last executing test programs: 7.05765875s ago: executing program 1 (id=1484): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000012c0)=[{{&(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001240)=[{&(0x7f00000000c0)="9fe1dd4825110c667bf9462a2bf919be2f8652555645ff17d3ade9386e6cd57d0aaea19a783aba3caef1eed57efed9e6fa3d823e16b8953a0e8761bc62cfc00bb0", 0x41}, {&(0x7f0000000140)="fdfbfbc9aaad9f92dd9cdb00f732e880725669d26289a8009a80ba760acbd1af2f93097129675b7d702abcf41a916c40f2f6212a9c39d130cd8c29d9b4d36b47b7f35cea7bd365a111002033c0332606be4884177b504ca09b924110a6143c6637d629c3371d6db6eec342a6a25d1fc67142ac7b40a54913879528b2d3108f58b9854ecf46a70aaba8cd52f01500da39908777256bda79a1a44a0daaa341be0ebef95df93a08586483b17eaa158d40eee7aa287e5ffe7be712d61001809e8f661e6866469b98ab45165c7a855f7921a38a26ad592eaad9c5b6c99b9f16a304b004affd1e28a81b6a606532ce77651dca4e2a66f09dff061792b7221423969240223235a32ebc2648c801566f6215c6f120ffe7b8fcf395aa876c58a54bd80e6ae7a31dec4634dc7c03292356c8740a472793ba5d7c257e8470f24e7a664b3d4c0177af94bd82231a042ad04cf711bf6c136434f1b177144fdd3fbc55dd07b258de83455757ccc899861d01db333ef70738f026a5b2fa37d9ed84389e3fe656f614752697bf30d582d320ed10448c21894513c44e9808c9010d8afb1c9ed1822383cc63bc4d77a99f75882e7639830b9c446743b14cfa321d436bb4658c99841bd207f2baa19939aa89c4e9e70ddea8020efc18fe22112dd69a5d5a15e7bb7f394935c3e9243a208ea788c21a2903a9b2d88e9bf08c7ad995c0ad82db40c072e8f5c21141328d969eb0d389dee80b78d623deb174159fb125e08442f5513f5deb032d6562b1421ec1a4a12b872c9e2d65b0e7baf09a2f6d4be8d8a72e04690f8282e1cf694f6bfbfc8349d949b7e889530496b1bd1b1f3e86e9c43580ecc31fbc680e2ede9f5109f1ebb940b487c68724af4855a8e0ffcd621a41930ca605ee279a4161500d0e77a703aa795230ac2649ec36a0c2d09060a30ffcf9a1e4b0d4d97ca1fd3f21feaada012ebdbc4fc4d8406b08e4df0c9a184432b699d58b76ea42736d2b7bcfb9b021e0851156c3ac5ff55e7f82335feaadc03fb177bcf79d3662875dcb5fa62cbdd5a3ed4d6f16c1f50fc0c05b2ec39ddcc5d8b432655ce71168ac3688d6f9e5de5c473f57976881af59931e40703fae75a975c0d40a7d7871973e8a244d0dc0e5c7815b09a26f72e3e812b087940d8a07d48a4041422b314f3114ad06e298b69acdb01ba71e9422335eade8d26c6856828db4a55dfcdf4a29ab863a3ae0794167078740349795b3b440bb4fc62ad234fb915e445e8b8c96306fc7cc359cdcbd7cd08c3e975b80b14d15ba559ede768b93e7995225df9d6df827c09cca5e45f4aa65cddf49f0b3a31de73db192aeb7364d871abe839bc3011cb6c4b05f3babd5349e613492cd14837e22339a12de7506929ea61924513d1aa2746b84174263346d81e12cc2bb4819267c754cab64676f2dca5f9f09eb4198e479dc247da8a66c3d514e072b6ce9678456cfefe8d4d02c0322c7fba4e331ed9d826085d8e20a7958fe6e5ea7e2e8267a7f935789465e3b978025db70f05deeab2c1dd599abce2d19af5c4c5a6a45d5e327c0b09e925c714b5b7b32f6e8df060a2920be2a05fafff432613e84460758214d8a38af4f7f2a67478bca3686d7f39fb86d21b2786df0f69f3389cb8a29bafbe15781bccfcb490864a9346c9bc48f33cff78abeed4971881630729bddc827c1fdbe7259e67d847a942a026036b4d25f85f66b9032ffc02839405a730a614b26cbff1958403b78384ee0f44038d302aa196395ea20ecedad95481f6b55fd64638fab0b47e8d2c3d87d7edacea66b1df2a31d728bcd6312492ff81c5b58b01ad84f81c0048943beb16f08e8dcb7e3d4aaf7c3fa6bb78d804de4a8d952688f91e2fb02e3b837cdb73a98b0e51a9f7f1f8802dd5fb62f731b103a6d724a87b153fe6ced78045d49aaf3f2648fb1b751573d8f5e498697783bce929ad2ca5f698e5f9e47612e6ab36fa96af3354802be79ef60d7af85bd1065f2e8a3946ca5f8badcb168f4b5bf0275c580df74cbf7bb79eb108e5d6454856617b980515200bef8eee0b7c9f62743cbff3dbc8e6f7b27f2d34837f852d228e48b02d55e9af6e968121ad4bd956266fb52867e9ee500a192bbee9734b635feb749c58c774fc1ea2118646e027360ab80d447e86dff09c3f68c242b756a8cdc7d29a55cc7cb814988042f54b0214303b19963ee7cb71f5acdd19c00e1fbaf5f775d12a39ab6f03a61f6dd92d6d8e0bd201ff3fdcd2b8f8332054e7f19251b6c3b391bc573a163b9a59bfd4e88c41e9ea0e670da765e8c1f96ccda906a21aac986fc42fa8ffc9b1ed5ad0d7f461e56c47b5e968d3fb6fb4d0611c023204439e30c6e17c99a17312839f983b760f6e3f8a8e517c31385ca94a4e7fa8702a084ed1c2422cc3ade11cc9fa1acc02cf0c1c6d0c193ec77393207c9210e9fe1cef12738fe607b41d477d4493f5d80e748d1fd8f2c17cc0be572ea8921803c863502525d9b851049290fba9c73126f5303817f071cf3f9f91314511df00fee2df0bcd2349705ba844ac73084f34a96855ce710571253a8bcfd7f54a80efb9be4e221042bebd9be6187196b8199d0b65922372897c63d07e4d38af3e47a5a727cf6c5cd6bb56713692228f4e6c2b059c601f7df44b8b7f593190c80ac48b970da552730e8cfdf8d36cf0fa6f8e64e9b94f464697bf6052ad746df6fc9cd7107ebfdabd71260066fdfa8468c300113a3db5811f11da51ffce33a9751b03cd6e36d8f69ff09e2538a0d9a371e9210d4728b5fe92fe00f88b17ef12f68092ffff546c468fc94635c65b6d7a2c167676970ce4c8261d0a3f195c44393f0c3a9160c05a45937ef77cfac38b0dd2dc63a8975f146387718dd7afadc41e488a6ac0270d3a888e897c19c444cfad10c3ffea8d9e5553488d17154932aff72b904cd2b43e85784cc9c59e7b242b3e7e866c3e2b83046491c56b26978a36228ac266f31046d8f21ee725c53b557a5bdab0c49e95de6dda246a2b39dd51272e51f800aed26c453dd7508ea157ec015639585db9d6a911d59d8c94cbd5b45552adc7795e630974453dbc68e99a0e1c8814066a75f48e0ccbaccf6055dd39b6f2b79927e812dc9f7c44d2a386a929d47f33dedae8b5ea78b2e09e679bdc9e89abacdea6da13f9335296f2c230918ad1a10051617ae45139d89e45a2af09b1cb224a8d2278a89b4072f8fcfe86c8cadf56ccce947607702e99c011c073ae33103448114c0c28c157633549c3aaab5d8ed0d8329526d2f60956e59a92aad137d7e019b2d4d9e8aa8d77d6c8631ec9568a1d3bbf9614e128bba5514f9b425f297b59d7109e70069ed3399a7b7dcc3b3a1b31dc52039de8507ee0e280a66564cc96bf6db9c1c38174da2afd6dda76e211fd9a36a13cba07283ab6435875b92d27c40690ca38076814db22285c3a20a1fe35fc1ab75474c3f53ce6deba204967d746bbb65bbc11adc3ea69a26815e19c6f5c463113b43d8472ec1d60905e12efeacaac79f86a71e65b4cfbb16d8c506f399f740b3b439083633f89fa565314ee05f8c89d9d2871f9a42bf749b44619ad043623f54aae6cb66e1c6f84c34efe54fc645471d08bf2ace076be9a5e47091487e6921d792e9334decffa5136424eb29a7085617b32848b4f4c99103bc059064ea203f680297be6cd62a384e0f77c7b1d9fb919765106e54b7e5f1458bc9605ea374e264ac935cf2af26abb28432d69ff4853cc37222aab22d90d6a6e9a7aaa2469b7835da45f51d6d812a8048313b98219293a7373f0e89ca0778008e6e0dd5856428d0cf8638a7c897cf78382d1aae810b0be81aa64cb9ce74bde048f5baed233217c8aea51e00b9e1ec3cd91f332b39dbe3e41c286a9c9b0c36dff31a60ef130f404c7b2311af830ea8856395214b49c3d4b7489a6aa07b87d46633ffd22fa8e0cdf08032cfff66fc8b6ba1a23435406edbd1d22b13945da51422859e818396ba8234cb931ed2593575cf1fa13a7ae239370c443328c783156ed1376d3c9943b70d6d2e616d5b517daeec2eada1ad170fc912908c20737306b908367b0475a745c87adfc587713d53e60e4cc6ac9261e7f6f7246e1f7268e37b47ec2fe7ae8d01096616df520b479cea80d197ba28204836a68378cf9df4eaeeb0b235c6a339f54e8c0985519a43201c72b4b361a58a22d532b7cff026db623e8655fbe0bc629ed02b21f92b54a8dd9dc7469e418359190eb3e4e6bc6ca269b8c9e447415305dc45f6afbd9bed48ff41bd3a85ecdd2f7c1be3ccf2a55f62a5936c276db505aa0a6e49ff95dabe6ee872766ac97d479b644589b19a0e0ea600220dc9ba692af9a3801615ab73415534af1904b49c2e2d5e5908dbe9f9d3a2154c4d952594d37123eceb464d695cbf22bad403854e9b26cd91e0f44dfcb01bc518f34ec97ee510566374f85cf201396b53eef71bcbcabaee63d03a09938fdd27f9ca7ede0f2bfb83bf88e157bb0b710ef7df6bd8588eb7e419bc8f5e9346d4d9a0a78662fca54960b1383d41e4a6c72d38fe2879e6a09fca8db39c77d9097f3565a83b151104196d8681c514c29f4c8614c3b92b9bd4419e62424eccab59e57f84876ef141881fd14ee8f9d9042aeecde900fb20df63e698847c35be4666f5c0ffcf2c485b7241584deb6a059a6df7311ecc99421c3610b6f288f04c4ea8322bc8bb6b25b6a079b22cf42fd09bc7f0923cfc2dfce5a205dd889c3f7f470e4e8c13a33464a3b03d6eabd52bed997de14a9ab0e3b771de9645db3585b0ede4e39388eed4d6b4f67cf4bd1212c44d62ada731b99582ffbe53eb2836a00bf050a74e8ed88c799e62853c232e6459dcedc452f7186bb858f264338f03bc091f3e21e0e02e4ca8719b46c551471efdbae4c383c6ce54280f13b4127241c55db458ac81356f7a2dee8ee667456c7924e9175c6643b26ee7a773ec1065abefe5862a82c7cd00f2a1da29d64b057922a1d7f3f5cf00551f291962d15578d161c876f914dd7e9c36c2c4185834258d02875989861133b4838eede594178a05bb5a2b75d036b873c77afe7ed5e1e214821ca0f786d0f30e59ada910b9876611dbeb3d3d31a85c21436e50eb7f4ad33759db6c8f0e904a4d292142d22d595278c7d04dfc2375b7c21d98bd1ce8058fdbca606e5ccd550af3b7511d505bc17e6fad21d3f362cfb4fa73feadf962d4023de1134d46845668928c29a7ccc1df44fe185e2c7e0211a08d3e008cca15501ed5512665de61dcb5e3b39a449868d7a546941badd6aadb771497d20d1f6a18866b9db85feec3ff6f2d8a46f7a87c493780750db3c63f5630c2907e13a3f6ab994603abf1f83879a639d94a2f920def0895d7b5e7accd957686b71bcf62c2828eb513456f3e264ddca6151c6263e3e5e8c205dc90d9beecb96eca959207531b994f197dfa78fbe5f9729f634f401c372431e02e7685760a5862ff9a35c8e208705feadf162c0b1aa9574122d2368403c709f69f4161500d5f76968493832a7a44bc7d623e442e4241510539cfcdd3db8e80271909a187961175186ef2970388b6ad4048e8c3859fcce1f759a1b3d6ea7042bc29229bd297fa9cf730dae53a6cb470ebb2dc0ec99dc18345b0df230ff086a4863f0b4872e9ca89ba6891c08c26eab80be27d5a7ddb950d979790610b924f27768e08063c51d8fca629a97ce59f789cda52fb7818366f9c7ae97077d786af554f22e912d818a8f3e24ae676575f372792929aab2f9364cbaec72f847535c45313c79e", 0x1000}, {&(0x7f0000001140)="bc57d304aa48ca295262e6eef4ed3f029e285672087f18b8c68835a0a77d40c9e6ec137a8c258c22b046d2b7216c55765f778c19fc061d5ad9d12861d92a0989b7df19053b2b6aa991ca904f29c87283c2e3048469289bb57fff17a9", 0x5c}, {&(0x7f00000011c0)="e7b609cb03b7a4afb5ef109dc7108f727aa56a22c17eab1e699991997d86196ce2c10f50474520fdaa21ca1e28b8302b1ce523be3903073e8ce47c4139aeff83815fdf1c02cdc7289fcb5004f59bd89e7cdd82dad7b8ed820a9597d9ded5df2a32d6090c4490f2350ecf313ac3d58c5da4e365264ef66a5b2a9e90", 0x7b}], 0x4, &(0x7f0000001280), 0x0, 0x4000011}}], 0x1, 0xc000) rename(&(0x7f0000001300)='./file0\x00', &(0x7f0000001340)='./file0\x00') ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000001400)={'erspan0\x00', &(0x7f0000001380)={'ip_vti0\x00', 0x0, 0x40, 0x1, 0xc706, 0x7, {{0x17, 0x4, 0x0, 0x5, 0x5c, 0x65, 0x0, 0x7f, 0x4, 0x0, @remote, @private=0xa010102, {[@end, @cipso={0x86, 0x24, 0x2, [{0x0, 0x10, "8699cadda505588961b38ec98370"}, {0x2, 0xe, "32237ec923c5b317695f8a09"}]}, @timestamp={0x44, 0x20, 0xf1, 0x0, 0x1, [0xfffffffa, 0xda9, 0x7, 0x6, 0x6, 0x619, 0x265]}]}}}}}) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002480)={&(0x7f0000001440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@type_tag={0xc, 0x0, 0x0, 0x12, 0x3}, @ptr={0xc, 0x0, 0x0, 0x2, 0x3}]}, {0x0, [0x30, 0x5f, 0x30, 0x5f]}}, &(0x7f0000001480)=""/4096, 0x36, 0x1000, 0x0, 0x9250000, 0x10000, @value}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f00000024c0)=@base={0xa, 0x40d, 0x6, 0x9, 0x0, 0xffffffffffffffff, 0x1, '\x00', r2, r3, 0x3, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50) r4 = socket$xdp(0x2c, 0x3, 0x0) r5 = openat$vim2m(0xffffff9c, &(0x7f0000002540), 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000002580)={0xfffffffc, 0x2, 0x2, 0x0, 0x4}) ioctl$BTRFS_IOC_DEFRAG_RANGE(r4, 0x40309410, 0x0) r6 = openat$sequencer(0xffffff9c, &(0x7f00000025c0), 0x22000, 0x0) ioctl$SNDCTL_MIDI_INFO(r6, 0xc074510c, &(0x7f0000002600)={"025fa7bb8d60f2e54ad9b31aecf453086d4ee872b48f44679328fd8d016e", 0x7, 0x1, 0x9, [0x83, 0x6, 0x9, 0x9, 0x6, 0x8001, 0xfffffffc, 0x2, 0xdc4, 0x0, 0x7fff, 0x8003, 0xfffff001, 0xe, 0xb3b6, 0xdef, 0x8001, 0x7fffffff]}) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000002680)=0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r3, 0x5000943f, &(0x7f0000002740)={{r3}, r7, 0x8, @inherit={0x50, &(0x7f00000026c0)={0x0, 0x1, 0x7, 0x80000000, {0x0, 0x2, 0x1, 0x0, 0x400}, [0x3]}}, @subvolid=0xd9}) r8 = openat$btrfs_control(0xffffff9c, &(0x7f0000003740), 0x34d000, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r8, 0x84, 0x71, &(0x7f0000003780)={0x0, 0x2}, &(0x7f00000037c0)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000003800)={r9, @in6={{0xa, 0x4e21, 0x800, @private2, 0x80000001}}, 0x0, 0x5738, 0x9, 0x0, 0x20, 0x1, 0xd}, 0x9c) openat$binderfs(0xffffff9c, &(0x7f00000038c0)='./binderfs/custom1\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_CANCEL(r8, 0x941c, 0x0) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x3000000) r10 = signalfd(r0, &(0x7f0000003900)={[0xffff, 0x1]}, 0x8) lseek(r0, 0xfffffffc, 0x1) futex(&(0x7f0000003940)=0x1, 0x4, 0x2, &(0x7f0000003980)={0x77359400}, &(0x7f00000039c0), 0x2) ioctl$BTRFS_IOC_RESIZE(r5, 0x50009403, &(0x7f0000003a00)={{}, {@void, @max}}) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r10, 0xc0189374, &(0x7f0000003a40)={{0x1, 0x1, 0x18, r4, {0x2}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r10, 0xc04c5349, &(0x7f0000003a80)={0x41, 0x7fff, 0x3ff}) ioctl$FUSE_DEV_IOC_CLONE(r11, 0x8004e500, &(0x7f0000003b00)=r10) r12 = openat$rdma_cm(0xffffff9c, &(0x7f0000003b40), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r12, &(0x7f0000003c00)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x3}}, 0x10) 6.82625968s ago: executing program 1 (id=1485): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00') write$vhost_msg(r0, &(0x7f0000000840)={0x796e6564, {0x0, 0x0, 0x0}}, 0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) pread64(r1, &(0x7f00000000c0)=""/12, 0xc, 0x6a3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10) r2 = gettid() r3 = getpgrp(0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) openat$dsp(0xffffff9c, &(0x7f0000000240), 0x81, 0x0) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) socket$rxrpc(0x21, 0x2, 0xa) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) eventfd(0x0) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mount$bind(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r7, 0x50009405, &(0x7f0000000180)) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020605000000000000000000000000001400078008000640001f0000080013401f1f000005000100060000000900020073797a32000000000500040000000000050005000a00000011000300686173683a69702c6d61726b"], 0x60}}, 0x0) rt_tgsigqueueinfo(r3, r2, 0x5, &(0x7f0000000000)={0x0, 0x2, 0xa}) 5.877787483s ago: executing program 1 (id=1488): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) socket$netlink(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x2a0640, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') mknod(&(0x7f0000000000)='./file1/file3\x00', 0x1, 0x43) renameat2(0xffffffffffffff9c, &(0x7f0000002200)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 4.676792658s ago: executing program 2 (id=1492): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000180)) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, &(0x7f0000001080)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(r2) bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000008000000000000040080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000100000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2c, r5, 0x1, 0x0, 0x25dfdbfd, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x2c}, 0x1, 0x40030000000000}, 0x20004080) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f00000005c0)={0x0, {0x2, 0x4e22, @private=0xa010102}, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e22, @multicast1}, 0x4, 0x0, 0x0, 0x0, 0xc19, 0x0, 0xf, 0x6, 0x516}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000940)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) msgctl$IPC_RMID(0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) fsopen(&(0x7f0000000080)='ramfs\x00', 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0xcc, &(0x7f0000000300)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xbe, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xaa, 0x0, @wg=@data={0x4, 0x3, 0x0, "90150e6e22dd44d270e16ba37f71338f72c5a3edb24566e206497af91442629951034596e838c5afd7b78964fa6f5ab372be33b433187b8268050ad42d9d5cb14f210b8bd34929c04a3c01236cbce320a3b4065f95aa89b11a83a961c192564dfc6a0e7124760af730704f95698febf307d74f6635e0d48f463a74416e40c7e1a431cea5d3eb5f387174599425ca49cb5ed1"}}}}}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) 4.580061883s ago: executing program 2 (id=1493): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000180)) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, &(0x7f0000001080)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(r2) bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000008000000000000040080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000100000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2c, r5, 0x1, 0x0, 0x25dfdbfd, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x2c}, 0x1, 0x40030000000000}, 0x20004080) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f00000005c0)={0x0, {0x2, 0x4e22, @private=0xa010102}, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e22, @multicast1}, 0x4, 0x0, 0x0, 0x0, 0xc19, 0x0, 0xf, 0x6, 0x516}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000940)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) msgctl$IPC_RMID(0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) fsopen(&(0x7f0000000080)='ramfs\x00', 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0xcc, &(0x7f0000000300)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xbe, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xaa, 0x0, @wg=@data={0x4, 0x3, 0x0, "90150e6e22dd44d270e16ba37f71338f72c5a3edb24566e206497af91442629951034596e838c5afd7b78964fa6f5ab372be33b433187b8268050ad42d9d5cb14f210b8bd34929c04a3c01236cbce320a3b4065f95aa89b11a83a961c192564dfc6a0e7124760af730704f95698febf307d74f6635e0d48f463a74416e40c7e1a431cea5d3eb5f387174599425ca49cb5ed1"}}}}}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) 4.555313974s ago: executing program 2 (id=1494): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) openat$rtc(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@private2, @in=@broadcast, 0x0, 0x0, 0x4e22, 0x0, 0xa, 0x0, 0xa0, 0x33}, {0x80000001, 0x108001, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x403}, {0x0, 0xffffffffffffffff, 0x0, 0x80000000}, 0x0, 0x0, 0x1}, {{@in=@local, 0x2, 0x6c}, 0xa, @in6=@mcast2, 0x0, 0x4, 0x0, 0x0, 0xffffffff}}, 0xe4) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r2 = socket(0x840000000002, 0x3, 0xff) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r2, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) 3.620221445s ago: executing program 2 (id=1496): r0 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000240)={'ipvlan0\x00', @ifru_ivalue=0x4}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x300) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r3, 0xc0045520, &(0x7f0000001000)=""/91) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$key(0xf, 0x3, 0x2) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@local}, {@in=@loopback, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x1, 0x0, 0x2, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x7, 0x0, 0x0, @in=@loopback}}]}, 0x154}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_usb_connect$printer(0x4, 0x2d, 0x0, 0x0) syz_emit_ethernet(0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaa6acf7427c100000000000000000000ff020000003c4b899e0000000000000173009078000000000c79ef1cfb698e35cb7c556097"], 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.383997234s ago: executing program 0 (id=1502): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000080)={0x2, 0xffdd, 0x0, 0x0, 0x0, 0x0}) 2.339127087s ago: executing program 3 (id=1503): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x2000000000000376, &(0x7f0000000680)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0xb6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) ioprio_set$pid(0x1, 0x0, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002fc0)={0x2020}, 0x2020) 2.338565734s ago: executing program 1 (id=1504): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$lock(r0, 0xd, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x2000100000006}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000140)={0x0, 0x1, 0xe, 0xf, 0xf, &(0x7f0000000480)="a517958b86e5783b969dfddcebe57e92d977525b50c5efe908c6cbdf15c37b670e87137e70996e876cb784b5ab2acb690bf12569af1dec15672448fca067a964b035569a3bb68b8596439365f5fee0f853ffe33c12fd07a623ffaa478e1f82acff0ceb8751adf3cded9afb8de46200b6e6eb1f79dfcde0f364ebfb3bd5c21aa2df7331ada2e56415bfb0379a15adaaf3dbfc06edeccb4d61e3ed5f7aef047e5d78787dfdbbffd675920f3dc57eb9cc013b6ba85bb5d201fa615d1f601898e8b3e119dc1fcd37838051d61c9cae86384908a292378081890fb18016f931a7f8484f280d5f19402da7a4d2a0ea697b9cf36a28882c2945a0866e9c37346d88d5809c3967ecb7129a811dbc312feeee7fe09d607b56ba639309c47ae7bbae889972ef415e1af41952bc09d9d7fca7db2dc8e1e97666af5d2a66c44a6402ba62c666fb04c983836e0b87cbd1f7e1ed670550ae0b331d5c0e673344e2f55a1a285bd110cdb85c4971e29dd39fd99c05cb1e74777a9051cbebced8e8cd39b52f5125798d9262c010df4946b3624b2aa347e59830bbeb47e2b70a5ad9557bded1793ac044cd32ad19698d8b84aba82ecdcc66e3825207c5e5097f9e6e5b6bd850b57af56055884bceefbf9ccbf841c23c5a22ba4f50e0f7821692e0d965338f90af4dfa676b89c99584ae8bc04f725e9ad017c35f420609db90210bc4b3f8f50b1d82375a67eef1177e29eb25ccb5933f2ccb41efd95b6d9998c8898cdb89cbcb2a41a70974084816562cd539b8e03e016fe808f47a703980710ed61084780e850066c769839cb3ff8f4411bb0943952a4383697e1673223d2cdc94d89b3cffbf7e16ab684397b902d449fdd141bee04099bb354862280922395beb639f7fee5f81322cfb8bf800ea39723a8f6c83e4e0fabb306ab3fc12defdf4b16afc5eec924dab96ce865627fe6d3da19e6cba70ddb1728ebf280945ab2010b18a2ef2364d4f7865ef6dd95872d9d76d3969e84f3a506b61e080cf6818afe32487c734178457fd022d81fd83dce72b519011ff483d3ba329f76e587594e3e6927820ca6163182e8f3cdc40c109b106b31b017877aed81ebea303c3a3c319798a48442dcd2c28e0ad5bccf929a41d191960a8783851037349499bac89ca9f66dd5550b112e5fab7383102d98979ae18b2a8b16ee28921f4d1f0f2b0c6f99f15b2aef33eb11d00c41fa3e5022a34d7adfa5009cb2aee3e5eb40be399511d95de0d77b8fc6d69d90caa76a77d1d2274f665c53a9c26ca8c49141672f2a85e15a03784f46f3d46a761b63534377f80e984c08261de4c53979e5aa202a3b23565a1818493c7d5993982825c788452b68dbee45164caf7016cc4f0df80bea54440b1bf3b721f17a15fcaf9f34340e04762f59786d3f2d85e6af02dbe19c8e03be74204a70befd1c177fbe7"}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r4 = dup(r2) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r7 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r6, 0x5) setsockopt(r7, 0x800000000010d, 0x8000000011, &(0x7f00001c9fff), 0xc5) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) sendmmsg(r7, &(0x7f0000002980), 0x400000000000239, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$TIPC_IMPORTANCE(r8, 0x10f, 0x7f, &(0x7f00000006c0), &(0x7f0000000700)=0x4) setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000480)=0x102, 0x4) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x22f42) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r9, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f"}) write$sndseq(r9, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x0, @tick=0x68, {0xd}, {0x0, 0x21}, @result={0x1, 0x1316}}], 0x1c) socket$rxrpc(0x21, 0x2, 0xa) close_range(r1, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 2.337626269s ago: executing program 0 (id=1505): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f00000002c0)=ANY=[@ANYRES64, @ANYRESOCT, @ANYRES32, @ANYRES64, @ANYRESDEC=r0], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)={0x3c, r6, 0x52355ad4c7046219, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVKEY={0x1c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_MPLS_PROTO={0x6}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x12) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0xb}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x13, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) eventfd(0x8) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x4018, r0}, 0x18) 2.334478781s ago: executing program 3 (id=1506): shutdown(0xffffffffffffffff, 0xffffffffffffffff) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x28241, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, 0x0) ioctl$TCFLSH(r1, 0x80047456, 0x20001100) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) openat$ocfs2_control(0xffffff9c, &(0x7f00000000c0), 0x200000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41000, 0x1a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x12, @void, @value}, 0x94) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x92, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2$9p(0x0, 0x800) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000100)=0x3) ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc08c5332, &(0x7f0000000400)={{0x40, 0x3}, 0x1, 0x4, 0x88, {}, 0x0, 0x2}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, &(0x7f0000000040)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, 0x0) 2.08299025s ago: executing program 3 (id=1507): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffff9c, &(0x7f0000000080), 0x26000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) flistxattr(r3, &(0x7f00000024c0)=""/65, 0x41) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) socket$xdp(0x2c, 0x3, 0x0) socket(0x2, 0x80805, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x3, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x2c, 0x2, 0x3, 0x301, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x3}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0xb}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x8080) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000019000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000500)='./binderfs/binder1\x00', 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001200010200"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b', @ANYRES32], 0x28}, 0x1, 0x0, 0x0, 0x4048014}, 0x0) recvmmsg(r6, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000193, 0x48, 0x0) 1.399577973s ago: executing program 0 (id=1508): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@uuid_on}]}) chdir(0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x142) close(r0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000500)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x2, [r4], [0x2b8], [0x8], [0x4]}) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000080)) chdir(&(0x7f00000003c0)='./bus\x00') r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000844}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001240)=ANY=[@ANYBLOB='@\r\x00\x00', @ANYRES16=r7, @ANYBLOB="05000000000000000000010000000600060000000000c40c0880e400008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b24000100000000000000000000000000000000000000000000000000000000000000000024000200fcbefe9641719404cc5c9ab2766dd4793e367b0ea55e65e2e3416ac9d4e68841240002001171ee8da334a5099295af229a5d237a7f4102f01f28b34347d6cbbe135d83ec24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c0800030000000000240002005da952055e5857d673cddd36909746c80efa3ff95c317de1063db32bc80a0b3e0003008024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0600050000000000d002098058000080060001000200000008000200ac1e00010500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ffffffff05000300000000007c000080060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200000000000500030000000000dc000080060001000a0000001400020000000000000000000000ffffac1414aa05000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200000000000500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1e0001050003000000000094000080060001000a00000014000200fc0200000000000000000000000000000500030000000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000200000008000200e00000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000200000008000200ffffffff050003000000000088000080060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200ff020000000000000000000000000001050003000000000064000080080003000000000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000200379aa288b2244a5b504ba04bea45625d328fb93b62e607a1b2e4da2f7f76a5499400008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c080003000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002000000000000000000000000000000d807008000030980f4000080060001000a00000014000200000000000000000000000000000000000500030000000000060001000a00000014000200fc0000000000000000000000000000000500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200ac1e00010500030000000000060001000200000008000200e000000105000300000000000600010002000000080002007f0000010500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000a00000014000200fc01000000000000000000000000000005000300000000004c000080060001000200000008000200ac1414bb0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414bb05000300000000000c010080060001000a00000014000200200100000000000000000000000000010500030000000000060001000200000008000200e000000205000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fc0100000000000000000000000000000500030000000000940000800600010002000000080002000000000005000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200e00000020500030000000000060001000200000008000200ac1414000500030000000000060001000200000008000200ac14140005000300000000001c000080060001000200000008000200ffffffff0500030000000000080003000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39221d0004000a0000000000000000000000000000000000ffffac1e0001000000001c04098094000080060001000a0000001400020000000000000000000000ffffac1414bb0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000a00000014000200fe880000000000000000000000000001050003000000000064000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb0500030000000000060001000a0000001400020000000000000000000000ffffe00000020500030000000000ac000080060001000200000008000200000000000500030000000000060001000a00000014000200fe80000000000000000000000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200e0000001050003000000000064000080060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414000500030000000000f4000080060001000200000008000200000000000500030000000000060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0200000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac1414aa0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414000500030000000000060001000a00000014000200200100000000000000000000000000020500030000000000a0000080060001000a00000014000200fc0000000000000000000000000000000500030000000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac14140005000300000000007c000080060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8000000000000000000000000000000500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb050003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b2400020055fbc2635cc801d67c589cc98f3cf65074dffe0886750dec83be49fbf628e1dc240002000f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e0c0000800800030000000000060006000000000008000100", @ANYRES32=r8, @ANYBLOB="24000300000000000000000000000000000000000000000000000000000000000000000024000300a05ca84f6c9c8e3853e2fd7a7cae0fb20fa152600cb00845174f08076f8d7843080007"], 0xd40}}, 0x0) acct(&(0x7f0000000140)='./file0\x00') 1.302221404s ago: executing program 0 (id=1509): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback={0xf00}}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x44) 1.225464203s ago: executing program 0 (id=1510): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000240)=0xffffffff) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, r2, 0x150969bb08952c91, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040011}, 0x840) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000001, 0x13, r7, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00') ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000040)={0x8, 0x4, 0x4d}) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x1bc, 0x2b8, 0x0, 0x1bc, 0xff000000, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@dev, @private2, [], [], 'veth1_to_hsr\x00', 'wg2\x00'}, 0x0, 0x154, 0x1bc, 0x0, {}, [@common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, @empty, [], [], [], 0x0, 0x6359d960a6776be9}}, @common=@inet=@ecn={{0x24}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3cc) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, &(0x7f0000000500)='\xacp\\p\xa2\x9b\xf7\xb6\xb0\xe5\xd2\xe0t.\x96\xaf\xb0\x96\x82|\xef\xfb\t-\xac\xa5\x00\x8b_ \xd3y\xc7H\xc8\xc1\xc2\x93\xca\xde|E\xea\xddN\xdc1G6\t\x89\x8e\x05\x9e\xc9\x91$\x893E\x7f\x8ebL?0\aW\xc43N\xe3J`\xb6\xc0\xc2\x95i\xb5T\x16\x9a\xea\x9c\xe6=\x91a\x99=^\xe6\x00,F\xe0\xcc\xd9\xe5@\xdc\x7fT\xc8\xc1\x8c\xa7\xb9\x91\x89\xf3Vr\xbd\xa0K\x0e\"S\xd6\x15\xab\x0f(pdu\x18\xc8\xd9r\xf3\xac\xfbb\x99]Rb\xe0\x02\xa0\x17\xacB\xacByAm\x81\x149\xa3\xf2\xe3\xc3B\x92$\x02[\x9a\xc7&\xc6\x10-\xa4\xff\x03Wa\x8f\xccz\xa8\xa5\x80E>4_>(\r\a\xea\xf0:)\xa1\xac\xbag\xf0~i\xbe\x95\x97!\xc3\x19\x00&\a\xaf\x9a\x8a\x935\x8a\xa9\x88\xc1\xff\xda}\x12\xec\x7f\x98lei|\xbcq\x12\xc51m\'Y\x1f@\xc9Ge\x8b\x02\xb4\xad^\x89F\x125\xf0Hm\xcc\xecx\xfe\x1c\xc2:\xa4\x0e\x00\x0fY\xda\xbf(\x86\xa3A\xaet\xc0\x01\x04\xc2\xbdM\xbd/*^\xc5p\xce<\xf1\xe2\x8c@\x18\xb7W#\"/\x94=\xf0\xbc\xa8:K') bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1a, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000000000000000000000850000002e00000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.213422355s ago: executing program 1 (id=1511): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_subtree(r2, 0x0, 0x2, 0x0) write$cgroup_subtree(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = syz_open_dev$MSR(0x0, 0x4f0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x81000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x1c, 0x0, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@ETHTOOL_A_COALESCE_TX_USECS={0x8, 0x6, 0x1000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x880) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) writev(r4, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) gettid() timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x62) listen(r6, 0x0) accept4(r6, 0x0, 0x0, 0x0) 1.098374784s ago: executing program 3 (id=1512): lsm_list_modules(0x0, &(0x7f00000001c0), 0x0) r0 = openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x84000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x0) sendmsg$tipc(r0, &(0x7f0000001680)={&(0x7f0000000240)=@name={0x1e, 0x2, 0x2, {{0x43, 0x4}, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40094}, 0x20009040) r1 = eventfd2(0x8001, 0x800) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000080)=r1) 1.098028582s ago: executing program 0 (id=1513): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) socket$netlink(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x2a0640, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') mknod(&(0x7f0000000000)='./file1/file3\x00', 0x1, 0x43) renameat2(0xffffffffffffff9c, &(0x7f0000002200)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 1.019332905s ago: executing program 3 (id=1514): mkdir(0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtclass={0x78, 0x28, 0x10, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xa, 0x8}, {0x4, 0xd}, {0x8, 0xc}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x14}}, @TCA_RATE={0x6, 0x5, {0x2, 0x1}}, @TCA_RATE={0x6, 0x5, {0x6, 0x5}}, @tclass_kind_options=@c_qfq={{0x8}, {0x24, 0x2, [@TCA_QFQ_WEIGHT={0x8, 0x1, 0x1}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x7}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0xffff}, @TCA_QFQ_LMAX={0x8, 0x2, 0x1000}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0xb}}, @tclass_kind_options=@c_sfb={0x8}]}, 0x78}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40000000000005c, 0x4800) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) close(0xffffffffffffffff) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r4, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x0, 0x20020, &(0x7f0000000140)=""/24}, &(0x7f0000000380)="851666ce20db", 0x0, 0xfffffffb, 0x39, 0x0, 0x0}) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r5, 0xfffffffffffffffb, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) fstatat64(0xffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x3100) r6 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r6, 0x29, 0x13, 0x0, 0x0) 433.04872ms ago: executing program 2 (id=1515): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001ec0)=ANY=[@ANYBLOB="6c00003f10001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYRESHEX], 0x6c}}, 0x0) 380.081026ms ago: executing program 2 (id=1516): socket$alg(0x26, 0x5, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0xfa0, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f0000000240)) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x33bdd84582be335f, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r4, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) r5 = socket(0x1e, 0x1, 0x0) connect$tipc(r5, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r5, &(0x7f0000000080), 0x2000011a) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r5, 0x84, 0x1e, &(0x7f0000000040), 0x4) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000300), 0xffffffff, 0x0) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r9, 0x300, 0x0, 0x0, {{}, {}, {0x4c, 0x18, {0x5f, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) memfd_create(&(0x7f00000001c0)='/duv/udmabuf\x00', 0x2) 292.702953ms ago: executing program 1 (id=1517): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) (async) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "a05c7b5d00008023e9c5bcf5ff7700"}) (async) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) (async) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (async) syz_clone3(&(0x7f0000000380)={0x8020000, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0, 0xffffffffffffffff, 0x0], 0x3}, 0x58) 0s ago: executing program 3 (id=1518): syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "a05c7b5d00008023e9c5bcf5ff7700"}) r1 = syz_open_pts(r0, 0x0) pipe2(0x0, 0x0) syz_io_uring_setup(0x236, &(0x7f0000000480)={0x0, 0x8101, 0x1002, 0x0, 0x2cf}, &(0x7f0000000040), &(0x7f0000000600)) fsopen(&(0x7f0000000000)='udf\x00', 0x1) syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101) dup(r2) socket(0x10, 0x3, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) r4 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7079, 0x0, 0x4, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="0200230102ec07006000000002000020d3"]) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1, 0x3, 0x4, 0x7ff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000003c0)="057e30aae10df4f97559054b9a301ecfe91b645115e1421774006df60cb393573839b0078ce169ec2fde0afea66b5bbefa9d4f3cd8c2458336ceb1f0efe647d6d7b1cdbd12c9b8e3a822cbd51494bf79a1dbe5c22338ce37ed467a1d3d616564cbb81faa2e935b2697c12efb0ed141fa2eaad4747725c4bf20f8975e402b03eb77d1aa3f10f512397b5037b1b4cd4b7c08c03dc5e52a066e5982969fa044125ae251f46c26e2536cc8b77e8edb251378be4beedfb8dca0d449123f57677ca3da5bdebf91b195f1a5d49d7c292f20f58d490de36d8ee0e8a86bd04c3165549465cbee7891fc747d7def370ce644db894b56bd53af0d0e261bcfa6bf72a684dafc5bcafe07ece74cbd1d5fa32716dd03f7acd4f32d935438c91e033beaf49e3963e13d05e7a8334a858639636799f04a9033193e7d18a2a4b20bcc96811bb5efe476db70a76b7456ac4e71f3e89c00da0c7761c188570c7902bf2fee1be273be8a9f7a2d7508ef2188d3ba1db4fa9d1533d2f2a288cdfe3b0c50908d56ba69e81386e7e979e9d7ff78685ffb8de6baea2451762736a2bbafa11d541790b0564aef9b0b80fa24832090b84341a9fdf712d3296f911020f8021eda8130befaaab01cbe91dfc5768e6ff31ec50dd88596832a9f5fd4f558d367f40e454d3c97ad16a7f30b93629ee2def77b99f8a17c157529b0782fd847a4c75a2302ca96bbdcff660c2cca753e1a8c60dbcfb319a1594565a2e15bb6124316e196e3cafaf1a29eef84a0908d1dc80af7e333c65736699f1254addf2ab582f5c87c4f6ca234d7ca9673dc29444044b95abdaea958274e39aeb163ee2d05bc2ade5c33a0466e14fbdf8aa70ca2964c06ee5bc57b894b0143a7a503cc43574a07958940b029678df44d6c82fa2e6937ea6aeb5b8f33c21628e3b0d623c23c2e5a3546194fea742d90c1d61f343a005b9e58c3e8292b256fd0ecca81cda433f3bb0ed633607f0b635cdd8b4919bfa37c1e99df087d3f8f3ba5dec7930657eb3a4d8febb5234e048881fbfc499fe5eb6a0ce34546f7010ae2291e6731d0798ca451387a123998e68f6f577ba4e556bb9a119011a191a6bbcf55beb1fb0b8252deeed5721b271b964534a04462720c4c03e8ea7f120cfa1be630e7fc680d1f6e067075c72f642babcacf6b00cd3fdb9f3200e4ff8935b17ebe222053c78c3752666088017c2150dd014b9578af6adb15527a483eff5bb623710ca7b37ed49ff7cf1525f296af6f27846524e4aaea7476a2d08dceeca84a1ab11e2767abff12d10deaf63681dcabe9b1fb9ebe207d8e3793dba9a73a02ebea4e3a072397a88c47795d5e88b2040c9fe3f96f66f8f7d593547c8fc8f4e75a1c20962ecf2dd1e7bddf896f2a6c5f37a8784e2bc5b10cef2feab3b6eee7430908eeadd372248041a09b0c29385cd7a75754d2c429e72bf5fdac34097bbbbb3790f86399c60cb5054fbeb8eb1241608b506beb135091c18110c1d10d9a80f4adb11a6fd3001957cae0b4f8f730cc4fa4a7328e23f390caab014cfeec0ebfd0e14021f47fe330a68680678d23e7ca1ff18e7e242f4c1e3cca51dec73c58b596c2a92267ee76d3657c1e2b34102b09fa4c59c2619148440bf26802c6f858b8eee6d8c697bad2c4d5a0f76c6a4cdd3b8fdc21e447920491ef40578b68a7a5dfda04fa235fac01ad4e824b627137dc48807100e52ec5ae2f3a3fd84d68b824033b4f0ee28a9e72333b4e209ae905d0781e4fe8116e03b1ca5c3b1ea84974cabaa0214ed15bfe01e974491e8a20f9d03ed1b73799b083f3a65e809c3ff3cf126288fc1627409d46f78b5fe8b8ba0b3ddc3ac79aecd6eee2e0cc59826e5798f48f80f0c7f549b3a656e9acbc5e51bdc3becef93533166c1d9ffe4335ec973d3d27ce5987d150f554c4095650528578fe4858b670b0786f23c886612191f89ec57970dbc0e33cd62b57a08fa940b339577fd12d07dec2ac50e9e0b27f0716b3233803153389a95df956637af8d9778e27bce49ab0a832978712a074d3f7516ad512ed0d9b43049b5990c841a7b7146a24c62fb70645b8d85b6c8863d5c6aab03638ffa4e30c8de24383cf320eee735a4fd37262d473076f495da8b2f0f028b8f178c238010738d6afb1dc2e48089e80f6a7658ad3496f1a1f7f78abdcf934c733d22abb0671a0d41b9b33a5faf99d7b82166e27df0f97a7953dcc1fb364478200253757e8311ba61cb4c78a380cdd820553c7296816210f64b34619966f1540a407c8d6e8e30788909de19ede4116d09a14ce26ad59957add80b90602855c0134ba7fe8afd4493f7cd9ced61fda7d0ae02505c046acf68d68ecd9b1507a4d4eba4c2c834777b2c3c5a8b3c06677fe468072dcab48c1ac9deec30265c7f6c5864df89e25bba52715c82e9921db601b3935f5047b8cc07351b9965b1a1f6ef36c1fba89d9d96e332eacc1e8a78e09d7d6ba30845866449ed5264f763735d4e7cc133dba4b296b2dd9331efea01e5b3d05f38055e41c49993d679ef133b9b1af435fd0ac5fad33f571c76d02c40d4e301110b4442aa134364f0456da0cf362b2c27ebd667c0969ae09dad18becba9d6918fb1e741f685735cc7078f0e6328181a83da67516fac31522f9d9fc64a4b769e57e76bfff6f9867fa2fee1e7dddd11128322210e44eeef6db7269dfa1bfbd9099dd6f8219d585c22c20483251447772719a6115ccb690609de352989610a138110c884562b65de3cf63c3ebe9adfeb53c6e4ecc637c98b60161f71952b84c6fc4cea6af0ed533144bde4f8fbab2d3ffe0b2a5d0c55ec9979ea85a25045ad3a84becf0e891b89c1a83178d7368aea4bdfa0ebd46b8e110a2972c8ac96e10ac630e89f8d76bf35b03b5ecd393d1986fc61318e08ef02721e5f2cd2fe098ebcd1bd30a8f87b2a5650b51dd50d0d78ab7fe66490f5827372f1779d3d389e9fa66bd0296f0203af010d8f76783837cdde2555a90be577626a12de47d4da638efd0017750a230485f6ade34a27284d85dd87f9db8a832c571106d8296629418777b4d933fa049f0f4e5958c193e889305074091be14c66a4bf02cdfe1e8d26a5d21fa78c5628a7ee3d7a0c550296b2f0625e2dd18d45f2d45bee6746d4462c92bc3cf50503c7479bd121393821afe1cd7144ea37f4e8e5ee21f739024ad25af9430dee006b76617725556ff8a820b767fa821629819732f086a5fdf2ccb4edae0aceb3d6dea698e798ead905a2eef9065d633b007271e93101a71cbe385f56e32b3a8fb081c5c1ab09b729f89294a0007df3a3b8e93686020d993b812c6f85fe1618db897cd67be6cd5053dc8490bbebee133d140503c4aa51eea0c156523a1d81ae849dbe5a273bfc0de94836f8160ea9f146147fc02dd7b55dca6a2a43692268ee98f51fcd2d3faa76071d9716e877b2a3dcb51a51d5359a2ee705da52b43306f1f3caf33342fc281bc9c58d1ce05ecdeca371e3a788542f8fa999e4d8e10e66f0b6053d7d4cfc6acb815628bc2409b3dec01726121c267b3ee85fd61bbbdda68ae2c13026863e4a54b93d956fe692707a179411c841ca7d2f33a5223181b18b7ba2eebdd7c2a8dec3ac2a317b5fbd996e8598c394ee627308f0e887480a8dcd59b0256b636f4c62566501a733fa74232945ba1d9e2bae347391bf9ae2da4d3af2b262b772421fd3a5cab46862ea6049f5c9c76dd8549ce0e6c31c792b81b6b21f0bcca18bb2fa6a9d4d6e0a837bb119e2e002a69d6ca95a4b2acc463076c2e05731ef0cfaea84387a6baf6737cc14a25f5329ea924090311213344625a69ee382dd4bc72e00e63329956f3e021092585c9affa06a95bd0ef653ae9ff0abed5ee561ada4f83d8ef202d9c0b2225ebe8660cc408859d45e0332f4f78f6a339bce9d12ca2bc5116a8fd4007c485f5c1c41af96c41d96db35411842d7babc05c8b228066dccb9b67f348974363be521e41fa94d2034a0bc1e87360a80606e1e1bfa8e6399601b30bf93ac41129869158bc2b791b50e51519133ab58afd4023d4d721129b1307f054103a47c49e0524ac4df511c3409fa62d8b5c1a897794600f53efdcc987e06bffd77c9fc75fb7221ef29ed2f7e3e8abcb4a1875b85bd5176a6fba9a361d8684876508443bd50e630f4c684002b15930cf81d740b880eed25d22d8de8c00066790df084fea7c5021184a210a6d24f9bc862c4e3eafbb1782fa240ecfa5959d7a681bae84e8a96a5ff45dea4f9e16dd2cff2dccc6cf4042b44b7ad1f55dc1db5998ed40a409c0e67e1e64fab423d2c00fabb8976d9dacf0c82530e356a99f75082f3411adddfe4ab1ad3b55599fa15450dd5feee23591f1ce398e4c5ae8aad71ad26ea189c333c8467d1eaba9589bb8c41bbfe8c0c173e5446bc06b578c1db849fabe5fcd8fe0fca94bdc799b53b897249826037499e8b6213d640724fda1bcc9341ac61fbea02c8f39a53c496902d5c7922f678a273cdf5ffff38ea028ae19dc72f0b0688f2b9b7d5a9c04153c10ff4168cf9f243dea03b336be778f6c79d67a2d0ade82863eaf95d6fc7f745569864f369f4b39177c356c8c393bded485df28622f01251e58f3d39498520ff90e6c670f0dce5b494cb1d78dfad108406dc5857086d386bd42bd03fe716f049407e5e55caa0e73e96c1a4f6d5791ce7195b2ce72de52ed617ecefaeeabfa9350af49d1d91f9a4b97dc0808869b916f34ee242c40fe8c8aee57b6ddb69f9a10636e481dfa059ef001bad7020266f0d74b14edce6c18ffef854768a60885bad798658a6b9d0b438c483ba159346d5ce0771f53ff18e0bd47d8583bd56237f8da2747ac7eb2a87b6e26c4820d4fe18b76e06bb6e0c0cdf478b4aecd381c2a6ca9f10ec433f0aca63a66d04f70557baf9f2844005351a21664c2430fb0002cd03bcf0b2004068a2567f91a9fbee8c6d948fb35d48527b23e1398ce9f535e2b0b33c2bc31ab737ba4b980f46f5d424e33892c8093f3cd18510a3157afc023f63ad3ba999e950747c78c06ab141a26d74ffc049a6f76c465f9f9f03a8d339a8e61fef26a5239fbc11c01a87800c81efd7b9f28ee2ab2ed88a383f5013bfd6671ea3086121b235a0cc45ccb300c02588895f8d13ec7e00a3aaaa8b0e739f666fd1b13a90b23998704859c9c76108ed7ecdc63770e6ebaa0aeb9208b92ec4e948ac7fc81cc6f305f06c2f2d8c9267463af92e185ff627eed54313fa2ee0bff2cfa8be411982fd19fa88db5ec99f238f88782f8c7a957bef14f79351b63799a4cce160357c068987a5516b04c79644c140850cddc8bd5541fcca9e30826aad864240f434bd1fc67b58e3d664f782e9e46edcb34e2db98a39c23e334e51c71c9fa466470992cc1fbc36c3c8ff4340be67f9b85a74c9114cb9fe5ca4dcbb641ea17a54ba4658aeaa515109e117625a6196dd66d3584d293b468fce63b5a9c4b9461700c74ae955539bfbbe3eccfa7d9c9f737792a9d4b978baa2e92819e88340b73c88c2900b723248b18ae9414cb37a64ef8cb8ca85cda9677d9f1e71a6b70fe3ad17f2d13c1df48d93bfa50fd939a72ea26f9fbeaa6f8af2eec91b04a8fa7dc14fec0f54fcd1c5c848b4432f979f10e661cd2d7f8ff669ce99f9813fc5440fbbeb35f1a5e5115f5ca35dcc270bdbcae07a9ae8e22aabf8178379dee08874ec7840de27815890a88fc9a3bcfa88a33f9baef9af0ae01b2bd34a907f1151cb14bc8b396bc43a60f884f425e4a04348cc645aae68db49980139ddad0fed303e40b124fd654b36c961a56c44cc3686a7529b1f1ee47da3a0f1158542337df15780444790a2ff1b57e062f0db66730c9f98de395f939f44188225211c514447f67fcbf320a34c43ce09ed272bb992db3a35ae2c3c491c36f2de88984129fcea1ffd235aff7bef7fa95d65894db9a5f1b348efcb571a81b3d73ccd07cbef052389001e4d456800e05ca53bcf3485ce05791ff65a9f7913416ae26972f34f51a3270580b81307ce31c98eda06f3b35890ce317e79a16d728cd0bb6a3835667555c0c5138cfa5305a91db1f873b2a75b82ffcb27616ee67777708f7dc2ed9ddbeb38a60f446d3ac88ded25265c25ef38b0755a9d34bab5e669b6501d8c9787aae7eced9945cad3d4d1c32fa68b48a1d773750f814631db3e088c1b5e7ffa854ea1343d94ec1343918d7a1c5a095bb72b00eb3bff210aeec0b8a581a2a13429b83a193f4d447059265b63c4b8f8ea1b9494f65e79844d956c5d80780849dc086506e9eba002e682a1bae1543f8289588c574bb6ca9a2e57b908aaffed23ecf3536abaf96fe08291f3d70773288b4698e972b0187385dfff4cba59175814e75e7e5146205c7f2d2f749583b393f46c448c152d8be50d60ed8d8bdb30fc7925656a0f90b1de967c729980815e5f19ed453fbefcff67832cb90d753410a0b18eb7504600b11b0360c3d3594d48d832160d357afc1f17dc71dccabef7bbcf1fdd55b48cb02135c32650ab07b902f36b48be9376b2dd68343eacfe80d9dab3205a393a4c6ffd405f6db323dea11be4f22ce50df1e0cfec9e9b1e23acb94d66ea787d08f615a7c7288cdf1921a13a85d885e47cf1067d89ebad5b92ce5000000008d74bd2d5b78366f998cc35bf35e45d06128f1c5984fabee7542642bbf6d981b60759d3e7900e5b3d1d7310f90df0c88a600ff2f39932bf7411e61c692c9444dc9ae0dff28c0b94292c430ac4464e83ce8a29b886f45c98b8396667740c5be51e592eac0250d6e479505d36e930ca3a32cb671d58707d25b10e2660cd5e661b08e268c8bf1b3cbceb2d995a2a6fdfe5475cccc965f71baa7c84054e3bb6cbcb7167b06c708cd72ad4301e943dd1b2b2c325f682be3eaae730a8ed8bc3134b28d1ce04543bc66a529744561c42d25e65c7b5cc2a17875ebf35e53aa46e1edec29ff8d046a7e01459d9639c10d1df998cd9a12d7e50b2dc71ee7338cf71beb72d5020dc69eeafc354bf822d65ee0328eb07d04ac0d266fdb53227a158411da5ded254b3c359ee710e0278e1a06f06002538e108450fd6b11949fdc618a29baf34f232aa192230ddb318aa6d59d122257e50713fe73e6c0059399589c382dc901a8c3381139436f7331b69f457bbb38ed54daaa07a52cceb053c32690836c664b73d86261216b8610fc7b4d53dd3e5d9bcb3e25528e132911cac37e7f2618274c733b5ae02f9c27638d9e11988f1dfbb281ffd8cddf8558a481861cbe9d53a4ad8282d3587449cd51759ca397eda122d286e117d01539359870b94c98a3ce383ed1d280bcceb228acf73193e87fd3650e4dfd563cc55bfbc8626a41293cc90ef76e28e2dedaf968602d2997ae1c2752a0febe3a78f3756d40201ae13074091238324422caabe22c66b7866065264261fc2c3e0569493468d1c1c36259aedd5f078a231e72decd70f4de8532f6753287435296f33a096bc1c8b0ebb68c9f783881e45ac54159ec1c2f9e1f5cb48f96729a62d1b4fdaa89ef5de8741bca04e953534dc977e881a61281812af435206378eff173d7929ab4967e511bdc14e6d49cba517b0563c14fcd6ba38ef32bc48a00643416d7e34f7465b3e6240589d854db4d9714e998f2edf3a03986598a52aaf647d938f4a8e07c1c29615803af6cd403d261ad6da3c1c804034b4a4eef3ea1cc8db39d9e171b3f6dd074388577a4eb901c25c8031e4592cea80b6354850657f53b2acd910ec2c5a7db6abb0153e051dadfbcdf047e35591b96b5657ca55d99ef6fb48e07c34321cd20c40b30a646132f8afcb9426fe84a790567fb847076a8762ca29cfb037e0c948edc12122a1160a55d465f5c912406a10dc0d3c1156cd207e9ffe906d267c9c870521934e1c56af460c0ad0dea9c929acf85768e22bb65eca6e25e4ec8e6edb7a6215e8c7e5fdb56c7131b156ab6a78fc808f8f17a2708ff68b37778c00b3b546004fb2b2c588d8ca8276d281026bfe896698569814410422f27421b8fc5c09d47635f17ddf6b9f56a203c991514678c18a4afabe1eeca6fce1187fffcb6ebdacfc6cac9750766ed40c80e7eceb342a3fa6f86d014949f9d111bfd96e2a39d364f2e2722f2d9ab0577befe26055890161d780e52eff4022461c1d3b019b86af28c4f02fd1f7496d8c141344ad5756bcdc45158f3af7aac227c8853f607cae412db6fa924c039859fe455857bd5fde66cc1b773c12f516401a31c80d750079247c128a103361e7f0a392d21b4b1b594307ff6b37e5a242666209ec517561e04645b92e7cf3cff1a6c76c900d12d9556e2962c535401b1e61fa85e06551ed678703fb3bf8590f2608ae3c278b8d1ac286af38061afbbc3cb27ee7adc6ad299151cd00a84506e6a97648ff99f2a9d35d8421e71589437406fa8e6def8ce34c9abe5de3481c492887176d4485dac794b84567d5ebaf68d0007cb2256a0f1ce4318f6891f750fa9696fed3525059688cf973e70d688b1759cd0f3dfb0b2a7078174b978767cbdbfc3f7d5850e2f7772e2bd6e3ed69ef13cc141238b5ee04b6615e33c42fcd6cf979a0ac848458b713b9a988c1e3fc32f2a182fc0cab2e6933e9aa5c2d77db8c6a1802b43bd8220ff0ca92229fc26a44761d00eeebec834e5f7d382b4f58a2759c56e53b163dae034ffa1970acc57165746e575470e13c4044f392ae4bea93e7d666256436507bb987a247785301274d4f262f94989cdc94b209b7499bd0cb4437525b72be79c87c6076533e4a14799a60bd3563d46ee4767108bed7e637cfed6f3139637bb01f36385dc5873eed726fbec9a87da294cc11db8b49fe45b798ae74e1a8cb0f2907eb0178d2baf5f0f88f654baab9f147741945c496ddea1cfed65a82e913a131c4ac7bb6f0d8d5d28225dab8a33c6e60c0d2b2d5dbd8c35089f13f9a2ae81ec9addaefea9b8ddabc8cdeb6437381ce346db6e14d9d1e8bb4662b508d61da77fc8d9ebebceb1c23be5d0a7bba4a48c0591333ab7779bae78ff23c4bbf8a8cf30f3120a5b63a047064d7ed7d37191cf39b6d1e8ffe3b47379767bd691cb855a9c938e9a0235a5ec9c316a6dceca63fa5fe6df0b9f0d6b38add216aaf2726d3377ab827b00b4cbf490708a0f679b8cd7caadb3dee40cc98f778917d6a6263fcc0747bf75fd676d84abb7d10087da323f95c2571139fd4c9826ad5db6ee4c246b9da20592cae11f9264bd2945aa1a427b2acefb514a2daafbbae35ff761eb1e3b98b4a1dfca348b8c4ff96325a618d677180ceb7e916654ecc2deecb4e61d01080f44b98776b1b43aebeffe2c14006dd1d78c8babf1179f42fd20d87654d3246d41e9dc633eac1741be44f8d751d8c9fd57316fe06d60872939b7a2906bb27a299a3408a51d74e5d98417f05f85fc1b332e103e79203e9fe344dc1d1572de39d914c5270c839870d2b33da5a6efc08c4f0c8227cc35a7f77c6a55f80ceef90e217c80e5ecb4c236685f5219787b01612cfbac90794e8269c07fb7ca4f7dba4defb2aae2b37f7b1696e78de15dbb1b6d4ee0cc4c0fae274b2c2de9343862de1d9847515ad235b1837daa9b814f19e895ae3966ed262e3e7add9f19009e6b61462917b29502b67e124c43538a6bcab7296529e01bb26ab8b3ef094ed057383c4f92790b6f705ae9d943c4e8dad84f6ef82b54d062713c16960fb475d74d46a1b16062563da3391cc6ff5185162c31ff7339e4837e38adab8ab911abaaa006e313dd19a1f92b4f7bede4525b154e1b9f796136a85f3602da011ae2232be902347e08ce0bbf3d23d91c4aac11c8824caafa1d1ff0343ce655802c1915f3ae7c0c670b18e56e139be66a33613afcb3b1928613b3afba9d635070af678216d57023d1911f0eb7ebddefc96f0efd8e9dc10e8a87a68393e19733ef900c6264722940750ae16f664e445414e85e98570303c6d87d7f265cfae0a1e9314fc14674c2871c0d59bbe2eddaf9330a4e2a28673af73910d6cb90790f800e89d55a2930910a8430ade9551819d83d5ea6da4e58326b7ce555d01da86ea78200f0219ec92473da95cd5a632c525ca9fbcddebb8168881cdb2f5da787d0e31881e2b17d78184f3a0bed8662486d3937dab275d050b9dd5a2ce904208a91a467afc33e10fb6c1ca788a5ef30d6e8b615ec0ae1503fea7006569559b7b155c31b196b85881c5671173c06fc5373e9fd973e7111ed45874609bf3c88c6db732210a3ea04cb68662bbc2048bb55d811482af5c658e29bd18c57ffa25e88d7297cd20d4c2b13007cfae89f4dcd90177a0806a2ceb2095333b58f828c093b9bf63cd07e3d56a446fd12e755fd651211bc160948836939c17623b317b9e935307044bab2c11879a62288e7ecbbb97f10f52516f517b7b8e44cff5964fdfaf8044065056b48db13b1365004c336afa3535af1242c9b7271b8b1ba2213fcbb80926bcd394815cd7c27e3aeb2348dc45f5e06e32f5bd56d1c472f41b564ec0939cd012028412883cc098d086fd43858747b746be72b979d175f6a6447fc5908616dec7fc6c962e12e96e09bd068acd2fcf0ce1cc26d9f82b2b91bc9aafcbf8435011f73b6a8ea1bb2f3289b23236136b31656600762feff53e607df8cf3c9a7f257b212630c19f142e4cf5094250b629cabb145c77f1f14ad60ab7617078f810a766cfa341fb7c16086609bc0a768fb1cd782606f32b83a0a55d883269a05b80275612dc571cb993ea9e447b4d32570d412203ab4c8b050b63bb5ac0f8d6f4e9a1644e4b622587b2ae125c2093bd363493d58544d6303a0de17780fcd83e993aa83f4432274eee1e6333fcdc77bcfdea95b8b9ed787723e35b71f1dbe89ff1e3e6fde146c05b6fe9eae52b472624e412253a63e7fcf1b77dbff7509eec5a55501e222f66bd84d36663cd244fa1556bd34b4c9957a93a71e63961ffc7700c5545acdd3e79da41e1cfaca0956d4978222cda23a574d691dbb6c6bd083c70c2782c045bbbe0fcaa10efbc002af6832e3fa7dda0ec8ff6ded69302d55d5a62a7ec213f16ecc5e3304a83103d1c2b21e04e3f5f3730339a630a407e8cc6a5afd2f2ed78ff992035a3783a2708195a46e565a9113be8c228ccaae3510363b475732ad48fe8ff34801f4c35132359d4c5c5bff65141f4a8684d462cf5d97b44496440fff3f7a28d28bbaa8e6db2a6064cbe9fca4679afe8ca6dd27a25c56f3e58165040f19a0455199a0ece4583f060979427f2f3495f40a83bc6ee3eaadab18705d464662b8aba9c7aa2f29114f7acc247548a85bd44723064abeee18f7f558f6d0d74fa08103dd906124454745d23005c425b260b0034372123b642a0cbebbc1a0bcf0cfc3639876eceac5f9734057ff659cfd35b1a3eaa768b86d66244aabc23a45676a59d492614f1c0011c9253e53fc7bb3e20d303afdb5b6614dcc7bbf72a339e414672aac23c2e2983083f08dbc34e3452def00f402598b6aaa4f0d896d1648b1442621993b7d0c930560cb6152b9ce59f94356726816a224fca84da5dbde6675d20f546a3e4635e82ff9575cac9160e6819f", 0xfffffffffffffd8a, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000140)="417eb879ea61cb1b3e23f1eb3b8a0000000000", 0xce4, r7}, 0x38) bpf$MAP_UPDATE_BATCH(0x1b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x401, r7, 0x0, 0x100000000000000}, 0x38) r8 = dup3(r1, r0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000200)=0xd) r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r10 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r10, 0x8943, &(0x7f0000001980)={'macvtap0\x00', 0x0}) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x1002000, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=f`,rfdnoi\x00=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r9, @ANYBLOB=',\x00']) kernel console output (not intermixed with test programs): 7 [ 193.944417][ T9713] loop9: unable to read partition table [ 193.946160][ T9713] loop9: partition table beyond EOD, truncated [ 193.948002][ T9713] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 193.948002][ T9713] ) failed (rc=-5) [ 193.960699][ T9711] sp0: Synchronizing with TNC [ 193.963955][ T9710] [U] è [ 193.999434][ T9698] Set syz1 is full, maxelem 65536 reached [ 194.085732][ T9715] FAULT_INJECTION: forcing a failure. [ 194.085732][ T9715] name failslab, interval 1, probability 0, space 0, times 0 [ 194.112942][ T9715] CPU: 2 UID: 0 PID: 9715 Comm: syz.2.999 Not tainted 6.13.0-syzkaller #0 [ 194.115369][ T9715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 194.118418][ T9715] Call Trace: [ 194.119376][ T9715] [ 194.120220][ T9715] dump_stack_lvl+0x16c/0x1f0 [ 194.121573][ T9715] should_fail_ex+0x497/0x5b0 [ 194.122937][ T9715] ? fs_reclaim_acquire+0xae/0x150 [ 194.124392][ T9715] should_failslab+0xc2/0x120 [ 194.125717][ T9715] __kmalloc_noprof+0xce/0x4f0 [ 194.127062][ T9715] ? d_absolute_path+0x137/0x1b0 [ 194.128475][ T9715] ? tomoyo_encode2+0x100/0x3e0 [ 194.129842][ T9715] tomoyo_encode2+0x100/0x3e0 [ 194.131186][ T9715] tomoyo_realpath_from_path+0x1a7/0x710 [ 194.132855][ T9715] tomoyo_path_number_perm+0x248/0x5b0 [ 194.134375][ T9715] ? tomoyo_path_number_perm+0x235/0x5b0 [ 194.135954][ T9715] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 194.137677][ T9715] ? __pfx_lock_release+0x10/0x10 [ 194.139100][ T9715] ? trace_lock_acquire+0x14e/0x1f0 [ 194.140552][ T9715] ? __pfx___schedule+0x10/0x10 [ 194.141910][ T9715] ? lock_acquire+0x2f/0xb0 [ 194.143210][ T9715] ? __fget_files+0x40/0x3a0 [ 194.144508][ T9715] ? __fget_files+0x206/0x3a0 [ 194.145886][ T9715] security_file_ioctl_compat+0x9b/0x240 [ 194.147557][ T9715] __do_compat_sys_ioctl+0x4e/0x2c0 [ 194.149085][ T9715] __do_fast_syscall_32+0x73/0x120 [ 194.150610][ T9715] do_fast_syscall_32+0x32/0x80 [ 194.152034][ T9715] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 194.153872][ T9715] RIP: 0023:0xf7f97579 [ 194.155056][ T9715] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 194.160457][ T9715] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 194.162839][ T9715] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c2c45512 [ 194.165070][ T9715] RDX: 0000000020000a00 RSI: 0000000000000000 RDI: 0000000000000000 [ 194.167274][ T9715] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 194.169479][ T9715] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 194.171823][ T9715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 194.174112][ T9715] [ 194.175436][ C2] hpet_rtc_timer_reinit: 50 callbacks suppressed [ 194.175444][ C2] hpet: Lost 3 RTC interrupts [ 194.181340][ T9715] ERROR: Out of memory at tomoyo_realpath_from_path. [ 194.564116][ T9738] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1003'. [ 194.690970][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 194.761105][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 194.761194][ T5950] Bluetooth: hci1: command 0x040f tx timeout [ 194.761227][ T5948] Bluetooth: hci2: command 0x040f tx timeout [ 195.209982][ T9708] vhci_hcd: connection closed [ 195.213540][ T1199] vhci_hcd: stop threads [ 195.216276][ T1199] vhci_hcd: release socket [ 195.217654][ T1199] vhci_hcd: disconnect device [ 195.530731][ T35] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 24 if 0 alt 3 proto 1 vid 0x0525 pid 0xA4A8 [ 195.538066][ T35] usb 5-1: USB disconnect, device number 24 [ 195.540558][ T35] usblp0: removed [ 195.644851][ T9787] ptrace attach of "/syz-executor exec"[7266] was attempted by "/syz-executor exec"[9787] [ 196.850978][ T5950] Bluetooth: hci3: command 0x041b tx timeout [ 197.020668][ T39] audit: type=1326 audit(1737416764.463:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.028234][ T39] audit: type=1326 audit(1737416764.463:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.036467][ T39] audit: type=1326 audit(1737416764.463:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.045091][ T39] audit: type=1326 audit(1737416764.463:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.054151][ T39] audit: type=1326 audit(1737416764.463:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.063487][ T39] audit: type=1326 audit(1737416764.463:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=263 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.070302][ T39] audit: type=1326 audit(1737416764.463:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.078549][ T39] audit: type=1326 audit(1737416764.463:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.086592][ T39] audit: type=1326 audit(1737416764.463:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9798 comm="syz.1.1012" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 197.094529][ T9805] netlink: 'syz.0.1015': attribute type 9 has an invalid length. [ 197.138794][ T66] Bluetooth: hci1: Invalid handle: 0x73c2 > 0x0eff [ 197.165315][ T9812] netlink: 'syz.0.1018': attribute type 1 has an invalid length. [ 197.179815][ T9812] 8021q: adding VLAN 0 to HW filter on device bond5 [ 197.194531][ T9812] gretap1: entered promiscuous mode [ 197.196842][ T9812] gretap1: entered allmulticast mode [ 197.202928][ T9812] bond5: (slave gretap1): making interface the new active one [ 197.207477][ T9812] bond5: (slave gretap1): Enslaving as an active interface with an up link [ 197.435939][ T9816] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 197.438547][ T9816] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 197.446482][ T9816] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 197.448449][ T9816] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 197.641132][ T832] vhci_hcd: vhci_device speed not set [ 197.641911][ T75] vhci_hcd: vhci_device speed not set [ 198.006506][ T9845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1025'. [ 198.290960][ T8] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 198.309541][ T9855] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 198.311780][ T9855] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 198.313587][ T9855] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 198.315410][ T9855] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 198.320971][ T5982] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 198.490950][ T5982] usb 7-1: Using ep0 maxpacket: 32 [ 198.493702][ T5982] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.496704][ T5982] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.499392][ T5982] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 198.502248][ T5982] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.505383][ T5982] usb 7-1: config 0 descriptor?? [ 198.531024][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 198.533819][ T8] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 198.536035][ T8] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 198.539001][ T8] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 198.542046][ T8] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 198.545527][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 198.548759][ T8] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 198.551184][ T8] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 198.553513][ T8] usb 5-1: Product: syz [ 198.554639][ T8] usb 5-1: Manufacturer: syz [ 198.555903][ T8] usb 5-1: SerialNumber: syz [ 198.558194][ T8] usb 5-1: config 0 descriptor?? [ 198.560745][ T8] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 198.563878][ T8] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 198.919793][ T9876] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 199.247200][ T9870] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 199.249112][ T9870] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 199.251563][ T9870] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 199.254190][ T9870] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 199.321446][ T832] usb 5-1: USB disconnect, device number 25 [ 199.328430][ T832] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 200.262297][ T9898] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 200.264196][ T9898] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 200.265949][ T9898] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 200.267729][ T9898] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 200.279141][ T9905] FAULT_INJECTION: forcing a failure. [ 200.279141][ T9905] name failslab, interval 1, probability 0, space 0, times 0 [ 200.287061][ T9905] CPU: 2 UID: 0 PID: 9905 Comm: syz.1.1041 Not tainted 6.13.0-syzkaller #0 [ 200.289503][ T9905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 200.292640][ T9905] Call Trace: [ 200.293612][ T9905] [ 200.294579][ T9905] dump_stack_lvl+0x16c/0x1f0 [ 200.296184][ T9905] should_fail_ex+0x497/0x5b0 [ 200.297992][ T9905] ? fs_reclaim_acquire+0xae/0x150 [ 200.299972][ T9905] should_failslab+0xc2/0x120 [ 200.301359][ T9905] __kmalloc_node_noprof+0xd1/0x520 [ 200.302940][ T9905] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 200.304663][ T9905] __kvmalloc_node_noprof+0xad/0x1a0 [ 200.306240][ T9905] nf_tables_commit+0xa79/0x5fe0 [ 200.307704][ T9905] ? nf_tables_newrule+0x3ba/0x2890 [ 200.309242][ T9905] ? __pfx_nf_tables_commit+0x10/0x10 [ 200.310864][ T9905] ? __pfx_nf_tables_newrule+0x10/0x10 [ 200.312438][ T9905] ? net_generic+0xea/0x2a0 [ 200.313759][ T9905] ? __pfx_lock_release+0x10/0x10 [ 200.315602][ T9905] ? __nla_parse+0x40/0x60 [ 200.317345][ T9905] nfnetlink_rcv_batch+0xa52/0x24e0 [ 200.319348][ T9905] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 200.321427][ T9905] ? __pfx_lock_release+0x10/0x10 [ 200.322916][ T9905] ? __local_bh_enable_ip+0xa4/0x120 [ 200.324799][ T9905] ? lockdep_hardirqs_on+0x7c/0x110 [ 200.326954][ T9905] ? __pfx___dev_queue_xmit+0x10/0x10 [ 200.329153][ T9905] ? __nla_parse+0x40/0x60 [ 200.330778][ T9905] nfnetlink_rcv+0x3c3/0x430 [ 200.332423][ T9905] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 200.334514][ T9905] netlink_unicast+0x53c/0x7f0 [ 200.336492][ T9905] ? __pfx_netlink_unicast+0x10/0x10 [ 200.338628][ T9905] ? __phys_addr_symbol+0x30/0x80 [ 200.340564][ T9905] ? __check_object_size+0x488/0x710 [ 200.342684][ T9905] netlink_sendmsg+0x8b8/0xd70 [ 200.344617][ T9905] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.346727][ T9905] ____sys_sendmsg+0x9ae/0xb40 [ 200.348625][ T9905] ? __pfx_____sys_sendmsg+0x10/0x10 [ 200.350752][ T9905] ? get_compat_msghdr+0x11b/0x170 [ 200.352780][ T9905] ___sys_sendmsg+0x135/0x1e0 [ 200.354586][ T9905] ? __pfx____sys_sendmsg+0x10/0x10 [ 200.357247][ T9905] ? __pfx_lock_release+0x10/0x10 [ 200.358875][ T9905] ? trace_lock_acquire+0x14e/0x1f0 [ 200.360367][ T9905] ? __fget_files+0x206/0x3a0 [ 200.361727][ T9905] __sys_sendmsg+0x16e/0x220 [ 200.363085][ T9905] ? __pfx___sys_sendmsg+0x10/0x10 [ 200.364772][ T9905] __do_fast_syscall_32+0x73/0x120 [ 200.366351][ T9905] do_fast_syscall_32+0x32/0x80 [ 200.367764][ T9905] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 200.369565][ T9905] RIP: 0023:0xf710e579 [ 200.370732][ T9905] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 200.376322][ T9905] RSP: 002b:00000000f510055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 200.378698][ T9905] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 200.380942][ T9905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 200.383173][ T9905] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 200.385842][ T9905] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 200.388114][ T9905] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 200.390386][ T9905] [ 200.391835][ C2] hpet_rtc_timer_reinit: 6 callbacks suppressed [ 200.391844][ C2] hpet: Lost 5 RTC interrupts [ 200.752725][ T832] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 200.878872][ T9935] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 200.880770][ T9935] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 200.882912][ T9935] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 200.885393][ T9935] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 200.911213][ T832] usb 6-1: Using ep0 maxpacket: 32 [ 200.914740][ T832] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 200.917143][ T832] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 200.920296][ T832] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 200.924623][ T832] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 200.929983][ T832] usb 6-1: config 0 interface 0 has no altsetting 0 [ 200.934744][ T832] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 200.938527][ T832] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 200.941316][ T832] usb 6-1: Product: syz [ 200.942611][ T832] usb 6-1: Manufacturer: syz [ 200.944183][ T832] usb 6-1: SerialNumber: syz [ 200.946443][ T832] usb 6-1: config 0 descriptor?? [ 200.949213][ T832] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 200.953248][ T832] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 201.090650][ T5982] usbhid 7-1:0.0: can't add hid device: -71 [ 201.092685][ T5982] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 201.100307][ T5982] usb 7-1: USB disconnect, device number 15 [ 201.206644][ T9952] FAULT_INJECTION: forcing a failure. [ 201.206644][ T9952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 201.210858][ T9952] CPU: 2 UID: 0 PID: 9952 Comm: syz.2.1057 Not tainted 6.13.0-syzkaller #0 [ 201.214249][ T9952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 201.217589][ T9952] Call Trace: [ 201.218615][ T9952] [ 201.219547][ T9952] dump_stack_lvl+0x16c/0x1f0 [ 201.221007][ T9952] should_fail_ex+0x497/0x5b0 [ 201.222661][ T9952] _copy_from_user+0x2e/0xd0 [ 201.224529][ T9952] move_addr_to_kernel+0x68/0x160 [ 201.226082][ T9952] __sys_connect+0xb0/0x170 [ 201.227554][ T9952] ? __pfx___sys_connect+0x10/0x10 [ 201.229252][ T9952] ? __pfx_ksys_write+0x10/0x10 [ 201.230747][ T9952] __ia32_sys_connect+0x71/0xb0 [ 201.232625][ T9952] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 201.234581][ T9952] __do_fast_syscall_32+0x73/0x120 [ 201.236120][ T9952] do_fast_syscall_32+0x32/0x80 [ 201.237553][ T9952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 201.239438][ T9952] RIP: 0023:0xf7f97579 [ 201.240638][ T9952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 201.247293][ T9952] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 201.250589][ T9952] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 201.253782][ T9952] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 201.256938][ T9952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 201.259938][ T9952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 201.262955][ T9952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 201.265311][ T9952] [ 201.266628][ C2] hpet: Lost 2 RTC interrupts [ 201.702843][ T5982] usb 6-1: USB disconnect, device number 25 [ 201.705803][ T5982] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 201.948315][ T9969] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 201.950189][ T9969] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 201.953856][ T9969] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 201.955723][ T9969] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 202.471007][ T5982] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 202.630982][ T5982] usb 6-1: Using ep0 maxpacket: 32 [ 202.635501][ T5982] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.638821][ T5982] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 202.642161][ T5982] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 202.644860][ T5982] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.651466][ T5982] usb 6-1: config 0 descriptor?? [ 203.059181][ T9995] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 203.156859][ T9991] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 203.158834][ T9991] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 203.160602][ T9991] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 203.162487][ T9991] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 204.186596][T10014] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 204.188569][T10014] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 204.191445][T10014] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 204.193551][T10014] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 204.580993][ T1907] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 204.730953][ T1907] usb 5-1: Using ep0 maxpacket: 32 [ 204.736419][ T1907] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 204.739424][ T1907] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 204.743056][ T1907] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 204.746327][ T1907] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 204.750422][ T1907] usb 5-1: config 0 interface 0 has no altsetting 0 [ 204.761378][ T1907] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 204.767283][ T1907] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 204.779492][ T1907] usb 5-1: Product: syz [ 204.784601][ T1907] usb 5-1: Manufacturer: syz [ 204.787776][ T1907] usb 5-1: SerialNumber: syz [ 204.823988][ T1907] usb 5-1: config 0 descriptor?? [ 204.833624][ T1907] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 204.840093][ T1907] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 205.337071][T10032] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 205.339022][T10032] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 205.340774][T10032] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 205.342616][T10032] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 205.414134][ T5982] usbhid 6-1:0.0: can't add hid device: -71 [ 205.420303][ T5982] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 205.424986][ T5982] usb 6-1: USB disconnect, device number 26 [ 205.465808][T10047] input: syz0 as /devices/virtual/input/input26 [ 205.544506][T10052] overlay: Bad value for 'uuid' [ 205.556038][T10052] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 205.586739][ T6099] usb 5-1: USB disconnect, device number 26 [ 205.589221][ T6099] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 205.663111][T10052] /dev/sr0: Can't open blockdev [ 206.090138][T10060] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 206.093023][T10060] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 206.095103][T10060] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 206.097139][T10060] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 206.153223][T10067] rtc_cmos 00:05: Alarms can be up to one day in the future [ 206.179524][T10071] xt_CT: You must specify a L4 protocol and not use inversions on it [ 206.441818][T10084] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 207.110921][T10081] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 207.113106][T10081] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 207.114993][T10081] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 207.117441][T10081] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 207.160007][ T6099] rtc_cmos 00:05: Alarms can be up to one day in the future [ 207.163853][ T6099] rtc_cmos 00:05: Alarms can be up to one day in the future [ 207.166571][ T6099] rtc_cmos 00:05: Alarms can be up to one day in the future [ 207.169298][ T6099] rtc_cmos 00:05: Alarms can be up to one day in the future [ 207.171711][ T6099] rtc rtc0: __rtc_set_alarm: err=-22 [ 207.221265][T10084] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 207.223202][T10084] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 207.224987][T10084] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 207.226786][T10084] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 207.374806][T10104] usb usb8: usbfs: process 10104 (syz.3.1094) did not claim interface 0 before use [ 207.381398][T10104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1094'. [ 207.384531][T10104] netlink: 'syz.3.1094': attribute type 10 has an invalid length. [ 207.387389][T10104] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.391777][T10104] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.396474][T10104] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.399201][T10104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.402377][T10104] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.404612][T10104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.408691][T10104] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 207.414158][T10104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1094'. [ 207.416720][T10104] bridge_slave_1: left allmulticast mode [ 207.418339][T10104] bridge_slave_1: left promiscuous mode [ 207.421365][T10104] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.424689][T10104] bridge_slave_0: left allmulticast mode [ 207.426327][T10104] bridge_slave_0: left promiscuous mode [ 207.428025][T10104] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.444348][T10104] bond0: (slave bridge0): Releasing backup interface [ 207.461227][ T6099] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 207.500944][ T8] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 207.581146][T10109] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 207.582984][T10109] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 207.587431][T10109] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 207.589387][T10109] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 207.622972][ T6099] usb 7-1: Using ep0 maxpacket: 32 [ 207.625734][ T6099] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 207.628301][ T6099] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 207.631891][ T6099] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 207.635086][ T6099] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 207.638880][ T6099] usb 7-1: config 0 interface 0 has no altsetting 0 [ 207.643401][ T6099] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 207.646006][ T6099] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 207.648436][ T6099] usb 7-1: Product: syz [ 207.649674][ T6099] usb 7-1: Manufacturer: syz [ 207.651114][ T6099] usb 7-1: SerialNumber: syz [ 207.653289][ T6099] usb 7-1: config 0 descriptor?? [ 207.656218][ T6099] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 207.659474][ T6099] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 207.670989][ T8] usb 6-1: Using ep0 maxpacket: 8 [ 207.674596][ T8] usb 6-1: config index 0 descriptor too short (expected 74, got 45) [ 207.676769][ T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 207.679620][ T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 207.682530][ T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 207.685332][ T8] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 207.688672][ T8] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 207.691259][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.900054][ T8] usb 6-1: usb_control_msg returned -32 [ 207.901938][ T8] usbtmc 6-1:16.0: can't read capabilities [ 208.409667][ T5982] usb 7-1: USB disconnect, device number 16 [ 208.414493][ T5982] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 208.908924][T10135] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1101'. [ 208.916913][T10135] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 208.922353][T10135] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 208.925840][T10135] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 208.929661][T10135] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 209.554127][T10149] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 209.556015][T10149] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 209.557801][T10149] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 209.559762][T10149] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 209.916276][T10161] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1108'. [ 210.037445][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1112'. [ 210.252850][ T6099] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 210.277411][ T832] usb 6-1: USB disconnect, device number 27 [ 210.421756][ T6099] usb 5-1: Using ep0 maxpacket: 32 [ 210.429290][ T6099] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 210.432712][ T6099] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 210.437008][ T6099] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 210.441709][ T6099] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 210.446920][ T6099] usb 5-1: config 0 interface 0 has no altsetting 0 [ 210.451888][ T6099] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 210.455511][ T6099] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 210.458922][ T6099] usb 5-1: Product: syz [ 210.460633][ T6099] usb 5-1: Manufacturer: syz [ 210.462498][ T6099] usb 5-1: SerialNumber: syz [ 210.466577][ T6099] usb 5-1: config 0 descriptor?? [ 210.470316][ T6099] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 210.474861][ T6099] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 210.591647][T10178] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 210.593844][T10178] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 210.595649][T10178] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 210.597646][T10178] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 210.764504][T10184] binder: 10183:10184 ioctl 4018620d 0 returned -22 [ 210.768427][T10184] binder: BINDER_SET_CONTEXT_MGR already set [ 210.770245][T10184] binder: 10183:10184 ioctl 4018620d 20000040 returned -16 [ 210.989226][T10193] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1117'. [ 211.226969][ T832] usb 5-1: USB disconnect, device number 27 [ 211.230617][ T832] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 211.691300][T10208] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.753887][T10208] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.827254][T10208] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.953468][T10221] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1125'. [ 211.957458][T10221] vxcan0: entered allmulticast mode [ 211.959268][T10221] vxcan0: left allmulticast mode [ 211.961596][T10221] netlink: 'syz.2.1125': attribute type 1 has an invalid length. [ 211.999558][T10208] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.110962][T10208] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.119028][T10208] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.140156][T10208] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.148721][T10208] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.601074][ T66] Bluetooth: hci3: command 0x041b tx timeout [ 212.601141][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 212.601163][ T5948] Bluetooth: hci1: command 0x040f tx timeout [ 212.692393][T10218] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 212.694313][T10218] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 212.696015][T10218] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 212.697784][T10218] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 212.801980][T10217] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 212.804151][T10217] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 212.806113][T10217] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 212.808733][T10217] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 213.011852][T10254] geneve1: entered promiscuous mode [ 213.013476][T10254] geneve1: entered allmulticast mode [ 213.018311][T10251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1132'. [ 213.061085][ T8] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 213.203056][T10256] usb usb8: usbfs: process 10256 (syz.1.1135) did not claim interface 0 before use [ 213.207181][T10256] FAULT_INJECTION: forcing a failure. [ 213.207181][T10256] name failslab, interval 1, probability 0, space 0, times 0 [ 213.212160][T10256] CPU: 1 UID: 0 PID: 10256 Comm: syz.1.1135 Not tainted 6.13.0-syzkaller #0 [ 213.214786][T10256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 213.217844][T10256] Call Trace: [ 213.218915][T10256] [ 213.220041][T10256] dump_stack_lvl+0x16c/0x1f0 [ 213.221747][T10256] should_fail_ex+0x497/0x5b0 [ 213.223478][T10256] ? lock_acquire.part.0+0x11b/0x380 [ 213.225376][T10256] should_failslab+0xc2/0x120 [ 213.227133][T10256] __kmalloc_cache_noprof+0x68/0x420 [ 213.228977][T10256] ? rcu_is_watching+0x12/0xc0 [ 213.230720][T10256] __hw_addr_add_ex+0x310/0x700 [ 213.232546][T10256] dev_mc_add+0xb6/0x110 [ 213.234146][T10256] garp_init_applicant+0xd8/0x500 [ 213.236015][T10256] register_vlan_dev+0x197/0x940 [ 213.237846][T10256] ? vlan_changelink+0x2c3/0x5e0 [ 213.239711][T10256] vlan_newlink+0x40e/0x6a0 [ 213.241389][T10256] ? __pfx_vlan_newlink+0x10/0x10 [ 213.243305][T10256] rtnl_newlink+0xbae/0x1d70 [ 213.245207][T10256] ? __pfx_rtnl_newlink+0x10/0x10 [ 213.247216][T10256] ? __pfx___lock_acquire+0x10/0x10 [ 213.249161][T10256] ? kmem_cache_free+0x152/0x4c0 [ 213.251020][T10256] ? aa_get_newest_label+0x376/0x680 [ 213.252960][T10256] ? find_held_lock+0x2d/0x110 [ 213.254760][T10256] ? find_held_lock+0x2d/0x110 [ 213.256537][T10256] ? rtnetlink_rcv_msg+0x93a/0xea0 [ 213.258429][T10256] ? __pfx_lock_release+0x10/0x10 [ 213.260284][T10256] ? trace_lock_acquire+0x14e/0x1f0 [ 213.262218][T10256] ? __pfx_rtnl_newlink+0x10/0x10 [ 213.264092][T10256] rtnetlink_rcv_msg+0x95b/0xea0 [ 213.265926][T10256] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 213.267985][T10256] ? __pfx___dev_queue_xmit+0x10/0x10 [ 213.269976][T10256] netlink_rcv_skb+0x165/0x410 [ 213.271578][T10256] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 213.273175][T10256] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 213.274704][T10256] ? netlink_deliver_tap+0x1ae/0xca0 [ 213.276217][T10256] netlink_unicast+0x53c/0x7f0 [ 213.277622][T10256] ? __pfx_netlink_unicast+0x10/0x10 [ 213.279133][T10256] ? __phys_addr_symbol+0x30/0x80 [ 213.280609][T10256] ? __check_object_size+0x488/0x710 [ 213.282120][T10256] netlink_sendmsg+0x8b8/0xd70 [ 213.283515][T10256] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.285038][T10256] ____sys_sendmsg+0x9ae/0xb40 [ 213.286447][T10256] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.287985][T10256] ? get_compat_msghdr+0x11b/0x170 [ 213.289463][T10256] ___sys_sendmsg+0x135/0x1e0 [ 213.290849][T10256] ? __pfx____sys_sendmsg+0x10/0x10 [ 213.292354][T10256] ? __pfx_lock_release+0x10/0x10 [ 213.293816][T10256] ? trace_lock_acquire+0x14e/0x1f0 [ 213.295314][T10256] ? __fget_files+0x206/0x3a0 [ 213.296678][T10256] __sys_sendmsg+0x16e/0x220 [ 213.298012][T10256] ? __pfx___sys_sendmsg+0x10/0x10 [ 213.299523][T10256] __do_fast_syscall_32+0x73/0x120 [ 213.301038][T10256] do_fast_syscall_32+0x32/0x80 [ 213.302442][T10256] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.304262][T10256] RIP: 0023:0xf710e579 [ 213.305439][T10256] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 213.309058][T10261] netlink: 'syz.1.1135': attribute type 10 has an invalid length. [ 213.310979][T10256] RSP: 002b:00000000f510055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 213.315679][T10256] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000280 [ 213.317938][T10256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 213.320213][T10256] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 213.322466][T10256] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 213.324717][T10256] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 213.326977][T10256] [ 213.340980][ T8] usb 7-1: Using ep0 maxpacket: 32 [ 213.344792][ T8] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 213.345283][T10261] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.348264][ T8] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 213.350489][T10261] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.354474][ T8] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 213.358255][T10261] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.359975][T10256] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1135'. [ 213.361643][T10261] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.361724][T10261] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.364745][ T8] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 213.366547][T10261] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.368665][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 213.373539][T10261] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 213.377868][ T8] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 213.383242][T10256] bridge_slave_1: left allmulticast mode [ 213.384756][ T8] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 213.384908][T10256] bridge_slave_1: left promiscuous mode [ 213.387404][ T8] usb 7-1: Product: syz [ 213.389006][T10256] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.390172][ T8] usb 7-1: Manufacturer: syz [ 213.390182][ T8] usb 7-1: SerialNumber: syz [ 213.391449][ T8] usb 7-1: config 0 descriptor?? [ 213.399304][ T8] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 213.403009][ T8] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 213.445773][T10256] bridge_slave_0: left allmulticast mode [ 213.448074][T10256] bridge_slave_0: left promiscuous mode [ 213.450370][T10256] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.466597][T10256] bond0: (slave bridge0): Releasing backup interface [ 213.786283][T10267] FAULT_INJECTION: forcing a failure. [ 213.786283][T10267] name failslab, interval 1, probability 0, space 0, times 0 [ 213.791401][T10267] CPU: 0 UID: 0 PID: 10267 Comm: syz.0.1138 Not tainted 6.13.0-syzkaller #0 [ 213.794008][T10267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 213.797611][T10267] Call Trace: [ 213.798576][T10267] [ 213.799452][T10267] dump_stack_lvl+0x16c/0x1f0 [ 213.800827][T10267] should_fail_ex+0x497/0x5b0 [ 213.802196][T10267] should_failslab+0xc2/0x120 [ 213.803593][T10267] __kmalloc_noprof+0xce/0x4f0 [ 213.805202][T10267] ? __pfx___lock_acquire+0x10/0x10 [ 213.806733][T10267] ? ___neigh_create+0x1530/0x2990 [ 213.808202][T10267] ___neigh_create+0x1530/0x2990 [ 213.809654][T10267] ? rcu_is_watching+0x12/0xc0 [ 213.811060][T10267] ? trace_lock_acquire+0x14e/0x1f0 [ 213.812563][T10267] ? __pfx____neigh_create+0x10/0x10 [ 213.814147][T10267] ip6_finish_output2+0x111b/0x2070 [ 213.815659][T10267] ip6_finish_output+0x3f9/0x1360 [ 213.817107][T10267] ip6_output+0x1f8/0x540 [ 213.818421][T10267] ? __pfx_ip6_output+0x10/0x10 [ 213.819866][T10267] ndisc_send_skb+0xa69/0x1c50 [ 213.821255][T10267] ? __pfx_ndisc_send_skb+0x10/0x10 [ 213.822758][T10267] ? __pfx_dst_output+0x10/0x10 [ 213.824257][T10267] ? skb_set_owner_w+0x320/0x710 [ 213.825703][T10267] ? __pfx_ipv6_get_ifaddr+0x10/0x10 [ 213.827282][T10267] ? skb_put+0x138/0x1b0 [ 213.828562][T10267] ndisc_send_rs+0x129/0x670 [ 213.829956][T10267] inet6_set_link_af+0x93b/0xe40 [ 213.831447][T10267] ? __pfx_inet6_set_link_af+0x10/0x10 [ 213.833073][T10267] ? rtnl_af_lookup+0x19c/0x330 [ 213.834601][T10267] ? lock_acquire+0x2f/0xb0 [ 213.835965][T10267] ? rtnl_af_lookup+0x130/0x330 [ 213.837382][T10267] ? do_setlink.constprop.0+0x298d/0x3f20 [ 213.839084][T10267] do_setlink.constprop.0+0x298d/0x3f20 [ 213.840717][T10267] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 213.842561][T10267] ? bpf_trace_run2+0x2a6/0x590 [ 213.844146][T10267] ? __pfx_bpf_trace_run2+0x10/0x10 [ 213.846267][T10267] ? __pfx___mutex_trylock_common+0x10/0x10 [ 213.847912][T10267] ? rtnl_newlink+0x5e4/0x1d70 [ 213.849229][T10267] ? rcu_is_watching+0x12/0xc0 [ 213.850572][T10267] ? trace_contention_end+0xee/0x140 [ 213.852086][T10267] ? __mutex_lock+0x1cc/0xa60 [ 213.853522][T10267] ? rtnl_newlink+0x5e4/0x1d70 [ 213.854928][T10267] ? __pfx___mutex_lock+0x10/0x10 [ 213.856371][T10267] ? apparmor_capable+0x114/0x1d0 [ 213.857837][T10267] ? netlink_ns_capable+0xfa/0x130 [ 213.859292][T10267] rtnl_newlink+0x131c/0x1d70 [ 213.860590][T10267] ? __pfx_rtnl_newlink+0x10/0x10 [ 213.862003][T10267] ? __pfx___lock_acquire+0x10/0x10 [ 213.863545][T10267] ? kmem_cache_free+0x152/0x4c0 [ 213.865376][T10267] ? aa_get_newest_label+0x376/0x680 [ 213.867315][T10267] ? find_held_lock+0x2d/0x110 [ 213.868696][T10267] ? find_held_lock+0x2d/0x110 [ 213.870072][T10267] ? rtnetlink_rcv_msg+0x93a/0xea0 [ 213.871497][T10267] ? __pfx_lock_release+0x10/0x10 [ 213.872889][T10267] ? trace_lock_acquire+0x14e/0x1f0 [ 213.874427][T10267] ? __pfx_rtnl_newlink+0x10/0x10 [ 213.875896][T10267] rtnetlink_rcv_msg+0x95b/0xea0 [ 213.877348][T10267] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 213.878918][T10267] ? __pfx___dev_queue_xmit+0x10/0x10 [ 213.880459][T10267] netlink_rcv_skb+0x165/0x410 [ 213.881833][T10267] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 213.883390][T10267] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 213.885306][T10267] ? netlink_deliver_tap+0x1ae/0xca0 [ 213.887180][T10267] netlink_unicast+0x53c/0x7f0 [ 213.888565][T10267] ? __pfx_netlink_unicast+0x10/0x10 [ 213.890083][T10267] ? __phys_addr_symbol+0x30/0x80 [ 213.891601][T10267] ? __check_object_size+0x488/0x710 [ 213.893137][T10267] netlink_sendmsg+0x8b8/0xd70 [ 213.894601][T10267] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.896149][T10267] ____sys_sendmsg+0x9ae/0xb40 [ 213.897540][T10267] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.899080][T10267] ? get_compat_msghdr+0x11b/0x170 [ 213.900552][T10267] ___sys_sendmsg+0x135/0x1e0 [ 213.901862][T10267] ? __pfx____sys_sendmsg+0x10/0x10 [ 213.902126][T10265] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1137'. [ 213.903283][T10267] ? __pfx_lock_release+0x10/0x10 [ 213.908393][T10267] ? trace_lock_acquire+0x14e/0x1f0 [ 213.909898][T10267] ? __fget_files+0x206/0x3a0 [ 213.911267][T10267] __sys_sendmsg+0x16e/0x220 [ 213.912602][T10267] ? __pfx___sys_sendmsg+0x10/0x10 [ 213.914063][T10267] __do_fast_syscall_32+0x73/0x120 [ 213.915948][T10267] do_fast_syscall_32+0x32/0x80 [ 213.917371][T10267] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.919198][T10267] RIP: 0023:0xf7f25579 [ 213.920378][T10267] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 213.925785][T10267] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 213.928111][T10267] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 213.930268][T10267] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 213.932569][T10267] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 213.934788][T10267] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 213.937006][T10267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 213.939218][T10267] [ 214.349674][ T1907] usb 7-1: USB disconnect, device number 17 [ 214.352374][ T1907] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 214.841464][ T66] Bluetooth: hci2: command 0x040f tx timeout [ 214.843844][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 214.846213][ T5950] Bluetooth: hci1: command 0x040f tx timeout [ 215.203320][T10283] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 215.206058][T10283] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 215.208638][T10283] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 215.211605][T10283] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 215.398269][T10296] FAULT_INJECTION: forcing a failure. [ 215.398269][T10296] name failslab, interval 1, probability 0, space 0, times 0 [ 215.403640][T10296] CPU: 2 UID: 0 PID: 10296 Comm: syz.0.1143 Not tainted 6.13.0-syzkaller #0 [ 215.406969][T10296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.411104][T10296] Call Trace: [ 215.412409][T10296] [ 215.413548][T10296] dump_stack_lvl+0x16c/0x1f0 [ 215.414879][T10296] should_fail_ex+0x497/0x5b0 [ 215.416347][T10296] ? fs_reclaim_acquire+0xae/0x150 [ 215.418367][T10296] should_failslab+0xc2/0x120 [ 215.420262][T10296] __kmalloc_node_noprof+0xd1/0x520 [ 215.422302][T10296] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 215.424412][T10296] __kvmalloc_node_noprof+0xad/0x1a0 [ 215.425904][T10296] traverse.part.0.constprop.0+0x392/0x640 [ 215.427563][T10296] ? __pfx_lock_release+0x10/0x10 [ 215.428976][T10296] ? trace_lock_acquire+0x14e/0x1f0 [ 215.430428][T10296] seq_read_iter+0x934/0x12b0 [ 215.431775][T10296] seq_read+0x39f/0x4e0 [ 215.432960][T10296] ? __pfx_seq_read+0x10/0x10 [ 215.434332][T10296] ? copy_compat_iovec_from_user+0x140/0x180 [ 215.436029][T10296] ? import_ubuf+0x1b6/0x220 [ 215.437383][T10296] ? __pfx_seq_read+0x10/0x10 [ 215.438715][T10296] proc_reg_read+0x23d/0x330 [ 215.440002][T10296] ? __pfx_proc_reg_read+0x10/0x10 [ 215.441430][T10296] vfs_readv+0x6bf/0x890 [ 215.442625][T10296] ? __pfx___lock_acquire+0x10/0x10 [ 215.444443][T10296] ? find_held_lock+0x2d/0x110 [ 215.446091][T10296] ? __pfx_vfs_readv+0x10/0x10 [ 215.447758][T10296] ? __fget_files+0x1fc/0x3a0 [ 215.449075][T10296] ? __pfx_lock_release+0x10/0x10 [ 215.450506][T10296] ? __fget_files+0x206/0x3a0 [ 215.451854][T10296] ? do_preadv+0x1b1/0x270 [ 215.453118][T10296] do_preadv+0x1b1/0x270 [ 215.454385][T10296] ? __pfx_do_preadv+0x10/0x10 [ 215.455723][T10296] __do_fast_syscall_32+0x73/0x120 [ 215.457146][T10296] do_fast_syscall_32+0x32/0x80 [ 215.458480][T10296] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.460221][T10296] RIP: 0023:0xf7f25579 [ 215.461414][T10296] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 215.466778][T10296] RSP: 002b:00000000f505555c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 215.469119][T10296] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00000000200000c0 [ 215.471314][T10296] RDX: 0000000000000001 RSI: 000000000000012e RDI: 0000000000000000 [ 215.473606][T10296] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 215.476067][T10296] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 215.478228][T10296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.480366][T10296] [ 216.012837][T10299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1144'. [ 216.601240][ T66] Bluetooth: hci0: command 0x041b tx timeout [ 216.904354][T10309] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 216.956085][T10309] fuse: Bad value for 'rootmode' [ 217.232350][ T832] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 217.241066][ T66] Bluetooth: hci2: command 0x040f tx timeout [ 217.243393][ T66] Bluetooth: hci1: command 0x040f tx timeout [ 217.324114][ T66] Bluetooth: hci3: command 0x041b tx timeout [ 217.381220][ T832] usb 6-1: Using ep0 maxpacket: 32 [ 217.384856][ T832] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 217.389150][ T832] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 217.393726][ T832] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 217.397071][ T832] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 217.403012][ T832] usb 6-1: config 0 interface 0 has no altsetting 0 [ 217.409218][ T832] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 217.418989][ T832] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 217.428162][ T832] usb 6-1: Product: syz [ 217.430144][ T832] usb 6-1: Manufacturer: syz [ 217.432550][ T832] usb 6-1: SerialNumber: syz [ 217.439851][ T832] usb 6-1: config 0 descriptor?? [ 217.443717][ T832] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 217.448257][ T832] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 218.235811][ T6099] usb 6-1: USB disconnect, device number 28 [ 218.241913][ T6099] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 218.442993][T10342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1156'. [ 218.598531][T10324] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 218.600398][T10324] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 218.602203][T10324] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 218.603975][T10324] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 218.695842][T10346] usb usb4: usbfs: process 10346 (syz.2.1158) did not claim interface 0 before use [ 219.419878][T10361] binder: 10360:10361 ioctl 4018620d 0 returned -22 [ 219.626003][T10354] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 219.627881][T10354] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 219.630764][T10354] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 219.632631][T10354] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 220.101186][ T57] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 220.251085][ T57] usb 7-1: Using ep0 maxpacket: 32 [ 220.254087][ T57] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 220.256866][ T57] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 220.260428][ T57] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 220.263748][ T57] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 220.267784][ T57] usb 7-1: config 0 interface 0 has no altsetting 0 [ 220.271390][ T57] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 220.274059][ T57] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 220.276501][ T57] usb 7-1: Product: syz [ 220.277981][ T57] usb 7-1: Manufacturer: syz [ 220.279392][ T57] usb 7-1: SerialNumber: syz [ 220.282309][ T57] usb 7-1: config 0 descriptor?? [ 220.285464][ T57] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 220.288856][ T57] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 220.536149][T10388] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 220.538089][T10388] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 220.540809][T10388] vhci_hcd vhci_hcd.0: Device attached [ 220.653292][T10394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1170'. [ 220.721177][ T832] vhci_hcd: vhci_device speed not set [ 220.811122][ T832] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 221.011113][ T66] Bluetooth: hci0: command 0x041b tx timeout [ 221.055902][ T75] usb 7-1: USB disconnect, device number 18 [ 221.132199][ T75] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 221.641509][ T66] Bluetooth: hci2: command 0x040f tx timeout [ 221.641539][ T5952] Bluetooth: hci1: command 0x040f tx timeout [ 221.715259][T10407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1171'. [ 221.721033][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 221.878746][T10391] vhci_hcd: connection reset by peer [ 221.887199][ T1199] vhci_hcd: stop threads [ 221.888490][ T1199] vhci_hcd: release socket [ 221.889866][ T1199] vhci_hcd: disconnect device [ 222.221270][ T63] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 222.371071][ T63] usb 7-1: Using ep0 maxpacket: 32 [ 222.373872][ T63] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 222.376299][ T63] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 222.379449][ T63] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 222.383029][ T63] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 222.386635][ T63] usb 7-1: config 0 interface 0 has no altsetting 0 [ 222.390936][ T63] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 222.393605][ T63] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 222.398856][ T63] usb 7-1: Product: syz [ 222.400283][ T63] usb 7-1: Manufacturer: syz [ 222.402350][ T63] usb 7-1: SerialNumber: syz [ 222.413131][ T63] usb 7-1: config 0 descriptor?? [ 222.416425][ T63] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 222.419475][ T63] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 222.880910][T10429] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1177'. [ 222.902133][T10429] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 222.904634][T10429] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 222.906985][T10429] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 222.909288][T10429] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 222.980666][T10420] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 222.982558][T10420] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 222.984489][T10420] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 222.986277][T10420] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 223.255068][ T57] usb 7-1: USB disconnect, device number 19 [ 223.258254][ T57] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 223.290978][ T1907] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 223.440971][ T1907] usb 6-1: Using ep0 maxpacket: 32 [ 223.455083][ T1907] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 223.457834][ T1907] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 223.487682][ T1907] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 223.491052][ T1907] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 223.494926][ T1907] usb 6-1: config 0 interface 0 has no altsetting 0 [ 223.525134][ T1907] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 223.527764][ T1907] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 223.530283][ T1907] usb 6-1: Product: syz [ 223.531572][ T1907] usb 6-1: Manufacturer: syz [ 223.532869][ T1907] usb 6-1: SerialNumber: syz [ 223.535079][ T1907] usb 6-1: config 0 descriptor?? [ 223.538031][ T1907] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 223.548546][ T1907] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 223.769188][T10442] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 223.881361][T10436] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 223.883939][T10436] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 223.886124][T10436] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 223.888001][T10436] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 224.331171][ T1907] usb 6-1: USB disconnect, device number 29 [ 224.333758][ T1907] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 224.806425][T10465] syz.3.1186: attempt to access beyond end of device [ 224.806425][T10465] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 224.811417][T10465] syz.3.1186: attempt to access beyond end of device [ 224.811417][T10465] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 225.250956][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 225.951054][ T832] vhci_hcd: vhci_device speed not set [ 225.963952][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 225.966330][ T5952] Bluetooth: hci1: command 0x040f tx timeout [ 225.968572][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 227.308552][T10489] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 227.310340][T10489] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 227.312387][T10489] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 227.314634][T10489] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 228.107750][T10496] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 228.109703][T10496] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 228.111592][T10496] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 228.113419][T10496] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 228.236995][T10501] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 228.238902][T10501] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 228.240677][T10501] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 228.242581][T10501] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 228.417427][T10510] can0: slcan on ttyS3. [ 229.298703][T10525] netlink: 'syz.0.1193': attribute type 9 has an invalid length. [ 229.331936][T10504] can0 (unregistered): slcan off ttyS3. [ 229.706272][T10544] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 229.708705][T10544] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 229.710452][T10544] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 229.717166][T10544] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 229.961442][ T63] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 229.979551][T10566] sp0: Synchronizing with TNC [ 230.131572][ T63] usb 7-1: Using ep0 maxpacket: 32 [ 230.134747][ T63] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 230.137521][ T63] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 230.140685][ T63] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 230.144252][ T63] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 230.148181][ T63] usb 7-1: config 0 interface 0 has no altsetting 0 [ 230.151758][ T63] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 230.154455][ T63] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 230.156916][ T63] usb 7-1: Product: syz [ 230.158194][ T63] usb 7-1: Manufacturer: syz [ 230.159617][ T63] usb 7-1: SerialNumber: syz [ 230.163278][ T63] usb 7-1: config 0 descriptor?? [ 230.166427][ T63] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 230.169909][ T63] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 230.404785][T10571] Process accounting resumed [ 230.451982][T10557] ceph: No mds server is up or the cluster is laggy [ 230.912536][T10596] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 230.926819][ T63] usb 7-1: USB disconnect, device number 20 [ 230.929351][ T63] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 231.020944][T10598] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 231.022798][T10598] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 231.024507][T10598] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 231.026248][T10598] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 231.381004][ T8] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 231.611198][ T8] usb 6-1: Using ep0 maxpacket: 32 [ 231.616461][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.619689][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.623778][ T8] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 231.626570][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.631396][ T8] usb 6-1: config 0 descriptor?? [ 232.274621][T10613] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 232.276681][T10613] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 232.278467][T10613] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 232.280234][T10613] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 232.294239][T10650] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 233.650985][ T5948] Bluetooth: hci0: command 0x041b tx timeout [ 233.703930][T10680] program syz.0.1227 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 233.805314][T10683] kvm: pic: level sensitive irq not supported [ 233.805795][T10683] kvm: pic: non byte read [ 233.810003][T10683] kvm: pic: level sensitive irq not supported [ 233.810226][T10683] kvm: pic: non byte read [ 234.361374][ T5948] Bluetooth: hci3: command 0x041b tx timeout [ 234.363831][ T5948] Bluetooth: hci1: command 0x040f tx timeout [ 234.367998][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 234.491050][ T8] usbhid 6-1:0.0: can't add hid device: -71 [ 234.492845][ T8] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 234.499398][ T8] usb 6-1: USB disconnect, device number 30 [ 234.864627][T10687] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 234.866588][T10687] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 234.868362][T10687] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 234.870102][T10687] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 235.011020][T10695] nbd2: detected capacity change from 0 to 67108884 [ 235.071125][T10693] nbd2: detected capacity change from 67108884 to 254 [ 235.075893][ T9537] block nbd2: Send control failed (result -89) [ 235.077750][ T9537] block nbd2: Request send failed, requeueing [ 235.080051][ T66] block nbd2: Receive control failed (result -32) [ 235.085766][ T6667] block nbd2: Dead connection, failed to find a fallback [ 235.088730][ T6667] block nbd2: shutting down sockets [ 235.090724][ T6667] blk_print_req_error: 64 callbacks suppressed [ 235.090735][ T6667] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.095667][ T6667] buffer_io_error: 64 callbacks suppressed [ 235.095677][ T6667] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.099891][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.102863][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.105274][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.107969][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.110336][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.113068][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.115645][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.118274][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.120538][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.125169][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.127480][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.130023][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.133568][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.136219][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.138436][ T9537] ldm_validate_partition_table(): Disk read failed. [ 235.140346][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.145118][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.147476][ T9537] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.149990][ T9537] Buffer I/O error on dev nbd2, logical block 0, async page read [ 235.152509][ T9537] Dev nbd2: unable to read RDB block 0 [ 235.153067][T10704] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 235.154225][ T9537] nbd2: unable to read partition table [ 235.266375][ T9537] ldm_validate_partition_table(): Disk read failed. [ 235.268902][ T9537] Dev nbd2: unable to read RDB block 0 [ 235.270649][ T9537] nbd2: unable to read partition table [ 235.279708][ T9537] ldm_validate_partition_table(): Disk read failed. [ 235.282022][ T9537] Dev nbd2: unable to read RDB block 0 [ 235.283812][ T9537] nbd2: unable to read partition table [ 235.286818][ T9537] ldm_validate_partition_table(): Disk read failed. [ 235.288966][ T9537] Dev nbd2: unable to read RDB block 0 [ 235.290764][ T9537] nbd2: unable to read partition table [ 235.926147][T10711] overlayfs: failed to resolve './file1': -2 [ 235.930805][T10711] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1235'. [ 235.934915][T10711] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1235'. [ 236.201045][ T66] Bluetooth: hci0: command 0x041b tx timeout [ 236.931185][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 236.933145][ T5952] Bluetooth: hci1: command 0x040f tx timeout [ 236.934013][ T66] Bluetooth: hci2: command 0x040f tx timeout [ 237.556195][T10724] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 237.558686][T10724] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 237.560482][T10724] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 237.562387][T10724] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 237.924952][T10748] netlink: 700 bytes leftover after parsing attributes in process `syz.2.1243'. [ 238.309744][T10753] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 238.311734][T10753] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 238.313653][T10753] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 238.315670][T10753] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 238.830814][T10781] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1251'. [ 238.861313][T10787] FAULT_INJECTION: forcing a failure. [ 238.861313][T10787] name failslab, interval 1, probability 0, space 0, times 0 [ 238.865046][T10787] CPU: 1 UID: 0 PID: 10787 Comm: syz.1.1252 Not tainted 6.13.0-syzkaller #0 [ 238.867440][T10787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 238.870407][T10787] Call Trace: [ 238.871338][T10787] [ 238.872167][T10787] dump_stack_lvl+0x16c/0x1f0 [ 238.873494][T10787] should_fail_ex+0x497/0x5b0 [ 238.874825][T10787] ? fs_reclaim_acquire+0xae/0x150 [ 238.876302][T10787] should_failslab+0xc2/0x120 [ 238.877653][T10787] __kmalloc_noprof+0xce/0x4f0 [ 238.879009][T10787] ? bpf_test_init.isra.0+0xa5/0x150 [ 238.880482][T10787] bpf_test_init.isra.0+0xa5/0x150 [ 238.881903][T10787] bpf_prog_test_run_xdp+0x4f0/0x1570 [ 238.883397][T10787] ? lock_acquire+0x2f/0xb0 [ 238.884648][T10787] ? __fget_files+0x40/0x3a0 [ 238.885936][T10787] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 238.887601][T10787] ? __fget_files+0x206/0x3a0 [ 238.888912][T10787] ? fput+0x67/0x440 [ 238.890016][T10787] ? __bpf_prog_get+0xa0/0x290 [ 238.891351][T10787] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 238.892973][T10787] __sys_bpf+0x1921/0x57a0 [ 238.894200][T10787] ? __pfx_lock_release+0x10/0x10 [ 238.895560][T10787] ? __pfx___sys_bpf+0x10/0x10 [ 238.896873][T10787] ? vfs_write+0x306/0x1150 [ 238.898116][T10787] ? __mutex_unlock_slowpath+0x164/0x690 [ 238.899675][T10787] ? fput+0x67/0x440 [ 238.900758][T10787] ? ksys_write+0x1ba/0x250 [ 238.902027][T10787] ? __pfx_ksys_write+0x10/0x10 [ 238.903371][T10787] __ia32_sys_bpf+0x76/0xe0 [ 238.904646][T10787] __do_fast_syscall_32+0x73/0x120 [ 238.906116][T10787] do_fast_syscall_32+0x32/0x80 [ 238.907510][T10787] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 238.909256][T10787] RIP: 0023:0xf710e579 [ 238.910397][T10787] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 238.915786][T10787] RSP: 002b:00000000f510055c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 238.918102][T10787] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020001a00 [ 238.920287][T10787] RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000000 [ 238.922475][T10787] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 238.924646][T10787] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 238.926838][T10787] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 238.929009][T10787] [ 239.200957][ T75] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 239.363793][T10797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1254'. [ 239.380925][ T75] usb 6-1: Using ep0 maxpacket: 32 [ 239.383574][ T75] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 239.386226][ T75] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 239.391023][ T75] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 239.394315][ T75] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.396622][ T75] usb 6-1: Product: syz [ 239.397863][ T75] usb 6-1: Manufacturer: syz [ 239.399292][ T75] usb 6-1: SerialNumber: syz [ 239.572617][T10799] pim6reg: entered allmulticast mode [ 239.607452][ T75] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 31 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 239.634600][T10799] pim6reg: left allmulticast mode [ 239.687197][T10800] ip6t_REJECT: ECHOREPLY is not supported [ 239.797470][T10807] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1257'. [ 239.883887][T10809] block nbd2: shutting down sockets [ 239.908485][T10791] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 239.908485][T10791] program syz.1.1253 not setting count and/or reply_len properly [ 239.916224][ T30] usb 6-1: USB disconnect, device number 31 [ 239.918599][ T30] usblp0: removed [ 240.281119][ T5948] Bluetooth: hci0: command 0x041b tx timeout [ 240.361099][ T5948] Bluetooth: hci3: command 0x041b tx timeout [ 240.362988][ T5948] Bluetooth: hci2: command 0x040f tx timeout [ 240.364703][ T66] Bluetooth: hci1: command 0x040f tx timeout [ 240.403794][T10831] FAULT_INJECTION: forcing a failure. [ 240.403794][T10831] name failslab, interval 1, probability 0, space 0, times 0 [ 240.407476][T10831] CPU: 0 UID: 0 PID: 10831 Comm: syz.2.1264 Not tainted 6.13.0-syzkaller #0 [ 240.409938][T10831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 240.412932][T10831] Call Trace: [ 240.413884][T10831] [ 240.414716][T10831] dump_stack_lvl+0x16c/0x1f0 [ 240.416038][T10831] should_fail_ex+0x497/0x5b0 [ 240.417378][T10831] ? fs_reclaim_acquire+0xae/0x150 [ 240.418806][T10831] should_failslab+0xc2/0x120 [ 240.420146][T10831] __kmalloc_node_noprof+0xd1/0x520 [ 240.421590][T10831] ? trace_kmalloc+0x2d/0xd0 [ 240.422911][T10831] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 240.424423][T10831] __kvmalloc_node_noprof+0xad/0x1a0 [ 240.425932][T10831] io_futex_cache_init+0x26/0x130 [ 240.427353][T10831] io_uring_setup+0x9fb/0x3230 [ 240.428709][T10831] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 240.430410][T10831] ? __pfx_io_uring_setup+0x10/0x10 [ 240.431892][T10831] ? __fget_files+0x206/0x3a0 [ 240.433246][T10831] ? ksys_write+0x1ba/0x250 [ 240.434518][T10831] ? __pfx_ksys_write+0x10/0x10 [ 240.435879][T10831] __ia32_sys_io_uring_setup+0x97/0x140 [ 240.437449][T10831] __do_fast_syscall_32+0x73/0x120 [ 240.438881][T10831] do_fast_syscall_32+0x32/0x80 [ 240.440258][T10831] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 240.442018][T10831] RIP: 0023:0xf7f97579 [ 240.443132][T10831] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 240.448485][T10831] RSP: 002b:00000000f50e650c EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 240.450780][T10831] RAX: ffffffffffffffda RBX: 0000000000000819 RCX: 0000000020000540 [ 240.453004][T10831] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 240.455232][T10831] RBP: 0000000020000100 R08: 0000000000000000 R09: 0000000000000000 [ 240.457497][T10831] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 240.459789][T10831] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 240.462072][T10831] [ 240.884067][T10846] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 240.884067][T10846] program syz.0.1265 not setting count and/or reply_len properly [ 241.551422][T10856] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 241.554889][T10856] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 241.557296][T10856] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 241.613806][T10856] infiniband syz1: set down [ 241.616541][T10856] infiniband syz1: added ipvlan0 [ 241.632675][T10856] RDS/IB: syz1: added [ 241.633879][T10856] smc: adding ib device syz1 with port count 1 [ 241.635582][T10856] smc: ib device syz1 port 1 has pnetid [ 241.869716][T10871] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 241.871757][T10871] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 241.873537][T10871] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 241.875412][T10871] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 243.917299][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 243.920029][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 243.921071][ T5948] Bluetooth: hci1: command 0x040f tx timeout [ 244.455414][T10918] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 244.457383][T10918] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 244.459171][T10918] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 244.461079][T10918] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 244.541008][T10927] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 244.542844][T10927] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 244.564166][T10927] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 244.565876][T10927] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 244.596299][T10934] FAULT_INJECTION: forcing a failure. [ 244.596299][T10934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.599981][T10934] CPU: 2 UID: 0 PID: 10934 Comm: syz.1.1287 Not tainted 6.13.0-syzkaller #0 [ 244.602428][T10934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 244.605393][T10934] Call Trace: [ 244.606323][T10934] [ 244.607186][T10934] dump_stack_lvl+0x16c/0x1f0 [ 244.608528][T10934] should_fail_ex+0x497/0x5b0 [ 244.609852][T10934] _copy_to_user+0x32/0xd0 [ 244.611088][T10934] simple_read_from_buffer+0xd0/0x160 [ 244.612568][T10934] proc_fail_nth_read+0x198/0x270 [ 244.613977][T10934] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 244.615561][T10934] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 244.617161][T10934] vfs_read+0x1df/0xbe0 [ 244.618392][T10934] ? __fget_files+0x1fc/0x3a0 [ 244.619763][T10934] ? __pfx___mutex_lock+0x10/0x10 [ 244.621266][T10934] ? __pfx_vfs_read+0x10/0x10 [ 244.622636][T10934] ? __fget_files+0x206/0x3a0 [ 244.623993][T10934] ksys_read+0x12b/0x250 [ 244.625216][T10934] ? __pfx_ksys_read+0x10/0x10 [ 244.626622][T10934] __do_fast_syscall_32+0x73/0x120 [ 244.628145][T10934] do_fast_syscall_32+0x32/0x80 [ 244.629567][T10934] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 244.631410][T10934] RIP: 0023:0xf710e579 [ 244.632594][T10934] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 244.638111][T10934] RSP: 002b:00000000f5100590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 244.640470][T10934] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f5100620 [ 244.642622][T10934] RDX: 000000000000000f RSI: 00000000f7443ff4 RDI: 0000000000000000 [ 244.644729][T10934] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 244.646980][T10934] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 244.649244][T10934] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 244.651527][T10934] [ 245.618666][T10961] netlink: 'syz.1.1294': attribute type 8 has an invalid length. [ 245.805645][T10968] random: crng reseeded on system resumption [ 245.828741][T10971] netlink: 'syz.1.1297': attribute type 5 has an invalid length. [ 246.600966][ T66] Bluetooth: hci1: command 0x040f tx timeout [ 246.601146][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 246.681303][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 246.681505][ T66] Bluetooth: hci2: command 0x040f tx timeout [ 246.876733][T10979] netlink: 'syz.3.1298': attribute type 9 has an invalid length. [ 247.283873][T10995] FAULT_INJECTION: forcing a failure. [ 247.283873][T10995] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 247.288904][T10995] CPU: 3 UID: 0 PID: 10995 Comm: syz.3.1302 Not tainted 6.13.0-syzkaller #0 [ 247.292242][T10995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 247.296332][T10995] Call Trace: [ 247.297329][T10995] [ 247.298316][T10995] dump_stack_lvl+0x16c/0x1f0 [ 247.300157][T10995] should_fail_ex+0x497/0x5b0 [ 247.301969][T10995] _copy_to_user+0x32/0xd0 [ 247.303732][T10995] snd_seq_ioctl+0x33e/0x3f0 [ 247.305499][T10995] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 247.307371][T10995] ? __fget_files+0x206/0x3a0 [ 247.308854][T10995] snd_seq_ioctl_compat+0xea/0x310 [ 247.310404][T10995] ? __pfx_snd_seq_ioctl_compat+0x10/0x10 [ 247.312719][T10995] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 247.314370][T10995] __do_fast_syscall_32+0x73/0x120 [ 247.316014][T10995] do_fast_syscall_32+0x32/0x80 [ 247.317885][T10995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 247.319986][T10995] RIP: 0023:0xf7fdf579 [ 247.321536][T10995] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 247.328066][T10995] RSP: 002b:00000000f513655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 247.330870][T10995] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0bc5351 [ 247.333191][T10995] RDX: 0000000020000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 247.335505][T10995] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 247.337802][T10995] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 247.340535][T10995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 247.342849][T10995] [ 247.343828][ C3] vkms_vblank_simulate: vblank timer overrun [ 247.530051][ T39] audit: type=1326 audit(1737416814.973:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11000 comm="syz.2.1305" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7fc00000 [ 248.322579][ T39] audit: type=1326 audit(1737416815.753:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11000 comm="syz.2.1305" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f97579 code=0x7fc00000 [ 248.761118][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 248.912661][T11013] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 248.914553][T11013] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 248.916445][T11013] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 248.918443][T11013] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 249.141417][T11026] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 249.143843][T11026] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 249.146726][T11026] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 249.149082][T11026] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 250.010712][T11046] netlink: 6916 bytes leftover after parsing attributes in process `syz.0.1316'. [ 250.355742][T11056] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 250.358281][T11056] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 250.360746][T11056] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 250.364254][T11056] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 250.457964][T11069] vxcan1: tx address claim with dlc 1 [ 250.611752][T11075] bridge_slave_0: entered promiscuous mode [ 250.788517][ T39] audit: type=1326 audit(1737416818.233:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.1.1325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 250.801366][ T39] audit: type=1326 audit(1737416818.243:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.1.1325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 250.809501][ T39] audit: type=1326 audit(1737416818.243:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.1.1325" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 250.824206][ T39] audit: type=1326 audit(1737416818.243:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.1.1325" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 250.830181][ T39] audit: type=1326 audit(1737416818.243:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.1.1325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 250.837094][ T39] audit: type=1326 audit(1737416818.243:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.1.1325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 251.650935][ T39] audit: type=1326 audit(1737416819.083:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.1.1325" exe="/syz-executor" sig=0 arch=40000003 syscall=383 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 251.656609][ T39] audit: type=1326 audit(1737416819.083:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11076 comm="syz.1.1325" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 251.807771][T11093] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 252.352210][T11103] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1329'. [ 252.360967][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 252.361001][ T66] Bluetooth: hci1: command 0x040f tx timeout [ 252.362967][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 252.440969][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 252.554538][T11114] futex_wake_op: syz.3.1331 tries to shift op by 144; fix this program [ 252.555388][ T39] kauditd_printk_skb: 35 callbacks suppressed [ 252.555397][ T39] audit: type=1326 audit(1737416820.003:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x7ffc0000 [ 252.565635][ T39] audit: type=1326 audit(1737416820.003:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x7ffc0000 [ 252.571718][ T39] audit: type=1326 audit(1737416820.013:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fdf579 code=0x7ffc0000 [ 252.577823][ T39] audit: type=1326 audit(1737416820.013:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x7ffc0000 [ 252.584570][ T39] audit: type=1326 audit(1737416820.013:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x7ffc0000 [ 252.591019][ T39] audit: type=1326 audit(1737416820.013:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7fdf579 code=0x7ffc0000 [ 252.597460][ T39] audit: type=1326 audit(1737416820.013:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x7ffc0000 [ 252.603798][ T39] audit: type=1326 audit(1737416820.013:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11105 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x7ffc0000 [ 252.605281][T11112] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 252.613466][T11112] FAULT_INJECTION: forcing a failure. [ 252.613466][T11112] name failslab, interval 1, probability 0, space 0, times 0 [ 252.617184][T11112] CPU: 0 UID: 0 PID: 11112 Comm: syz.1.1334 Not tainted 6.13.0-syzkaller #0 [ 252.619722][T11112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 252.623242][T11112] Call Trace: [ 252.624619][T11112] [ 252.625767][T11112] dump_stack_lvl+0x16c/0x1f0 [ 252.627174][T11112] should_fail_ex+0x497/0x5b0 [ 252.628595][T11112] ? fs_reclaim_acquire+0xae/0x150 [ 252.630364][T11112] should_failslab+0xc2/0x120 [ 252.632036][T11112] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 252.633700][T11112] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 252.635470][T11112] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 252.637210][T11112] ? vmx_set_apic_access_page_addr+0x6a4/0x900 [ 252.639014][T11112] mmu_topup_memory_caches+0x22/0xd0 [ 252.640549][T11112] kvm_mmu_load+0xda/0x21f0 [ 252.642047][T11112] ? kvm_apic_has_interrupt+0xb6/0x190 [ 252.643758][T11112] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 252.645476][T11112] ? _raw_read_unlock+0x28/0x50 [ 252.646935][T11112] ? vmx_set_apic_access_page_addr+0x1a0/0x900 [ 252.648728][T11112] ? kvm_apic_accept_pic_intr+0xe8/0x1a0 [ 252.650373][T11112] ? __pfx_kvm_mmu_load+0x10/0x10 [ 252.651847][T11112] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 252.653581][T11112] ? kvm_check_and_inject_events+0x725/0x12e0 [ 252.655352][T11112] ? record_steal_time+0x51/0xbe0 [ 252.656812][T11112] vcpu_run+0x2e2e/0x4c00 [ 252.658044][T11112] ? __pfx_vmx_vcpu_load_vmcs+0x10/0x10 [ 252.659639][T11112] ? __pfx_vcpu_run+0x10/0x10 [ 252.661021][T11112] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 252.662726][T11112] ? rcu_is_watching+0x12/0xc0 [ 252.664118][T11112] ? trace_lock_acquire+0x14e/0x1f0 [ 252.665623][T11112] ? __local_bh_enable_ip+0xa4/0x120 [ 252.667162][T11112] ? lockdep_hardirqs_on+0x7c/0x110 [ 252.668674][T11112] ? kvm_arch_vcpu_ioctl_run+0x150/0x1740 [ 252.670340][T11112] ? lock_acquire+0x2f/0xb0 [ 252.671657][T11112] ? kvm_arch_vcpu_ioctl_run+0x44a/0x1740 [ 252.673346][T11112] kvm_arch_vcpu_ioctl_run+0x44a/0x1740 [ 252.674884][T11112] kvm_vcpu_ioctl+0x6ce/0x1520 [ 252.676193][T11112] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 252.677762][T11112] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 252.679228][T11112] ? tomoyo_path_number_perm+0x190/0x5b0 [ 252.680864][T11112] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 252.682619][T11112] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 252.684329][T11112] ? do_vfs_ioctl+0x513/0x1950 [ 252.685720][T11112] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 252.687224][T11112] ? __pfx_lock_release+0x10/0x10 [ 252.688681][T11112] ? trace_lock_acquire+0x14e/0x1f0 [ 252.690189][T11112] kvm_vcpu_compat_ioctl+0x210/0x3f0 [ 252.691731][T11112] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 252.693511][T11112] ? __fget_files+0x206/0x3a0 [ 252.694893][T11112] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 252.696584][T11112] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 252.698087][T11112] __do_fast_syscall_32+0x73/0x120 [ 252.699545][T11112] do_fast_syscall_32+0x32/0x80 [ 252.700912][T11112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.702750][T11112] RIP: 0023:0xf710e579 [ 252.703894][T11112] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 252.709356][T11112] RSP: 002b:00000000f510055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 252.711726][T11112] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80 [ 252.714195][T11112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 252.716519][T11112] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 252.718955][T11112] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 252.722049][T11112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 252.725161][T11112] [ 254.527956][T11156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1343'. [ 254.540275][T11156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1343'. [ 254.552916][T11156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1343'. [ 254.562422][T11156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1343'. [ 254.575969][T11156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1343'. [ 254.584275][T11156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1343'. [ 254.594271][T11156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1343'. [ 254.599712][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 254.839548][T11162] netlink: 'syz.2.1346': attribute type 1 has an invalid length. [ 254.845812][T11162] netlink: 'syz.2.1346': attribute type 1 has an invalid length. [ 254.848624][T11163] netlink: 'syz.2.1346': attribute type 1 has an invalid length. [ 254.850824][T11163] netlink: 'syz.2.1346': attribute type 1 has an invalid length. [ 255.002765][T11150] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 255.005370][T11150] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 255.007803][T11150] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 255.010181][T11150] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 255.082234][T11151] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 255.084131][T11151] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 255.086370][T11151] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 255.088135][T11151] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 255.091583][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.068545][T11182] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 256.070370][T11182] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 256.072801][T11182] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 256.074594][T11182] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 256.150992][T11206] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1360'. [ 256.218555][ T8] kernel write not supported for file /snd/pcmC0D0p (pid: 8 comm: kworker/0:0) [ 257.147247][ T39] audit: type=1800 audit(1737416824.593:178): pid=11226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1365" name="bus" dev="overlay" ino=1505 res=0 errno=0 [ 257.411309][ T5948] Bluetooth: hci0: command 0x041b tx timeout [ 257.431274][ T57] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 257.479536][T11238] random: crng reseeded on system resumption [ 257.586102][ T57] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 257.589424][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 257.594619][ T57] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 257.598409][ T57] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 257.605151][ T57] usb 5-1: Manufacturer: syz [ 257.608724][ T57] usb 5-1: config 0 descriptor?? [ 257.651350][ T57] rc_core: IR keymap rc-hauppauge not found [ 257.653687][ T57] Registered IR keymap rc-empty [ 257.656335][ T57] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 257.664535][ T57] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input29 [ 257.820040][ T63] usb 5-1: USB disconnect, device number 28 [ 257.920944][ T30] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 258.073611][ T30] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 258.076292][ T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.079850][ T30] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 258.083011][ T30] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 258.085357][ T30] usb 6-1: Manufacturer: syz [ 258.088240][ T30] usb 6-1: config 0 descriptor?? [ 258.121041][ T5948] Bluetooth: hci3: command 0x041b tx timeout [ 258.121088][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 258.121268][ T66] Bluetooth: hci1: command 0x040f tx timeout [ 258.130993][ T30] rc_core: IR keymap rc-hauppauge not found [ 258.132910][ T30] Registered IR keymap rc-empty [ 258.135345][ T30] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 258.139558][ T30] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input30 [ 258.295104][ T30] usb 6-1: USB disconnect, device number 32 [ 258.341712][T11253] fuse: Bad value for 'group_id' [ 258.344338][T11253] fuse: Bad value for 'group_id' [ 258.360112][T11253] xt_cluster: you have exceeded the maximum number of cluster nodes (4294967293 > 32) [ 258.495655][T11251] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 258.497613][T11251] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 258.499496][T11251] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 258.501860][T11251] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 258.751327][ T8] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 258.902845][ T8] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 258.905865][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.941734][ T8] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 258.945381][ T8] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 258.947714][ T8] usb 5-1: Manufacturer: syz [ 258.950368][ T8] usb 5-1: config 0 descriptor?? [ 258.990985][ T8] rc_core: IR keymap rc-hauppauge not found [ 258.993464][ T8] Registered IR keymap rc-empty [ 259.161581][T11259] FAULT_INJECTION: forcing a failure. [ 259.161581][T11259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 259.166549][T11259] CPU: 2 UID: 0 PID: 11259 Comm: syz.0.1375 Not tainted 6.13.0-syzkaller #0 [ 259.170017][T11259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 259.173851][T11259] Call Trace: [ 259.174848][T11259] [ 259.175820][T11259] dump_stack_lvl+0x16c/0x1f0 [ 259.177704][T11259] should_fail_ex+0x497/0x5b0 [ 259.179634][T11259] _copy_from_user+0x2e/0xd0 [ 259.181601][T11259] kstrtouint_from_user+0xd7/0x1c0 [ 259.183733][T11259] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 259.186032][T11259] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 259.188327][T11259] proc_fail_nth_write+0x84/0x250 [ 259.190358][T11259] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 259.192611][T11259] ? ksys_write+0x12b/0x250 [ 259.194510][T11259] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 259.196785][T11259] vfs_write+0x24c/0x1150 [ 259.198578][T11259] ? __fget_files+0x1fc/0x3a0 [ 259.200466][T11259] ? __pfx___mutex_lock+0x10/0x10 [ 259.202488][T11259] ? __pfx_vfs_write+0x10/0x10 [ 259.204431][T11259] ? __fget_files+0x206/0x3a0 [ 259.206347][T11259] ksys_write+0x12b/0x250 [ 259.208165][T11259] ? __pfx_ksys_write+0x10/0x10 [ 259.210166][T11259] __do_fast_syscall_32+0x73/0x120 [ 259.212241][T11259] do_fast_syscall_32+0x32/0x80 [ 259.214266][T11259] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 259.216822][T11259] RIP: 0023:0xf7f25579 [ 259.218484][T11259] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 259.226144][T11259] RSP: 002b:00000000f5076590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 259.229409][T11259] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5076620 [ 259.232572][T11259] RDX: 0000000000000001 RSI: 00000000f73b3ff4 RDI: 0000000000000000 [ 259.235748][T11259] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 259.238766][T11259] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 259.241834][T11259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 259.244892][T11259] [ 259.246407][ C2] vkms_vblank_simulate: vblank timer overrun [ 259.360430][ T8] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 259.364214][ T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input31 [ 259.377639][ T8] usb 5-1: USB disconnect, device number 29 [ 260.441062][ T5948] Bluetooth: hci0: command 0x041b tx timeout [ 260.521233][ T5948] Bluetooth: hci2: command 0x040f tx timeout [ 260.521280][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 260.524873][ T66] Bluetooth: hci1: command 0x040f tx timeout [ 260.584373][T11314] FAULT_INJECTION: forcing a failure. [ 260.584373][T11314] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.588989][T11314] CPU: 3 UID: 0 PID: 11314 Comm: syz.3.1390 Not tainted 6.13.0-syzkaller #0 [ 260.592101][T11314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 260.595839][T11314] Call Trace: [ 260.597143][T11314] [ 260.598297][T11314] dump_stack_lvl+0x16c/0x1f0 [ 260.600123][T11314] should_fail_ex+0x497/0x5b0 [ 260.601943][T11314] _copy_from_user+0x2e/0xd0 [ 260.603698][T11314] get_compat_msghdr+0xa8/0x170 [ 260.605140][T11314] ? __pfx_get_compat_msghdr+0x10/0x10 [ 260.606973][T11314] ___sys_sendmsg+0x1b0/0x1e0 [ 260.608469][T11314] ? __pfx____sys_sendmsg+0x10/0x10 [ 260.609938][T11314] ? __pfx_lock_release+0x10/0x10 [ 260.611366][T11314] ? trace_lock_acquire+0x14e/0x1f0 [ 260.612849][T11314] ? __fget_files+0x206/0x3a0 [ 260.614258][T11314] __sys_sendmsg+0x16e/0x220 [ 260.615585][T11314] ? __pfx___sys_sendmsg+0x10/0x10 [ 260.617060][T11314] __do_fast_syscall_32+0x73/0x120 [ 260.618526][T11314] do_fast_syscall_32+0x32/0x80 [ 260.619919][T11314] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 260.621714][T11314] RIP: 0023:0xf7fdf579 [ 260.622848][T11314] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 260.628665][T11314] RSP: 002b:00000000f513655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 260.631029][T11314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 260.632666][ T75] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 260.633207][T11314] RDX: 0000000004000084 RSI: 0000000000000000 RDI: 0000000000000000 [ 260.633216][T11314] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 260.633223][T11314] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 260.633229][T11314] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 260.633242][T11314] [ 260.633339][ C3] vkms_vblank_simulate: vblank timer overrun [ 260.851457][ T75] usb 6-1: Using ep0 maxpacket: 16 [ 260.873820][ T75] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.891798][ T75] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.895834][ T75] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 260.902076][ T75] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 260.906115][ T75] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.941563][ T75] usb 6-1: config 0 descriptor?? [ 261.072330][T11319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1392'. [ 261.075904][T11319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1392'. [ 261.358179][ T75] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 261.361695][ T75] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 261.363744][ T75] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 261.365736][ T75] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 261.367820][ T75] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 261.370814][ T75] input: HID 0955:7214 Haptics as /devices/virtual/input/input32 [ 261.411145][ T75] shield 0003:0955:7214.0009: Registered Thunderstrike controller [ 261.417178][ T75] shield 0003:0955:7214.0009: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 261.566137][ T63] usb 6-1: USB disconnect, device number 33 [ 261.734700][ T9] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 261.738183][ T9] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 261.741584][ T9] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 261.744799][ T9] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 262.463878][ T39] audit: type=1326 audit(1737416829.913:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.470369][ T39] audit: type=1326 audit(1737416829.913:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.477352][ T39] audit: type=1326 audit(1737416829.913:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.487968][ T39] audit: type=1326 audit(1737416829.913:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.494871][ T39] audit: type=1326 audit(1737416829.913:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.501454][ T39] audit: type=1326 audit(1737416829.923:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=349 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.507973][ T39] audit: type=1326 audit(1737416829.923:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.514395][ T39] audit: type=1326 audit(1737416829.923:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.520317][ T39] audit: type=1326 audit(1737416829.923:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.526267][ T39] audit: type=1326 audit(1737416829.923:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11345 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000 [ 262.549945][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'. [ 262.556700][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'. [ 262.563354][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'. [ 262.568426][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'. [ 262.572820][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'. [ 262.577094][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'. [ 262.580256][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'. [ 262.601237][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 263.038085][T11342] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 263.040680][T11342] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 263.043292][T11342] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 263.045760][T11342] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 264.079006][T11371] Process accounting resumed [ 264.362075][T11376] syz.2.1409 (11376): drop_caches: 2 [ 264.383329][T11381] netlink: 'syz.1.1411': attribute type 7 has an invalid length. [ 264.441056][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 264.881118][ T6099] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 264.931341][T11393] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 264.937879][T11393] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 264.940597][T11393] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 264.944418][T11393] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 264.997963][T11404] syz.0.1418[11404] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.998138][T11404] syz.0.1418[11404] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 265.001763][T11404] syz.0.1418[11404] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 265.051361][ T6099] usb 6-1: Using ep0 maxpacket: 32 [ 265.057350][ T6099] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 265.059755][ T6099] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 265.063305][ T6099] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 265.067272][ T6099] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 265.071119][ T6099] usb 6-1: config 0 interface 0 has no altsetting 0 [ 265.075204][ T6099] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 265.077846][ T6099] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 265.080257][ T6099] usb 6-1: Product: syz [ 265.082128][ T6099] usb 6-1: Manufacturer: syz [ 265.083733][ T6099] usb 6-1: SerialNumber: syz [ 265.091272][ T6099] usb 6-1: config 0 descriptor?? [ 265.094117][ T6099] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 265.097820][ T6099] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 265.241153][ T1907] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 265.362834][T11409] pim6reg: entered allmulticast mode [ 265.374281][T11409] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1420'. [ 265.392481][ T1907] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 265.395786][ T1907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 265.398931][ T1907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 265.402394][ T1907] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 265.406847][ T1907] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 265.409407][ T1907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.418827][ T1907] usb 5-1: config 0 descriptor?? [ 265.478235][T11379] netlink: 'syz.3.1410': attribute type 1 has an invalid length. [ 265.601889][T11417] FAULT_INJECTION: forcing a failure. [ 265.601889][T11417] name failslab, interval 1, probability 0, space 0, times 0 [ 265.605446][T11417] CPU: 2 UID: 0 PID: 11417 Comm: syz.2.1423 Not tainted 6.13.0-syzkaller #0 [ 265.607919][T11417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 265.610800][T11417] Call Trace: [ 265.612073][T11417] [ 265.613234][T11417] dump_stack_lvl+0x16c/0x1f0 [ 265.614949][T11417] should_fail_ex+0x497/0x5b0 [ 265.616245][T11417] ? fs_reclaim_acquire+0xae/0x150 [ 265.617713][T11417] should_failslab+0xc2/0x120 [ 265.619089][T11417] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 265.620526][T11417] ? security_file_alloc+0x34/0x2b0 [ 265.622044][T11417] security_file_alloc+0x34/0x2b0 [ 265.623512][T11417] init_file+0x93/0x480 [ 265.624712][T11417] alloc_empty_file+0x91/0x1e0 [ 265.626100][T11417] alloc_file_pseudo+0x13d/0x200 [ 265.627581][T11417] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 265.629135][T11417] ? __pfx_idr_alloc_u32+0x10/0x10 [ 265.630629][T11417] ? find_held_lock+0x2d/0x110 [ 265.632353][T11417] ? find_held_lock+0x2d/0x110 [ 265.633995][T11417] __anon_inode_getfile+0x136/0x3c0 [ 265.635781][T11417] ? __pfx___anon_inode_getfile+0x10/0x10 [ 265.637715][T11417] ? __local_bh_enable_ip+0xa4/0x120 [ 265.639533][T11417] bpf_link_prime+0x202/0x4d0 [ 265.641155][T11417] cgroup_bpf_link_attach+0x202/0x3e0 [ 265.642998][T11417] ? __pfx_cgroup_bpf_link_attach+0x10/0x10 [ 265.645028][T11417] ? ns_capable+0xd7/0x110 [ 265.646575][T11417] ? bpf_token_capable+0x118/0x140 [ 265.648318][T11417] __sys_bpf+0x37f4/0x57a0 [ 265.649830][T11417] ? __pfx_lock_release+0x10/0x10 [ 265.651563][T11417] ? __pfx___sys_bpf+0x10/0x10 [ 265.653163][T11417] ? vfs_write+0x306/0x1150 [ 265.654694][T11417] ? __mutex_unlock_slowpath+0x164/0x690 [ 265.656603][T11417] ? fput+0x67/0x440 [ 265.657949][T11417] ? ksys_write+0x1ba/0x250 [ 265.659405][T11417] ? __pfx_ksys_write+0x10/0x10 [ 265.660955][T11417] __ia32_sys_bpf+0x76/0xe0 [ 265.662441][T11417] __do_fast_syscall_32+0x73/0x120 [ 265.664098][T11417] do_fast_syscall_32+0x32/0x80 [ 265.665663][T11417] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 265.667698][T11417] RIP: 0023:0xf7f97579 [ 265.669020][T11417] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 265.675484][T11417] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 265.678294][T11417] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00000000200003c0 [ 265.680967][T11417] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 265.683628][T11417] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 265.686305][T11417] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 265.688969][T11417] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 265.691681][T11417] [ 265.874362][ T66] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 265.883798][ T8] usb 6-1: USB disconnect, device number 34 [ 265.895636][ T8] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 266.109520][ T1907] usbhid 5-1:0.0: can't add hid device: -71 [ 266.113505][ T1907] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 266.126003][ T1907] usb 5-1: USB disconnect, device number 30 [ 266.571991][T11438] syz.3.1428 (11438): drop_caches: 2 [ 267.001396][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 267.003358][ T5952] Bluetooth: hci1: command 0x040f tx timeout [ 267.004652][ T5948] Bluetooth: hci0: command 0x041b tx timeout [ 267.005186][ T66] Bluetooth: hci3: command 0x041b tx timeout [ 268.130405][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1437'. [ 268.133777][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1437'. [ 268.136808][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1437'. [ 268.139818][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1437'. [ 268.143015][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1437'. [ 268.146033][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1437'. [ 268.148958][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1437'. [ 268.703004][T11471] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 268.705186][T11471] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 268.706957][T11471] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 268.709106][T11471] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 269.021022][ T39] kauditd_printk_skb: 20 callbacks suppressed [ 269.021590][ T39] audit: type=1326 audit(1737416836.453:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.226359][ T39] audit: type=1326 audit(1737416836.453:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.232459][ T39] audit: type=1326 audit(1737416836.453:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.238515][ T39] audit: type=1326 audit(1737416836.453:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.244763][ T39] audit: type=1326 audit(1737416836.453:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.250795][ T39] audit: type=1326 audit(1737416836.453:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.256962][ T39] audit: type=1326 audit(1737416836.453:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.263280][ T39] audit: type=1326 audit(1737416836.453:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.269303][ T39] audit: type=1326 audit(1737416836.453:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.275723][ T39] audit: type=1326 audit(1737416836.453:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11481 comm="syz.1.1440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 269.638578][T11500] syz1: rxe_newlink: already configured on ipvlan0 [ 269.934062][T11509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1447'. [ 269.952176][T11509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1447'. [ 269.980955][ T8] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 270.045041][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 270.081040][T11514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1448'. [ 270.150929][ T8] usb 6-1: Using ep0 maxpacket: 32 [ 270.154645][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.157717][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.160470][ T8] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 270.166779][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.176492][ T8] usb 6-1: config 0 descriptor?? [ 270.826981][T11527] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 270.925746][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 270.925847][ T66] Bluetooth: hci2: command 0x040f tx timeout [ 270.928187][ T5948] Bluetooth: hci1: command 0x040f tx timeout [ 271.167346][T11521] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 271.169922][T11521] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 271.172438][T11521] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 271.174855][T11521] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 271.567902][T11536] @ÿ: renamed from bond_slave_0 (while UP) [ 271.639582][T11541] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 272.601128][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 272.699036][ T8] usbhid 6-1:0.0: can't add hid device: -71 [ 272.700816][ T8] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 272.710255][ T8] usb 6-1: USB disconnect, device number 35 [ 273.223599][ T5952] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 273.241319][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 273.245332][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 273.247292][ T5952] Bluetooth: hci1: command 0x040f tx timeout [ 273.300281][T11573] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 273.364166][T11579] FAULT_INJECTION: forcing a failure. [ 273.364166][T11579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.369030][T11579] CPU: 2 UID: 0 PID: 11579 Comm: syz.2.1465 Not tainted 6.13.0-syzkaller #0 [ 273.372264][T11579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 273.376240][T11579] Call Trace: [ 273.377477][T11579] [ 273.378587][T11579] dump_stack_lvl+0x16c/0x1f0 [ 273.380345][T11579] should_fail_ex+0x497/0x5b0 [ 273.382137][T11579] _copy_from_user+0x2e/0xd0 [ 273.383889][T11579] copy_mount_options+0x76/0x190 [ 273.385809][T11579] __ia32_sys_mount+0x1ad/0x310 [ 273.387242][T11579] ? __pfx___ia32_sys_mount+0x10/0x10 [ 273.388805][T11579] __do_fast_syscall_32+0x73/0x120 [ 273.390303][T11579] do_fast_syscall_32+0x32/0x80 [ 273.391709][T11579] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 273.393571][T11579] RIP: 0023:0xf7f97579 [ 273.394973][T11579] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 273.402298][T11579] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 273.405405][T11579] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000140 [ 273.408339][T11579] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 00000000200001c0 [ 273.411274][T11579] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 273.413577][T11579] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 273.415851][T11579] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 273.418131][T11579] [ 273.736270][T11586] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 273.739055][T11586] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 273.741432][T11586] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 273.745136][T11586] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 274.001112][ T35] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 274.092661][T11598] __nla_validate_parse: 8 callbacks suppressed [ 274.092672][T11598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1470'. [ 274.099629][T11598] tmpfs: Bad value for 'uid' [ 274.101470][T11598] tmpfs: Bad value for 'uid' [ 274.161101][ T35] usb 7-1: Using ep0 maxpacket: 32 [ 274.164190][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.167383][ T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.170221][ T35] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 274.173333][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.181355][ T35] usb 7-1: config 0 descriptor?? [ 274.589177][T11590] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 275.170162][T11611] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 275.180721][T11611] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 275.184917][T11611] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 275.194458][T11611] syz1: rxe_newlink: already configured on ipvlan0 [ 275.722338][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 275.743252][ T39] kauditd_printk_skb: 11 callbacks suppressed [ 275.743263][ T39] audit: type=1326 audit(1737416843.193:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.3.1476" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fdf579 code=0x0 [ 275.801013][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 275.801289][ T5948] Bluetooth: hci2: command 0x040f tx timeout [ 275.802827][ T66] Bluetooth: hci1: command 0x040f tx timeout [ 276.382960][T11628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'. [ 276.387523][T11628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'. [ 276.393800][T11628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'. [ 276.396599][T11628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'. [ 276.399350][T11628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'. [ 276.402376][T11628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'. [ 276.405975][T11628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'. [ 276.625699][T11630] pim6reg: entered allmulticast mode [ 276.629513][T11630] pim6reg: left allmulticast mode [ 276.733905][ T35] usbhid 7-1:0.0: can't add hid device: -71 [ 276.736749][ T35] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 276.740124][ T35] usb 7-1: USB disconnect, device number 21 [ 276.833005][T11638] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 276.836664][T11638] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 276.839982][T11638] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 276.848406][T11638] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 276.939154][T11626] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 276.941281][T11626] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 276.943118][T11626] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 276.944913][T11626] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 278.291303][ T5948] Bluetooth: hci0: command 0x041b tx timeout [ 278.531272][ T5982] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 278.681122][ T5982] usb 6-1: Using ep0 maxpacket: 32 [ 278.684740][ T5982] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 278.689057][ T5982] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 278.692973][ T5982] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 278.696496][ T5982] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.701171][ T5982] usb 6-1: config 0 descriptor?? [ 278.872262][ T5948] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 279.001114][ T5952] Bluetooth: hci2: command 0x040f tx timeout [ 279.003184][ T5952] Bluetooth: hci1: command 0x040f tx timeout [ 279.005016][ T5948] Bluetooth: hci3: command 0x041b tx timeout [ 279.281453][T11675] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 280.500338][T11692] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1496'. [ 281.081301][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 281.083820][ T5948] Bluetooth: hci2: command 0x040f tx timeout [ 281.126126][T11703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1499'. [ 281.129594][T11703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1499'. [ 281.132669][T11703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1499'. [ 281.135743][T11703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1499'. [ 281.138765][T11703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1499'. [ 281.141843][T11703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1499'. [ 281.144774][T11703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1499'. [ 281.394317][ T5982] usbhid 6-1:0.0: can't add hid device: -71 [ 281.396176][ T5982] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 281.399115][ T5982] usb 6-1: USB disconnect, device number 36 [ 281.662005][T11700] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 281.663882][T11700] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 281.666057][T11700] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 281.668165][T11700] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 282.036377][T11725] netlink: 'syz.0.1505': attribute type 10 has an invalid length. [ 282.380971][T11732] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1507'. [ 282.384783][T11732] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1507'. [ 282.755024][T11735] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 282.758060][T11735] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 282.760720][T11735] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 282.770303][T11735] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 282.954639][T11728] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 282.956509][T11728] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 282.958302][T11728] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 282.960092][T11728] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 283.281166][ T35] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 283.431252][ T35] usb 5-1: Using ep0 maxpacket: 32 [ 283.434676][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.438786][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.442506][ T35] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 283.445904][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.451292][ T35] usb 5-1: config 0 descriptor?? [ 283.820800][ C3] ata1: illegal qc_active transition (00000000->00800000) [ 284.021666][T11768] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 284.153578][ T1103] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 284.169431][ T1103] ata1.00: configured for UDMA/100 [ 284.185380][ T8] [ 284.186456][ T8] ====================================================== [ 284.188954][ T8] WARNING: possible circular locking dependency detected [ 284.190989][ T8] 6.13.0-syzkaller #0 Not tainted [ 284.192896][ T8] ------------------------------------------------------ [ 284.197340][ T8] kworker/0:0/8 is trying to acquire lock: [ 284.199679][ T8] ffff8880244e0aa8 (&q->q_usage_counter(queue)#51){++++}-{0:0}, at: blk_mq_alloc_request+0x59b/0x950 [ 284.203848][ T8] [ 284.203848][ T8] but task is already holding lock: [ 284.206024][ T8] ffff8880244e10c0 (&q->limits_lock){+.+.}-{4:4}, at: sd_revalidate_disk.isra.0+0x52c/0xa8d0 [ 284.208925][ T8] [ 284.208925][ T8] which lock already depends on the new lock. [ 284.208925][ T8] [ 284.212192][ T8] [ 284.212192][ T8] the existing dependency chain (in reverse order) is: [ 284.215012][ T8] [ 284.215012][ T8] -> #5 (&q->limits_lock){+.+.}-{4:4}: [ 284.217192][ T8] __mutex_lock+0x19b/0xa60 [ 284.218890][ T8] __nbd_set_size+0x2c0/0x730 [ 284.220519][ T8] nbd_start_device+0x8fd/0xd70 [ 284.222089][ T8] nbd_ioctl+0x21a/0xfd0 [ 284.223570][ T8] compat_blkdev_ioctl+0x2f7/0x750 [ 284.225345][ T8] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 284.227188][ T8] __do_fast_syscall_32+0x73/0x120 [ 284.228808][ T8] do_fast_syscall_32+0x32/0x80 [ 284.230572][ T8] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 284.233083][ T8] [ 284.233083][ T8] -> #4 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 284.236209][ T8] blk_mq_submit_bio+0x1fb6/0x24c0 [ 284.238388][ T8] __submit_bio+0x384/0x540 [ 284.239859][ T8] submit_bio_noacct_nocheck+0x698/0xd70 [ 284.241645][ T8] submit_bio_noacct+0x93a/0x1e20 [ 284.243289][ T8] block_read_full_folio+0x812/0xa50 [ 284.245081][ T8] filemap_read_folio+0xc6/0x2a0 [ 284.246682][ T8] filemap_get_pages+0x155f/0x1be0 [ 284.248321][ T8] filemap_read+0x3ca/0xd70 [ 284.249820][ T8] blkdev_read_iter+0x187/0x480 [ 284.251367][ T8] vfs_read+0x87f/0xbe0 [ 284.252688][ T8] ksys_read+0x12b/0x250 [ 284.254121][ T8] do_syscall_64+0xcd/0x250 [ 284.255736][ T8] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.257582][ T8] [ 284.257582][ T8] -> #3 (mapping.invalidate_lock#2){++++}-{4:4}: [ 284.260033][ T8] down_read+0x9a/0x330 [ 284.261385][ T8] filemap_fault+0x62c/0x2820 [ 284.262890][ T8] __do_fault+0x10a/0x490 [ 284.264367][ T8] do_pte_missing+0xebd/0x3e00 [ 284.266296][ T8] __handle_mm_fault+0x103c/0x2a40 [ 284.267927][ T8] handle_mm_fault+0x3fa/0xaa0 [ 284.269439][ T8] do_user_addr_fault+0x7a3/0x13f0 [ 284.271081][ T8] exc_page_fault+0x5c/0xc0 [ 284.272826][ T8] asm_exc_page_fault+0x26/0x30 [ 284.275123][ T8] _copy_from_iter+0x37f/0x1400 [ 284.277284][ T8] tipc_msg_build+0x2f7/0x10d0 [ 284.279370][ T8] __tipc_sendstream+0x6fa/0x1190 [ 284.281608][ T8] tipc_sendstream+0x4f/0x70 [ 284.283704][ T8] sock_write_iter+0x4fe/0x5b0 [ 284.285819][ T8] vfs_write+0x5ae/0x1150 [ 284.287836][ T8] ksys_write+0x207/0x250 [ 284.289646][ T8] __do_fast_syscall_32+0x73/0x120 [ 284.291064][ T5952] Bluetooth: hci0: command 0x041b tx timeout [ 284.291325][ T8] do_fast_syscall_32+0x32/0x80 [ 284.295136][ T8] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 284.297094][ T8] [ 284.297094][ T8] -> #2 (&mm->mmap_lock){++++}-{4:4}: [ 284.299288][ T8] __might_fault+0x11b/0x190 [ 284.300772][ T8] _copy_from_user+0x29/0xd0 [ 284.302725][ T8] compat_blk_trace_setup+0xc9/0x200 [ 284.305044][ T8] blk_trace_ioctl+0x24a/0x290 [ 284.307200][ T8] compat_blkdev_ioctl+0x13c/0x750 [ 284.309076][ T8] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 284.310898][ T8] __do_fast_syscall_32+0x73/0x120 [ 284.313010][ T8] do_fast_syscall_32+0x32/0x80 [ 284.315152][ T8] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 284.317879][ T8] [ 284.317879][ T8] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}: [ 284.320470][ T8] __mutex_lock+0x19b/0xa60 [ 284.321936][ T8] blk_mq_init_sched+0x42b/0x640 [ 284.323551][ T8] elevator_init_mq+0x2cd/0x420 [ 284.325481][ T8] add_disk_fwnode+0x113/0x1300 [ 284.327653][ T8] sd_probe+0xa66/0xfa0 [ 284.329217][ T8] really_probe+0x23e/0xa90 [ 284.330714][ T8] __driver_probe_device+0x1de/0x440 [ 284.332424][ T8] driver_probe_device+0x4c/0x1b0 [ 284.334114][ T8] __device_attach_driver+0x1df/0x310 [ 284.335983][ T8] bus_for_each_drv+0x157/0x1e0 [ 284.337523][ T8] __device_attach_async_helper+0x1d3/0x290 [ 284.339421][ T8] async_run_entry_fn+0x9c/0x530 [ 284.341039][ T8] process_one_work+0x958/0x1b30 [ 284.342626][ T8] worker_thread+0x6c8/0xf00 [ 284.344100][ T8] kthread+0x2c1/0x3a0 [ 284.345811][ T8] ret_from_fork+0x45/0x80 [ 284.347377][ T8] ret_from_fork_asm+0x1a/0x30 [ 284.348936][ T8] [ 284.348936][ T8] -> #0 (&q->q_usage_counter(queue)#51){++++}-{0:0}: [ 284.351478][ T8] __lock_acquire+0x249e/0x3c40 [ 284.353044][ T8] lock_acquire.part.0+0x11b/0x380 [ 284.354691][ T8] blk_queue_enter+0x50f/0x640 [ 284.356270][ T8] blk_mq_alloc_request+0x59b/0x950 [ 284.357912][ T8] scsi_execute_cmd+0x20a/0xf30 [ 284.359512][ T8] read_capacity_16+0x21a/0xe20 [ 284.361057][ T8] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 284.362896][ T8] scsi_rescan_device+0x243/0x340 [ 284.364587][ T8] ata_scsi_dev_rescan+0x1cb/0x470 [ 284.366265][ T8] process_one_work+0x958/0x1b30 [ 284.367825][ T8] worker_thread+0x6c8/0xf00 [ 284.369320][ T8] kthread+0x2c1/0x3a0 [ 284.370668][ T8] ret_from_fork+0x45/0x80 [ 284.372100][ T8] ret_from_fork_asm+0x1a/0x30 [ 284.373631][ T8] [ 284.373631][ T8] other info that might help us debug this: [ 284.373631][ T8] [ 284.376779][ T8] Chain exists of: [ 284.376779][ T8] &q->q_usage_counter(queue)#51 --> &q->q_usage_counter(io)#52 --> &q->limits_lock [ 284.376779][ T8] [ 284.381101][ T8] Possible unsafe locking scenario: [ 284.381101][ T8] [ 284.383322][ T8] CPU0 CPU1 [ 284.385041][ T8] ---- ---- [ 284.386605][ T8] lock(&q->limits_lock); [ 284.387903][ T8] lock(&q->q_usage_counter(io)#52); [ 284.390840][ T8] lock(&q->limits_lock); [ 284.393675][ T8] rlock(&q->q_usage_counter(queue)#51); [ 284.396039][ T8] [ 284.396039][ T8] *** DEADLOCK *** [ 284.396039][ T8] [ 284.399273][ T8] 5 locks held by kworker/0:0/8: [ 284.401272][ T8] #0: ffff88801ac88948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 284.405382][ T8] #1: ffffc900001a7d80 ((work_completion)(&(&ap->scsi_rescan_task)->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 284.410606][ T8] #2: ffff8880214ec358 (&ap->scsi_scan_mutex){+.+.}-{4:4}, at: ata_scsi_dev_rescan+0x3e/0x470 [ 284.414799][ T8] #3: ffff88801f07a378 (&dev->mutex){....}-{4:4}, at: scsi_rescan_device+0x27/0x340 [ 284.418505][ T8] #4: ffff8880244e10c0 (&q->limits_lock){+.+.}-{4:4}, at: sd_revalidate_disk.isra.0+0x52c/0xa8d0 [ 284.422783][ T8] [ 284.422783][ T8] stack backtrace: [ 284.424637][ T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.13.0-syzkaller #0 [ 284.427895][ T8] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 284.432231][ T8] Workqueue: events ata_scsi_dev_rescan [ 284.434517][ T8] Call Trace: [ 284.435882][ T8] [ 284.437108][ T8] dump_stack_lvl+0x116/0x1f0 [ 284.439058][ T8] print_circular_bug+0x41c/0x610 [ 284.441095][ T8] check_noncircular+0x31a/0x400 [ 284.442906][ T8] ? __pfx_check_noncircular+0x10/0x10 [ 284.444875][ T8] ? __pfx_try_to_wake_up+0x10/0x10 [ 284.446936][ T8] ? lockdep_lock+0xc6/0x200 [ 284.448818][ T8] ? __pfx_lockdep_lock+0x10/0x10 [ 284.450782][ T8] __lock_acquire+0x249e/0x3c40 [ 284.452850][ T8] ? __pfx___lock_acquire+0x10/0x10 [ 284.454909][ T8] lock_acquire.part.0+0x11b/0x380 [ 284.456938][ T8] ? blk_mq_alloc_request+0x59b/0x950 [ 284.459118][ T8] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 284.461397][ T8] ? rcu_is_watching+0x12/0xc0 [ 284.463355][ T8] ? trace_lock_acquire+0x14e/0x1f0 [ 284.465337][ T8] ? blk_mq_alloc_request+0x59b/0x950 [ 284.467514][ T8] ? lock_acquire+0x2f/0xb0 [ 284.469362][ T8] ? blk_mq_alloc_request+0x59b/0x950 [ 284.471521][ T8] blk_queue_enter+0x50f/0x640 [ 284.473432][ T8] ? blk_mq_alloc_request+0x59b/0x950 [ 284.475512][ T8] ? __pfx_blk_queue_enter+0x10/0x10 [ 284.477406][ T8] ? __pfx___lock_acquire+0x10/0x10 [ 284.479193][ T8] ? add_lock_to_list+0x17d/0x390 [ 284.480719][ T8] blk_mq_alloc_request+0x59b/0x950 [ 284.482384][ T8] ? __pfx_blk_mq_alloc_request+0x10/0x10 [ 284.484616][ T8] ? bpf_trace_run2+0x266/0x590 [ 284.486455][ T8] ? __pfx___cant_migrate+0x10/0x10 [ 284.488551][ T8] ? bpf_trace_run2+0x1c2/0x590 [ 284.490077][ T8] scsi_execute_cmd+0x20a/0xf30 [ 284.491485][ T8] ? lock_acquire.part.0+0x11b/0x380 [ 284.493041][ T8] ? __mutex_trylock_common+0xea/0x250 [ 284.494680][ T8] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 284.496347][ T8] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 284.498720][ T8] ? rcu_is_watching+0x12/0xc0 [ 284.500201][ T8] read_capacity_16+0x21a/0xe20 [ 284.501602][ T8] ? __pfx_read_capacity_16+0x10/0x10 [ 284.503177][ T8] ? __pfx___mutex_lock+0x10/0x10 [ 284.504746][ T8] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 284.506272][ T8] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 284.508003][ T8] ? find_held_lock+0x2d/0x110 [ 284.509415][ T8] ? mark_held_locks+0x9f/0xe0 [ 284.510837][ T8] ? __pfx_sd_revalidate_disk.isra.0+0x10/0x10 [ 284.512642][ T8] ? kasan_save_stack+0x42/0x60 [ 284.514082][ T8] ? kasan_save_stack+0x33/0x60 [ 284.515610][ T8] ? kasan_save_track+0x14/0x30 [ 284.517043][ T8] ? kasan_save_free_info+0x3b/0x60 [ 284.518557][ T8] ? __kasan_slab_free+0x51/0x70 [ 284.520010][ T8] ? kfree+0x14f/0x4b0 [ 284.521201][ T8] ? scsi_attach_vpd+0x4dc/0x580 [ 284.522685][ T8] ? scsi_rescan_device+0xf5/0x340 [ 284.524184][ T8] ? ata_scsi_dev_rescan+0x1cb/0x470 [ 284.525778][ T8] ? process_one_work+0x958/0x1b30 [ 284.527288][ T8] ? worker_thread+0x6c8/0xf00 [ 284.528675][ T8] ? hlock_class+0x4e/0x130 [ 284.530010][ T8] ? mark_lock+0xb5/0xc60 [ 284.531300][ T8] ? mark_held_locks+0x9f/0xe0 [ 284.532717][ T8] ? kasan_quarantine_put+0x10a/0x240 [ 284.534367][ T8] ? lockdep_hardirqs_on+0x7c/0x110 [ 284.536583][ T8] ? kfree+0x14f/0x4b0 [ 284.538159][ T8] ? lockdep_hardirqs_on+0x7c/0x110 [ 284.539921][ T8] ? scsi_attach_vpd+0x4dc/0x580 [ 284.541524][ T8] ? scsi_attach_vpd+0x4dc/0x580 [ 284.542985][ T8] ? __pfx_sd_rescan+0x10/0x10 [ 284.544469][ T8] scsi_rescan_device+0x243/0x340 [ 284.546399][ T8] ata_scsi_dev_rescan+0x1cb/0x470 [ 284.548382][ T8] process_one_work+0x958/0x1b30 [ 284.550278][ T8] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 284.552407][ T8] ? __pfx_process_one_work+0x10/0x10 [ 284.554491][ T8] ? rcu_is_watching+0x12/0xc0 [ 284.556289][ T8] ? assign_work+0x1a0/0x250 [ 284.558095][ T8] worker_thread+0x6c8/0xf00 [ 284.559867][ T8] ? __pfx_worker_thread+0x10/0x10 [ 284.561400][ T8] kthread+0x2c1/0x3a0 [ 284.562835][ T8] ? _raw_spin_unlock_irq+0x23/0x50 [ 284.564801][ T8] ? __pfx_kthread+0x10/0x10 [ 284.566636][ T8] ret_from_fork+0x45/0x80 [ 284.568372][ T8] ? __pfx_kthread+0x10/0x10 [ 284.570169][ T8] ret_from_fork_asm+0x1a/0x30 [ 284.571987][ T8] [ 284.635649][T11775] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 285.011056][ T5952] Bluetooth: hci3: command 0x041b tx timeout [ 285.011129][ T66] Bluetooth: hci1: command 0x040f tx timeout [ 285.015261][ T5948] Bluetooth: hci2: command 0x040f tx timeout [ 286.041171][ T35] usbhid 5-1:0.0: can't add hid device: -71 [ 286.045909][ T35] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 286.048728][ T35] usb 5-1: USB disconnect, device number 31 [ 287.090968][ T5948] Bluetooth: hci3: command 0x041b tx timeout [ 289.162475][ T5948] Bluetooth: hci3: command 0x041b tx timeout VM DIAGNOSIS: 23:38:58 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85145395 RDI=ffffffff9a66e200 RBP=ffffffff9a66e1c0 RSP=ffffc900001a6a60 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000032 R14=ffffffff85145330 R15=0000000000000000 RIP=ffffffff851453bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020003000 CR3=0000000078990000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=1ffffd40002f469e RBX=ffffea00017a34f4 RCX=ffffffff81e3f2e8 RDX=0000000000000000 RSI=0000000000000004 RDI=ffffea00017a34f4 RBP=800000005e8d3007 RSP=ffffc9002909f720 R8 =0000000000000000 R9 =fffff940002f469e R10=ffffea00017a34f7 R11=00000000000a201e R12=ffffea00017a34c0 R13=ffff88805e91d000 R14=ffffea00017a34c0 R15=dffffc0000000000 RIP=ffffffff81e3f2f4 RFL=00000a03 [-O----C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055b9e5dc1000 CR3=000000005eef6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=db20711004fc886e e35b9151d1e4fde5 db20711004fc886e e35b9151d1e4fde5 db20711004fc886e e35b9151d1e4fde5 db20711004fc886e e35b9151d1e4fde5 ZMM18=46bbce992468f00b 39b82a3041fa0724 46bbce992468f00b 39b82a3041fa0724 46bbce992468f00b 39b82a3041fa0724 46bbce992468f00b 39b82a3041fa0724 ZMM19=3211000000000000 0000000000000008 3211000000000000 0000000000000007 3211000000000000 0000000000000006 3211000000000000 0000000000000005 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=69dc209e69dc209e 69dc209e69dc209e 69dc209e69dc209e 69dc209e69dc209e 69dc209e69dc209e 69dc209e69dc209e 69dc209e69dc209e 69dc209e69dc209e ZMM22=0e7818d00e7818d0 0e7818d00e7818d0 0e7818d00e7818d0 0e7818d00e7818d0 0e7818d00e7818d0 0e7818d00e7818d0 0e7818d00e7818d0 0e7818d00e7818d0 ZMM23=9b90e5ad9b90e5ad 9b90e5ad9b90e5ad 9b90e5ad9b90e5ad 9b90e5ad9b90e5ad 9b90e5ad9b90e5ad 9b90e5ad9b90e5ad 9b90e5ad9b90e5ad 9b90e5ad9b90e5ad ZMM24=6cdffed76cdffed7 6cdffed76cdffed7 6cdffed76cdffed7 6cdffed76cdffed7 6cdffed76cdffed7 6cdffed76cdffed7 6cdffed76cdffed7 6cdffed76cdffed7 ZMM25=ca6ef2c6ca6ef2c6 ca6ef2c6ca6ef2c6 ca6ef2c6ca6ef2c6 ca6ef2c6ca6ef2c6 ca6ef2c6ca6ef2c6 ca6ef2c6ca6ef2c6 ca6ef2c6ca6ef2c6 ca6ef2c6ca6ef2c6 ZMM26=59862be559862be5 59862be559862be5 59862be559862be5 59862be559862be5 59862be559862be5 59862be559862be5 59862be559862be5 59862be559862be5 ZMM27=6793dd5d6793dd5d 6793dd5d6793dd5d 6793dd5d6793dd5d 6793dd5d6793dd5d 6793dd5d6793dd5d 6793dd5d6793dd5d 6793dd5d6793dd5d 6793dd5d6793dd5d ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=e00a0000e00a0000 e00a0000e00a0000 e00a0000e00a0000 e00a0000e00a0000 e00a0000e00a0000 e00a0000e00a0000 e00a0000e00a0000 e00a0000e00a0000 info registers vcpu 2 CPU#2 RAX=ffffc900070a0000 RBX=ffff888021f90000 RCX=ffffffff817a76c7 RDX=1ffff110043f224d RSI=ffffffff86566a7f RDI=0000000000000016 RBP=0000000000000080 RSP=ffffc90000548eb8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffc90000548ff8 R12=0000000000000000 R13=dffffc0000000000 R14=ffff888021f91268 R15=0000000000000000 RIP=ffffffff86566aa7 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000206b5000 CR3=000000006e656000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000003eb114 RBX=0000000000000003 RCX=ffffffff8b1a8899 RDX=ffffed10056e6fee RSI=ffffffff8bb19a40 RDI=ffffffff81702c79 RBP=ffffed10039df488 RSP=ffffc9000049fe08 R8 =0000000000000000 R9 =ffffed10056e6fed R10=ffff88802b737f6b R11=ffff88802b63fb10 R12=0000000000000003 R13=ffff88801cefa440 R14=ffffffff901d29d0 R15=0000000000000000 RIP=ffffffff8b1a9c7f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000206c4000 CR3=000000006e656000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73660333955d049f 31744a416f44f61e ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4fd496ed5e1233c9 ffc6d51f5e82e5ad ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 def83d6702c9e1e7 326cac13c1467d7f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 51c448ca9df51673 7ebcc9441bc5d447 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001e80 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0080010000800100 302e65f000b60623 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ad000000ad 30e916de000000ad ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2fce001c000000ad 008001002fcae3c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 30e8595400800100 00000000000000ad ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fb8f468346f0fc36 f7707e03ae30d80d ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2eb22185b4a5414f ddd3bfb7927a8349 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000