 0x4, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x4000009d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4, 0x6, "f0bdf4fa817a5f8345debe912ac24409f633f3c2d49919d6bc82c61ea7d3be922a4071dcbb3bdf2eb7f36d6ee98d44d1919907dbc4c99bff0605f5d2996a8fc771ba4dbc9475ded11bbc912abf4a1e018d160b0000a7f3ada64e09f750c01f577a772cd003004811b631511f5d2fb7f87e5c1694a9ee73a2f9364987ede0ae95d6c332c3ac0e23a0aa22bc1b86c021ca171f2ccf9c017c4043ff15ce6af3fa275c7448572701f1733391947ec28aac8777fa069af2d228bb27b7deadf66ab46769834bb2e1c293be1150d31cee75254af9d1796870011bb8682dc0d2097479a519713674ea7ad21b554123282e7e3e05640551bae9cde151463a6803dcd6d7a66d60317d52236aa3887a69aea67e27c661939a2a7083e43ab593dd55faf24876f4ebaf9b5d25f9ad2a153003a3aec7e52578d973e8bd690f0656b8160121e3db59c6ec464daaf47e95e5249714705e306feb17ce3a5ff2"}, {0xc, 0x7, {0x0, 0x1}}, {0x0, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0x47}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x810}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0xfffffffc, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000300)=0x9) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000020c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x3f0, 0x1f0, 0x94, 0x284, 0x284, 0x144, 0x35c, 0x35c, 0x35c, 0x35c, 0x35c, 0x6, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'vlan0\x00', 'veth1\x00'}, 0x0, 0x70, 0x94}, @unspec=@CHECKSUM={0x24}}, {{@uncond, 0x0, 0x70, 0xb0, 0x0, {0x100000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x4}}}, {{@ip={@rand_addr, @empty, 0x0, 0x0, 'dummy0\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0xac}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@private2}}}, {{@uncond, 0x0, 0x70, 0x94}, @TTL={0x24}}, {{@ip={@empty, @multicast1, 0x0, 0x0, 'caif0\x00', 'rose0\x00'}, 0x0, 0xb4, 0xd8, 0x0, {}, [@common=@socket0={{0x20}}, @inet=@rpfilter={{0x24}}]}, @TTL={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x44c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000340)=""/127, 0x7f}, {&(0x7f0000000680)=""/212, 0xd4}, {&(0x7f0000000cc0)=""/216, 0xd8}, {&(0x7f0000000dc0)=""/4096, 0x1000}], 0x4, &(0x7f0000000a00)=""/24, 0x18}, 0x3}, {{&(0x7f0000000a40)=@rc, 0x80, &(0x7f0000000b00)=[{0x0}], 0x1, &(0x7f0000000b40)=""/230, 0xe6}, 0x401}], 0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/234, 0xea}], 0x1}, 0x1f00) sendmmsg$sock(r4, &(0x7f0000003bc0), 0x4000000000002ca, 0x4040014) mkdirat(0xffffffffffffff9c, 0x0, 0x1e2) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xfffffffffffffd97, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) 375.314µs ago: executing program 1 (id=1686): r0 = socket$inet(0x2, 0x2000080001, 0x84) sendto$inet(r0, &(0x7f00000000c0)="18", 0x1, 0x0, &(0x7f0000000000)={0x2, 0x0, @private=0xa010100}, 0x10) (async) sendto$inet(r0, &(0x7f0000000100)='h', 0x1, 0x0, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) (async) r1 = openat$vga_arbiter(0xffffff9c, &(0x7f0000000640), 0x8b02, 0x0) write$vga_arbiter(r1, &(0x7f0000000000)=@unlock_all, 0xb) (async) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000280)=[{&(0x7f0000000340)="4800000014001d0d09074beafd0d8c560284606080ffe0064e204e20590000a2bc5603ca00000f7f8907000020008d42188fedc22e47ad8f75edc6d100000101ff0000000309ff5b", 0x48}], 0x1) 0s ago: executing program 1 (id=1687): socket$l2tp6(0xa, 0x2, 0x73) r0 = socket(0x15, 0x5, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) r2 = dup(r1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="5800000002060102000034e40000000000b27b448d985acf1bfc000000050001000700000005000400000000000900020073797a320000000005000500020000000c000780080012407fffffff11000300686173683a69702c706f727400000000358577fc52977f7010bea1c4d652ddd5de938c091a79653893fa67032ef06614b10a6f4fd557119c5af0b40e17d382e71b715a3b253bb294d0385824da8190bdba90ab3c2333dd5aeced11d2f3eee402dc44bc9ebe10d50720442be34b2920e1f38c096f0625c4f476aa4c3d77ab04e7cf93792dd23b"], 0x58}}, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x11) pread64(r5, &(0x7f0000000180)=""/89, 0x59, 0xffffffff) socket$netlink(0x10, 0x3, 0x0) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000040)={0x23, 0x1, 0x11, 0x1, 0x0, 0x0, 0x0}) getsockopt(r0, 0x200000000114, 0x271d, 0x0, &(0x7f0000000000)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="180037000000000000000000000000008500000007000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) kernel console output (not intermixed with test programs): nk: 8 bytes leftover after parsing attributes in process `syz.3.624'. [ 109.119800][ T8234] netlink: 4 bytes leftover after parsing attributes in process `syz.0.628'. [ 109.831272][ T8263] netlink: 'syz.1.636': attribute type 10 has an invalid length. [ 109.867136][ T8276] ipvlan1: entered allmulticast mode [ 109.869275][ T8276] veth0_vlan: entered allmulticast mode [ 110.151087][ T56] e1000 0000:00:06.0 eth0: Reset adapter [ 110.271161][ T56] e1000 0000:00:06.0 eth0: Reset adapter [ 110.402161][ T8291] netlink: 'syz.2.644': attribute type 10 has an invalid length. [ 110.459815][ T8295] bridge_slave_0: default FDB implementation only supports local addresses [ 112.441349][ T56] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 118.964960][ T8341] netlink: 8 bytes leftover after parsing attributes in process `syz.3.652'. [ 118.968877][ T8341] erofs (device loop3): cannot find valid erofs superblock [ 119.027885][ T8349] infiniband sz1: set active [ 119.036944][ T8349] ipvlan1: left allmulticast mode [ 119.038414][ T8349] veth0_vlan: left allmulticast mode [ 119.048686][ T8] speed is unknown, defaulting to 1000 [ 119.177322][ T8344] /dev/sr0: Can't open blockdev [ 119.562618][ T8337] /dev/sr0: Can't open blockdev [ 119.710916][ T8365] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 119.712808][ T8365] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 119.715099][ T8365] vhci_hcd vhci_hcd.0: Device attached [ 120.003710][ T8] vhci_hcd: vhci_device speed not set [ 120.060587][ T56] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 120.060684][ T8] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 120.220487][ T56] usb 7-1: Using ep0 maxpacket: 8 [ 120.228224][ T56] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 120.233216][ T56] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 120.240784][ T56] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 120.251910][ T56] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 120.257712][ T56] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.264064][ T56] usb 7-1: Product: syz [ 120.266880][ T56] usb 7-1: Manufacturer:  [ 120.270195][ T56] usb 7-1: SerialNumber: syz [ 120.377426][ T8367] vhci_hcd: connection reset by peer [ 120.380928][ T11] vhci_hcd: stop threads [ 120.382923][ T11] vhci_hcd: release socket [ 120.385004][ T11] vhci_hcd: disconnect device [ 120.512215][ T56] cdc_ncm 7-1:1.0: bind() failure [ 120.544567][ T56] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 120.546777][ T56] cdc_ncm 7-1:1.1: bind() failure [ 120.562872][ T56] usb 7-1: USB disconnect, device number 3 [ 120.763095][ T8386] netlink: 4 bytes leftover after parsing attributes in process `syz.0.664'. [ 120.998330][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 120.998339][ T39] audit: type=1326 audit(1737473456.916:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.008012][ T39] audit: type=1326 audit(1737473456.916:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.014295][ T39] audit: type=1326 audit(1737473456.926:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.020343][ T39] audit: type=1326 audit(1737473456.926:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.026180][ T39] audit: type=1326 audit(1737473456.926:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.033104][ T39] audit: type=1326 audit(1737473456.926:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=371 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.039006][ T39] audit: type=1326 audit(1737473456.926:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.045082][ T39] audit: type=1326 audit(1737473456.926:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.051224][ T39] audit: type=1326 audit(1737473456.926:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.057119][ T39] audit: type=1326 audit(1737473456.926:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8391 comm="syz.1.667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 121.799075][ T8416] netlink: 'syz.3.674': attribute type 12 has an invalid length. [ 122.052668][ T8437] netlink: 4 bytes leftover after parsing attributes in process `syz.2.677'. [ 122.057599][ T8439] FAULT_INJECTION: forcing a failure. [ 122.057599][ T8439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.061635][ T8439] CPU: 2 UID: 0 PID: 8439 Comm: syz.1.676 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 122.064508][ T8439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 122.067441][ T8439] Call Trace: [ 122.068389][ T8439] [ 122.069242][ T8439] dump_stack_lvl+0x16c/0x1f0 [ 122.070596][ T8439] should_fail_ex+0x497/0x5b0 [ 122.071948][ T8439] _copy_from_user+0x2e/0xd0 [ 122.073208][ T8439] futex_parse_waitv+0xff/0x600 [ 122.074561][ T8439] ? __pfx_futex_wake_mark+0x10/0x10 [ 122.076015][ T8439] ? __pfx_futex_parse_waitv+0x10/0x10 [ 122.077564][ T8439] ? trace_kmalloc+0x2d/0xd0 [ 122.078892][ T8439] ? __kmalloc_noprof+0x23b/0x4f0 [ 122.080305][ T8439] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 122.081936][ T8439] ? __do_sys_futex_waitv+0x221/0x2c0 [ 122.083427][ T8439] __do_sys_futex_waitv+0x245/0x2c0 [ 122.084867][ T8439] ? __pfx___do_sys_futex_waitv+0x10/0x10 [ 122.086483][ T8439] do_int80_emulation+0x104/0x200 [ 122.087910][ T8439] asm_int80_emulation+0x1a/0x20 [ 122.089312][ T8439] RIP: 0023:0xf7f95579 [ 122.090469][ T8439] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 122.095734][ T8439] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1 [ 122.098047][ T8439] RAX: ffffffffffffffda RBX: 0000000020001080 RCX: 0000000000000001 [ 122.100273][ T8439] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 122.102498][ T8439] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 122.104750][ T8439] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 122.106993][ T8439] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 122.109182][ T8439] [ 122.785542][ T8467] netlink: 28 bytes leftover after parsing attributes in process `syz.1.678'. [ 122.798097][ T8467] netlink: 28 bytes leftover after parsing attributes in process `syz.1.678'. [ 122.874099][ T8464] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 123.086696][ T8476] can0: slcan on ptm0. [ 123.661468][ T8499] netlink: 'syz.1.691': attribute type 4 has an invalid length. [ 123.726230][ T8473] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 123.729051][ T8473] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 123.740739][ T8470] can0 (unregistered): slcan off ptm0. [ 123.860209][ T8520] netlink: 316 bytes leftover after parsing attributes in process `syz.0.696'. [ 123.878126][ T8521] mkiss: ax0: crc mode is auto. [ 124.279851][ T8543] netlink: 4 bytes leftover after parsing attributes in process `syz.0.705'. [ 124.293180][ T8543] netlink: 4 bytes leftover after parsing attributes in process `syz.0.705'. [ 124.600267][ T8560] xt_CT: You must specify a L4 protocol and not use inversions on it [ 124.637148][ T8563] syz.1.713: attempt to access beyond end of device [ 124.637148][ T8563] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 124.641885][ T8563] syz.1.713: attempt to access beyond end of device [ 124.641885][ T8563] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 124.647595][ T8562] syz.1.713: attempt to access beyond end of device [ 124.647595][ T8562] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 124.652558][ T8562] syz.1.713: attempt to access beyond end of device [ 124.652558][ T8562] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 125.250506][ T8] vhci_hcd: vhci_device speed not set [ 125.446977][ T8593] binder_alloc: 8592: binder_alloc_buf, no vma [ 125.563508][ T8605] random: crng reseeded on system resumption [ 125.671826][ T8603] syz.2.725 (8603) used greatest stack depth: 19456 bytes left [ 125.739880][ T8612] netlink: 256 bytes leftover after parsing attributes in process `syz.2.729'. [ 126.028294][ T39] kauditd_printk_skb: 33 callbacks suppressed [ 126.028309][ T39] audit: type=1326 audit(1737473461.946:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8632 comm="syz.0.736" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x0 [ 126.902163][ T8661] fuse: Unknown parameter '' [ 126.976300][ T8666] FAULT_INJECTION: forcing a failure. [ 126.976300][ T8666] name failslab, interval 1, probability 0, space 0, times 0 [ 126.979842][ T8666] CPU: 3 UID: 0 PID: 8666 Comm: syz.2.745 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 126.982773][ T8666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 126.985743][ T8666] Call Trace: [ 126.986726][ T8666] [ 126.987583][ T8666] dump_stack_lvl+0x16c/0x1f0 [ 126.988908][ T8666] should_fail_ex+0x497/0x5b0 [ 126.990284][ T8666] ? fs_reclaim_acquire+0xae/0x150 [ 126.991769][ T8666] should_failslab+0xc2/0x120 [ 126.993147][ T8666] __kmalloc_noprof+0xce/0x4f0 [ 126.994536][ T8666] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 126.996146][ T8666] ? tomoyo_realpath_from_path+0xbf/0x710 [ 126.997800][ T8666] tomoyo_realpath_from_path+0xbf/0x710 [ 126.999410][ T8666] ? tomoyo_path_number_perm+0x235/0x5b0 [ 127.001013][ T8666] tomoyo_path_number_perm+0x248/0x5b0 [ 127.002599][ T8666] ? tomoyo_path_number_perm+0x235/0x5b0 [ 127.004214][ T8666] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 127.005967][ T8666] ? __pfx_lock_release+0x10/0x10 [ 127.007436][ T8666] ? trace_lock_acquire+0x14e/0x1f0 [ 127.008936][ T8666] ? lock_acquire+0x2f/0xb0 [ 127.010261][ T8666] ? __fget_files+0x40/0x3a0 [ 127.011606][ T8666] ? __fget_files+0x206/0x3a0 [ 127.012996][ T8666] security_file_ioctl_compat+0x9b/0x240 [ 127.014629][ T8666] __do_compat_sys_ioctl+0x4e/0x2c0 [ 127.016133][ T8666] __do_fast_syscall_32+0x73/0x120 [ 127.017645][ T8666] do_fast_syscall_32+0x32/0x80 [ 127.019046][ T8666] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 127.020796][ T8666] RIP: 0023:0xf7ff2579 [ 127.021981][ T8666] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 127.027494][ T8666] RSP: 002b:00000000f514655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 127.029888][ T8666] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c03064b7 [ 127.032151][ T8666] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 127.034369][ T8666] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 127.036572][ T8666] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 127.038743][ T8666] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 127.040920][ T8666] [ 127.042438][ T8666] ERROR: Out of memory at tomoyo_realpath_from_path. [ 127.183931][ T8675] dccp_close: ABORT with 116 bytes unread [ 127.360560][ T1019] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 127.522591][ T1019] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 127.525899][ T1019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 127.528451][ T1019] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 127.532171][ T1019] usb 5-1: config 0 interface 0 has no altsetting 0 [ 127.533803][ T8693] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 127.536143][ T1019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 127.539077][ T1019] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 127.542248][ T1019] usb 5-1: config 0 interface 0 has no altsetting 0 [ 127.545488][ T1019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 127.548105][ T1019] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 127.551287][ T1019] usb 5-1: config 0 interface 0 has no altsetting 0 [ 127.554306][ T1019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 127.556891][ T1019] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 127.559986][ T1019] usb 5-1: config 0 interface 0 has no altsetting 0 [ 127.563159][ T1019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 127.565711][ T1019] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 127.568924][ T1019] usb 5-1: config 0 interface 0 has no altsetting 0 [ 127.571661][ T1019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 127.574306][ T1019] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 127.577410][ T1019] usb 5-1: config 0 interface 0 has no altsetting 0 [ 127.577675][ T8690] binder_alloc: 8689: binder_alloc_buf, no vma [ 127.581192][ T1019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 127.583824][ T1019] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 127.586967][ T1019] usb 5-1: config 0 interface 0 has no altsetting 0 [ 127.589882][ T1019] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 127.592611][ T1019] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 127.595761][ T1019] usb 5-1: config 0 interface 0 has no altsetting 0 [ 127.600146][ T8692] usb usb8: usbfs: process 8692 (syz.1.758) did not claim interface 0 before use [ 127.602894][ T1019] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 127.605559][ T1019] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 127.608098][ T1019] usb 5-1: Product: syz [ 127.609495][ T1019] usb 5-1: Manufacturer: syz [ 127.611046][ T1019] usb 5-1: SerialNumber: syz [ 127.612439][ T8692] netlink: 'syz.1.758': attribute type 10 has an invalid length. [ 127.614891][ T8692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.758'. [ 127.619533][ T1019] usb 5-1: config 0 descriptor?? [ 127.624511][ T1019] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 127.832910][ T8] usb 5-1: USB disconnect, device number 9 [ 127.846545][ T8] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 128.923418][ T8733] infiniband sz1: set active [ 128.937028][ T8] speed is unknown, defaulting to 1000 [ 128.977143][ T8742] sg_write: data in/out 16449500/251 bytes for SCSI command 0x15-- guessing data in; [ 128.977143][ T8742] program syz.2.771 not setting count and/or reply_len properly [ 129.371214][ T8749] overlayfs: conflicting options: userxattr,redirect_dir=on [ 130.341351][ T8779] netlink: 32 bytes leftover after parsing attributes in process `syz.1.782'. [ 130.382385][ T8781] netlink: 4 bytes leftover after parsing attributes in process `syz.1.783'. [ 130.422337][ T8785] netlink: 12 bytes leftover after parsing attributes in process `syz.1.785'. [ 130.432284][ T8785] bridge_slave_1: left allmulticast mode [ 130.433978][ T8785] bridge_slave_1: left promiscuous mode [ 130.435779][ T8785] bridge0: port 1(bridge_slave_1) entered disabled state [ 130.446875][ T8785] bridge1: port 1(bridge_slave_1) entered blocking state [ 130.449013][ T8785] bridge1: port 1(bridge_slave_1) entered disabled state [ 130.451682][ T8785] bridge_slave_1: entered allmulticast mode [ 130.455343][ T8785] bridge_slave_1: entered promiscuous mode [ 130.691668][ T8796] /dev/nullb0: Can't open blockdev [ 130.763867][ T8803] FAULT_INJECTION: forcing a failure. [ 130.763867][ T8803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 130.767749][ T8803] CPU: 3 UID: 0 PID: 8803 Comm: syz.1.793 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 130.770753][ T8803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.773078][ T8804] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 130.776139][ T8803] Call Trace: [ 130.776146][ T8803] [ 130.776151][ T8803] dump_stack_lvl+0x16c/0x1f0 [ 130.776170][ T8803] should_fail_ex+0x497/0x5b0 [ 130.779859][ T8804] /dev/nullb0: Can't open blockdev [ 130.780835][ T8803] _copy_from_user+0x2e/0xd0 [ 130.780854][ T8803] memdup_user+0x71/0xd0 [ 130.780868][ T8803] strndup_user+0x78/0xe0 [ 130.780880][ T8803] __ia32_sys_mount+0x138/0x310 [ 130.780895][ T8803] ? __pfx___ia32_sys_mount+0x10/0x10 [ 130.789108][ T8803] __do_fast_syscall_32+0x73/0x120 [ 130.790588][ T8803] do_fast_syscall_32+0x32/0x80 [ 130.792022][ T8803] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 130.793851][ T8803] RIP: 0023:0xf7f95579 [ 130.795035][ T8803] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 130.800485][ T8803] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 130.802864][ T8803] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000020000040 [ 130.805105][ T8803] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 130.807376][ T8803] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 130.809619][ T8803] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 130.811937][ T8803] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 130.814215][ T8803] [ 130.881541][ T8812] input: syz1 as /devices/virtual/input/input14 [ 130.978065][ T8817] netlink: 36 bytes leftover after parsing attributes in process `syz.2.797'. [ 130.993776][ T8809] syz.1.795: attempt to access beyond end of device [ 130.993776][ T8809] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 130.998056][ T8809] XFS (nbd1): SB validate failed with error -5. [ 131.065193][ T8832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.798'. [ 131.345768][ T8841] binder: BINDER_SET_CONTEXT_MGR already set [ 131.347781][ T8841] binder: 8840:8841 ioctl 4018620d 20000040 returned -16 [ 131.650902][ T8852] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 131.987322][ T8864] speed is unknown, defaulting to 1000 [ 131.993328][ T8863] binder: BINDER_SET_CONTEXT_MGR already set [ 131.995296][ T8863] binder: 8862:8863 ioctl 4018620d 20000040 returned -16 [ 132.203697][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.248610][ T8864] speed is unknown, defaulting to 1000 [ 133.257392][ T1139] Bluetooth: hci4: Frame reassembly failed (-84) [ 133.457499][ T8907] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 134.023952][ T8937] netlink: 'syz.1.829': attribute type 4 has an invalid length. [ 134.034061][ T8937] infiniband sz1: set down [ 134.035481][ T56] speed is unknown, defaulting to 1000 [ 134.037253][ T6005] speed is unknown, defaulting to 1000 [ 134.039060][ T6005] speed is unknown, defaulting to 1000 [ 134.798888][ T39] audit: type=1326 audit(1737473470.716:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.805174][ T39] audit: type=1326 audit(1737473470.716:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.813376][ T39] audit: type=1326 audit(1737473470.716:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.819398][ T39] audit: type=1326 audit(1737473470.716:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.825763][ T39] audit: type=1326 audit(1737473470.716:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.832599][ T39] audit: type=1326 audit(1737473470.716:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.838704][ T39] audit: type=1326 audit(1737473470.716:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.844991][ T39] audit: type=1326 audit(1737473470.716:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.851393][ T39] audit: type=1326 audit(1737473470.736:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=52 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.857419][ T39] audit: type=1326 audit(1737473470.736:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8948 comm="syz.0.832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 134.952883][ T8956] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 134.955290][ T8956] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 134.957972][ T8956] vhci_hcd vhci_hcd.0: Device attached [ 135.150445][ T5982] vhci_hcd: vhci_device speed not set [ 135.212082][ T5982] usb 39-1: new full-speed USB device number 3 using vhci_hcd [ 135.250435][ T5303] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 135.574673][ T8957] vhci_hcd: connection reset by peer [ 135.580931][ T63] vhci_hcd: stop threads [ 135.582235][ T63] vhci_hcd: release socket [ 135.583595][ T63] vhci_hcd: disconnect device [ 135.714863][ T8975] netlink: 24 bytes leftover after parsing attributes in process `syz.2.841'. [ 136.111893][ T833] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 136.263654][ T833] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 136.267550][ T833] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.271173][ T833] usb 7-1: Product: syz [ 136.272400][ T833] usb 7-1: Manufacturer: syz [ 136.273755][ T833] usb 7-1: SerialNumber: syz [ 136.278436][ T833] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 136.291661][ T833] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 136.503487][ T8984] mmap: syz.2.845 (8984) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 136.517195][ T6005] usb 7-1: USB disconnect, device number 4 [ 137.017472][ T9012] tipc: Started in network mode [ 137.019129][ T9012] tipc: Node identity ac1414aa, cluster identity 4711 [ 137.021322][ T9012] tipc: Enabling of bearer rejected, failed to enable media [ 137.323303][ T833] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 137.326019][ T833] ath9k_htc: Failed to initialize the device [ 137.332460][ T6005] usb 7-1: ath9k_htc: USB layer deinitialized [ 137.452838][ T9025] wireguard1: entered promiscuous mode [ 137.817753][ T9009] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 137.820139][ T9009] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 138.016919][ T9018] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 138.410853][ T9059] can0: slcan on ptm0. [ 138.521712][ T8] hid-generic 0000:0000:0000.0003: item fetching failed at offset 0/1 [ 138.527681][ T8] hid-generic 0000:0000:0000.0003: probe with driver hid-generic failed with error -22 [ 139.040547][ T9046] can0 (unregistered): slcan off ptm0. [ 139.208312][ T5303] Bluetooth: hci0: command 0x0c1a tx timeout [ 139.259918][ T9088] wireguard1: entered promiscuous mode [ 139.387743][ T9106] mkiss: ax0: crc mode is auto. [ 139.421030][ T9111] netlink: 48 bytes leftover after parsing attributes in process `syz.2.871'. [ 139.529289][ T9115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.873'. [ 139.532696][ T9115] erofs (device loop2): cannot find valid erofs superblock [ 139.705854][ T9122] netlink: 72 bytes leftover after parsing attributes in process `syz.2.875'. [ 139.944652][ T9128] netlink: 16 bytes leftover after parsing attributes in process `syz.3.877'. [ 139.953820][ T9128] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 139.956347][ T9128] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 139.958893][ T9128] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 139.961433][ T9128] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 139.964048][ T9128] geneve2: entered promiscuous mode [ 139.965600][ T9128] geneve2: entered allmulticast mode [ 140.068291][ T9130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.878'. [ 140.350371][ T5982] vhci_hcd: vhci_device speed not set [ 140.780085][ T9148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.884'. [ 140.798490][ T9152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.885'. [ 140.833886][ T9160] netlink: 180 bytes leftover after parsing attributes in process `syz.3.888'. [ 140.836598][ T9160] netlink: 180 bytes leftover after parsing attributes in process `syz.3.888'. [ 140.839092][ T9163] bridge0: port 3(syz_tun) entered blocking state [ 140.842752][ T9163] bridge0: port 3(syz_tun) entered disabled state [ 140.844727][ T9163] syz_tun: entered allmulticast mode [ 140.848592][ T9163] syz_tun: entered promiscuous mode [ 140.923865][ T9167] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.948827][ T9170] netlink: 20 bytes leftover after parsing attributes in process `syz.0.890'. [ 140.958093][ T9171] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 140.959949][ T9171] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 140.963480][ T9171] vhci_hcd vhci_hcd.0: Device attached [ 140.997114][ T9167] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.104997][ T9167] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.175041][ T9] vhci_hcd: vhci_device speed not set [ 141.182168][ T9167] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.295619][ T9] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 141.356785][ T9167] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.372158][ T9167] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.386068][ T9167] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.398218][ T9167] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.797895][ T9173] vhci_hcd: connection reset by peer [ 141.801618][ T63] vhci_hcd: stop threads [ 141.803300][ T63] vhci_hcd: release socket [ 141.804781][ T63] vhci_hcd: disconnect device [ 141.818445][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 141.818454][ T39] audit: type=1326 audit(1737473477.736:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.828626][ T39] audit: type=1326 audit(1737473477.746:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.839826][ T39] audit: type=1326 audit(1737473477.746:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.848249][ T39] audit: type=1326 audit(1737473477.746:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.856977][ T39] audit: type=1326 audit(1737473477.746:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=92 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.867718][ T39] audit: type=1326 audit(1737473477.746:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.874475][ T39] audit: type=1326 audit(1737473477.746:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.880630][ T39] audit: type=1326 audit(1737473477.746:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.888006][ T39] audit: type=1326 audit(1737473477.746:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.896658][ T39] audit: type=1326 audit(1737473477.746:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.1.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 141.930223][ T9216] netlink: 'syz.0.903': attribute type 4 has an invalid length. [ 142.624484][ T9243] FAULT_INJECTION: forcing a failure. [ 142.624484][ T9243] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.628581][ T9243] CPU: 3 UID: 0 PID: 9243 Comm: syz.0.908 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 142.631593][ T9243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.634672][ T9243] Call Trace: [ 142.635606][ T9243] [ 142.636471][ T9243] dump_stack_lvl+0x16c/0x1f0 [ 142.637861][ T9243] should_fail_ex+0x497/0x5b0 [ 142.639234][ T9243] _copy_to_user+0x32/0xd0 [ 142.640525][ T9243] simple_read_from_buffer+0xd0/0x160 [ 142.642093][ T9243] proc_fail_nth_read+0x198/0x270 [ 142.643545][ T9243] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 142.645140][ T9243] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 142.646743][ T9243] vfs_read+0x1df/0xbe0 [ 142.647953][ T9243] ? __fget_files+0x1fc/0x3a0 [ 142.649391][ T9243] ? __pfx___mutex_lock+0x10/0x10 [ 142.650859][ T9243] ? __pfx_vfs_read+0x10/0x10 [ 142.652240][ T9243] ? __fget_files+0x206/0x3a0 [ 142.653614][ T9243] ksys_read+0x12b/0x250 [ 142.654859][ T9243] ? __pfx_ksys_read+0x10/0x10 [ 142.656244][ T9243] __do_fast_syscall_32+0x73/0x120 [ 142.657755][ T9243] do_fast_syscall_32+0x32/0x80 [ 142.659168][ T9243] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 142.661018][ T9243] RIP: 0023:0xf7f02579 [ 142.662193][ T9243] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 142.667699][ T9243] RSP: 002b:00000000f5056590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 142.670067][ T9243] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5056620 [ 142.672297][ T9243] RDX: 000000000000000f RSI: 00000000f7393ff4 RDI: 0000000000000000 [ 142.674525][ T9243] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 142.676874][ T9243] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 142.679372][ T9243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 142.681593][ T9243] [ 142.860428][ T62] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 143.022303][ T62] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 143.026056][ T62] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 143.029835][ T62] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 143.033809][ T62] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 143.038525][ T62] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 143.041390][ T62] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.044668][ T62] usb 7-1: config 0 descriptor?? [ 143.460516][ T62] plantronics 0003:047F:FFFF.0004: ignoring exceeding usage max [ 143.464049][ T62] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 143.475468][ T62] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 144.539326][ T9270] netlink: 36 bytes leftover after parsing attributes in process `syz.3.917'. [ 144.903602][ T5982] usb 7-1: reset high-speed USB device number 5 using dummy_hcd [ 145.149452][ T9277] speed is unknown, defaulting to 1000 [ 145.197138][ T9277] speed is unknown, defaulting to 1000 [ 145.439894][ T9290] netlink: 20 bytes leftover after parsing attributes in process `syz.1.924'. [ 145.447725][ T9290] netlink: 164 bytes leftover after parsing attributes in process `syz.1.924'. [ 145.450336][ T9290] netlink: 164 bytes leftover after parsing attributes in process `syz.1.924'. [ 145.577504][ T9294] netlink: 36 bytes leftover after parsing attributes in process `syz.1.925'. [ 145.672050][ T9297] vlan2: left allmulticast mode [ 145.673620][ T9297] mac80211_hwsim hwsim8 wlan1: left allmulticast mode [ 145.745465][ T9301] 9pnet_fd: Insufficient options for proto=fd [ 146.385774][ T9367] netlink: 'syz.3.937': attribute type 12 has an invalid length. [ 146.388126][ T9367] netlink: 'syz.3.937': attribute type 29 has an invalid length. [ 146.394380][ T9367] netlink: 'syz.3.937': attribute type 2 has an invalid length. [ 146.396563][ T9367] netlink: 'syz.3.937': attribute type 2 has an invalid length. [ 146.398734][ T9367] netlink: 'syz.3.937': attribute type 1 has an invalid length. [ 146.401624][ T9367] netlink: 'syz.3.937': attribute type 37 has an invalid length. [ 146.403743][ T9367] netlink: 'syz.3.937': attribute type 2 has an invalid length. [ 146.408453][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.431414][ T9] vhci_hcd: vhci_device speed not set [ 146.564361][ T8] usb 7-1: USB disconnect, device number 5 [ 148.082519][ T9444] openvswitch: netlink: Actions may not be safe on all matching packets [ 148.481894][ T9484] fuse: Unknown parameter '' [ 148.775204][ T5303] Bluetooth: hci0: unexpected event for opcode 0x0c6d [ 149.134005][ T9519] netlink: 'syz.2.958': attribute type 1 has an invalid length. [ 149.136305][ T9519] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 149.139595][ T9519] IPv6: NLM_F_CREATE should be set when creating new route [ 149.182688][ T9524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.959'. [ 149.185435][ T9524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.959'. [ 149.188029][ T9524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.959'. [ 149.393665][ T9546] netlink: 36 bytes leftover after parsing attributes in process `syz.1.962'. [ 149.456452][ T9547] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 149.973587][ T9557] can0: slcan on ptm0. [ 150.228784][ T9571] IPv6: Can't replace route, no match found [ 150.379747][ T9583] openvswitch: netlink: EtherType 50a is less than min 600 [ 150.581532][ T9551] can0 (unregistered): slcan off ptm0. [ 150.734339][ T9604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.976'. [ 150.856206][ T9612] netlink: 2980 bytes leftover after parsing attributes in process `syz.0.978'. [ 150.998072][ T9618] netlink: 256 bytes leftover after parsing attributes in process `syz.0.979'. [ 151.368692][ T9593] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 151.371396][ T9593] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 151.970658][ T9651] mkiss: ax0: crc mode is auto. [ 152.325743][ T9664] netlink: 48 bytes leftover after parsing attributes in process `syz.0.991'. [ 152.345648][ T9665] netlink: 28 bytes leftover after parsing attributes in process `syz.1.990'. [ 152.348253][ T9665] netlink: 28 bytes leftover after parsing attributes in process `syz.1.990'. [ 152.417218][ T9675] netlink: 'syz.0.996': attribute type 4 has an invalid length. [ 153.647614][ T9710] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 153.653636][ T9710] overlayfs: overlapping lowerdir path [ 153.749536][ T9713] 9pnet_fd: Insufficient options for proto=fd [ 154.175772][ T9723] xt_CT: You must specify a L4 protocol and not use inversions on it [ 154.227478][ T9728] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.232601][ T9728] batadv_slave_0: entered promiscuous mode [ 155.254731][ T9744] sctp: [Deprecated]: syz.0.1018 (pid 9744) Use of struct sctp_assoc_value in delayed_ack socket option. [ 155.254731][ T9744] Use struct sctp_sack_info instead [ 155.304998][ T9744] __nla_validate_parse: 2 callbacks suppressed [ 155.305009][ T9744] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1018'. [ 155.376205][ T9767] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1026'. [ 155.403488][ T9771] bridge_slave_0: entered promiscuous mode [ 155.408637][ T9773] netlink: 8784 bytes leftover after parsing attributes in process `syz.0.1028'. [ 155.444313][ T9777] FAULT_INJECTION: forcing a failure. [ 155.444313][ T9777] name failslab, interval 1, probability 0, space 0, times 0 [ 155.447829][ T9777] CPU: 1 UID: 0 PID: 9777 Comm: syz.1.1029 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 155.450680][ T9777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 155.453719][ T9777] Call Trace: [ 155.454644][ T9777] [ 155.456905][ T9777] dump_stack_lvl+0x16c/0x1f0 [ 155.456931][ T9777] should_fail_ex+0x497/0x5b0 [ 155.456945][ T9777] ? fs_reclaim_acquire+0xae/0x150 [ 155.456960][ T9777] should_failslab+0xc2/0x120 [ 155.456975][ T9777] __kmalloc_noprof+0xce/0x4f0 [ 155.456988][ T9777] ? d_absolute_path+0x137/0x1b0 [ 155.457003][ T9777] ? tomoyo_encode2+0x100/0x3e0 [ 155.457017][ T9777] tomoyo_encode2+0x100/0x3e0 [ 155.457030][ T9777] tomoyo_realpath_from_path+0x1a7/0x710 [ 155.457045][ T9777] tomoyo_path_number_perm+0x248/0x5b0 [ 155.457054][ T9777] ? tomoyo_path_number_perm+0x235/0x5b0 [ 155.457065][ T9777] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 155.457086][ T9777] ? __pfx_lock_release+0x10/0x10 [ 155.457096][ T9777] ? trace_lock_acquire+0x14e/0x1f0 [ 155.457111][ T9777] ? lock_acquire+0x2f/0xb0 [ 155.457119][ T9777] ? __fget_files+0x40/0x3a0 [ 155.457133][ T9777] ? __fget_files+0x206/0x3a0 [ 155.457147][ T9777] security_file_ioctl_compat+0x9b/0x240 [ 155.457159][ T9777] __do_compat_sys_ioctl+0x4e/0x2c0 [ 155.457171][ T9777] __do_fast_syscall_32+0x73/0x120 [ 155.457185][ T9777] do_fast_syscall_32+0x32/0x80 [ 155.457198][ T9777] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 155.457215][ T9777] RIP: 0023:0xf7f95579 [ 155.457223][ T9777] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 155.457233][ T9777] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 155.457244][ T9777] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c03064b7 [ 155.457251][ T9777] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 155.457257][ T9777] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 155.457262][ T9777] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 155.457268][ T9777] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 155.457280][ T9777] [ 155.459887][ T9777] ERROR: Out of memory at tomoyo_realpath_from_path. [ 155.604238][ T9791] kAFS: No cell specified [ 155.986453][ T9814] syz.2.1040: attempt to access beyond end of device [ 155.986453][ T9814] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0 [ 155.992763][ T9814] syz.2.1040: attempt to access beyond end of device [ 155.992763][ T9814] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0 [ 156.144232][ T9814] net veth1_virt_wifi : renamed from virt_wifi0 [ 156.540415][ T833] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 156.682815][ T9835] serio: Serial port ptm0 [ 156.691710][ T833] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 156.694858][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.698352][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.704152][ T833] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 156.708854][ T833] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 156.712345][ T833] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 156.714725][ T833] usb 8-1: Manufacturer: syz [ 156.717409][ T833] usb 8-1: config 0 descriptor?? [ 156.934269][ T9853] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1051'. [ 156.969197][ T9855] FAULT_INJECTION: forcing a failure. [ 156.969197][ T9855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.974397][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: syz.1.1052 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 156.978495][ T9855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 156.982552][ T9855] Call Trace: [ 156.983792][ T9855] [ 156.984840][ T9855] dump_stack_lvl+0x16c/0x1f0 [ 156.986515][ T9855] should_fail_ex+0x497/0x5b0 [ 156.988499][ T9855] _copy_from_user+0x2e/0xd0 [ 156.990304][ T9855] move_addr_to_kernel+0x68/0x160 [ 156.992169][ T9855] __sys_bind+0x11c/0x260 [ 156.993811][ T9855] ? __pfx___sys_bind+0x10/0x10 [ 156.995711][ T9855] ? __fget_files+0x206/0x3a0 [ 156.997554][ T9855] ? __pfx_ksys_write+0x10/0x10 [ 156.999504][ T9855] __ia32_sys_bind+0x71/0xb0 [ 157.001228][ T9855] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 157.003631][ T9855] __do_fast_syscall_32+0x73/0x120 [ 157.005551][ T9855] do_fast_syscall_32+0x32/0x80 [ 157.007224][ T9855] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 157.009548][ T9855] RIP: 0023:0xf7f95579 [ 157.011058][ T9855] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 157.018242][ T9855] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 157.021285][ T9855] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000180 [ 157.024179][ T9855] RDX: 0000000000000014 RSI: 0000000000000000 RDI: 0000000000000000 [ 157.027268][ T9855] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 157.030187][ T9855] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 157.033182][ T9855] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 157.036067][ T9855] [ 157.039897][ T9857] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 157.163588][ T833] usbhid 8-1:0.0: can't add hid device: -71 [ 157.165380][ T833] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 157.171695][ T833] usb 8-1: USB disconnect, device number 10 [ 157.719111][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1058'. [ 158.230822][ T9894] tipc: Started in network mode [ 158.233058][ T9894] tipc: Node identity 10000, cluster identity 4711 [ 158.235842][ T9894] tipc: Node number set to 65536 [ 158.519980][ T39] kauditd_printk_skb: 31 callbacks suppressed [ 158.519990][ T39] audit: type=1326 audit(1737473494.436:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 158.546218][ T39] audit: type=1326 audit(1737473494.436:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 158.557060][ T39] audit: type=1326 audit(1737473494.436:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f955a7 code=0x7ffc0000 [ 158.564242][ T39] audit: type=1326 audit(1737473494.436:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 158.570647][ T39] audit: type=1326 audit(1737473494.436:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f955a7 code=0x7ffc0000 [ 158.576860][ T39] audit: type=1326 audit(1737473494.436:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 158.587107][ T39] audit: type=1326 audit(1737473494.436:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f955a7 code=0x7ffc0000 [ 158.602529][ T39] audit: type=1326 audit(1737473494.436:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 158.608685][ T39] audit: type=1326 audit(1737473494.436:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f955a7 code=0x7ffc0000 [ 158.614907][ T39] audit: type=1326 audit(1737473494.446:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1062" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 158.795643][ T9917] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 158.798644][ T9917] qnx6: wrong signature (magic) in superblock #1. [ 158.800863][ T9917] qnx6: unable to read the first superblock [ 158.927754][ T9924] vlan2: entered allmulticast mode [ 158.929348][ T9924] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 159.058545][ T9925] speed is unknown, defaulting to 1000 [ 159.263218][ T9925] speed is unknown, defaulting to 1000 [ 159.311917][ T9929] input: syz1 as /devices/virtual/input/input16 [ 159.347289][ T9931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1073'. [ 159.589910][ T9951] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1080'. [ 159.697044][ T9973] Sensor A: ================= START STATUS ================= [ 159.699914][ T9973] Sensor A: Test Pattern: 75% Colorbar [ 159.704504][ T9973] Sensor A: Show Information: All [ 159.706078][ T9973] Sensor A: Vertical Flip: false [ 159.707864][ T9973] Sensor A: Horizontal Flip: false [ 159.709502][ T9973] Sensor A: Brightness: 128 [ 159.713721][ T9973] Sensor A: Contrast: 128 [ 159.715006][ T9973] Sensor A: Hue: 0 [ 159.716100][ T9973] Sensor A: Saturation: 128 [ 159.717414][ T9973] Sensor A: ================== END STATUS ================== [ 159.736471][ T9975] binder: 9974:9975 unknown command 1078485781 [ 159.738330][ T9975] binder: 9974:9975 ioctl c0306201 20000480 returned -22 [ 159.742490][ T9973] netlink: 'syz.3.1088': attribute type 3 has an invalid length. [ 159.744783][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1088'. [ 159.756635][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1088'. [ 159.972773][ T9978] syzkaller1: entered promiscuous mode [ 159.974843][ T9978] syzkaller1: entered allmulticast mode [ 160.637698][T10020] : renamed from bond0 (while UP) [ 160.791421][T10023] 9pnet_virtio: no channels available for device [ 160.793770][T10023] tmpfs: Unknown parameter '0x0000000000000008' [ 161.122303][T10038] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 161.258440][T10039] can0: slcan on ptm0. [ 161.793328][T10032] can0 (unregistered): slcan off ptm0. [ 162.068918][ C3] blk_print_req_error: 154 callbacks suppressed [ 162.068929][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.071729][ C2] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.073640][ C3] buffer_io_error: 152 callbacks suppressed [ 162.073648][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 162.076260][ C2] Buffer I/O error on dev loop6, logical block 1, async page read [ 162.082857][ C2] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.085460][ C2] Buffer I/O error on dev loop6, logical block 2, async page read [ 162.087851][ C2] I/O error, dev loop6, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.091333][ C2] Buffer I/O error on dev loop6, logical block 3, async page read [ 162.093659][ C2] I/O error, dev loop6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.096269][ C2] Buffer I/O error on dev loop6, logical block 4, async page read [ 162.098521][ C2] I/O error, dev loop6, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.101179][ C2] Buffer I/O error on dev loop6, logical block 5, async page read [ 162.103437][ C2] I/O error, dev loop6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.106054][ C2] Buffer I/O error on dev loop6, logical block 6, async page read [ 162.108356][ C2] I/O error, dev loop6, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.111016][ C2] Buffer I/O error on dev loop6, logical block 7, async page read [ 162.113411][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.116710][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 162.119345][ C3] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 162.122064][ C3] Buffer I/O error on dev loop6, logical block 1, async page read [ 162.128156][ T5359] ldm_validate_partition_table(): Disk read failed. [ 162.132669][ T5359] Dev loop6: unable to read RDB block 0 [ 162.136395][ T5359] loop6: unable to read partition table [ 162.788156][ T5303] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 162.831986][T10118] xt_CT: You must specify a L4 protocol and not use inversions on it [ 163.412096][T10127] netlink: 'syz.2.1124': attribute type 4 has an invalid length. [ 163.719225][T10143] wireguard2: entered promiscuous mode [ 163.769411][T10147] binder: 10145:10147 ioctl c018937b 20000140 returned -22 [ 164.040799][T10158] netlink: 'syz.3.1134': attribute type 10 has an invalid length. [ 164.044487][T10158] netlink: 'syz.3.1134': attribute type 10 has an invalid length. [ 164.554217][ T5359] ldm_validate_partition_table(): Disk read failed. [ 164.557297][ T5359] Dev loop6: unable to read RDB block 0 [ 164.560854][ T5359] loop6: unable to read partition table [ 164.770199][T10183] can0: slcan on ptm0. [ 164.898582][T10192] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1141'. [ 164.969290][T10201] netlink: 'syz.0.1144': attribute type 1 has an invalid length. [ 164.991389][T10201] 8021q: adding VLAN 0 to HW filter on device bond1 [ 165.018251][T10201] bond1: (slave veth3): Enslaving as an active interface with a down link [ 165.322165][T10227] wireguard1: entered promiscuous mode [ 165.441029][T10172] can0 (unregistered): slcan off ptm0. [ 165.531181][T10245] sctp: [Deprecated]: syz.2.1150 (pid 10245) Use of int in max_burst socket option. [ 165.531181][T10245] Use struct sctp_assoc_value instead [ 165.531506][T10250] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1151'. [ 165.699258][T10254] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 165.701208][T10254] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 165.703855][T10254] vhci_hcd vhci_hcd.0: Device attached [ 165.880796][ T833] vhci_hcd: vhci_device speed not set [ 165.915032][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1156'. [ 165.950377][ T833] usb 41-1: new full-speed USB device number 3 using vhci_hcd [ 166.032118][T10275] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1159'. [ 166.034744][T10275] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1159'. [ 166.353374][T10260] vhci_hcd: connection reset by peer [ 166.363055][ T12] vhci_hcd: stop threads [ 166.364317][ T12] vhci_hcd: release socket [ 166.367067][ T12] vhci_hcd: disconnect device [ 166.425263][T10281] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1162'. [ 166.469232][ T39] kauditd_printk_skb: 136 callbacks suppressed [ 166.469273][ T39] audit: type=1326 audit(1737473502.386:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.469858][T10280] capability: warning: `syz.0.1161' uses 32-bit capabilities (legacy support in use) [ 166.475559][ T39] audit: type=1326 audit(1737473502.386:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.487682][ T39] audit: type=1326 audit(1737473502.386:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=81 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.503887][ T39] audit: type=1326 audit(1737473502.386:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.510090][ T39] audit: type=1326 audit(1737473502.386:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.525652][ T39] audit: type=1326 audit(1737473502.386:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.535617][ T39] audit: type=1326 audit(1737473502.386:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.547610][ T39] audit: type=1326 audit(1737473502.386:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.559044][ T39] audit: type=1326 audit(1737473502.386:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.567958][ T39] audit: type=1326 audit(1737473502.386:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10272 comm="syz.1.1160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 166.575416][ T5303] Bluetooth: hci0: unexpected event for opcode 0x1002 [ 167.427243][T10331] FAULT_INJECTION: forcing a failure. [ 167.427243][T10331] name failslab, interval 1, probability 0, space 0, times 0 [ 167.429120][T10328] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 167.432096][T10331] CPU: 0 UID: 0 PID: 10331 Comm: syz.0.1183 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 167.436185][T10331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 167.438779][ T1149] Bluetooth: hci4: Frame reassembly failed (-84) [ 167.439244][T10331] Call Trace: [ 167.439250][T10331] [ 167.443032][T10331] dump_stack_lvl+0x16c/0x1f0 [ 167.443052][T10331] should_fail_ex+0x497/0x5b0 [ 167.445828][T10331] ? fs_reclaim_acquire+0xae/0x150 [ 167.447315][T10331] should_failslab+0xc2/0x120 [ 167.448681][T10331] __kmalloc_node_noprof+0xd1/0x520 [ 167.450192][T10331] ? __pfx_mark_lock+0x10/0x10 [ 167.451583][T10331] ? __vmalloc_node_range_noprof+0x3d8/0x1530 [ 167.453345][T10331] __vmalloc_node_range_noprof+0x3d8/0x1530 [ 167.455062][T10331] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 167.456678][T10331] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 167.458508][T10331] ? __pfx_aa_get_newest_label+0x10/0x10 [ 167.460122][T10331] ? __pfx___lock_acquire+0x10/0x10 [ 167.461623][T10331] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 167.463219][T10331] __vmalloc_noprof+0x6d/0x90 [ 167.464584][T10331] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 167.466200][T10331] bpf_prog_alloc_no_stats+0x54/0x630 [ 167.467762][T10331] ? security_capable+0x7e/0x260 [ 167.469199][T10331] bpf_prog_alloc+0x3b/0x230 [ 167.470590][T10331] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 167.472299][T10331] bpf_prog_load+0x1b4e/0x2670 [ 167.473679][T10331] ? __pfx_bpf_prog_load+0x10/0x10 [ 167.475158][T10331] ? find_held_lock+0x2d/0x110 [ 167.476555][T10331] ? __might_fault+0x13b/0x190 [ 167.477933][T10331] ? __might_fault+0xe3/0x190 [ 167.479264][T10331] __sys_bpf+0x5677/0x57a0 [ 167.480533][T10331] ? __pfx_lock_release+0x10/0x10 [ 167.481989][T10331] ? __pfx___sys_bpf+0x10/0x10 [ 167.483347][T10331] ? vfs_write+0x306/0x1150 [ 167.484650][T10331] ? __mutex_unlock_slowpath+0x164/0x690 [ 167.486260][T10331] ? fput+0x67/0x440 [ 167.487406][T10331] ? ksys_write+0x1ba/0x250 [ 167.488718][T10331] ? __pfx_ksys_write+0x10/0x10 [ 167.490127][T10331] __ia32_sys_bpf+0x76/0xe0 [ 167.491425][T10331] __do_fast_syscall_32+0x73/0x120 [ 167.492883][T10331] do_fast_syscall_32+0x32/0x80 [ 167.494273][T10331] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 167.496043][T10331] RIP: 0023:0xf7f02579 [ 167.497218][T10331] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 167.502614][T10331] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 167.504944][T10331] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000002000e000 [ 167.507171][T10331] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 167.509384][T10331] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 167.511611][T10331] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 167.513836][T10331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 167.516086][T10331] [ 167.528446][T10331] syz.0.1183: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 167.534217][T10331] CPU: 2 UID: 0 PID: 10331 Comm: syz.0.1183 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 167.537271][T10331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 167.540364][T10331] Call Trace: [ 167.541322][T10331] [ 167.542192][T10331] dump_stack_lvl+0x16c/0x1f0 [ 167.543659][T10331] warn_alloc+0x24d/0x3a0 [ 167.544952][T10331] ? __pfx_warn_alloc+0x10/0x10 [ 167.546418][T10331] ? dump_stack_lvl+0x1a1/0x1f0 [ 167.547847][T10331] ? rcu_is_watching+0x12/0xc0 [ 167.549211][T10331] ? trace_kmalloc+0x2d/0xd0 [ 167.550542][T10331] ? __kmalloc_node_noprof+0x23d/0x520 [ 167.552094][T10331] __vmalloc_node_range_noprof+0x1105/0x1530 [ 167.553859][T10331] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 167.555443][T10331] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 167.557271][T10331] ? __pfx_aa_get_newest_label+0x10/0x10 [ 167.558946][T10331] ? __pfx___lock_acquire+0x10/0x10 [ 167.560422][T10331] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 167.562011][T10331] __vmalloc_noprof+0x6d/0x90 [ 167.563398][T10331] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 167.565240][T10331] bpf_prog_alloc_no_stats+0x54/0x630 [ 167.566816][T10331] ? security_capable+0x7e/0x260 [ 167.568225][T10331] bpf_prog_alloc+0x3b/0x230 [ 167.569554][T10331] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 167.571219][T10331] bpf_prog_load+0x1b4e/0x2670 [ 167.572598][T10331] ? __pfx_bpf_prog_load+0x10/0x10 [ 167.574070][T10331] ? find_held_lock+0x2d/0x110 [ 167.575487][T10331] ? __might_fault+0x13b/0x190 [ 167.576849][T10331] ? __might_fault+0xe3/0x190 [ 167.578202][T10331] __sys_bpf+0x5677/0x57a0 [ 167.579481][T10331] ? __pfx_lock_release+0x10/0x10 [ 167.580933][T10331] ? __pfx___sys_bpf+0x10/0x10 [ 167.582316][T10331] ? vfs_write+0x306/0x1150 [ 167.583786][T10331] ? __mutex_unlock_slowpath+0x164/0x690 [ 167.585458][T10331] ? fput+0x67/0x440 [ 167.586602][T10331] ? ksys_write+0x1ba/0x250 [ 167.587903][T10331] ? __pfx_ksys_write+0x10/0x10 [ 167.589306][T10331] __ia32_sys_bpf+0x76/0xe0 [ 167.590739][T10331] __do_fast_syscall_32+0x73/0x120 [ 167.592318][T10331] do_fast_syscall_32+0x32/0x80 [ 167.593785][T10331] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 167.595639][T10331] RIP: 0023:0xf7f02579 [ 167.596832][T10331] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 167.602432][T10331] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 167.604927][T10331] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000002000e000 [ 167.607206][T10331] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 167.609538][T10331] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 167.611815][T10331] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 167.614112][T10331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 167.616525][T10331] [ 167.617684][T10331] Mem-Info: [ 167.619053][T10331] active_anon:11061 inactive_anon:138 isolated_anon:0 [ 167.619053][T10331] active_file:16995 inactive_file:29555 isolated_file:0 [ 167.619053][T10331] unevictable:1768 dirty:12 writeback:25 [ 167.619053][T10331] slab_reclaimable:7584 slab_unreclaimable:60814 [ 167.619053][T10331] mapped:28944 shmem:8049 pagetables:680 [ 167.619053][T10331] sec_pagetables:309 bounce:0 [ 167.619053][T10331] kernel_misc_reclaimable:0 [ 167.619053][T10331] free:35607 free_pcp:7340 free_cma:0 [ 167.636386][T10331] Node 0 active_anon:14016kB inactive_anon:552kB active_file:1052kB inactive_file:48kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:14352kB dirty:4kB writeback:0kB shmem:16916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9540kB pagetables:796kB sec_pagetables:1144kB all_unreclaimable? no [ 167.645887][T10331] Node 1 active_anon:30228kB inactive_anon:0kB active_file:66928kB inactive_file:118172kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:101424kB dirty:44kB writeback:100kB shmem:15280kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3768kB pagetables:1924kB sec_pagetables:92kB all_unreclaimable? no [ 167.654994][T10331] Node 0 DMA free:1452kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:504kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:360kB local_pcp:88kB free_cma:0kB [ 167.665212][T10331] lowmem_reserve[]: 0 296 0 0 0 [ 167.666780][T10331] Node 0 DMA32 free:17420kB boost:0kB min:13672kB low:17088kB high:20504kB reserved_highatomic:4096KB active_anon:13508kB inactive_anon:528kB active_file:1052kB inactive_file:48kB unevictable:3536kB writepending:4kB present:1032196kB managed:303684kB mlocked:0kB bounce:0kB free_pcp:2760kB local_pcp:1984kB free_cma:0kB [ 167.675596][T10331] lowmem_reserve[]: 0 0 0 0 0 [ 167.677094][T10331] Node 1 DMA32 free:123428kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:30236kB inactive_anon:0kB active_file:66928kB inactive_file:118172kB unevictable:3536kB writepending:60kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:26124kB local_pcp:7580kB free_cma:0kB [ 167.685994][T10331] lowmem_reserve[]: 0 0 0 0 0 [ 167.687501][T10331] Node 0 DMA: 37*4kB (U) 38*8kB (U) 13*16kB (U) 17*32kB (U) 4*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1460kB [ 167.691673][T10331] Node 0 DMA32: 111*4kB (UMEH) 85*8kB (UEH) 45*16kB (UEH) 78*32kB (UMEH) 47*64kB (UEH) 22*128kB (UMEH) 14*256kB (UME) 5*512kB (UMH) 1*1024kB (U) 0*2048kB 0*4096kB = 17332kB [ 167.697169][T10331] Node 1 DMA32: 43*4kB (U) 323*8kB (UME) 95*16kB (UE) 481*32kB (UME) 345*64kB (UME) 75*128kB (UME) 37*256kB (UME) 20*512kB (UM) 11*1024kB (UM) 4*2048kB (UME) 8*4096kB (UM) = 123284kB [ 167.702690][T10331] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 167.705521][T10331] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 167.708282][T10331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 167.711993][T10331] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 167.715004][T10331] 54641 total pagecache pages [ 167.716633][T10331] 47 pages in swap cache [ 167.718079][T10331] Free swap = 121356kB [ 167.719437][T10331] Total swap = 124996kB [ 167.721662][T10331] 524155 pages RAM [ 167.722963][T10331] 0 pages HighMem/MovableOnly [ 167.724473][T10331] 207331 pages reserved [ 167.726040][T10331] 0 pages cma reserved [ 167.743879][T10335] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 168.140894][T10339] /dev/sr0: Can't open blockdev [ 168.340801][T10337] /dev/sr0: Can't open blockdev [ 168.574648][ T9354] bond0: (slave bond_slave_0): interface is now down [ 168.576232][T10345] netlink: 'syz.1.1187': attribute type 10 has an invalid length. [ 168.577498][ T9354] bond0: (slave bond_slave_1): interface is now down [ 168.583425][ T9354] bond0: (slave netdevsim0): interface is now down [ 168.591222][ T9354] bond0: now running without any active interface! [ 168.982480][T10383] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1198'. [ 168.988587][T10383] bridge_slave_1: left allmulticast mode [ 168.990251][T10383] bridge_slave_1: left promiscuous mode [ 168.993884][T10383] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.000519][T10383] bridge2: port 1(bridge_slave_1) entered blocking state [ 169.002494][T10383] bridge2: port 1(bridge_slave_1) entered disabled state [ 169.004486][T10383] bridge_slave_1: entered allmulticast mode [ 169.006590][T10383] bridge_slave_1: entered promiscuous mode [ 169.037301][T10385] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1199'. [ 169.157063][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1203'. [ 169.223952][T10400] netlink: 'syz.2.1205': attribute type 10 has an invalid length. [ 169.313072][T10404] sit0: entered promiscuous mode [ 169.314608][T10404] sit0: entered allmulticast mode [ 169.318105][T10404] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1207'. [ 169.320848][T10404] netlink: 'syz.2.1207': attribute type 7 has an invalid length. [ 169.323026][T10404] netlink: 'syz.2.1207': attribute type 8 has an invalid length. [ 169.499968][ T5952] Bluetooth: hci4: command 0x1003 tx timeout [ 169.502083][ T5303] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 169.535066][T10421] binder: 10419:10421 ioctl 4018620d 0 returned -22 [ 169.572483][T10428] vlan3: entered promiscuous mode [ 170.481855][T10455] binder: 10454:10455 ioctl 4018620d 0 returned -22 [ 170.920439][ T62] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 171.080968][ T833] vhci_hcd: vhci_device speed not set [ 171.082944][ T62] usb 8-1: Using ep0 maxpacket: 8 [ 171.086059][ T62] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 171.089350][ T62] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 171.093147][ T62] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.096371][ T62] usb 8-1: config 0 descriptor?? [ 171.099525][ T62] iowarrior 8-1:0.0: no interrupt-in endpoint found [ 171.389933][T10484] speed is unknown, defaulting to 1000 [ 171.434967][T10484] speed is unknown, defaulting to 1000 [ 171.587063][T10490] __nla_validate_parse: 1 callbacks suppressed [ 171.587075][T10490] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1233'. [ 171.601603][T10490] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1233'. [ 171.604258][T10490] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1233'. [ 171.619508][T10496] binder: 10495:10496 ioctl 4018620d 0 returned -22 [ 171.656076][ T39] kauditd_printk_skb: 8 callbacks suppressed [ 171.656086][ T39] audit: type=1326 audit(1737473507.576:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10497 comm="syz.0.1235" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x0 [ 171.704148][T10505] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1238'. [ 171.860537][T10518] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1235'. [ 173.168791][T10533] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 173.353741][T10541] binder: BINDER_SET_CONTEXT_MGR already set [ 173.356064][T10541] binder: 10540:10541 ioctl 4018620d 20000040 returned -16 [ 173.518849][ T1019] usb 8-1: USB disconnect, device number 11 [ 173.628879][T10559] tipc: Enabling of bearer rejected, already enabled [ 173.694123][ T39] audit: type=1326 audit(1737473509.616:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10563 comm="syz.0.1255" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x0 [ 173.708939][T10566] binder: 10565:10566 unknown command 1078485781 [ 173.719271][T10566] binder: 10565:10566 ioctl c0306201 20000480 returned -22 [ 173.730341][ T832] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 173.751707][T10568] binder: BINDER_SET_CONTEXT_MGR already set [ 173.753650][T10568] binder: 10567:10568 ioctl 4018620d 20000040 returned -16 [ 173.900374][ T832] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 173.903012][ T832] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.905292][ T832] usb 7-1: Product: syz [ 173.906540][ T832] usb 7-1: Manufacturer: syz [ 173.908052][ T832] usb 7-1: SerialNumber: syz [ 173.922358][ T832] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 173.936264][ T56] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 174.160397][ T62] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 174.178562][T10587] netlink: 'syz.3.1264': attribute type 12 has an invalid length. [ 174.180984][T10587] netlink: 'syz.3.1264': attribute type 29 has an invalid length. [ 174.183306][T10587] netlink: 'syz.3.1264': attribute type 2 has an invalid length. [ 174.185490][T10587] netlink: 'syz.3.1264': attribute type 2 has an invalid length. [ 174.187766][T10587] netlink: 'syz.3.1264': attribute type 1 has an invalid length. [ 174.190002][T10587] netlink: 'syz.3.1264': attribute type 37 has an invalid length. [ 174.192439][T10587] netlink: 'syz.3.1264': attribute type 2 has an invalid length. [ 174.194702][T10587] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.313172][ T62] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.316359][ T62] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 174.320242][ T62] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 174.325856][T10589] speed is unknown, defaulting to 1000 [ 174.426173][T10589] speed is unknown, defaulting to 1000 [ 174.550388][ T62] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.555049][ T62] usb 6-1: config 0 descriptor?? [ 174.979299][T10609] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 174.993063][T10611] binder: BINDER_SET_CONTEXT_MGR already set [ 174.995036][T10611] binder: 10610:10611 ioctl 4018620d 20000040 returned -16 [ 175.002439][ T56] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 175.006309][ T56] ath9k_htc: Failed to initialize the device [ 175.032882][ T56] usb 7-1: ath9k_htc: USB layer deinitialized [ 175.167324][ T62] usbhid 6-1:0.0: can't add hid device: -71 [ 175.170793][ T62] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 175.178345][ T62] usb 6-1: USB disconnect, device number 5 [ 175.952502][T10634] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1274'. [ 176.499053][T10661] binder: 10660:10661 ioctl c0306201 0 returned -14 [ 176.595050][ T1019] usb 7-1: USB disconnect, device number 6 [ 176.858809][T10691] openvswitch: netlink: Actions may not be safe on all matching packets [ 177.020429][ T62] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 177.301177][ T1019] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 177.321596][ T62] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.324753][ T62] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 177.327317][ T62] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.330384][ T62] usb 6-1: config 0 descriptor?? [ 177.470411][ T1019] usb 5-1: Using ep0 maxpacket: 32 [ 177.473795][ T1019] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 177.479173][ T1019] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 177.483009][ T1019] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 177.485881][ T1019] usb 5-1: Product: syz [ 177.487096][ T1019] usb 5-1: Manufacturer: syz [ 177.489280][ T1019] usb 5-1: SerialNumber: syz [ 177.492239][ T1019] usb 5-1: config 0 descriptor?? [ 177.494123][T10697] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 177.526105][T10701] binder: 10700:10701 ioctl c0306201 0 returned -14 [ 177.538269][ T62] usbhid 6-1:0.0: can't add hid device: -71 [ 177.539944][ T62] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 177.543015][ T62] usb 6-1: USB disconnect, device number 6 [ 177.790893][ T39] audit: type=1107 audit(1737473513.706:398): pid=10710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 177.959954][T10709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 177.963698][T10709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.968995][ T1019] usb 5-1: USB disconnect, device number 10 [ 177.993592][ T62] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 178.134023][T10721] bridge_slave_0: default FDB implementation only supports local addresses [ 178.141985][ T62] usb 6-1: Using ep0 maxpacket: 32 [ 178.145216][ T62] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.148433][ T62] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 178.160537][ T62] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.166359][ T62] usb 6-1: config 0 descriptor?? [ 178.171527][ T62] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 178.180843][ T62] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 178.427655][T10731] binder: 10729:10731 ioctl c0306201 0 returned -14 [ 178.677808][ T9] usb 6-1: USB disconnect, device number 7 [ 178.684688][ T9] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 178.792606][T10747] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 178.961994][T10762] netlink: 'syz.2.1310': attribute type 1 has an invalid length. [ 178.968615][T10762] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 179.002785][T10764] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1309'. [ 179.018914][T10768] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1311'. [ 179.021826][T10768] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1311'. [ 179.024223][T10768] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1311'. [ 179.053466][T10771] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1313'. [ 179.062332][T10773] misc userio: Invalid payload size [ 179.172238][T10782] binder: BINDER_SET_CONTEXT_MGR already set [ 179.174093][T10782] binder: 10781:10782 ioctl 4018620d 20000040 returned -16 [ 179.241475][T10786] vxcan3: entered promiscuous mode [ 179.242966][T10786] vxcan3: entered allmulticast mode [ 180.311875][T10818] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 180.692153][ T39] audit: type=1326 audit(1737473516.616:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f95598 code=0x7ffc0000 [ 180.699877][ T39] audit: type=1326 audit(1737473516.616:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f95598 code=0x7ffc0000 [ 180.713759][ T39] audit: type=1326 audit(1737473516.616:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 180.722798][ T39] audit: type=1326 audit(1737473516.616:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 180.729564][ T39] audit: type=1326 audit(1737473516.616:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 180.735951][ T39] audit: type=1326 audit(1737473516.616:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f95598 code=0x7ffc0000 [ 180.742562][ T39] audit: type=1326 audit(1737473516.616:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 180.749268][ T39] audit: type=1326 audit(1737473516.616:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 180.756010][ T39] audit: type=1326 audit(1737473516.616:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10820 comm="syz.1.1330" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000 [ 180.794710][T10835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1334'. [ 180.945536][T10842] netlink: 2980 bytes leftover after parsing attributes in process `syz.2.1336'. [ 181.070219][T10844] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 181.313967][T10858] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 182.772496][T10886] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1350'. [ 183.532587][T10918] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1357'. [ 183.647320][T10888] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 183.650446][T10888] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 183.870429][ T56] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 184.021681][ T56] usb 8-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 184.024645][ T56] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 35119, setting to 1024 [ 184.027799][ T56] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 184.033631][ T56] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 184.036374][ T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.039999][T10920] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 184.046942][ T56] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 184.049662][ T56] usb 8-1: invalid MIDI in EP 0 [ 184.095522][ T56] snd-usb-audio 8-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 184.132153][ T8347] udevd[8347]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 184.194685][T10950] netlink: 'syz.1.1368': attribute type 4 has an invalid length. [ 184.256984][ T62] usb 8-1: USB disconnect, device number 12 [ 184.306717][T10962] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 184.308848][T10962] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 184.312582][T10962] vhci_hcd vhci_hcd.0: Device attached [ 184.521490][ T9] vhci_hcd: vhci_device speed not set [ 184.591991][ T9] usb 39-1: new full-speed USB device number 4 using vhci_hcd [ 185.074043][T10988] Invalid source name [ 185.151758][T10986] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1374'. [ 185.158113][T10986] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1374'. [ 185.183960][T10963] vhci_hcd: connection reset by peer [ 185.186503][ T12] vhci_hcd: stop threads [ 185.187760][ T12] vhci_hcd: release socket [ 185.189255][ T12] vhci_hcd: disconnect device [ 185.814389][T10999] can0: slcan on ptm0. [ 186.541094][T10993] can0 (unregistered): slcan off ptm0. [ 187.085334][T11045] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 187.128918][T11052] misc userio: No port type given on /dev/userio [ 187.132158][T11052] misc userio: The device must be registered before sending interrupts [ 187.170120][T11061] binder: 11060:11061 ioctl 4018620d 0 returned -22 [ 187.268665][T11072] FAULT_INJECTION: forcing a failure. [ 187.268665][T11072] name failslab, interval 1, probability 0, space 0, times 0 [ 187.280547][T11072] CPU: 2 UID: 0 PID: 11072 Comm: syz.0.1397 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 187.283040][T11072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 187.285222][T11073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1398'. [ 187.285672][T11072] Call Trace: [ 187.285678][T11072] [ 187.285683][T11072] dump_stack_lvl+0x16c/0x1f0 [ 187.290994][T11072] should_fail_ex+0x497/0x5b0 [ 187.292212][T11072] ? fs_reclaim_acquire+0xae/0x150 [ 187.293539][T11072] should_failslab+0xc2/0x120 [ 187.294751][T11072] __kmalloc_noprof+0xce/0x4f0 [ 187.295998][T11072] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 187.297522][T11072] ? __do_sys_futex_waitv+0x221/0x2c0 [ 187.298903][T11072] __do_sys_futex_waitv+0x221/0x2c0 [ 187.300212][T11072] ? __pfx___do_sys_futex_waitv+0x10/0x10 [ 187.301679][T11072] do_int80_emulation+0x104/0x200 [ 187.302967][T11072] asm_int80_emulation+0x1a/0x20 [ 187.304226][T11072] RIP: 0023:0xf7f02579 [ 187.305270][T11072] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 187.310104][T11072] RSP: 002b:00000000f503555c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1 [ 187.312211][T11072] RAX: ffffffffffffffda RBX: 0000000020001080 RCX: 0000000000000001 [ 187.314214][T11072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 187.316239][T11072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 187.318299][T11072] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 187.320335][T11072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 187.322398][T11072] [ 187.323262][ C2] vkms_vblank_simulate: vblank timer overrun [ 187.401056][ T5952] Bluetooth: hci3: command 0x0405 tx timeout [ 187.451280][T11086] netlink: 316 bytes leftover after parsing attributes in process `syz.2.1403'. [ 187.502975][T11090] xt_CT: You must specify a L4 protocol and not use inversions on it [ 187.539567][T11092] binder: 11091:11092 ioctl 4018620d 0 returned -22 [ 187.666521][T11102] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1408'. [ 187.734167][T11088] binder: 11087:11088 ioctl c0306201 0 returned -14 [ 188.635114][T11114] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1412'. [ 188.637756][T11114] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1412'. [ 188.700846][T11120] binder: 11117:11120 ioctl 4018620d 0 returned -22 [ 189.179046][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x6 [ 189.188374][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.192296][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.194467][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.196591][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.198875][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.210745][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.212928][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.215047][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.217184][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.219326][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.234474][T11124] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ULvyآDUDw}z [ 189.237303][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.239490][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.256365][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.258522][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.265176][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.267334][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.269461][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.279834][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.285319][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.291334][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.293505][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.295657][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.297775][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.299879][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.313315][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.315583][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.317748][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.319935][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.322442][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.324622][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.326806][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.328948][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.331404][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.333708][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.335975][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.338328][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.340742][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.343030][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.345264][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.347481][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.349747][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.352341][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.354594][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.356790][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.358986][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.361571][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.363964][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.367775][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.369953][ T1019] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 189.386269][ T1019] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 189.544428][T11135] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1419'. [ 189.603474][T11143] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1421'. [ 189.710378][ T9] vhci_hcd: vhci_device speed not set [ 190.092377][T11157] binder: 11156:11157 ioctl c0306201 0 returned -14 [ 190.296609][T11181] binder: 11180:11181 ioctl c0306201 0 returned -14 [ 190.386314][T11183] sctp: [Deprecated]: syz.0.1435 (pid 11183) Use of struct sctp_assoc_value in delayed_ack socket option. [ 190.386314][T11183] Use struct sctp_sack_info instead [ 190.399988][T11196] FAULT_INJECTION: forcing a failure. [ 190.399988][T11196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.408428][T11196] CPU: 3 UID: 0 PID: 11196 Comm: syz.1.1438 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 190.412163][T11196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 190.415914][T11196] Call Trace: [ 190.417143][T11196] [ 190.418229][T11196] dump_stack_lvl+0x16c/0x1f0 [ 190.420013][T11196] should_fail_ex+0x497/0x5b0 [ 190.421889][T11196] _copy_from_user+0x2e/0xd0 [ 190.423419][T11196] ? __pfx_drm_mode_setplane+0x10/0x10 [ 190.424987][T11196] drm_ioctl+0x4fc/0xba0 [ 190.426283][T11196] ? __pfx_drm_ioctl+0x10/0x10 [ 190.427919][T11196] drm_compat_ioctl+0x327/0x460 [ 190.429688][T11196] ? __pfx_drm_compat_ioctl+0x10/0x10 [ 190.431246][T11196] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 190.432790][T11196] __do_fast_syscall_32+0x73/0x120 [ 190.434284][T11196] do_fast_syscall_32+0x32/0x80 [ 190.435084][T11183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1435'. [ 190.435690][T11196] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 190.440078][T11196] RIP: 0023:0xf7f95579 [ 190.441265][T11196] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 190.446795][T11196] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 190.449211][T11196] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c03064b7 [ 190.451505][T11196] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 190.453778][T11196] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 190.455984][T11196] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 190.458272][T11196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 190.460553][T11196] [ 190.461546][ C3] vkms_vblank_simulate: vblank timer overrun [ 190.570027][T11203] vxcan0: tx drop: invalid sa for name 0x0000000000000002 [ 190.665086][T11212] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 190.711332][T11217] binder: 11215:11217 ioctl c0306201 0 returned -14 [ 192.551332][T11276] sp0: Synchronizing with TNC [ 192.560442][T11276] sp0: Found TNC [ 192.628058][T11281] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.1465'. [ 193.405276][T11275] [U] ` [ 193.526827][T11304] FAULT_INJECTION: forcing a failure. [ 193.526827][T11304] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 193.531607][T11304] CPU: 3 UID: 0 PID: 11304 Comm: syz.1.1475 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 193.534687][T11304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 193.537800][T11304] Call Trace: [ 193.538793][T11304] [ 193.539648][T11304] dump_stack_lvl+0x16c/0x1f0 [ 193.541055][T11304] should_fail_ex+0x497/0x5b0 [ 193.542461][T11304] ? fs_reclaim_acquire+0xae/0x150 [ 193.543961][T11304] should_fail_alloc_page+0xe7/0x130 [ 193.545807][T11304] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 193.548258][T11304] ? page_ext_put+0x3e/0xd0 [ 193.550083][T11304] __alloc_pages_noprof+0x18e/0x2470 [ 193.551863][T11304] ? page_ext_put+0x48/0xd0 [ 193.553208][T11304] ? __page_table_check_zero+0x2d7/0x360 [ 193.554848][T11304] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 193.556848][T11304] ? hlock_class+0x4e/0x130 [ 193.558656][T11304] ? mark_lock+0xb5/0xc60 [ 193.560361][T11304] ? hlock_class+0x4e/0x130 [ 193.562142][T11304] ? mark_lock+0xb5/0xc60 [ 193.563839][T11304] ? hlock_class+0x4e/0x130 [ 193.565564][T11304] ? mark_lock+0xb5/0xc60 [ 193.567193][T11304] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 193.567616][T11302] usb usb8: usbfs: process 11302 (syz.2.1474) did not claim interface 0 before use [ 193.568990][T11304] ? policy_nodemask+0xea/0x4e0 [ 193.573584][T11302] netlink: 'syz.2.1474': attribute type 10 has an invalid length. [ 193.573757][T11304] alloc_pages_mpol_noprof+0x2c8/0x620 [ 193.578005][T11304] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 193.580236][T11304] pte_alloc_one+0x20/0x390 [ 193.581994][T11304] __pte_alloc+0x6e/0x3b0 [ 193.583689][T11304] ? __pfx___pte_alloc+0x10/0x10 [ 193.585574][T11304] do_pte_missing+0x2810/0x3e00 [ 193.587412][T11304] ? mt_find+0x82d/0xa20 [ 193.589020][T11304] ? __pfx_lock_release+0x10/0x10 [ 193.590807][T11304] __handle_mm_fault+0x103c/0x2a40 [ 193.592393][T11304] ? __pfx___handle_mm_fault+0x10/0x10 [ 193.594455][T11304] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 193.596597][T11304] ? find_vma+0xc0/0x140 [ 193.598232][T11304] ? __pfx_find_vma+0x10/0x10 [ 193.600021][T11304] handle_mm_fault+0x3fa/0xaa0 [ 193.601844][T11304] do_user_addr_fault+0x7a3/0x13f0 [ 193.603778][T11304] exc_page_fault+0x5c/0xc0 [ 193.605493][T11304] asm_exc_page_fault+0x26/0x30 [ 193.607349][T11304] RIP: 0010:_copy_from_user+0x93/0xd0 [ 193.609372][T11304] Code: 42 fd fc 89 ee 4c 89 ef 48 b8 00 f0 ff ff ff 7f 00 00 48 39 c3 48 0f 47 d8 e8 39 ba 5f fd 0f 01 cb 4c 89 ef 48 89 de 48 89 e9 a4 0f 1f 00 49 89 cc 48 89 cb 0f 01 ca 31 ff 48 89 ce e8 45 3d [ 193.616079][T11304] RSP: 0018:ffffc9000437fd80 EFLAGS: 00050246 [ 193.618367][T11304] RAX: 0000000000000001 RBX: 0000000020000180 RCX: 0000000000000014 [ 193.621298][T11304] RDX: fffff5200086ffc3 RSI: 0000000020000180 RDI: ffffc9000437fe00 [ 193.624242][T11304] RBP: 0000000000000014 R08: 0000000000000001 R09: fffff5200086ffc2 [ 193.624391][T11305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1474'. [ 193.627356][T11304] R10: ffffc9000437fe13 R11: 0000000000000000 R12: 0000000000000000 [ 193.633066][T11304] R13: ffffc9000437fe00 R14: ffff888024f4a700 R15: ffff88806a544800 [ 193.636252][T11304] move_addr_to_kernel+0x68/0x160 [ 193.638222][T11304] __sys_bind+0x11c/0x260 [ 193.639893][T11304] ? __pfx___sys_bind+0x10/0x10 [ 193.641869][T11304] ? __fget_files+0x206/0x3a0 [ 193.643777][T11304] ? __pfx_ksys_write+0x10/0x10 [ 193.645748][T11304] __ia32_sys_bind+0x71/0xb0 [ 193.647617][T11304] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 193.650202][T11304] __do_fast_syscall_32+0x73/0x120 [ 193.652250][T11304] do_fast_syscall_32+0x32/0x80 [ 193.654220][T11304] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 193.656751][T11304] RIP: 0023:0xf7f95579 [ 193.658392][T11304] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 193.665898][T11304] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 193.669145][T11304] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000180 [ 193.672237][T11304] RDX: 0000000000000014 RSI: 0000000000000000 RDI: 0000000000000000 [ 193.675336][T11304] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 193.678378][T11304] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 193.681417][T11304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 193.684462][T11304] [ 193.685834][ C3] vkms_vblank_simulate: vblank timer overrun [ 193.690206][T11302] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.691924][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.695320][T11302] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.698142][T11302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.701922][T11302] : (slave bridge0): Enslaving as an active interface with an up link [ 193.705023][T11305] bridge_slave_0: left allmulticast mode [ 193.707166][T11305] bridge_slave_0: left promiscuous mode [ 193.709309][T11305] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.727564][T11305] : (slave bridge0): Releasing backup interface [ 193.777060][T11310] cgroup: name respecified [ 193.844934][T11316] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.926990][T11329] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1484'. [ 194.120501][ T832] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 194.283715][ T832] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 194.288043][ T832] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 194.292590][ T832] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 194.296432][ T832] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 194.302525][ T832] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 194.306322][ T832] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 194.309593][ T832] usb 5-1: Manufacturer: syz [ 194.314377][ T832] usb 5-1: config 0 descriptor?? [ 194.619138][ T39] kauditd_printk_skb: 62 callbacks suppressed [ 194.619148][ T39] audit: type=1326 audit(1737473530.536:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11365 comm="syz.1.1498" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x0 [ 194.681543][T11367] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 194.729032][T11368] netlink: 'syz.1.1498': attribute type 4 has an invalid length. [ 194.757964][ T832] usbhid 5-1:0.0: can't add hid device: -71 [ 194.764011][ T832] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 194.768284][ T832] usb 5-1: USB disconnect, device number 11 [ 195.660732][T11402] input: syz1 as /devices/virtual/input/input20 [ 195.695624][T11405] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1508'. [ 195.723195][T11393] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 195.726240][T11393] qnx6: wrong signature (magic) in superblock #1. [ 195.728706][T11393] qnx6: unable to read the first superblock [ 195.775045][ T56] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 195.844805][T11416] netlink: 'syz.0.1512': attribute type 12 has an invalid length. [ 195.847241][T11416] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1512'. [ 196.731299][T11419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1514'. [ 196.742395][T11424] binder: 11422:11424 ioctl c0306201 0 returned -14 [ 196.793543][T11432] ubi: mtd0 is already attached to ubi0 [ 196.864795][T11439] IPVS: set_ctl: invalid protocol: 29 224.0.0.1:20004 [ 197.513760][T11461] binder: 11460:11461 ioctl c0306201 0 returned -14 [ 197.782016][T11475] FAULT_INJECTION: forcing a failure. [ 197.782016][T11475] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.785746][T11475] CPU: 3 UID: 0 PID: 11475 Comm: syz.1.1532 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 197.788685][T11475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 197.791811][T11475] Call Trace: [ 197.792802][T11475] [ 197.793714][T11475] dump_stack_lvl+0x16c/0x1f0 [ 197.795094][T11475] should_fail_ex+0x497/0x5b0 [ 197.796504][T11475] _copy_from_user+0x2e/0xd0 [ 197.797854][T11475] memdup_user+0x71/0xd0 [ 197.799098][T11475] strndup_user+0x78/0xe0 [ 197.800378][T11475] __ia32_sys_mount+0x181/0x310 [ 197.801791][T11475] ? __pfx___ia32_sys_mount+0x10/0x10 [ 197.803346][T11475] __do_fast_syscall_32+0x73/0x120 [ 197.804893][T11475] do_fast_syscall_32+0x32/0x80 [ 197.806330][T11475] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 197.808158][T11475] RIP: 0023:0xf7f95579 [ 197.809332][T11475] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 197.814837][T11475] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 197.817231][T11475] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000020000040 [ 197.819495][T11475] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 197.821791][T11475] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 197.824052][T11475] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 197.826309][T11475] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 197.828563][T11475] [ 197.829573][ C3] vkms_vblank_simulate: vblank timer overrun [ 198.334188][T11495] binder: 11494:11495 ioctl c0306201 0 returned -14 [ 198.685136][T11515] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 198.805230][T11517] team0 (unregistering): Port device team_slave_0 removed [ 198.812389][T11517] team0 (unregistering): Port device team_slave_1 removed [ 198.816018][T11517] veth0_vlan: left allmulticast mode [ 198.822088][T11517] team0 (unregistering): Port device vlan0 removed [ 199.056904][T11532] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-61) [ 199.281157][T11547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1555'. [ 199.287465][T11547] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1555'. [ 199.346632][T11549] FAULT_INJECTION: forcing a failure. [ 199.346632][T11549] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.353993][T11549] CPU: 1 UID: 0 PID: 11549 Comm: syz.3.1556 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 199.357008][T11549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 199.360077][T11549] Call Trace: [ 199.361051][T11549] [ 199.361955][T11549] dump_stack_lvl+0x16c/0x1f0 [ 199.363708][T11549] should_fail_ex+0x497/0x5b0 [ 199.365145][T11549] _copy_from_user+0x2e/0xd0 [ 199.366528][T11549] get_compat_msghdr+0xa8/0x170 [ 199.367934][T11549] ? __pfx_get_compat_msghdr+0x10/0x10 [ 199.369520][T11549] ___sys_recvmsg+0x193/0x1a0 [ 199.371138][T11549] ? __pfx____sys_recvmsg+0x10/0x10 [ 199.372801][T11549] ? __fget_files+0x1fc/0x3a0 [ 199.374193][T11549] ? trace_lock_acquire+0x14e/0x1f0 [ 199.375683][T11549] ? __fget_files+0x206/0x3a0 [ 199.377322][T11549] ? __pfx___might_resched+0x10/0x10 [ 199.378874][T11549] do_recvmmsg+0x55d/0x740 [ 199.380177][T11549] ? __pfx_do_recvmmsg+0x10/0x10 [ 199.381632][T11549] ? __pfx___schedule+0x10/0x10 [ 199.383035][T11549] ? __fget_files+0x206/0x3a0 [ 199.384416][T11549] __sys_recvmmsg+0x21e/0x280 [ 199.385793][T11549] ? __pfx___sys_recvmmsg+0x10/0x10 [ 199.387329][T11549] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 199.389108][T11549] ? lockdep_hardirqs_on+0x7c/0x110 [ 199.390618][T11549] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 199.392501][T11549] __do_fast_syscall_32+0x73/0x120 [ 199.393996][T11549] do_fast_syscall_32+0x32/0x80 [ 199.395389][T11549] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 199.397510][T11549] RIP: 0023:0xf7fe6579 [ 199.398700][T11549] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 199.404242][T11549] RSP: 002b:00000000f513655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 199.407339][T11549] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000600 [ 199.409877][T11549] RDX: 00000000cb88ff8b RSI: 0000000000000002 RDI: 0000000000000000 [ 199.412817][T11549] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 199.415734][T11549] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 199.418090][T11549] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 199.420475][T11549] [ 199.617267][T11564] bond3: entered promiscuous mode [ 199.618880][T11564] bond3: entered allmulticast mode [ 199.621150][T11564] 8021q: adding VLAN 0 to HW filter on device bond3 [ 199.792733][T11573] can0: slcan on ptm0. [ 199.804598][T11575] FAULT_INJECTION: forcing a failure. [ 199.804598][T11575] name failslab, interval 1, probability 0, space 0, times 0 [ 199.808254][T11575] CPU: 2 UID: 0 PID: 11575 Comm: syz.0.1563 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 199.811253][T11575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 199.814369][T11575] Call Trace: [ 199.815347][T11575] [ 199.816219][T11575] dump_stack_lvl+0x16c/0x1f0 [ 199.817606][T11575] should_fail_ex+0x497/0x5b0 [ 199.818980][T11575] ? fs_reclaim_acquire+0xae/0x150 [ 199.820490][T11575] should_failslab+0xc2/0x120 [ 199.821880][T11575] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 199.823454][T11575] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 199.825225][T11575] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 199.827006][T11575] mmu_topup_memory_caches+0x22/0xd0 [ 199.828567][T11575] kvm_mmu_load+0xda/0x21f0 [ 199.829899][T11575] ? kvm_apic_has_interrupt+0xb6/0x190 [ 199.831476][T11575] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 199.833201][T11575] ? kvm_guest_time_update+0x71e/0xeb0 [ 199.834794][T11575] ? __pfx_kvm_mmu_load+0x10/0x10 [ 199.836281][T11575] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 199.838010][T11575] ? kvm_check_and_inject_events+0x725/0x12e0 [ 199.839777][T11575] ? kvm_setup_guest_pvclock+0x6e1/0x6f0 [ 199.841411][T11575] vcpu_run+0x2e2e/0x4c00 [ 199.842685][T11575] ? __pfx_vmx_vcpu_load_vmcs+0x10/0x10 [ 199.844306][T11575] ? __pfx_vcpu_run+0x10/0x10 [ 199.845686][T11575] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 199.847308][T11575] ? rcu_is_watching+0x12/0xc0 [ 199.848702][T11575] ? trace_lock_acquire+0x14e/0x1f0 [ 199.850218][T11575] ? __local_bh_enable_ip+0xa4/0x120 [ 199.851747][T11575] ? lockdep_hardirqs_on+0x7c/0x110 [ 199.853265][T11575] ? kvm_arch_vcpu_ioctl_run+0x150/0x1740 [ 199.854921][T11575] ? lock_acquire+0x2f/0xb0 [ 199.856259][T11575] ? kvm_arch_vcpu_ioctl_run+0x44a/0x1740 [ 199.857926][T11575] kvm_arch_vcpu_ioctl_run+0x44a/0x1740 [ 199.859667][T11575] kvm_vcpu_ioctl+0x6ce/0x1520 [ 199.861080][T11575] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 199.862730][T11575] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 199.864250][T11575] ? tomoyo_path_number_perm+0x190/0x5b0 [ 199.865885][T11575] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 199.867619][T11575] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 199.869356][T11575] ? do_vfs_ioctl+0x513/0x1950 [ 199.870761][T11575] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 199.872243][T11575] ? __pfx_lock_release+0x10/0x10 [ 199.873720][T11575] ? trace_lock_acquire+0x14e/0x1f0 [ 199.875239][T11575] kvm_vcpu_compat_ioctl+0x210/0x3f0 [ 199.876769][T11575] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 199.878468][T11575] ? __fget_files+0x206/0x3a0 [ 199.879847][T11575] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 199.881536][T11575] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 199.883055][T11575] __do_fast_syscall_32+0x73/0x120 [ 199.884540][T11575] do_fast_syscall_32+0x32/0x80 [ 199.885964][T11575] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 199.887803][T11575] RIP: 0023:0xf7f02579 [ 199.889007][T11575] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 199.894553][T11575] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 199.896970][T11575] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 199.899256][T11575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 199.901536][T11575] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 199.903809][T11575] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 199.906127][T11575] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 199.908416][T11575] [ 199.935926][T11581] vlan3: entered promiscuous mode [ 200.016450][T11589] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.019589][T11589] bridge0: entered allmulticast mode [ 200.027287][T11589] syz_tun: left allmulticast mode [ 200.028807][T11589] syz_tun: left promiscuous mode [ 200.031787][T11589] bridge0: port 3(syz_tun) entered disabled state [ 200.038420][T11589] bridge_slave_1: left promiscuous mode [ 200.040189][T11589] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.049080][T11589] bridge_slave_0: left allmulticast mode [ 200.050840][T11589] bridge_slave_0: left promiscuous mode [ 200.052517][T11589] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.250461][T11600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1569'. [ 200.253041][T11600] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1569'. [ 200.415519][T11608] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1572'. [ 200.520480][T11561] can0 (unregistered): slcan off ptm0. [ 201.530889][T11654] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1587'. [ 201.534700][T11654] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 201.537021][T11654] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 201.541223][T11654] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1587'. [ 201.629901][T11660] xt_CT: You must specify a L4 protocol and not use inversions on it [ 201.651045][T11564] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 201.849271][T11668] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 201.851586][T11668] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 201.855217][T11668] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 201.857981][T11668] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 202.317862][T11687] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1599'. [ 202.388003][T11670] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 202.391283][T11668] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 202.395202][ C0] blk_print_req_error: 280 callbacks suppressed [ 202.395211][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.395920][T11668] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 202.397060][ C0] buffer_io_error: 278 callbacks suppressed [ 202.397067][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 202.397119][ C0] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.409098][ C0] Buffer I/O error on dev loop6, logical block 1, async page read [ 202.411825][ C0] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.414550][ C0] Buffer I/O error on dev loop6, logical block 2, async page read [ 202.416877][ C0] I/O error, dev loop6, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.419594][ C0] Buffer I/O error on dev loop6, logical block 3, async page read [ 202.422158][ C0] I/O error, dev loop6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.424915][ C0] Buffer I/O error on dev loop6, logical block 4, async page read [ 202.427420][ C0] I/O error, dev loop6, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.430636][ C0] Buffer I/O error on dev loop6, logical block 5, async page read [ 202.432928][ C0] I/O error, dev loop6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.435548][ C0] Buffer I/O error on dev loop6, logical block 6, async page read [ 202.437808][ C0] I/O error, dev loop6, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.440495][ C0] Buffer I/O error on dev loop6, logical block 7, async page read [ 202.443995][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.446696][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 202.448949][ C2] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 202.451784][ C2] Buffer I/O error on dev loop6, logical block 1, async page read [ 202.463885][ T5359] ldm_validate_partition_table(): Disk read failed. [ 202.467105][ T5359] Dev loop6: unable to read RDB block 0 [ 202.469910][ T5359] loop6: unable to read partition table [ 202.504042][T11703] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1604'. [ 202.647233][T11713] wireguard3: entered promiscuous mode [ 202.672562][T11715] FAULT_INJECTION: forcing a failure. [ 202.672562][T11715] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 202.676352][T11715] CPU: 1 UID: 0 PID: 11715 Comm: syz.3.1603 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 202.679300][T11715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 202.682338][T11715] Call Trace: [ 202.683307][T11715] [ 202.684226][T11715] dump_stack_lvl+0x16c/0x1f0 [ 202.685591][T11715] should_fail_ex+0x497/0x5b0 [ 202.686945][T11715] _copy_to_user+0x32/0xd0 [ 202.688241][T11715] move_addr_to_user+0x178/0x1d0 [ 202.689675][T11715] ____sys_recvmsg+0x27f/0x6b0 [ 202.691062][T11715] ? __pfx_____sys_recvmsg+0x10/0x10 [ 202.692718][T11715] ___sys_recvmsg+0x115/0x1a0 [ 202.694244][T11715] ? __pfx____sys_recvmsg+0x10/0x10 [ 202.695769][T11715] ? __fget_files+0x1fc/0x3a0 [ 202.697147][T11715] ? trace_lock_acquire+0x14e/0x1f0 [ 202.698644][T11715] ? __fget_files+0x206/0x3a0 [ 202.699995][T11715] ? __pfx___might_resched+0x10/0x10 [ 202.701608][T11715] do_recvmmsg+0x55d/0x740 [ 202.702998][T11715] ? __pfx_do_recvmmsg+0x10/0x10 [ 202.706416][T11715] ? __pfx___schedule+0x10/0x10 [ 202.708003][T11715] ? __fget_files+0x206/0x3a0 [ 202.709430][T11715] __sys_recvmmsg+0x21e/0x280 [ 202.710827][T11715] ? __pfx___sys_recvmmsg+0x10/0x10 [ 202.712341][T11715] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 202.714178][T11715] ? lockdep_hardirqs_on+0x7c/0x110 [ 202.715663][T11715] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 202.717550][T11715] __do_fast_syscall_32+0x73/0x120 [ 202.719023][T11715] do_fast_syscall_32+0x32/0x80 [ 202.720432][T11715] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 202.722250][T11715] RIP: 0023:0xf7fe6579 [ 202.723441][T11715] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 202.728925][T11715] RSP: 002b:00000000f50f455c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 202.731303][T11715] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200019c0 [ 202.733569][T11715] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 202.735818][T11715] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 202.738096][T11715] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 202.740321][T11715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 202.742561][T11715] [ 203.205229][T11727] netlink: 'syz.0.1608': attribute type 1 has an invalid length. [ 203.215772][T11727] 8021q: adding VLAN 0 to HW filter on device bond2 [ 203.231742][T11727] bond2: (slave veth5): Enslaving as an active interface with a down link [ 203.455349][T11748] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1615'. [ 203.580978][T11750] can0: slcan on ptm0. [ 204.169824][T11766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1617'. [ 204.176474][T11766] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1617'. [ 204.179560][T11766] netlink: 'syz.3.1617': attribute type 5 has an invalid length. [ 204.250586][T11737] can0 (unregistered): slcan off ptm0. [ 204.363172][T11783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1623'. [ 204.908764][T11799] wireguard2: entered promiscuous mode [ 205.006908][T11803] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1627'. [ 205.009584][T11803] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1627'. [ 205.074256][T11807] netlink: 'syz.0.1629': attribute type 10 has an invalid length. [ 205.423903][ T39] audit: type=1326 audit(1737473541.346:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.436486][ T39] audit: type=1326 audit(1737473541.346:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.446101][ T39] audit: type=1326 audit(1737473541.346:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=81 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.455065][ T39] audit: type=1326 audit(1737473541.346:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.461433][ T39] audit: type=1326 audit(1737473541.346:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.467669][ T39] audit: type=1326 audit(1737473541.346:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.475711][ T39] audit: type=1326 audit(1737473541.346:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.482058][ T39] audit: type=1326 audit(1737473541.346:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.488247][ T39] audit: type=1326 audit(1737473541.346:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.496169][ T39] audit: type=1326 audit(1737473541.346:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11810 comm="syz.0.1630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000 [ 205.856509][T11836] speed is unknown, defaulting to 1000 [ 205.964838][T11836] speed is unknown, defaulting to 1000 [ 206.041840][T11837] geneve2: entered allmulticast mode [ 206.462446][T11870] nfs4: Unknown parameter '-}-%@' [ 206.524121][T11873] FAULT_INJECTION: forcing a failure. [ 206.524121][T11873] name failslab, interval 1, probability 0, space 0, times 0 [ 206.531051][T11873] CPU: 2 UID: 0 PID: 11873 Comm: syz.0.1653 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 206.533963][T11873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 206.536971][T11873] Call Trace: [ 206.537943][T11873] [ 206.538802][T11873] dump_stack_lvl+0x16c/0x1f0 [ 206.540166][T11873] should_fail_ex+0x497/0x5b0 [ 206.541563][T11873] ? fs_reclaim_acquire+0xae/0x150 [ 206.543061][T11873] should_failslab+0xc2/0x120 [ 206.544398][T11873] __kmalloc_cache_noprof+0x68/0x420 [ 206.545874][T11873] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 206.547469][T11873] ? __vmalloc_noprof+0x6d/0x90 [ 206.548873][T11873] bpf_prog_alloc_no_stats+0x101/0x630 [ 206.550449][T11873] bpf_prog_alloc+0x3b/0x230 [ 206.551821][T11873] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 206.553550][T11873] bpf_prog_load+0x1b4e/0x2670 [ 206.554934][T11873] ? __pfx_bpf_prog_load+0x10/0x10 [ 206.556416][T11873] ? find_held_lock+0x2d/0x110 [ 206.557762][T11873] ? __might_fault+0x13b/0x190 [ 206.559103][T11873] ? __might_fault+0xe3/0x190 [ 206.560458][T11873] __sys_bpf+0x5677/0x57a0 [ 206.561759][T11873] ? __pfx_lock_release+0x10/0x10 [ 206.563230][T11873] ? __pfx___sys_bpf+0x10/0x10 [ 206.564613][T11873] ? vfs_write+0x306/0x1150 [ 206.565935][T11873] ? __mutex_unlock_slowpath+0x164/0x690 [ 206.567551][T11873] ? fput+0x67/0x440 [ 206.568654][T11873] ? ksys_write+0x1ba/0x250 [ 206.569932][T11873] ? __pfx_ksys_write+0x10/0x10 [ 206.571364][T11873] __ia32_sys_bpf+0x76/0xe0 [ 206.572688][T11873] __do_fast_syscall_32+0x73/0x120 [ 206.574176][T11873] do_fast_syscall_32+0x32/0x80 [ 206.575584][T11873] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 206.577416][T11873] RIP: 0023:0xf7f02579 [ 206.578598][T11873] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 206.583907][T11873] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 206.586340][T11873] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000002000e000 [ 206.588604][T11873] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.590844][T11873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 206.593032][T11873] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 206.595299][T11873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 206.597568][T11873] [ 206.785019][T11883] /dev/sr0: Can't open blockdev [ 206.800211][T11883] /dev/sr0: Can't open blockdev [ 207.042339][T11892] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 207.473065][T11898] netlink: 'syz.1.1660': attribute type 10 has an invalid length. [ 207.682879][T11916] syz.0.1668[11916] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.682933][T11916] syz.0.1668[11916] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.686743][T11916] syz.0.1668[11916] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.723145][T11919] __nla_validate_parse: 4 callbacks suppressed [ 207.723157][T11919] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1669'. [ 207.736755][T11919] bridge0: port 1(bridge_slave_1) entered blocking state [ 207.738916][T11919] bridge0: port 1(bridge_slave_1) entered disabled state [ 207.741751][T11919] bridge_slave_1: entered promiscuous mode [ 207.772860][T11921] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1670'. [ 207.989450][T11930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1673'. [ 208.018129][T11932] program syz.0.1674 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 208.053409][T11934] netlink: 'syz.0.1675': attribute type 10 has an invalid length. [ 208.256925][T11938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1677'. [ 208.527635][T11950] vlan3: entered promiscuous mode [ 208.612564][T11952] loop6: detected capacity change from 524287999 to 524287952 [ 208.638879][T11956] xt_TPROXY: Can be used only with -p tcp or -p udp [ 208.672555][T11952] [ 208.673291][T11952] ====================================================== [ 208.675314][T11952] WARNING: possible circular locking dependency detected [ 208.677327][T11952] 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 Not tainted [ 208.679811][T11952] ------------------------------------------------------ [ 208.682927][T11952] syz.3.1683/11952 is trying to acquire lock: [ 208.684678][T11952] ffff88802399df00 (&q->limits_lock){+.+.}-{4:4}, at: loop_reconfigure_limits+0x407/0x8c0 [ 208.687405][T11952] [ 208.687405][T11952] but task is already holding lock: [ 208.689296][T11952] ffff88802399d8b0 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: lo_ioctl+0x8e8/0x18a0 [ 208.692112][T11952] [ 208.692112][T11952] which lock already depends on the new lock. [ 208.692112][T11952] [ 208.695057][T11952] [ 208.695057][T11952] the existing dependency chain (in reverse order) is: [ 208.697635][T11952] [ 208.697635][T11952] -> #5 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 208.699976][T11952] blk_mq_submit_bio+0x1fb6/0x24c0 [ 208.701596][T11952] __submit_bio+0x384/0x540 [ 208.703044][T11952] submit_bio_noacct_nocheck+0x698/0xd70 [ 208.704810][T11952] submit_bio_noacct+0x93a/0x1e20 [ 208.706421][T11952] mpage_readahead+0x41d/0x590 [ 208.707942][T11952] read_pages+0x1a8/0xdc0 [ 208.709339][T11952] page_cache_ra_unbounded+0x3dc/0x750 [ 208.711079][T11952] force_page_cache_ra+0x24b/0x340 [ 208.712719][T11952] page_cache_sync_ra+0x110/0x9c0 [ 208.714331][T11952] filemap_get_pages+0xd7b/0x1be0 [ 208.715841][T11952] filemap_read+0x3ca/0xd70 [ 208.717283][T11952] blkdev_read_iter+0x187/0x480 [ 208.718849][T11952] vfs_read+0x87f/0xbe0 [ 208.720197][T11952] ksys_read+0x12b/0x250 [ 208.721582][T11952] do_syscall_64+0xcd/0x250 [ 208.723052][T11952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.724894][T11952] [ 208.724894][T11952] -> #4 (mapping.invalidate_lock#2){++++}-{4:4}: [ 208.727350][T11952] down_read+0x9a/0x330 [ 208.728697][T11952] filemap_fault+0x2e0/0x2820 [ 208.730216][T11952] __do_fault+0x10a/0x490 [ 208.731647][T11952] do_pte_missing+0xebd/0x3e00 [ 208.733178][T11952] __handle_mm_fault+0x103c/0x2a40 [ 208.734830][T11952] handle_mm_fault+0x3fa/0xaa0 [ 208.736369][T11952] do_user_addr_fault+0x7a3/0x13f0 [ 208.737972][T11952] exc_page_fault+0x5c/0xc0 [ 208.739430][T11952] asm_exc_page_fault+0x26/0x30 [ 208.740963][T11952] _copy_from_iter+0x37f/0x1400 [ 208.742523][T11952] tipc_msg_build+0x2f7/0x10d0 [ 208.744039][T11952] __tipc_sendstream+0x6fa/0x1190 [ 208.745665][T11952] tipc_sendstream+0x4f/0x70 [ 208.747177][T11952] sock_write_iter+0x4fe/0x5b0 [ 208.748707][T11952] vfs_write+0x5ae/0x1150 [ 208.750110][T11952] ksys_write+0x207/0x250 [ 208.751501][T11952] __do_fast_syscall_32+0x73/0x120 [ 208.753130][T11952] do_fast_syscall_32+0x32/0x80 [ 208.754704][T11952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.756686][T11952] [ 208.756686][T11952] -> #3 (&mm->mmap_lock){++++}-{4:4}: [ 208.758856][T11952] __might_fault+0x11b/0x190 [ 208.760329][T11952] _copy_from_user+0x29/0xd0 [ 208.761843][T11952] compat_blk_trace_setup+0xc9/0x200 [ 208.763520][T11952] blk_trace_ioctl+0x24a/0x290 [ 208.765073][T11952] compat_blkdev_ioctl+0x13c/0x750 [ 208.766731][T11952] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 208.768427][T11952] __do_fast_syscall_32+0x73/0x120 [ 208.770064][T11952] do_fast_syscall_32+0x32/0x80 [ 208.771597][T11952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.773586][T11952] [ 208.773586][T11952] -> #2 (&q->debugfs_mutex){+.+.}-{4:4}: [ 208.775806][T11952] __mutex_lock+0x19b/0xa60 [ 208.777220][T11952] blk_mq_init_sched+0x42b/0x640 [ 208.778754][T11952] elevator_init_mq+0x2cd/0x420 [ 208.780309][T11952] add_disk_fwnode+0x113/0x1300 [ 208.781867][T11952] sd_probe+0xa66/0xfa0 [ 208.783214][T11952] really_probe+0x23e/0xa90 [ 208.784787][T11952] __driver_probe_device+0x1de/0x440 [ 208.786547][T11952] driver_probe_device+0x4c/0x1b0 [ 208.788184][T11952] __device_attach_driver+0x1df/0x310 [ 208.789922][T11952] bus_for_each_drv+0x157/0x1e0 [ 208.791487][T11952] __device_attach_async_helper+0x1d3/0x290 [ 208.793374][T11952] async_run_entry_fn+0x9c/0x530 [ 208.794987][T11952] process_one_work+0x958/0x1b30 [ 208.796583][T11952] worker_thread+0x6c8/0xf00 [ 208.798065][T11952] kthread+0x2c1/0x3a0 [ 208.799429][T11952] ret_from_fork+0x45/0x80 [ 208.800861][T11952] ret_from_fork_asm+0x1a/0x30 [ 208.802407][T11952] [ 208.802407][T11952] -> #1 (&q->q_usage_counter(queue)#51){++++}-{0:0}: [ 208.804950][T11952] blk_queue_enter+0x50f/0x640 [ 208.806505][T11952] blk_mq_alloc_request+0x59b/0x950 [ 208.808149][T11952] scsi_execute_cmd+0x20a/0xf30 [ 208.809711][T11952] read_capacity_16+0x21a/0xe20 [ 208.811271][T11952] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 208.813104][T11952] sd_probe+0x8ee/0xfa0 [ 208.814508][T11952] really_probe+0x23e/0xa90 [ 208.815980][T11952] __driver_probe_device+0x1de/0x440 [ 208.817672][T11952] driver_probe_device+0x4c/0x1b0 [ 208.819280][T11952] __device_attach_driver+0x1df/0x310 [ 208.820982][T11952] bus_for_each_drv+0x157/0x1e0 [ 208.822541][T11952] __device_attach_async_helper+0x1d3/0x290 [ 208.824391][T11952] async_run_entry_fn+0x9c/0x530 [ 208.825984][T11952] process_one_work+0x958/0x1b30 [ 208.827555][T11952] worker_thread+0x6c8/0xf00 [ 208.829039][T11952] kthread+0x2c1/0x3a0 [ 208.830393][T11952] ret_from_fork+0x45/0x80 [ 208.831827][T11952] ret_from_fork_asm+0x1a/0x30 [ 208.833400][T11952] [ 208.833400][T11952] -> #0 (&q->limits_lock){+.+.}-{4:4}: [ 208.835605][T11952] __lock_acquire+0x249e/0x3c40 [ 208.837160][T11952] lock_acquire.part.0+0x11b/0x380 [ 208.838785][T11952] __mutex_lock+0x19b/0xa60 [ 208.840263][T11952] loop_reconfigure_limits+0x407/0x8c0 [ 208.842028][T11952] lo_ioctl+0x8f4/0x18a0 [ 208.843416][T11952] lo_compat_ioctl+0xb9/0x170 [ 208.844928][T11952] compat_blkdev_ioctl+0x2f7/0x750 [ 208.846586][T11952] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 208.848289][T11952] __do_fast_syscall_32+0x73/0x120 [ 208.849942][T11952] do_fast_syscall_32+0x32/0x80 [ 208.851494][T11952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.853466][T11952] [ 208.853466][T11952] other info that might help us debug this: [ 208.853466][T11952] [ 208.856409][T11952] Chain exists of: [ 208.856409][T11952] &q->limits_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#23 [ 208.856409][T11952] [ 208.860634][T11952] Possible unsafe locking scenario: [ 208.860634][T11952] [ 208.862753][T11952] CPU0 CPU1 [ 208.864317][T11952] ---- ---- [ 208.865885][T11952] lock(&q->q_usage_counter(io)#23); [ 208.867455][T11952] lock(mapping.invalidate_lock#2); [ 208.869709][T11952] lock(&q->q_usage_counter(io)#23); [ 208.872004][T11952] lock(&q->limits_lock); [ 208.873314][T11952] [ 208.873314][T11952] *** DEADLOCK *** [ 208.873314][T11952] [ 208.875655][T11952] 3 locks held by syz.3.1683/11952: [ 208.877165][T11952] #0: ffff88801ed74b60 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x764/0x18a0 [ 208.879731][T11952] #1: ffff88802399d8b0 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: lo_ioctl+0x8e8/0x18a0 [ 208.882650][T11952] #2: ffff88802399d8e8 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: lo_ioctl+0x8e8/0x18a0 [ 208.885604][T11952] [ 208.885604][T11952] stack backtrace: [ 208.887324][T11952] CPU: 2 UID: 0 PID: 11952 Comm: syz.3.1683 Not tainted 6.13.0-syzkaller-00603-g3d3a9c8b89d4 #0 [ 208.890302][T11952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 208.893377][T11952] Call Trace: [ 208.894388][T11952] [ 208.895276][T11952] dump_stack_lvl+0x116/0x1f0 [ 208.896661][T11952] print_circular_bug+0x41c/0x610 [ 208.898124][T11952] check_noncircular+0x31a/0x400 [ 208.899510][T11952] ? __pfx_check_noncircular+0x10/0x10 [ 208.901031][T11952] ? save_trace+0x42/0xa10 [ 208.902303][T11952] ? add_lock_to_list+0x17d/0x390 [ 208.903694][T11952] __lock_acquire+0x249e/0x3c40 [ 208.905080][T11952] ? __pfx___lock_acquire+0x10/0x10 [ 208.906611][T11952] lock_acquire.part.0+0x11b/0x380 [ 208.908093][T11952] ? loop_reconfigure_limits+0x407/0x8c0 [ 208.909662][T11952] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 208.911221][T11952] ? rcu_is_watching+0x12/0xc0 [ 208.912605][T11952] ? trace_lock_acquire+0x14e/0x1f0 [ 208.914120][T11952] ? loop_reconfigure_limits+0x407/0x8c0 [ 208.915738][T11952] ? lock_acquire+0x2f/0xb0 [ 208.917067][T11952] ? loop_reconfigure_limits+0x407/0x8c0 [ 208.918693][T11952] __mutex_lock+0x19b/0xa60 [ 208.920016][T11952] ? loop_reconfigure_limits+0x407/0x8c0 [ 208.921642][T11952] ? __pfx_mark_lock+0x10/0x10 [ 208.923035][T11952] ? loop_reconfigure_limits+0x407/0x8c0 [ 208.924669][T11952] ? find_held_lock+0x2d/0x110 [ 208.926066][T11952] ? __pfx___mutex_lock+0x10/0x10 [ 208.927472][T11952] ? hlock_class+0x4e/0x130 [ 208.928768][T11952] ? __lock_acquire+0x15a9/0x3c40 [ 208.930238][T11952] ? loop_reconfigure_limits+0x407/0x8c0 [ 208.931908][T11952] loop_reconfigure_limits+0x407/0x8c0 [ 208.933512][T11952] ? hlock_class+0x4e/0x130 [ 208.934832][T11952] ? mark_lock+0xb5/0xc60 [ 208.936072][T11952] ? __pfx___lock_acquire+0x10/0x10 [ 208.937584][T11952] ? __pfx_mark_lock+0x10/0x10 [ 208.938951][T11952] ? lock_acquire.part.0+0x11b/0x380 [ 208.940425][T11952] ? __pfx_loop_reconfigure_limits+0x10/0x10 [ 208.942157][T11952] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 208.943806][T11952] ? lockdep_hardirqs_on+0x7c/0x110 [ 208.945282][T11952] ? lo_ioctl+0x8e8/0x18a0 [ 208.946598][T11952] lo_ioctl+0x8f4/0x18a0 [ 208.947861][T11952] ? __pfx_lo_ioctl+0x10/0x10 [ 208.949180][T11952] ? find_held_lock+0x2d/0x110 [ 208.950530][T11952] ? tomoyo_path_number_perm+0x298/0x5b0 [ 208.952149][T11952] ? __pfx_lock_release+0x10/0x10 [ 208.953621][T11952] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 208.955222][T11952] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 208.956896][T11952] ? blkdev_common_ioctl+0x1d9/0x2220 [ 208.958440][T11952] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 208.960164][T11952] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 208.961797][T11952] ? do_vfs_ioctl+0x513/0x1950 [ 208.963182][T11952] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 208.964647][T11952] lo_compat_ioctl+0xb9/0x170 [ 208.966037][T11952] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 208.967550][T11952] compat_blkdev_ioctl+0x2f7/0x750 [ 208.969047][T11952] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 208.970681][T11952] ? __fget_files+0x206/0x3a0 [ 208.972054][T11952] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 208.973676][T11952] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 208.975218][T11952] __do_fast_syscall_32+0x73/0x120 [ 208.976701][T11952] do_fast_syscall_32+0x32/0x80 [ 208.978123][T11952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.979928][T11952] RIP: 0023:0xf7fe6579 [ 208.981105][T11952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 208.986600][T11952] RSP: 002b:00000000f513655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 208.988974][T11952] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000004c09 [ 208.991227][T11952] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000 [ 208.993491][T11952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 208.995768][T11952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.998054][T11952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 209.000300][T11952] [ 209.004351][T11952] Invalid logical block size (5) VM DIAGNOSIS: 15:32:24 Registers: info registers vcpu 0 CPU#0 RAX=00000000006f491b RBX=0000000000000000 RCX=ffffffff8b1df559 RDX=0000000000000000 RSI=ffffffff8b6cd380 RDI=ffffffff8bd24780 RBP=fffffbfff1bd2ef8 RSP=ffffffff8de07e20 R8 =0000000000000001 R9 =ffffed1005686fed R10=ffff88802b437f6b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de977c0 R14=ffffffff905e4750 R15=0000000000000000 RIP=ffffffff8b1e093f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c34f832 CR3=000000000df7e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000003 RBX=ffffea000135edf4 RCX=ffffc9000cc04000 RDX=0000000000000004 RSI=ffffffff81cf10ea RDI=0000000000000005 RBP=ffffea000135edc0 RSP=ffffc900077f7670 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000003 R11=000000000000e170 R12=0000000000000003 R13=0000000000000003 R14=dffffc0000000000 R15=1ffff92000efeefd RIP=ffffffff81cf10f6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7424230 CR3=00000000524d2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000054 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8517b025 RDI=ffffffff9aa92500 RBP=ffffffff9aa924c0 RSP=ffffc90002f4edc0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000054 R14=ffffffff8517afc0 R15=0000000000000000 RIP=ffffffff8517b04f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71db670 CR3=0000000027ce0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000288abc RBX=0000000000000003 RCX=ffffffff8b1df559 RDX=ffffed10056e6fee RSI=ffffffff8bd24700 RDI=ffffffff81704689 RBP=ffffed1003ad9488 RSP=ffffc9000049fe08 R8 =0000000000000000 R9 =ffffed10056e6fed R10=ffff88802b737f6b R11=ffff88802b63fb50 R12=0000000000000003 R13=ffff88801d6ca440 R14=ffffffff905e4750 R15=0000000000000000 RIP=ffffffff8b1e093f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002ec1fffc CR3=000000006f752000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000