last executing test programs: 4.425506067s ago: executing program 3 (id=922): r0 = openat$ubi_ctrl(0xffffff9c, &(0x7f0000000000), 0x80002, 0x0) sendfile(r0, r0, &(0x7f0000000040)=0xffff7fff, 0x4) ioctl$TUNATTACHFILTER(r0, 0x400854d5, &(0x7f0000000100)={0xa, &(0x7f0000000080)=[{0x8, 0x4, 0x8, 0x1}, {0x3, 0xe, 0x8, 0x6}, {0x0, 0x7, 0x4}, {0x40, 0x8, 0x2, 0x3ff}, {0xae, 0xa, 0x3, 0x8}, {0xbd, 0x8, 0x9, 0x80000001}, {0x1, 0x4, 0x9, 0x7}, {0x4, 0x4d, 0x6, 0x80}, {0x9, 0x2, 0xda, 0x8}, {0x4, 0x2, 0x81, 0x6}]}) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000140)={'\x00', 0x5, 0x8, 0x100, 0xd5, 0x1ff, 0x0}) ioctl$BINDER_GET_FROZEN_INFO(r0, 0xc00c620f, &(0x7f0000000180)={r1}) r2 = syz_usb_connect(0x3, 0x651, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0x13, 0xd2, 0x8a, 0x10, 0x803, 0x4310, 0x52a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x63f, 0x2, 0x4, 0x7, 0x40, 0x0, [{{0x9, 0x4, 0xd5, 0x73, 0x10, 0xaa, 0x18, 0x62, 0x2, [@uac_as, @cdc_ncm={{0xa, 0x24, 0x6, 0x0, 0x1, "38ffa15094"}, {0x5, 0x24, 0x0, 0x5cee}, {0xd, 0x24, 0xf, 0x1, 0x9df6, 0xfffb, 0x7, 0x1}, {0x6, 0x24, 0x1a, 0x2, 0x24}, [@country_functional={0x12, 0x24, 0x7, 0x5, 0x3, [0x1, 0x4, 0x2, 0x7fff, 0x4, 0xcf76]}, @acm={0x4, 0x24, 0x2, 0x4}]}], [{{0x9, 0x5, 0xf, 0x1, 0x20, 0x50, 0x0, 0x9b}}, {{0x9, 0x5, 0x2, 0x4, 0x3ff, 0x2, 0x2b, 0x6}}, {{0x9, 0x5, 0x0, 0x0, 0x40, 0x2, 0xc0, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x2, 0x3}]}}, {{0x9, 0x5, 0x6, 0x1, 0xde62dc799a3b9f96, 0x40, 0x5, 0x6}}, {{0x9, 0x5, 0x8, 0x10, 0x400, 0x7f, 0xe, 0xf}}, {{0x9, 0x5, 0xd, 0x3, 0x0, 0x9, 0xa, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x8, 0x9}]}}, {{0x9, 0x5, 0x9, 0x0, 0x3ff, 0x1, 0x4, 0x7f, [@generic={0xab, 0x21, "ccc7777a9e89dc747329ea77cb6e7a6d9fa661ce84f8d8e0e8439a399c19fdc12e27634770609f184f0f8f8a162943c2d3e312b164fbf3c3f73dcfa9ed6e66db742473b7248f4c1343d9cb390e691f39aac908fd649d3d7546704617b4e5acdc75b656c1110e7850048bae76c35546f596a84dfd0d967d5f4028c8939ebbad7e96aedff3053d30506cb515b3c1207914c0f2107ccb8b95b21e3a51b72c5f6cabd8b6604d4fd0797c25"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x6}]}}, {{0x9, 0x5, 0x2, 0x10, 0x3ef, 0x7, 0xeb, 0x29, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x1ef}]}}, {{0x9, 0x5, 0x1, 0x3, 0x1c7, 0xea, 0x2, 0x8, [@generic={0xdd, 0xd, "5a17c77f56e2be742776497c104ea23e17ca08cf768b0d5d81d1a23249b49ff1b71b6611524bb04e4533d267dcdf8222f1de30e4ae80cc7b64bcca9d11091c948fb9425e20829404fb2453ee9193a03a5be21c6338ed38df69e017f6ad15f9a11daaeec49bb4b978c33a59d1ff7517e8dc3daa34eab9d797ab42d8e9818b0601e310c9f547a61455bf6724baf802053ac11cf07c0153086b422e71a5a08a90c9cfb2282e4dec874261c8c8aaa07cda703cbdfbfcf5315093fe65718f913ddb646d81a52af4cd9f5a87841a385a29265bbbe0d02a85609c51b6ca68"}, @uac_iso={0x7, 0x25, 0x1, 0xc0, 0x7, 0x6e74}]}}, {{0x9, 0x5, 0x80, 0x0, 0x400, 0x6, 0x5, 0x5}}, {{0x9, 0x5, 0xc, 0x10, 0x400, 0x6, 0x5, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x7}]}}, {{0x9, 0x5, 0x0, 0x2, 0x8, 0x7, 0x8, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7d, 0xab}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x1}]}}, {{0x9, 0x5, 0x80, 0x10, 0x200, 0x5, 0x40, 0x4, [@generic={0x84, 0x21, "878c4a8d9cabfe0c643150756146628aaf8f37aed29f19212277e3d0dafd7ee566e94ec701483472459336352ef9ab8d75275c62dc284a5fb2c05f0bba00a26f3cacedee7363786f08b00121a36273384aab8353cd21ce022d7ebe854fd6617acc36ecd8eeb1c7fc63178070459f453e170323e3f0af8e75432a915ca644e0588c12"}, @generic={0xee, 0xc, "a0b6aed0b414ca170624db423034e8c6b8aee57275ae3f3feee0da5f3ae289353f88177e5b8c09844b547431aeb7332ecf0d4838247601f7e9d75f1a24926efa08a3067c836a9e9a3c46d86dde308ae5068cc46e6280f90295dffc4a7da610e2ef25eadf58e1fa3648de0934971334149cf15fdc3c890703dfe712fa09179f16f3148e6bc3cff0a70ede9298cf51fbf6c4f0b0bd287eede77c708e3c803018cf8ddd72f8a76daa029e0840c5828e4344084d1e0b3755c260e133f9886b2248344c650c9e116b658453014433ca9c2901b3075b657e63b54cff8cbf105040a7ce084f4e1f8989a91a23731b50"}]}}, {{0x9, 0x5, 0x6, 0x1, 0x3ff, 0xc, 0x3, 0x1, [@generic={0xa4, 0x35, "853f4f77a376910c987f3240d4291e6b36e83c62f0a70f5e9118dcb71035a6b61ab47f7d6aee0fb9a8ac5fb56257af978c85d43d899ac0f0b44c004d05a8f126c54d8e59ed74076946b9d9a36e80a1bc3b281f0597ba2143c9e8cb0818390582ec147b03012efeda996a95c95c5bc568555505b021e2b6c20d539dc71681318a0729780b544679a7a409e47c1c8828e8b388bf86441c9219196c9ec8b51aede08b6a"}]}}, {{0x9, 0x5, 0xa, 0x18, 0x400, 0x71, 0x1, 0xa}}, {{0x9, 0x5, 0x1, 0x3, 0x0, 0x3, 0x7, 0x34}}]}}, {{0x9, 0x4, 0x7, 0x0, 0x4, 0xa, 0x82, 0x14, 0x9, [@uac_as={[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x6, 0x3, 0xa3, 0x1, "84", "c2"}]}, @cdc_ncm={{0xa, 0x24, 0x6, 0x0, 0x1, "933a163eb7"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x0, 0xfffc, 0x800, 0x7}, {0x6, 0x24, 0x1a, 0xa000, 0x20}, [@dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x2, 0x0, 0xf3, 0x5, 0x7, 0x37}, @obex={0x5, 0x24, 0x15, 0x9}, @country_functional={0xe, 0x24, 0x7, 0x1, 0x10, [0x5, 0x401, 0x6, 0x7]}, @dmm={0x7, 0x24, 0x14, 0x3, 0xb5}]}], [{{0x9, 0x5, 0x6, 0x0, 0x3d7, 0x7f, 0xc, 0x81, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x3}]}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x72, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0xb2}, @generic={0x77, 0x21, "66031ca7e75847304f625515853b091f8e05af34144252904830a11bfdb2c63df32d7e0dbc20dc524ada5d2e7c8ad03ba97c706cbf8aa47e669f583d4343a3b2b4c86687e3454054f729c63c3ebb844d46b1a74d2c3738dd07a7ef55861ca9b6388ac64eaf460beec9be87ec85626e7d9dfac22c0c"}]}}, {{0x9, 0x5, 0x5, 0x3, 0x20, 0x5, 0x7, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xe5, 0x6}]}}, {{0x9, 0x5, 0x6, 0x3, 0x40, 0x9, 0xb, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x5, 0x3}, @generic={0x76, 0x4, "50bb29c49c9cb37a1c27c575e809fb83ffbc80a589af9f6ca37cf82aba841fd7d0fb1896ae2ac04cb12376f1d829353b85f117c69998771df5c61d75649c5bb4c10cd5d94543027b3b87873ec7a802dbd2b524883934b5038064d92090ffff48b98de025b84c63e69cabf53cefb05d17def46ef2"}]}}]}}]}}]}}, &(0x7f0000000b40)={0xa, &(0x7f0000000840)={0xa, 0x6, 0x310, 0x7, 0x7, 0xbf, 0xff, 0x5}, 0x6b, &(0x7f0000000880)={0x5, 0xf, 0x6b, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x4, "4432c950ab674a90ead8b6495a83e852"}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "82d9277d79d593b660e73144a0e9019c"}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "0c9249a4d042263de8c37bab653bfeaa"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x3, 0xd, 0x9, 0x20}, @ssp_cap={0x20, 0x10, 0xa, 0x4, 0x5, 0x9, 0xf00, 0x4e91, [0x3f00, 0xc0, 0x3ff0, 0xf0, 0x3fc0]}]}, 0x5, [{0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x416}}, {0x56, &(0x7f0000000940)=@string={0x56, 0x3, "425f6bdd4cbb58cdd49a5f136f83b6fded8043f049ba9c1e95adddf5796ac758795103871b094e86853562ca455746efd2f595807488408d255182d729547dd0c314aedd6ca72331f5c3ccf81f6848ba12b798b9"}}, {0x82, &(0x7f00000009c0)=@string={0x82, 0x3, "f254f429cee9e8281bf9ec0c38b1b9bf2b0beafb3696f7be17e201c61c455dae13697d7df1a88b00d4c44a1b83d5ea5a4190afbf0ce4c4d448dd19e3d8f86c068ca2e014609020206a9f95f56ef3dc63a57401d9498b1c47662d6dd72c82c58102cc9e9b9695c316797847c546a974a956b2ee060c273cfd0d399e5f575e0a28"}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x1004}}, {0x4a, &(0x7f0000000ac0)=@string={0x4a, 0x3, "4a0805d4e9aa7faba428fd5b30b92620e5b6c014e852c38687fb1de938edb9bad37fb3b99b4fb1eec63ba6fa1b3a8a26616b9228c8ed310e3e30d0672064711c1a7ff5210fad7377"}}]}) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, &(0x7f0000000b80)=0x80000001, 0x4) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x9) munlockall() ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r0, 0x7b0, &(0x7f0000000bc0)={@my=0x0}) openat$vmci(0xffffff9c, &(0x7f0000000c00), 0x2, 0x0) munlockall() syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000cc0)={0xc, &(0x7f0000000c40)={0x20, 0x5, 0x1b, {0x1b, 0x31, "f30551366cdc3da40d819e33ad75caac99bf8717047840ce6b"}}, &(0x7f0000000c80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000e40)={0x10, &(0x7f0000000d00)={0x40, 0x16, 0x94, "bc1c2b365637092ba54a69d769c5227e47a63ba20d4cb36d0acb6443c4df03008e8d6af7c6a2b5a03841e36bb7ddc392e9523bbe4d27f51444f4ebb7a872749c0a31dfebcb89bf8739d5c8fec90ccf1d66b1e05f32877603d544f8249263d4b1c8f09c0f8632a5c2a73e32408aaf8a669011aa883391092f3c9c15335e029d84c65b52fafa965c817362a6776d61634a0049640f"}, &(0x7f0000000dc0)={0x0, 0xa, 0x1}, &(0x7f0000000e00)={0x0, 0x8, 0x1, 0xb4}}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000ec0), r0) sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000f80)={&(0x7f0000000e80)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000f00)={0x28, r3, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x10, 0x59}}}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4) munlockall() ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000fc0)='batadv_slave_1\x00') setsockopt$ax25_int(r0, 0x101, 0xa, &(0x7f0000001000)=0xc, 0x4) ioctl$EVIOCSFF(0xffffffffffffffff, 0x402c4580, &(0x7f0000001040)={0x52, 0x0, 0x800, {0x6, 0x2}, {0x33, 0x8}, @cond=[{0xefed, 0x7, 0x8001, 0x3, 0xfffe, 0x4}, {0x6, 0x0, 0x7, 0x0, 0x3, 0x3}]}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000010c0), 0xffffffffffffffff) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000001100)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000001140)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000001180)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000011c0)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000001200)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000001240)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000001280)=0x0) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000001380)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001340)={&(0x7f00000012c0)={0x4c, r5, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10000000}, 0x41) kexec_load(0x4, 0x1, &(0x7f00000014c0)=[{&(0x7f00000013c0)="c0de49e44de522d386a06b8cf435513f54ffc98e9e84384191c5067e3bd50c887c645f234bc308282f36dc0b42304295e2986c26c2bc4fd9e2efb8156467912009a0121d3034649705cf7fae944ab23e42f28776920d136b77c576919c041b970a698648eb252413dbc6624cb290f7d7854ca349dd57fd4705ad9bec7fdb0e02391013059d383fa8e7326e3e61d493437aa21f2749a40b3f9b1af424375d4442e5d0c2acfbb11ddc20d47833bca45576896e0617d4b9dd21e1eeb131a0afe8050735e8361ca460025f9122b0048e9410841214450e64eab32b2bdd61a3033977c867827c6099ab7902a0564a9edc824d2dc8a7c713e2cc92", 0xf8, 0x1ff, 0x6}], 0x80000) 3.395102495s ago: executing program 0 (id=933): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f00000002c0)={0x20, 0x6, 0x5, "36e55a3d09"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x40, 0x17, 0x6, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1) r2 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r3) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r4 = syz_open_procfs(r2, &(0x7f0000000000)='map_files\x00') fchdir(r4) syz_usb_connect$cdc_ncm(0x0, 0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a1a44000010203010902"], 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x189800, 0x56) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x7fff, 0x5801, 0x19, &(0x7f0000000780)="e07b5c24d4cb7eccf146e292c2d0aa22e978b63cea3c5de126"}], 0x1}) 2.936167573s ago: executing program 2 (id=936): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@newlink={0x38, 0x10, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x47a31, 0x9894}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x80) 2.93549361s ago: executing program 2 (id=937): socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001780)=@newtaction={0xf4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0xe0, 0x1, [@m_ct={0x94, 0x18, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x51, 0x6, "6331da0a8987c7a385bafb94d56c97f8cd6bdecc260f4f810443638f3e0046a40000c1ac77fd847ff1654251fdcbb1d393b4cb120152916ba11ee9ca28ae70f003a5d0d93f761fbed59795e500"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x1}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x804}, 0x0) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, 0x0, {0x3}}, 0x18) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001bc0)={0x6, 0x25, &(0x7f0000001880)=ANY=[@ANYBLOB="18000000810000000000000005000000fc10000065509b40707c88cc721a03c168f279ed5541d9738eba14232c37159e230638c7887edc29ae5c0e17454938041e22bcfdf0516beb7ae3f5bab3933921bf488e535e8da6eed45766f2f94d28f250", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180000000a000000000000000e00000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018450000080000000000000000000000b7080000000000007b8af8ff00000000b7080000ff0100007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000600)='syzkaller\x00', 0x5f40, 0x1000, &(0x7f0000000700)=""/4096, 0x41100, 0x52, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000001700)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000001740)={0x5, 0xf, 0x7, 0x6}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000001c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000001b80)=[{0x4, 0x1, 0x7, 0xc}], 0x10, 0x3}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x5, &(0x7f0000000200)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@redirect_dir_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) creat(&(0x7f0000000000)='./file1\x00', 0x118) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r1, 0x8008f513, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 2.856031273s ago: executing program 3 (id=938): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c) listen(r0, 0x3) io_setup(0x200, &(0x7f0000000140)=0x0) r2 = socket$caif_seqpacket(0x25, 0x5, 0x5) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x17000000, 0x20, 0x1, 0x0, r2, 0x0}]) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000100)=0x400, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000340)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0xff, @private0={0xfc, 0x0, '\x00', 0x2}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00') r4 = syz_open_dev$loop(&(0x7f0000001380), 0x10, 0x4a003) r5 = shmget$private(0x0, 0x2000, 0x100, &(0x7f0000ff2000/0x2000)=nil) r6 = shmat(r5, &(0x7f0000ff1000/0x3000)=nil, 0x400c) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) shmdt(r6) ioctl$BLKRESETZONE(r4, 0x40101283, 0x0) preadv(r4, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/149, 0x95}, {&(0x7f0000000140)=""/134, 0x86}, {&(0x7f00000003c0)=""/141, 0x8d}], 0x3, 0x10000, 0x2) write$cgroup_pid(r3, &(0x7f0000000000)=0xffffffffffffffff, 0x12) 1.986122847s ago: executing program 2 (id=944): r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x10) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, &(0x7f00000001c0)=0x8001) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000140)="d800000019008111e0020f060d8107040a60090000020000000455a1bc00090008000699e3ffffff140005000800000006000567b8b7b94002000009080016060000000000000074d67f6f9400f7d1d9bbe94fa27100a007a2f7457f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237ee4b11602b2a10000000014d6d930dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b694138c9f1ac76efb42a9ecbee5de6ccd44242f4", 0xcc}, {&(0x7f0000000c40)="6dd950135126d19aaf46a60e", 0xc}], 0x2}, 0x44) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r4, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf}) renameat2(r1, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000180)='./file1\x00', 0x4) io_setup(0xb4c, &(0x7f0000000280)) renameat2(r1, &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f0000000940)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3) r5 = fcntl$getown(r1, 0x9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x4a, &(0x7f00000002c0)={0x0, 0x0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x4, r5, 0x3, &(0x7f0000000040)) 1.98590266s ago: executing program 3 (id=945): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50) mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r0, 0xffff8000) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x22, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x28, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x2}, [@NDA_LLADDR={0xa}]}, 0x28}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, 0x13, r3, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(r1, 0xc0045401, &(0x7f00000000c0)=0x312) 1.925448306s ago: executing program 3 (id=947): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f0000000800)=0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r4 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r3}, 0x8) r5 = memfd_secret(0x0) ppoll(&(0x7f0000000100)=[{r5, 0x200}], 0x1, &(0x7f0000000280)={0x77359400}, &(0x7f0000000300)={[0x10000, 0x7f55]}, 0x8) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x8, 0x14, &(0x7f0000000d00)=ANY=[@ANYRESHEX=0x0, @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008230000b7040000000000008500000001000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000060ff850000000400000095", @ANYRESDEC=r0, @ANYRESHEX, @ANYBLOB="6933256948f9d2c10677cc633ee5ba1806d9cd96e3cca567ca558718da318811bcafd7e194797fce33818be1c6baea3e743d121713e1989927aefed72db2eaf40467b0d531a7349755c446b0fba98cb4945644daa99ee52a32827c4ab27e4efe48320a5cae98b736d4b320e2089e6721ebaaa31b32fe2f7f335e07cd7c3116f8104329a1bc7458a184c43647b3043663451012dffb0bd562", @ANYRESDEC=r3, @ANYRESDEC=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0) io_setup(0x20, &(0x7f0000001140)=0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@ipv4_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x80}}, 0x1c}}, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e0, 0x10c, 0x940c, 0x3002, 0x0, 0x2c0, 0x30c, 0x3d8, 0x3d8, 0x30c, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x4, 0x7fff, 0x7, 0x8001, '\x00', 'syz1\x00', {0x1ff}}}}, {{@uncond, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x2, 0x2, 0x4, 0x6, 'syz1\x00', 'syz1\x00', {0x1a0000}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24, '\x00', 0x0, 0xfffffffd}}}}, 0x33c) io_submit(r8, 0x1, &(0x7f00000001c0)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r7, &(0x7f0000000080)='\r', 0x1}]) ioctl$sock_SIOCGSKNS(r10, 0x894c, &(0x7f0000000000)=0x3) 1.924455143s ago: executing program 1 (id=948): setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900), 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = dup(0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$video(0x0, 0x75, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x10) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000140)={0x3, 0x1a3f}) r3 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x2, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}}) r4 = openat$binder_debug(0xffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc04c560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x1, {}, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, "5c0a0551"}, 0x0, 0x1, {0x0}, 0x2, 0x20000000, r4}) finit_module(r2, 0x0, 0x7) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000180)) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, 0x0) r5 = dup(r1) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffff9, 0x10100, 0x0, 0xd3, 0x0, r5}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x8230}, 0x3}) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x6000, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_PORT={0x6}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}]}, 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x34, 0x9, 0x6, 0x201, 0x0, 0x0, {0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e20}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x804) io_uring_enter(r6, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r10, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x2, 0xfffffff8, 0x3, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0xf, 0x8000, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x5, 0x9, 0x1, 0x999d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x7, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0xfffffe01, 0x7ffd, 0x1fffffff, 0x1, 0x297, 0x5, 0x0, 0x991, 0x4, 0x0, 0x8, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0xfffff001, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0xfff, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0xfff, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x8, 0x8001, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x200009, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0xad1, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x7, 0x5, 0x6, 0x4, 0xe4b, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0x8, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x9209, 0x409, 0x3, 0x4, 0x1, 0x10, 0x4, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xb, 0x136, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r10, 0x5501) readv(r10, &(0x7f0000000300)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1) 1.82549707s ago: executing program 2 (id=949): sched_setscheduler(0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x10, 0x3}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000077deff00850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x21, 0xf89, 0x0, &(0x7f0000000540)="39bdeac368e4c4e87a7bfd439b9f4793bcb64f217eb9435d6b4e435770512f9a534ba988586c565c33b12ddb4c357728b463ae54ffa88f65c5bc96051eb279632efcc45cc6c9e2dc521020f9357b64ce3879ce30e3", 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x6, 0x9, 0xffffffff}, 0x28) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000080000000000000000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x94) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0x2}}, './file0\x00'}) ioctl$DRM_IOCTL_IRQ_BUSID(r4, 0xc0106403, &(0x7f0000000240)={0x0, 0x4, 0x1, 0x1}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000bcc000/0x4000)=nil, 0x4000}}) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x769}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ppoll(&(0x7f0000000180)=[{r5, 0x4047, 0x700}], 0x1, 0x0, 0x0, 0x0) close(r5) syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x6559, 0x13580, 0x4000003}, &(0x7f0000000040), &(0x7f0000000140)) r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$6lowpan_control(r6, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r7, 0xffffffffffffffff, 0x39, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20) ioprio_set$pid(0x1, 0x0, 0x0) add_key(&(0x7f00000018c0)='big_key\x00', &(0x7f0000001900)={'syz', 0x1}, &(0x7f0000001940)='\f', 0xfffff, 0xfffffffffffffffe) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0), 0x12) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000003, 0x50, 0xffffffffffffffff, 0x8000000) syz_io_uring_setup(0x27fd, &(0x7f00000005c0)={0x0, 0x3e4d, 0x0, 0x3, 0x5d}, &(0x7f0000000200), &(0x7f0000000300)=0x0) r10 = syz_io_uring_setup(0x7b4f, &(0x7f00000003c0)={0x0, 0x797c, 0x10, 0x3, 0xf}, &(0x7f00000002c0), &(0x7f0000000340)) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000480)=@IORING_OP_MSG_RING={0x28, 0x36, 0x0, r10, 0x0, &(0x7f0000000440)="4b0f1c804d74b064afe99770e8f5bf254bacc18b7e1263b96f9302f16fe1a47f7006f963ac", 0x25, 0x0, 0x0, {0x0, r11}}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0xa, 0x0, r11) 1.684988519s ago: executing program 2 (id=950): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, 0x0, &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='f2fs_destroy_extent_tree\x00', r3}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x1) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r7, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8) writev(r7, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r1}, 0x18) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00'}) 1.145869411s ago: executing program 0 (id=951): openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x103600, 0x0) capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00'}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv4_newroute={0x2c, 0x18, 0x200, 0x70bd27, 0x25dfdbfd, {0x2, 0x0, 0xa0, 0x4, 0xfe, 0x0, 0x0, 0x0, 0x2200}, [@RTA_TABLE={0x8, 0xf, 0xc25d}, @RTA_PRIORITY={0x8, 0x6, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x600}, 0x0) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) r9 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r9, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) sendmmsg(r9, &(0x7f0000000cc0)=[{{&(0x7f0000000340)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e24, @loopback}, 0x2, 0x0, 0x1}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000580)="04da535b7c612404946e8becd58e356295de270a6123531b01782c87b117c896c85994de9f724b81f9504bd7e92fe09f159eb33eb29eb0a9696ae14b3c482f7758bfc89b7efab49ef98f99908c9e98048bdf36f83e3948e2e159ba349b1d462241d3837825e78551b31951d2f8d3dd2515a722b6e6607eb1a685c06e5b2dae6785041a633b8cde97791f155f2bd3c7915ba66c4cf01bda0d71cb3d1569d731ec3b3c3e2c464fae51727da2d4e1a5e718d188c5a14a4140cc8041d6118c3f7e2eef8494e5bd690b03c2ef8eabeb0c889600d05dd00a30cbf6a0dc21ab11e9623bf69d36106740a648ca", 0xe9}, {&(0x7f0000000680)="0a3c13445c12e11dd231fa6b1c2bfc04dcaa8deb582ca8da6c9d53d77cb2997c1966404da3532391ad862d8256eabf0fb5b51d416e8f6334621362f6f9a5e5ca4157ab2fbe270f729a17769ec94ad4f55e946475a8869ed22610e3b7b748bc7ccea6593105d9c82ade0ac3bd1c360ebff7270ec2deada047bd42f913eee31f47a65b6c3d4356521afa80df2c740c97c46f621262e0e7dee35a8f162472a488ad9cafab1c4e9e8ff7805d9e5ad1c6c2ab1b9223e04e4545cd98bac3f1238eb8c15e49ea22b1bb4ae5fb6c971f017f3173bfdf5822497efe", 0xd7}], 0x2, &(0x7f0000000780)=[{0x30, 0x107, 0x5, "4a79ab6b841770f1a8cd14c74fadfbf11d8dcc5255b073035427f13938e73e7f79a9"}, {0x10, 0x11, 0x6, "cf5fa202"}, {0x44, 0x1fe, 0x4, "ca20572b34e9dce7c11e3509332bff3004249137adf5b104d3dfe4b0221511caf7b81076686070acb3322738eed28cbf9144dd5bfadb"}, {0x5c, 0x118, 0x6, "fca43f5f291fd1e57af281db8f5e0c5835448b020f582ba723e34d2d8aa3a106b8016a115dfa8c1a6ad15f6ef13497d834f18c4501d87cc0e381f350022800942590810a397f8f53f0c4f5cb2703dc"}], 0xe0}}, {{&(0x7f00000003c0)=@rc={0x1f, @none, 0x9}, 0x80, &(0x7f0000000d00)=[{&(0x7f0000000880)="afc0843e8407e19da44bdec253dfa46c2cf535336fcd80bd4b38535129479c056dc96c35e56aff248d607dd3743a51ef8f0d3e8685058903fd378650d3a1dc59ab53673d0ea8a75fc67cb119beff232573237dabc0f9bd7bdabbd0586a24a21ca0e867a4b8be13fca06d38afd20a9f82d63d271b8789632ef6d86b93ad2bbda033fb5c010e545c2e4dd2d2b0e5c846eb19b247da5ef8", 0x96}, {&(0x7f0000000440)="8ecd83bd6e3b7c4be56edd6376d8c61707f19ba4340b8967b7f12a68429336a6d16a629458c12832b12fe9e2cab9846542ebb6", 0x33}, {&(0x7f0000000d40)="6ef833043a1a15cd07569f71e5ac290b9eaf5ba74ace0903e4cb2351b5421558c5abaf9f664ba165c2f0c84cd0be6a4efd2cdda4411818b4f318cff8294f765976755c60cbfbc600f58b886b2668ae4be2b082474f2defacac3258cf17c18c5afee654a84f8f7580239631", 0x6b}, {&(0x7f00000009c0)="24e56e3e2e9c3506e3a4e3d4c4f9326c66c5bda7f09935d6c96c99835434727708e945d72f6d62a72c91dd7d59ec44184a7cc4661fe671242ba4eeb8068646535a13a8a6f887a1c7f30e7b9fe88138a8747a6a9b2519e9ce60aa0da15127faa11e002d29982cf1e98960f4eeb7174c3e", 0x70}, {&(0x7f0000000b40)="1f4e53eaaf93960429b54dbbbcf81ac41c9e81118193767c138d9388979d8bed2763b5547a1a77ae366a16ca9b88bc807fc22abd4a917e2d780352a40ce417de2b6feceb282a04dfd862ebdb33e025e30dfaab44a6aaca8493d6423e5199faac098512e9cc1b270c1fc0f2db777c00fc177b1561360c23fa81a6f33c86d7a07f7988b639dc73f18529f33b510b118f83ff7a7939d19aae00b2ea", 0x9a}, {&(0x7f0000000a40)="3c4be94b5568aa273ce03ccd3e1b497c20fd747d2c2e1d3cb86610e4621788", 0x1f}], 0x6, &(0x7f0000000c00)=[{0xb8, 0x107, 0x6, "168bb44fe98ed254ccdb2350324e35dafa80a54aa3b5e57e0da650f60bb2253955da85ce26be0363279275c07089526ae6f9c4447451a744eceba7043aafbe108170e1dede8387f20ba9c28f367162651fc55b7af00244ba099be5c26d557e2140b3553dbfe98464c4a9d748c581091afc92e174d533c79c89b50051b1bc46861012476163c4994c506101f11be6cafe8f0f3f6a8d9aff25148739e17055fd38d69613c22c5e386ef5b3"}], 0xb8}}], 0x2, 0x0) recvmmsg(r9, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0) 1.035791847s ago: executing program 1 (id=952): getpid() r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x0}) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) openat$rtc(0xffffff9c, &(0x7f0000000000), 0x1000, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1}) 1.035315645s ago: executing program 1 (id=953): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) pipe(0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x1) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x84, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000000)) r4 = socket$inet(0x2, 0x1, 0x5568) setsockopt$inet_tcp_int(r4, 0x6, 0x17, 0x0, 0x0) syz_pidfd_open(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000140)=0x1) ioctl$PPPIOCBRIDGECHAN(r2, 0x40047435, &(0x7f0000000200)=0x1) 956.163745ms ago: executing program 3 (id=954): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x38, 0x14, 0x509, 0x70bd2c, 0x0, {0x2, 0x18, 0x0, 0x0, r1}, [@IFA_ADDRESS={0x8, 0x1, @multicast2}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_LOCAL={0x8, 0x2, @remote}, @IFA_LOCAL={0x8, 0x2, @broadcast}]}, 0x38}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) socket$inet_tcp(0x2, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x7ff, 0x2}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x1, 0xb, 0x7fffffff, 0x2}, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x53) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) 955.728341ms ago: executing program 1 (id=955): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001100)='net/wireless\x00') r1 = socket$netlink(0x10, 0x3, 0xf) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) fcntl$addseals(r2, 0x409, 0x9) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[], 0x50) mount$afs(0x0, &(0x7f00000001c0)='./file5\x00', &(0x7f00000002c0), 0x802414, &(0x7f0000000200)=ANY=[]) renameat2(0xffffffffffffff9c, 0x0, r1, &(0x7f0000000180)='./file5\x00', 0x3) r4 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x1e3003, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000300)) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000004140)=ANY=[@ANYBLOB="02000000040000", @ANYBLOB="000000000000000018004a28e495d6e9", @ANYBLOB="1f15c2663936d0145be26d7ea8653335edd2c09ae5d13b36b3b2bc2aa842eff83a79fdd5ee1df58091818dbb6626a40810775e9d28a17419d6bd9352db10ad75b1f266d7981e716ed50c327f3f47b39900b4cbf7c9c986326f64e1ae288183b5f805cb2d8ad8c4a5500ecccf633d269f00c8cdfe3e0f667b511e50e4298f7884adc92b88f6a77285de48a88e0a92f57d1868982854595982fa60f18770cf39291bcf95ef86b88afee986d75ae1aebb530030166ea2a20e1133989ff904bd411675d89d9827261ed3044e5d1f0b114a6a434a92dd433ac0e84d55ff09fe13469fbfe12bb093f01635f55d4943abe6e949539a7dc64167b725e4c1b4cd8fcb52b989174ffb58e85ab2af3d46538d616af5adc3f936c5b86b2a0afec1039716c381200e26603dd9844570ab737cfc65bb147eab3863834ee8f971f1d23fde1d8586681f97b9fc715b9b81211ba0a3638565a6e389c01608080909f0b3a7ca675f52922e19cf40b1ef127bc79b0ea80671e74c326fe22e0115d3f3dff88f7ed2c313648d28c6fc8e218b528b56b1af9d2b4a898abf8f5638aedc49b9ccab69fc1d179f22d0b58093e67cddf2af12c8bc3016217ec8de0c2a191bdee789111014395b73a35000de9a4d44e974067e22773d569be4e0731f9347536dcb7a6ac924958cd9b299c67b09b9e0fb8673c596b53ff6b9714d5a86b833176b9b4c57b907a807e2505c73977a16a6f30fb3f821ed46256832c57df3b42e7cbbcf3de0fc09d6eb78d0e1d0afd002940fa0d4aa1e7e11e01b410d9a6f9dbee760f81329772033b1045649907c80d89e86adbd860a5ce55b9ca9a5fbef774be0b084746640a8ada57a684ac3f6e61d64eb766f5c0dfd9c4c2553c8fea17be7a2c438f2445198feab6149085e002482a655809b5fb523dad38bc22a506871a7f749e6dd32c25d12dd3cef6257aec8a684e87c380cf21d961dcc6a19997f07c655e0bfa1d7944b71281becac52b6d1cf6929abb6ed4f36b33a2340a18f1044159e623a592f0d9bfbea1fc66dd71a9118259b155984fdbea2aef572daed20d58cb441ed0ee395cfde5ac54e60d41210b71c9d42f52e05755aa937f8bfff15a68c493e9208b7b66203bcfd06cbeca3128832cb19ee48f246731a350aad250a70b950e90fa9d2bd641dd1c247f1a18a85d2b444a93bbe10616a864b811c8bf733a6bc603a7b4d515c156e73eba4fee34a2afa1df7d802c8ab9d5b68749f0f7c61112862ad790772d07ebd5a4cb305d826c0584e38b5eea90cac7c5799ad8bade81df39827c0797d3baa42f2227c27c2c40c29196586819547c2b9c0c6b07860b7d1af749c240273526f294be6395a4b6e19411d7cce4ade0533bd5b8bcfda54cca4c248223a35bf124a18c74c079e1d31d06729b9eb08cd39e58574de56c40fc96d62df67c0c2811ad641d1c6285b8107516aa6f0ffd69fc5e600d98d2d6dfe2c2b9603275406423fd0ce4c88f99e9962eb75be45102b2ff3b89fa0de79ea80eb65f5fd4583b86d88d34dcdced1282fc451b4d75cd43f88fd5bd74210a2785abd9d3e4f9101f5c6b8684cd7a8f4b4050dd999cc13339c3a98817da0396997b311c7e6c95ad8d40c9f96162b4a444fe07ef620c83757978584b19afe68e623a2960d215062622c0fddbdb0d2a029290b8587a4a155adcbd5629746eb981d6c9f0da4bcad8dcbc72942ec3c220b89a65f7d1bbd25e4f83100109e957c14e5dad53311de7a10c11fe2dcb1940763e9cffed673f943e382f05999e6d5dbf29d6f0fc529194d07ebae66e0172274d736058cb64d56de1774b3df1738a3acea60a763475c322a48c8932111ee01ec85e0e43ecd955541ba14a33cf67af40eee1709e2ae014eb017741ec62bddd8660eb5947c9911000b57ca81760f36c9bfa7bcf2fdbb7992a1e53f690f66582026a3e4b58812d93a8145c0066a20619f4597a70a5a9157182cd4cae9ff3e547f836b260ca93b4493ffb8a3ca1a7fb9cc21d8704fbf99cfdf2f710915fca25673e2f00a71a9754a51cb8c20738d79640932ef2c215cb142e7df1ca2ff27ead10b318f9700b7ca07c2b4858f9472c79d55b1c11a050870a67d6a9fec6b017fcdf9e1301abd00968b5f172ffe6b2c8f58092eb4ef96b71cca0c20045cff2b03dbd9f8571a5f331bee427ed38980f52899d8e8254f96bc5e65c2f2021ae7054f418489e645ab167c897aaef892a69955ce498cbc6035b0e38fdd777bf0d3b6860e4240168c343bb3152a079c204158acb052b7bcd2c55deafbf068cc194b9c4d51078fe7033df94e262082a0bbdf2ff56731ae5311e2e1b4a8dd62d54b02463befae273e35406d4607155d3cfffaddb8ddf55dfc56a6f80e3042d882711052edcd869af2019f13104ea63c04b19112577a98848468642e46b49ae3cc81e72bf5c63cb126a3312f364b0efa12b9dd97a96871459a274a127eb0d11d8c599b3309dec99ff510fb84ff916eb4c23671efb21acb61c853bc540db8dcc17a5b0e48e9402baa58ddfa1c3fc06b61cecf3162c349c77215c3b96dd8d89bd04a9bb2c3e265bbe372ccae14d81b8ba6ea331bf7a4e4bd986ec01adf275b048a6f1874834ae9d6ad768b5f0b24ddd3c1f96b496c9c5ce935de869cf964cd6331f34a86226fcf2529eec25f7baa40da08dd7ff963d4f0fdf2ef8f6685568150684b34ddf01df753b78e3750b07709e998767887f8c02ffd9d3f4817ef6e94b72cd25bc625bb9143031290d23f090f3c99a204e82089b78c2e56e5fe5b8da2ef8b7c6ec1f86b78a03c683af177088135dfa3d3ec078d950bd35930fec3864e77e2c5fcb91beb28ecdd6ba7d0855612af8ac057741becd5ffa10f44d09453dec0e0bed733144526fcbc6c39fc329f5f8368e2ede988adf2721bd67a3aac5e269f8804cdf61c33cf7b5709167b84749b8c215fdf0d7a6137167dfd78d41eba56862b9256359ac59dc6eeb22cc1b16a87733389db4404db53188a9c0d437bd530fed71df9974c487554404f3ebab7e8a64c37bb743fafbb47b74a79847ebde16c32dc22c48549a45879e4379ba5e30fd12f49faf1cd32bf67830f18c3e8334054816588492f0e070370142a7383cb05989c534d14b372d50d4900d5d7eebc3bf97808b3eea035729046743294de4d81ad2590475b9db75f9d26f34e4b1ba61fe6e30a2ba61927f63cbd4a089a9d44ca9cabb4e2bfd971f9e085e933129fdfb698ea32fbd1a962e97370f2a2ae58e0e2fa1bc59250ea8a8edeaa8125d16742e6394350eac919df4ee9a498bf08a970f76d20b241e1659f85a414167e5329fa3445b8197bfb1217582ad60c8ef8fcd4af290b48610445e8b491fe8e416f80cf6a4749ee8f98232e4407fd70689629823c4191cca64f5b5b960fe86a0409ab928f847796d26e372115772b2a16279957d96c131d103dbc292e62f1e8a5527acd3f135b9f616f74181c9514f99b77cf0c1113157ad1d2b6cb6af0384f9ac66de79868ca8f9dd4362342fa3737c2355398fd15015588ac51752670833603991a35ced11671c5254bbbaeb355b52b9efb92af097e5983b29fda57f4d9fc9220890cd982c97d0fa8e595033de3987a0652a9eef2318d36e3f2321976a2c7d7a10ae583d2859733544955032e1b13bb164870c41c19e723d7d1a6745abcfdc9becb30bf6e4fe5affbfd50c8718280bd4ed9800ce3d07870ef17ffed58cbe5505e8d50b27009c91f95188b0eb14d6bc73ea2202feeb02cdb7920d021b623d4eaa34388a8dbc9969a9d6c8e2b1166f1817f8d1f2e1ca5d675e0e898582bf429a2eb4653ad5f97a67346d881c6f450a4146604e555b247e57aa673506c3520b006dff3a53c0fea3373691ffe41bf31888d557e568ee49f8503dd83f16bf945b1bb41f234052ff2241a0df6f5ce9f54bbd2a97c2906fe1a106292580b2332c36d7813d23be7306f07a3b3c1a6ddc809047015eb8ea575d61691c31bbba34c3db97068c38da267fae47bd61964c360ead45cb6ee8b93a963cdf3d10ba9f22922695ed6bc6756a727448e3dffc8e331a4c497670296cc6a2331a5896df6314d5ab6925d2e8f18f615cb4a1a5200735d4a6e94a93f704ace359c1a0920a76ab932723c2f80895a733e9bf6f4586fbac54fe2dc94133bf5c98e0b78ff3df1323f28e545aa79c265e63521d288f741c32f3882229fbff67db8a7f9aab82e8d13c582911395366e2d9ea1d67d9ed4b75869a5894730612fe6cedc9182cec5b50e2929369138e70dda057b71f33bff986997245bd85498cba0184c0262d7372457bf88f90d4d77bc3c619e7c80d7ab75a0372b5ee54820e34efdab41d9597f2c971617a3cadefd84f7700574eac7e75db6da8300efc300c0a2a4bd8291cc4b3fd44797ee6d76ebbd5da91a28f33f8cba5d47de4d0859696c71d400abf72d1857bdbd2e36e52173dc1996e832da8a1e703315e5d4bce4061d824a844caf3c4c6b761525210f9f8fc343d06569f0645f23d586cced89849f44a5735a6272c79bccc977c319a0a7c4d3aa45af3d0675500562b5c0e5341e2a86a6355fa510e987e5998f1589e1b0f071678682c68fc3443d3e60304acfb6b5665cddcb7c4f9e6ff56e7b3e902c8bb80a0bb064762eef5df0c7751baab61f57152a80dcf151dcd458c45dc0c7461fa8462b38bebf483a58fd18a8639d601232cc6f83471822f32817aac1e8323dd8ed5cf339301faaf858c0ebc89ea5f948348b6997f509526eb95257fb8b3f42e2f705ef94c9d79087c219df28026998ea9ff1bb78ba7dbb4b4aafec20b55760da94509de0dba45eb8d4f51fc6c19f4cd1b01852efad7af6f546c1bc71cf553d7f72a9847c2fff23c9a110cb61e981d8fe2b236da79d593afc0e524cf7ef2bc446ecf5ecccb7e8a071907ffe6e3c5b80a33e913dcd7754c7736c8253bd6b524362ae437cbb01a9c063e9fb42e4fda93221203a409d239dd0af6aaff671d36c79503f0fd99b78c171a80d29bbbe5d1a2440c6add499bbdc766ce09030ef5a615430e1bdfc60a1ae7a491e9787fc", @ANYRESDEC=r1, @ANYBLOB="000000000200"/28], 0x50) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$netlink(0x10, 0x3, 0x5) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000340)={0x3, 0x900900, 0x3}) io_submit(0x0, 0x0, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) preadv(r0, &(0x7f0000002240)=[{&(0x7f0000003d00)=""/4096, 0x1000}], 0x1, 0x29d3, 0x6) setrlimit(0x7, &(0x7f00000001c0)={0x3, 0x4}) socket$nl_generic(0x10, 0x3, 0x10) 485.460945ms ago: executing program 0 (id=956): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@newlink={0x38, 0x10, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x47a31, 0x9894}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x80) 484.720207ms ago: executing program 0 (id=957): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x4000001}, 0x8000) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000005840)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003200)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x3f, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 386.346221ms ago: executing program 0 (id=958): unshare(0x0) (async, rerun: 32) socket$inet_sctp(0x2, 0x1, 0x84) (rerun: 32) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000140)={'nat\x00', 0x0, 0x0, 0x0, [0x9, 0x4009, 0x3, 0x0, 0x2, 0x4005]}, &(0x7f0000000080)=0x50) r0 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x7c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, 0x0) sendmmsg$inet(r2, 0x0, 0x0, 0x4040) pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) lseek(r0, 0x2b, 0x4) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async) r3 = fsmount(r0, 0x0, 0x1) fchdir(r3) (async, rerun: 64) ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000040)) (rerun: 64) 82.711775ms ago: executing program 0 (id=959): r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x8000, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x36, 0x2, 0x0, "d569e8000000fa44966262631e8ac11e00"}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x4, 0x4, 0x4, 0x8}, 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x1, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0x16}]}, &(0x7f0000000040)='GPL\x00'}, 0x94) r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_misc(r4, &(0x7f0000000000)='+\fER', 0x4) write$binfmt_misc(r4, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000400)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo/3\x00') read$FUSE(r5, &(0x7f00000040c0)={0x2020}, 0x2020) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000680)={'ip_vti0\x00', &(0x7f0000000540)={'erspan0\x00', 0x0, 0x80, 0x80, 0x4, 0x4, {{0x39, 0x4, 0x2, 0x1, 0xe4, 0x68, 0x0, 0x52, 0x2f, 0x0, @remote, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0xf5, 0x1, 0xd, [{@multicast1, 0xb}, {@multicast1, 0x2}]}, @generic={0x82, 0xe, "6c2390831096d0a7b872b0b7"}, @timestamp={0x44, 0x18, 0x8d, 0x0, 0x0, [0xdca8, 0x0, 0x0, 0x8, 0x2]}, @ssrr={0x89, 0x13, 0x49, [@loopback, @multicast2, @broadcast, @multicast2]}, @cipso={0x86, 0x3b, 0x1, [{0x3, 0xc, "f0b2a32bc1677a872617"}, {0x6, 0xe, "5253915a0d23e6c148a77db4"}, {0x7, 0x10, "af18b137c604473c6124db435d94"}, {0x0, 0x3, "bf"}, {0x5, 0x8, "a2e90eece340"}]}, @generic={0x86, 0x8, "f2e77d3bc42c"}, @rr={0x7, 0x7, 0x38, [@local]}, @timestamp={0x44, 0x1c, 0xfc, 0x0, 0x4, [0x6, 0x80000001, 0x1, 0x7, 0x1ff, 0x9]}, @timestamp_prespec={0x44, 0x1c, 0x59, 0x3, 0x4, [{@multicast2, 0x1}, {@empty, 0x7fff}, {@local, 0x1}]}]}}}}}) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@bloom_filter={0x1e, 0x5, 0x2, 0x6, 0x2000, r5, 0xc46, '\x00', r6, r4, 0x2, 0x0, 0x4}, 0x50) socket$inet_udplite(0x2, 0x2, 0x88) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r7, 0x0) io_submit(0x0, 0x2, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x6, r2, &(0x7f00000001c0)="0116f3b882d4adc9ad49fe4f7a58f2f879169836ba7c82b45a633712bea7b75a161dc37c14ac90fba06f03b448575da79995c743f16ae1690b6bddd7d638010ecdd29707753f2d955a86e94cae72db4204a8d7c6d76688f3075e749dd7cb7f8614b5d0b7d7c8ce7f89bb5622207ae7c07d17bb0ecc", 0x75, 0x2, 0x0, 0x0, r4}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x1000, r2, &(0x7f0000000240)="2c100003f19ed9a8e2ae0c4afd0a0c328052d7f8b560472d1e6eaab02909e4aeb9ec2c2869833ceec09b9d4172e41955470f6adccb589fdebafd308a1067b82894d1d6bcc8696f9d49bbc741480bbca6bc797b8356a08fdeaee01e12661ea58c8cbec270577c28fccd17b35ab6772de2626a275003539f1b0360ed0f358a0155fc544cb1128de9a666854d0e0621cd59a9de275c6d0a4b70b5f911a9f2f7c65f63c402465ccf269e748369573f1d49b837d56f4f37a63c870cf2c10288cb364826c66d7231bc3550f49268a7c52c34418da0e95c715c7ea47ea84b793a80cbee3a82396e2bb05754f1d450e224", 0xed, 0xfffffffffffff2c8, 0x0, 0x2, r7}]) 82.164944ms ago: executing program 1 (id=960): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="66643d8b60b600eacc7adcfc6c7b3093ffbdac74a39d9bdf737fdd47300858671493e4612da423d1eefc67623a3e26ce1afdc504b58823315257cbf7b12f2b19f78ecaf01fc57c246a264090", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000N00000000000040000,user_id=', @ANYRES32, @ANYBLOB=',grou`_id=', @ANYRES32=r0]) read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2020) creat(&(0x7f00000000c0)='./file0\x00', 0x48) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) r1 = socket(0x2, 0x2, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f000082f000/0x2000)=nil, 0x2000, 0xb635773f06ebbee4, 0x4131, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7) flistxattr(0xffffffffffffffff, &(0x7f0000000440)=""/204, 0xcc) ioctl$FS_IOC_RESVSP(r6, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762}) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r6, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385204080, 0x0, 0x0, 0x0, {0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) 15.873296ms ago: executing program 3 (id=961): pselect6(0x2a, 0x0, 0x0, &(0x7f0000000400)={0x1, 0x5, 0xffffffff, 0x30000, 0x80000001, 0x8, 0x4, 0x5e5e}, &(0x7f0000000480), &(0x7f0000000500)={&(0x7f00000004c0)={[0x4dd]}, 0x8}) r0 = socket$inet(0x2, 0x2, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='macvlan0\x00', 0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0xf38e, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), r1) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000d40)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8111}, 0x20004010) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x2, 0x0) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x63) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) socketpair(0x18, 0x5, 0x7, &(0x7f0000000040)={0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001180)={&(0x7f00000000c0)='sys_exit\x00', r7}, 0x18) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000180), r5) sendmsg$SMC_PNETID_FLUSH(r8, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r9, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'syzkaller1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x8001}, 0x80) writev(r6, &(0x7f0000000840)=[{0x0}], 0x1) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="e00000001000090500000000000000006f6d888f1d1c4e5ad85ce4966dbd0000002b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004000000000000bf852c8986626691b01b5f44e4ce2d712d2828da0a9423debbb86f9dba4a2dba4dbe076c292c2800c446a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100024db5dd5e995aa0912086d9f4606d2e4cc898739222c5d3a83cb6b707f3336336ebb7d68143be79a8614b52dd4b961cc1dbf6db57ce940be783"], 0xe0}], 0x1}, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x4842, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x5, 0x4, 0x7, 0x0, r3}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140), 0x0, 0xffff, r10}, 0x38) 15.503687ms ago: executing program 1 (id=962): sendmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{}], 0x1}}], 0x1, 0x24008094) r0 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$CDROMREADAUDIO(r0, 0x2284, &(0x7f00000000c0)={@msf={0xfd, 0x9, 0x5a}, 0x1, 0x0, 0x0}) (fail_nth: 4) 0s ago: executing program 2 (id=963): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf4}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0xb, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0) kernel console output (not intermixed with test programs): x8e [ 224.107021][ T8099] RIP: 0023:0xf7f76579 [ 224.107034][ T8099] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 224.107050][ T8099] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 224.107066][ T8099] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000002284 [ 224.107076][ T8099] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 224.107086][ T8099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 224.107095][ T8099] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 224.107104][ T8099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.107123][ T8099] [ 224.107147][ T8099] ERROR: Out of memory at tomoyo_realpath_from_path. [ 224.197284][ T53] usb 7-1: USB disconnect, device number 10 [ 224.515319][ T8107] FAULT_INJECTION: forcing a failure. [ 224.515319][ T8107] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.520039][ T8107] CPU: 1 UID: 0 PID: 8107 Comm: syz.0.463 Not tainted syzkaller #0 PREEMPT(full) [ 224.520056][ T8107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 224.520063][ T8107] Call Trace: [ 224.520067][ T8107] [ 224.520072][ T8107] dump_stack_lvl+0x16c/0x1f0 [ 224.520089][ T8107] should_fail_ex+0x512/0x640 [ 224.520105][ T8107] _copy_from_iter+0x29f/0x1720 [ 224.520121][ T8107] ? __alloc_skb+0x200/0x380 [ 224.520133][ T8107] ? __pfx__copy_from_iter+0x10/0x10 [ 224.520146][ T8107] ? __kernel_text_address+0xd/0x40 [ 224.520157][ T8107] ? __pfx___might_resched+0x10/0x10 [ 224.520174][ T8107] netlink_sendmsg+0x820/0xdd0 [ 224.520190][ T8107] ? __pfx_netlink_sendmsg+0x10/0x10 [ 224.520205][ T8107] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 224.520221][ T8107] ____sys_sendmsg+0xa98/0xc70 [ 224.520238][ T8107] ? __pfx_____sys_sendmsg+0x10/0x10 [ 224.520252][ T8107] ? get_compat_msghdr+0x11a/0x170 [ 224.520269][ T8107] ___sys_sendmsg+0x134/0x1d0 [ 224.520282][ T8107] ? __pfx____sys_sendmsg+0x10/0x10 [ 224.520307][ T8107] ? find_held_lock+0x2b/0x80 [ 224.520346][ T8107] __sys_sendmsg+0x16d/0x220 [ 224.520365][ T8107] ? __pfx___sys_sendmsg+0x10/0x10 [ 224.520396][ T8107] ? rcu_is_watching+0x12/0xc0 [ 224.520418][ T8107] __do_fast_syscall_32+0x7c/0x300 [ 224.520436][ T8107] do_fast_syscall_32+0x32/0x80 [ 224.520448][ T8107] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 224.520462][ T8107] RIP: 0023:0xf703d579 [ 224.520471][ T8107] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 224.520481][ T8107] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 224.520492][ T8107] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 224.520499][ T8107] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 224.520505][ T8107] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 224.520511][ T8107] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 224.520517][ T8107] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.520530][ T8107] [ 224.624872][ C1] vcan0: j1939_tp_rxtimer: 0xffff888054ad4000: rx timeout, send abort [ 224.632224][ T29] usb 5-1: USB disconnect, device number 9 [ 225.030723][ T8113] tmpfs: Invalid gid '0x00000000ffffffff' [ 225.129007][ C1] vcan0: j1939_tp_rxtimer: 0xffff888054ad4000: abort rx timeout. Force session deactivation [ 225.511933][ T8118] tipc: Enabling of bearer rejected, failed to enable media [ 226.031969][ T8131] netlink: 72 bytes leftover after parsing attributes in process `syz.1.469'. [ 226.440184][ T6214] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 226.545572][ T8142] block nbd3: not configured, cannot reconfigure [ 226.549649][ T8142] syzkaller1: entered promiscuous mode [ 226.551770][ T8142] syzkaller1: entered allmulticast mode [ 226.590172][ T6214] usb 6-1: Using ep0 maxpacket: 32 [ 226.593935][ T6214] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 226.600333][ T6214] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 226.603436][ T6214] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 226.603584][ T8144] fuse: Bad value for 'fd' [ 226.606015][ T6214] usb 6-1: Product: syz [ 226.609386][ T6214] usb 6-1: Manufacturer: syz [ 226.611473][ T6214] usb 6-1: SerialNumber: syz [ 226.619401][ T6214] usb 6-1: config 0 descriptor?? [ 226.622085][ T8136] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 226.750091][ T53] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 226.921905][ T53] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 226.925654][ T53] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 226.930435][ T53] usb 7-1: config 0 interface 0 has no altsetting 0 [ 226.935794][ T53] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 226.939763][ T53] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 226.943064][ T53] usb 7-1: Product: syz [ 226.944834][ T53] usb 7-1: Manufacturer: syz [ 226.946830][ T53] usb 7-1: SerialNumber: syz [ 226.951261][ T53] usb 7-1: config 0 descriptor?? [ 226.955676][ T53] hub 7-1:0.0: bad descriptor, ignoring hub [ 226.958109][ T53] hub 7-1:0.0: probe with driver hub failed with error -5 [ 226.963054][ T53] usb 7-1: selecting invalid altsetting 0 [ 227.084804][ T8151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 227.091109][ T8151] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.583111][ T8161] sp0: Synchronizing with TNC [ 227.594226][ T8160] [U] [ 227.880995][ T8169] ttynull ttynull: ldisc open failed (-12), clearing slot 0 [ 228.070888][ T8177] siw: device registration error -23 [ 229.522626][ T8185] FAULT_INJECTION: forcing a failure. [ 229.522626][ T8185] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 229.528067][ T8185] CPU: 2 UID: 0 PID: 8185 Comm: syz.3.483 Not tainted syzkaller #0 PREEMPT(full) [ 229.528096][ T8185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 229.528103][ T8185] Call Trace: [ 229.528107][ T8185] [ 229.528111][ T8185] dump_stack_lvl+0x16c/0x1f0 [ 229.528128][ T8185] should_fail_ex+0x512/0x640 [ 229.528144][ T8185] should_fail_alloc_page+0xe7/0x130 [ 229.528159][ T8185] prepare_alloc_pages+0x3c2/0x610 [ 229.528173][ T8185] ? rcu_is_watching+0x12/0xc0 [ 229.528187][ T8185] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 229.528199][ T8185] ? __lock_acquire+0xb97/0x1ce0 [ 229.528219][ T8185] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 229.528230][ T8185] ? do_raw_spin_lock+0x12c/0x2b0 [ 229.528257][ T8185] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 229.528278][ T8185] ? find_held_lock+0x2b/0x80 [ 229.528297][ T8185] ? __lock_acquire+0xb97/0x1ce0 [ 229.528315][ T8185] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 229.528339][ T8185] ? policy_nodemask+0xea/0x4e0 [ 229.528354][ T8185] alloc_pages_mpol+0x1fb/0x550 [ 229.528368][ T8185] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 229.528386][ T8185] folio_alloc_mpol_noprof+0x36/0x2f0 [ 229.528403][ T8185] shmem_alloc_folio+0x135/0x160 [ 229.528419][ T8185] shmem_alloc_and_add_folio+0x499/0xc20 [ 229.528440][ T8185] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 229.528458][ T8185] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 229.528472][ T8185] shmem_get_folio_gfp+0x67f/0x1610 [ 229.528486][ T8185] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 229.528500][ T8185] shmem_write_begin+0x160/0x300 [ 229.528512][ T8185] ? __pfx_shmem_write_begin+0x10/0x10 [ 229.528523][ T8185] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 229.528540][ T8185] generic_perform_write+0x3c4/0x900 [ 229.528560][ T8185] ? __pfx_generic_perform_write+0x10/0x10 [ 229.528577][ T8185] ? inode_needs_update_time.part.0+0x191/0x270 [ 229.528593][ T8185] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 229.528605][ T8185] shmem_file_write_iter+0x10e/0x140 [ 229.528618][ T8185] __kernel_write_iter+0x31a/0xb10 [ 229.528631][ T8185] ? __pfx___kernel_write_iter+0x10/0x10 [ 229.528649][ T8185] kernel_write+0x1f4/0x6c0 [ 229.528661][ T8185] ? __pfx_kernel_write+0x10/0x10 [ 229.528671][ T8185] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 229.528690][ T8185] ? __shmem_file_setup+0x8e/0x330 [ 229.528707][ T8185] big_key_preparse+0x3a8/0x5b0 [ 229.528721][ T8185] ? __pfx_big_key_preparse+0x10/0x10 [ 229.528731][ T8185] ? __pfx_down_read+0x10/0x10 [ 229.528746][ T8185] ? __pfx_big_key_preparse+0x10/0x10 [ 229.528758][ T8185] __key_create_or_update+0x458/0xe10 [ 229.528771][ T8185] ? __pfx___key_create_or_update+0x10/0x10 [ 229.528782][ T8185] ? lookup_user_key+0x2ce/0x1300 [ 229.528804][ T8185] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 229.528823][ T8185] key_create_or_update+0x42/0x60 [ 229.528835][ T8185] __do_sys_add_key+0x29d/0x470 [ 229.528849][ T8185] ? __pfx___do_sys_add_key+0x10/0x10 [ 229.528860][ T8185] ? ksys_write+0x1ac/0x250 [ 229.528873][ T8185] ? rcu_is_watching+0x12/0xc0 [ 229.528886][ T8185] __do_fast_syscall_32+0x7c/0x300 [ 229.528900][ T8185] do_fast_syscall_32+0x32/0x80 [ 229.528912][ T8185] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 229.528925][ T8185] RIP: 0023:0xf704d579 [ 229.528934][ T8185] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 229.528944][ T8185] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 000000000000011e [ 229.528955][ T8185] RAX: ffffffffffffffda RBX: 00000000800018c0 RCX: 0000000080001900 [ 229.528961][ T8185] RDX: 0000000080001940 RSI: 00000000000fffff RDI: 00000000fffffffe [ 229.528967][ T8185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 229.528973][ T8185] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 229.528979][ T8185] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 229.528993][ T8185] [ 229.671287][ T29] usb 7-1: USB disconnect, device number 11 [ 229.705228][ T8187] block nbd3: not configured, cannot reconfigure [ 229.708861][ T8187] syzkaller1: entered promiscuous mode [ 229.711840][ T8187] syzkaller1: entered allmulticast mode [ 230.124168][ T8194] netlink: 20 bytes leftover after parsing attributes in process `syz.0.486'. [ 230.127016][ T8194] xfrm0: entered promiscuous mode [ 230.128604][ T8194] xfrm0: entered allmulticast mode [ 230.263324][ T29] usb 6-1: USB disconnect, device number 12 [ 230.280790][ T8202] siw: device registration error -23 [ 230.340281][ T60] usb 7-1: new low-speed USB device number 12 using dummy_hcd [ 230.480238][ T60] usb 7-1: device descriptor read/64, error -71 [ 230.566728][ T8205] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 230.730079][ T60] usb 7-1: new low-speed USB device number 13 using dummy_hcd [ 230.870198][ T60] usb 7-1: device descriptor read/64, error -71 [ 230.981379][ T60] usb usb7-port1: attempt power cycle [ 231.322325][ T60] usb 7-1: new low-speed USB device number 14 using dummy_hcd [ 231.330259][ T53] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 231.352758][ T60] usb 7-1: device descriptor read/8, error -71 [ 231.355294][ T8244] netlink: 4 bytes leftover after parsing attributes in process `syz.0.496'. [ 231.362756][ T8244] veth1_macvtap: left promiscuous mode [ 231.483676][ T53] usb 8-1: config index 0 descriptor too short (expected 39, got 27) [ 231.487329][ T53] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 231.494091][ T53] usb 8-1: config 0 interface 0 has no altsetting 0 [ 231.499371][ T53] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 231.503147][ T53] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 231.506407][ T53] usb 8-1: Product: syz [ 231.508019][ T53] usb 8-1: Manufacturer: syz [ 231.509705][ T53] usb 8-1: SerialNumber: syz [ 231.514306][ T53] usb 8-1: config 0 descriptor?? [ 231.523781][ T53] hub 8-1:0.0: bad descriptor, ignoring hub [ 231.526018][ T53] hub 8-1:0.0: probe with driver hub failed with error -5 [ 231.531153][ T53] usb 8-1: selecting invalid altsetting 0 [ 231.620629][ T60] usb 7-1: new low-speed USB device number 15 using dummy_hcd [ 231.651185][ T60] usb 7-1: device descriptor read/8, error -71 [ 231.770279][ T60] usb usb7-port1: unable to enumerate USB device [ 231.848115][ T8261] block nbd0: not configured, cannot reconfigure [ 231.852274][ T8261] syzkaller1: entered promiscuous mode [ 231.854247][ T8261] syzkaller1: entered allmulticast mode [ 233.205606][ T8275] lo speed is unknown, defaulting to 1000 [ 233.320053][ T53] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 233.431169][ T8280] tmpfs: Invalid gid '0x00000000ffffffff' [ 233.492575][ T53] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 233.495860][ T53] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 233.499229][ T53] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 233.506325][ T53] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 233.509533][ T53] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.512466][ T53] usb 5-1: Product: syz [ 233.514183][ T53] usb 5-1: Manufacturer: syz [ 233.516012][ T53] usb 5-1: SerialNumber: syz [ 234.072804][ T53] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 234.265467][ T29] usb 8-1: USB disconnect, device number 13 [ 234.283114][ T8299] siw: device registration error -23 [ 234.344499][ T53] usb 5-1: USB disconnect, device number 10 [ 234.391401][ T53] usblp0: removed [ 234.515039][ T8303] siw: device registration error -23 [ 235.124698][ T8313] tmpfs: Invalid gid '0x00000000ffffffff' [ 235.280663][ T60] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 235.282623][ T8316] block nbd3: not configured, cannot reconfigure [ 235.286973][ T8316] syzkaller1: entered promiscuous mode [ 235.289067][ T8316] syzkaller1: entered allmulticast mode [ 235.411375][ T5647] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 235.415966][ T60] usb 5-1: device descriptor read/64, error -71 [ 235.660176][ T60] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 235.800141][ T60] usb 5-1: device descriptor read/64, error -71 [ 235.911380][ T60] usb usb5-port1: attempt power cycle [ 235.935739][ T8325] loop9: detected capacity change from 0 to 7 [ 235.939651][ T8325] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 235.941697][ T8325] loop9: partition table partially beyond EOD, truncated [ 235.947146][ T8325] loop9: p1 size 2437361653 extends beyond EOD, truncated [ 236.260256][ T60] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 236.281145][ T60] usb 5-1: device descriptor read/8, error -71 [ 236.520363][ T60] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 236.540694][ T60] usb 5-1: device descriptor read/8, error -71 [ 236.652460][ T60] usb usb5-port1: unable to enumerate USB device [ 242.903264][ T8340] netlink: 68 bytes leftover after parsing attributes in process `syz.1.510'. [ 242.906725][ T8340] netlink: 24 bytes leftover after parsing attributes in process `syz.1.510'. [ 243.451716][ T29] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 243.471830][ T8359] netlink: 56 bytes leftover after parsing attributes in process `syz.2.511'. [ 243.643371][ T29] usb 8-1: config index 0 descriptor too short (expected 39, got 27) [ 243.645899][ T29] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 243.649110][ T29] usb 8-1: config 0 interface 0 has no altsetting 0 [ 243.655135][ T29] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 243.655535][ T8367] FAULT_INJECTION: forcing a failure. [ 243.655535][ T8367] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.658623][ T29] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 243.663545][ T8367] CPU: 3 UID: 0 PID: 8367 Comm: syz.1.516 Not tainted syzkaller #0 PREEMPT(full) [ 243.663559][ T8367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 243.663566][ T8367] Call Trace: [ 243.663570][ T8367] [ 243.663574][ T8367] dump_stack_lvl+0x16c/0x1f0 [ 243.663591][ T8367] should_fail_ex+0x512/0x640 [ 243.663606][ T8367] _copy_from_user+0x2e/0xd0 [ 243.663620][ T8367] msr_io+0x93/0x4e0 [ 243.663636][ T8367] ? __pfx_do_set_msr+0x10/0x10 [ 243.663653][ T8367] ? __pfx_msr_io+0x10/0x10 [ 243.663668][ T8367] ? __lock_acquire+0x62e/0x1ce0 [ 243.663685][ T8367] kvm_arch_vcpu_ioctl+0x1469/0x5570 [ 243.663700][ T8367] ? kvm_arch_vcpu_ioctl+0x1444/0x5570 [ 243.663717][ T8367] ? lock_acquire+0x179/0x350 [ 243.663731][ T8367] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 243.663745][ T8367] ? find_held_lock+0x2b/0x80 [ 243.663756][ T8367] ? bpf_trace_run2+0x26b/0x590 [ 243.663776][ T8367] ? bpf_trace_run2+0x2ab/0x590 [ 243.663792][ T8367] ? __pfx_bpf_trace_run2+0x10/0x10 [ 243.663810][ T8367] ? __lock_acquire+0xb97/0x1ce0 [ 243.663826][ T8367] ? kvm_vcpu_ioctl+0x280/0x1690 [ 243.663836][ T8367] ? __bpf_trace_contention_end+0xc9/0x110 [ 243.663851][ T8367] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 243.663868][ T8367] ? __pfx___mutex_trylock_common+0x10/0x10 [ 243.663883][ T8367] ? __pfx___might_resched+0x10/0x10 [ 243.663896][ T8367] ? rcu_is_watching+0x12/0xc0 [ 243.663907][ T8367] ? trace_contention_end+0xdd/0x130 [ 243.663922][ T8367] ? __mutex_lock+0x1c5/0x1060 [ 243.663939][ T8367] ? __pfx___mutex_lock+0x10/0x10 [ 243.663957][ T8367] ? kasan_quarantine_put+0x10a/0x240 [ 243.663971][ T8367] ? kvm_vcpu_ioctl+0x1235/0x1690 [ 243.663981][ T8367] kvm_vcpu_ioctl+0x1235/0x1690 [ 243.663994][ T8367] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 243.664005][ T8367] ? tomoyo_path_number_perm+0x18d/0x580 [ 243.664024][ T8367] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 243.664045][ T8367] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 243.664067][ T8367] ? do_vfs_ioctl+0x128/0x14f0 [ 243.664089][ T8367] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 243.664117][ T8367] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 243.664134][ T8367] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 243.664156][ T8367] ? __fget_files+0x20e/0x3c0 [ 243.664168][ T8367] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 243.664180][ T8367] __ia32_compat_sys_ioctl+0x23f/0x370 [ 243.664197][ T8367] __do_fast_syscall_32+0x7c/0x300 [ 243.664212][ T8367] do_fast_syscall_32+0x32/0x80 [ 243.664224][ T8367] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 243.664237][ T8367] RIP: 0023:0xf7fd7579 [ 243.664246][ T8367] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 243.664256][ T8367] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 243.664267][ T8367] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004008ae89 [ 243.664274][ T8367] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000 [ 243.664280][ T8367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 243.664286][ T8367] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 243.664292][ T8367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 243.664306][ T8367] [ 243.830649][ T29] usb 8-1: Product: syz [ 243.832028][ T29] usb 8-1: Manufacturer: syz [ 243.833786][ T29] usb 8-1: SerialNumber: syz [ 243.837000][ T29] usb 8-1: config 0 descriptor?? [ 243.852160][ T29] hub 8-1:0.0: bad descriptor, ignoring hub [ 243.854122][ T29] hub 8-1:0.0: probe with driver hub failed with error -5 [ 243.858494][ T29] usb 8-1: selecting invalid altsetting 0 [ 243.880095][ T8369] block nbd1: not configured, cannot reconfigure [ 243.893988][ T8369] syzkaller1: entered promiscuous mode [ 243.896728][ T8369] syzkaller1: entered allmulticast mode [ 243.918365][ T8374] input: syz0 as /devices/virtual/input/input19 [ 244.032358][ T8378] tipc: Started in network mode [ 244.034291][ T8378] tipc: Node identity d641abc8b8d5, cluster identity 4711 [ 244.037051][ T8378] tipc: Enabled bearer , priority 0 [ 244.039791][ T8378] syzkaller0: entered promiscuous mode [ 244.042129][ T8378] syzkaller0: entered allmulticast mode [ 244.078899][ T8378] tipc: Resetting bearer [ 244.191603][ T8376] tipc: Resetting bearer [ 244.203500][ T8376] tipc: Disabling bearer [ 244.419597][ T8386] netlink: 24 bytes leftover after parsing attributes in process `syz.2.520'. [ 244.894680][ T8398] siw: device registration error -23 [ 245.900341][ T29] usb 8-1: USB disconnect, device number 14 [ 246.134797][ T5942] Bluetooth: Unexpected continuation frame (len 10) [ 246.248483][ T8419] block nbd3: not configured, cannot reconfigure [ 246.259235][ T8419] syzkaller1: entered promiscuous mode [ 246.262194][ T8419] syzkaller1: entered allmulticast mode [ 246.296379][ T8420] Invalid option length (1048356) for dns_resolver key [ 246.766781][ T8428] siw: device registration error -23 [ 247.304078][ T8437] lo speed is unknown, defaulting to 1000 [ 247.448599][ T8441] tipc: Enabling of bearer rejected, failed to enable media [ 247.628683][ T8451] FAULT_INJECTION: forcing a failure. [ 247.628683][ T8451] name failslab, interval 1, probability 0, space 0, times 0 [ 247.634315][ T8451] CPU: 3 UID: 0 PID: 8451 Comm: syz.1.540 Not tainted syzkaller #0 PREEMPT(full) [ 247.634340][ T8451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 247.634349][ T8451] Call Trace: [ 247.634356][ T8451] [ 247.634362][ T8451] dump_stack_lvl+0x16c/0x1f0 [ 247.634385][ T8451] should_fail_ex+0x512/0x640 [ 247.634404][ T8451] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 247.634427][ T8451] should_failslab+0xc2/0x120 [ 247.634447][ T8451] kmem_cache_alloc_noprof+0x75/0x6e0 [ 247.634464][ T8451] ? skb_clone+0x190/0x3f0 [ 247.634485][ T8451] ? skb_clone+0x190/0x3f0 [ 247.634501][ T8451] skb_clone+0x190/0x3f0 [ 247.634519][ T8451] netlink_deliver_tap+0xabd/0xd30 [ 247.634542][ T8451] netlink_unicast+0x64c/0x870 [ 247.634564][ T8451] ? __pfx_netlink_unicast+0x10/0x10 [ 247.634582][ T8451] ? __pfx___might_resched+0x10/0x10 [ 247.634605][ T8451] netlink_sendmsg+0x8c8/0xdd0 [ 247.634627][ T8451] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.634648][ T8451] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 247.634674][ T8451] ____sys_sendmsg+0xa98/0xc70 [ 247.634698][ T8451] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.634719][ T8451] ? get_compat_msghdr+0x11a/0x170 [ 247.634745][ T8451] ___sys_sendmsg+0x134/0x1d0 [ 247.634763][ T8451] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.634790][ T8451] ? find_held_lock+0x2b/0x80 [ 247.634818][ T8451] __sys_sendmsg+0x16d/0x220 [ 247.634836][ T8451] ? __pfx___sys_sendmsg+0x10/0x10 [ 247.634884][ T8451] ? rcu_is_watching+0x12/0xc0 [ 247.634904][ T8451] __do_fast_syscall_32+0x7c/0x300 [ 247.634925][ T8451] do_fast_syscall_32+0x32/0x80 [ 247.634942][ T8451] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 247.634962][ T8451] RIP: 0023:0xf7fd7579 [ 247.634974][ T8451] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 247.634989][ T8451] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 247.635004][ T8451] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000340 [ 247.635013][ T8451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 247.635022][ T8451] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 247.635031][ T8451] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 247.635039][ T8451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 247.635059][ T8451] [ 248.051681][ T8464] block nbd2: not configured, cannot reconfigure [ 248.056930][ T8464] syzkaller1: entered promiscuous mode [ 248.058812][ T8464] syzkaller1: entered allmulticast mode [ 248.355263][ T8474] siw: device registration error -23 [ 248.439773][ T8476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.546'. [ 248.614789][ T8481] random: crng reseeded on system resumption [ 249.390094][ T60] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 249.431631][ T8488] lo speed is unknown, defaulting to 1000 [ 249.489661][ T8488] netlink: 24 bytes leftover after parsing attributes in process `syz.3.551'. [ 249.541340][ T60] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 249.544775][ T60] usb 7-1: config 0 interface 0 has no altsetting 0 [ 249.548402][ T60] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 249.551581][ T60] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 249.555293][ T60] usb 7-1: Product: syz [ 249.557096][ T60] usb 7-1: Manufacturer: syz [ 249.558987][ T60] usb 7-1: SerialNumber: syz [ 249.568243][ T60] usb 7-1: config 0 descriptor?? [ 249.574360][ T60] usb 7-1: selecting invalid altsetting 0 [ 249.775439][ T60] usb 7-1: USB disconnect, device number 16 [ 250.406163][ T8499] tipc: Enabling of bearer rejected, failed to enable media [ 250.726319][ T8509] block nbd2: not configured, cannot reconfigure [ 250.728980][ T8509] syzkaller1: entered promiscuous mode [ 250.731123][ T8509] syzkaller1: entered allmulticast mode [ 250.737895][ T8511] netlink: 32 bytes leftover after parsing attributes in process `syz.0.558'. [ 250.816830][ T8516] lo speed is unknown, defaulting to 1000 [ 250.929228][ T8523] netlink: 8 bytes leftover after parsing attributes in process `syz.3.561'. [ 251.014275][ T8530] FAULT_INJECTION: forcing a failure. [ 251.014275][ T8530] name failslab, interval 1, probability 0, space 0, times 0 [ 251.019255][ T8530] CPU: 0 UID: 0 PID: 8530 Comm: syz.3.563 Not tainted syzkaller #0 PREEMPT(full) [ 251.019282][ T8530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 251.019296][ T8530] Call Trace: [ 251.019304][ T8530] [ 251.019312][ T8530] dump_stack_lvl+0x16c/0x1f0 [ 251.019333][ T8530] should_fail_ex+0x512/0x640 [ 251.019354][ T8530] ? __kmalloc_cache_noprof+0x5f/0x780 [ 251.019376][ T8530] should_failslab+0xc2/0x120 [ 251.019394][ T8530] __kmalloc_cache_noprof+0x72/0x780 [ 251.019414][ T8530] ? binder_transaction+0x19c1/0x9d10 [ 251.019434][ T8530] ? binder_transaction+0x19c1/0x9d10 [ 251.019451][ T8530] binder_transaction+0x19c1/0x9d10 [ 251.019473][ T8530] ? __lock_acquire+0x62e/0x1ce0 [ 251.019495][ T8530] ? __lock_acquire+0x62e/0x1ce0 [ 251.019516][ T8530] ? __lock_acquire+0x62e/0x1ce0 [ 251.019532][ T8530] ? __pfx_binder_transaction+0x10/0x10 [ 251.019568][ T8530] ? find_held_lock+0x2b/0x80 [ 251.019585][ T8530] ? __might_fault+0xe3/0x190 [ 251.019602][ T8530] ? __might_fault+0xe3/0x190 [ 251.019618][ T8530] ? __might_fault+0x13b/0x190 [ 251.019648][ T8530] binder_thread_write+0x1417/0x4e70 [ 251.019685][ T8530] ? __lock_acquire+0xb97/0x1ce0 [ 251.019709][ T8530] ? __pfx_binder_thread_write+0x10/0x10 [ 251.019737][ T8530] ? binder_debug+0xde/0x1a0 [ 251.019771][ T8530] ? find_held_lock+0x2b/0x80 [ 251.019793][ T8530] ? __might_fault+0xe3/0x190 [ 251.019810][ T8530] ? __might_fault+0x13b/0x190 [ 251.019837][ T8530] ? __pfx_binder_ioctl+0x10/0x10 [ 251.019863][ T8530] binder_ioctl+0x253d/0x71f0 [ 251.019898][ T8530] ? tomoyo_path_number_perm+0x295/0x580 [ 251.019935][ T8530] ? tomoyo_path_number_perm+0x18d/0x580 [ 251.019989][ T8530] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 251.020019][ T8530] ? __pfx_binder_ioctl+0x10/0x10 [ 251.020051][ T8530] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 251.020083][ T8530] ? do_vfs_ioctl+0x128/0x14f0 [ 251.020113][ T8530] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 251.020148][ T8530] ? find_held_lock+0x2b/0x80 [ 251.020167][ T8530] ? hook_file_ioctl_common+0x145/0x410 [ 251.020204][ T8530] ? __fget_files+0x20e/0x3c0 [ 251.020222][ T8530] ? __pfx_binder_ioctl+0x10/0x10 [ 251.020246][ T8530] compat_ptr_ioctl+0x6b/0xa0 [ 251.020271][ T8530] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 251.020298][ T8530] __ia32_compat_sys_ioctl+0x23f/0x370 [ 251.020333][ T8530] __do_fast_syscall_32+0x7c/0x300 [ 251.020368][ T8530] do_fast_syscall_32+0x32/0x80 [ 251.020394][ T8530] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 251.020421][ T8530] RIP: 0023:0xf704d579 [ 251.020437][ T8530] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 251.020456][ T8530] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 251.020476][ T8530] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201 [ 251.020490][ T8530] RDX: 0000000080004a40 RSI: 0000000000000000 RDI: 0000000000000000 [ 251.020503][ T8530] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 251.020515][ T8530] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 251.020526][ T8530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 251.020550][ T8530] [ 251.362356][ T8536] sock: sock_timestamping_bind_phc: sock not bind to device [ 252.198751][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 252.206017][ T8565] tipc: Enabling of bearer rejected, failed to enable media [ 252.467989][ T8571] lo speed is unknown, defaulting to 1000 [ 252.706627][ T8580] lo speed is unknown, defaulting to 1000 [ 252.710890][ T8578] siw: device registration error -23 [ 253.138576][ T8586] lo speed is unknown, defaulting to 1000 [ 253.285220][ T8589] lo speed is unknown, defaulting to 1000 [ 255.253705][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.256890][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.491763][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 262.320087][ T8623] tmpfs: Invalid gid '0x00000000ffffffff' [ 262.343766][ T8629] FAULT_INJECTION: forcing a failure. [ 262.343766][ T8629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 262.365276][ T8629] CPU: 2 UID: 0 PID: 8629 Comm: syz.1.581 Not tainted syzkaller #0 PREEMPT(full) [ 262.365304][ T8629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 262.365310][ T8629] Call Trace: [ 262.365314][ T8629] [ 262.365319][ T8629] dump_stack_lvl+0x16c/0x1f0 [ 262.365336][ T8629] should_fail_ex+0x512/0x640 [ 262.365351][ T8629] _copy_to_user+0x32/0xd0 [ 262.365366][ T8629] simple_read_from_buffer+0xcb/0x170 [ 262.365384][ T8629] proc_fail_nth_read+0x197/0x240 [ 262.365397][ T8629] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 262.365408][ T8629] ? rw_verify_area+0xcf/0x6c0 [ 262.365425][ T8629] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 262.365436][ T8629] vfs_read+0x1e1/0xcf0 [ 262.365450][ T8629] ? __pfx_vfs_read+0x10/0x10 [ 262.365459][ T8629] ? find_held_lock+0x2b/0x80 [ 262.365475][ T8629] ? __fget_files+0x20e/0x3c0 [ 262.365489][ T8629] ksys_read+0x12a/0x250 [ 262.365500][ T8629] ? __pfx_ksys_read+0x10/0x10 [ 262.365530][ T8629] ? rcu_is_watching+0x12/0xc0 [ 262.365543][ T8629] __do_fast_syscall_32+0x7c/0x300 [ 262.365558][ T8629] do_fast_syscall_32+0x32/0x80 [ 262.365570][ T8629] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 262.365584][ T8629] RIP: 0023:0xf7fd7579 [ 262.365593][ T8629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 262.365603][ T8629] RSP: 002b:00000000f54c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 262.365614][ T8629] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54c6620 [ 262.365620][ T8629] RDX: 000000000000000f RSI: 00000000f7465ff4 RDI: 0000000000000000 [ 262.365626][ T8629] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 262.365632][ T8629] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 262.365638][ T8629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 262.365652][ T8629] [ 262.647918][ T8638] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 262.650358][ T8638] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 262.750588][ T8638] vhci_hcd vhci_hcd.0: Device attached [ 262.867286][ T8646] lo speed is unknown, defaulting to 1000 [ 262.910536][ T8642] vhci_hcd: connection closed [ 262.910718][ T46] vhci_hcd: stop threads [ 262.913863][ T46] vhci_hcd: release socket [ 262.916639][ T46] vhci_hcd: disconnect device [ 263.409311][ T8661] tipc: Enabling of bearer rejected, failed to enable media [ 264.305583][ T8688] loop6: detected capacity change from 0 to 524287999 [ 264.313299][ T8688] netlink: 24 bytes leftover after parsing attributes in process `syz.0.594'. [ 264.694124][ T8695] tipc: Enabled bearer , priority 0 [ 264.696748][ T8695] syzkaller0: entered promiscuous mode [ 264.698524][ T8695] syzkaller0: entered allmulticast mode [ 264.703318][ T8695] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 264.716830][ T8694] tipc: Resetting bearer [ 264.728118][ T8694] tipc: Disabling bearer [ 265.091040][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 273.828848][ T8722] lo speed is unknown, defaulting to 1000 [ 274.053596][ T8728] siw: device registration error -23 [ 274.130457][ T60] e1000 0000:00:06.0 eth0: Reset adapter [ 274.881999][ T8758] bridge2: entered allmulticast mode [ 274.893924][ T8758] : renamed from hsr0 [ 275.951178][ T8780] tipc: Enabling of bearer rejected, failed to enable media [ 276.410259][ T60] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 276.571753][ T60] usb 6-1: device descriptor read/64, error -71 [ 276.620763][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 276.890494][ T60] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 277.030468][ T60] usb 6-1: device descriptor read/64, error -71 [ 277.140439][ T60] usb usb6-port1: attempt power cycle [ 277.480230][ T60] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 277.500989][ T60] usb 6-1: device descriptor read/8, error -71 [ 277.750152][ T60] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 277.780865][ T60] usb 6-1: device descriptor read/8, error -71 [ 277.891054][ T60] usb usb6-port1: unable to enumerate USB device [ 288.640158][ T8838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.610'. [ 288.647302][ T8836] netlink: 44 bytes leftover after parsing attributes in process `syz.3.611'. [ 288.990146][ T60] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 289.140194][ T60] usb 7-1: Using ep0 maxpacket: 8 [ 289.147946][ T60] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 289.154643][ T60] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 289.165314][ T60] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 289.179566][ T60] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 289.184673][ T60] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 289.187867][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.395491][ T60] usb 7-1: GET_CAPABILITIES returned 0 [ 289.397737][ T60] usbtmc 7-1:16.0: can't read capabilities [ 289.599378][ T6600] usb 7-1: USB disconnect, device number 17 [ 290.283267][ T8869] siw: device registration error -23 [ 290.558801][ T8874] tipc: Enabling of bearer rejected, failed to enable media [ 290.759288][ T29] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 290.890392][ T29] usb 8-1: device descriptor read/64, error -71 [ 291.130320][ T29] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 291.320030][ T29] usb 8-1: device descriptor read/64, error -71 [ 291.404292][ T8887] siw: device registration error -23 [ 291.440355][ T29] usb usb8-port1: attempt power cycle [ 291.502618][ T8896] lo speed is unknown, defaulting to 1000 [ 291.583827][ T8900] netlink: 4 bytes leftover after parsing attributes in process `syz.2.621'. [ 291.587010][ T8900] bridge_slave_1: left allmulticast mode [ 291.589822][ T8900] bridge_slave_1: left promiscuous mode [ 291.602753][ T8900] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.615154][ T8900] bridge_slave_0: left allmulticast mode [ 291.617584][ T8900] bridge_slave_0: left promiscuous mode [ 291.620029][ T8900] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.810288][ T29] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 291.833706][ T29] usb 8-1: device descriptor read/8, error -71 [ 292.100050][ T29] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 292.120686][ T29] usb 8-1: device descriptor read/8, error -71 [ 292.160211][ T6600] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 292.240455][ T29] usb usb8-port1: unable to enumerate USB device [ 292.310112][ T6600] usb 6-1: Using ep0 maxpacket: 8 [ 292.321465][ T6600] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 292.324661][ T6600] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 292.327992][ T6600] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 292.332741][ T6600] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 292.336854][ T6600] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 292.339824][ T6600] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.546863][ T6600] usb 6-1: GET_CAPABILITIES returned 0 [ 292.548625][ T6600] usbtmc 6-1:16.0: can't read capabilities [ 292.859132][ T8926] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.878725][ T6600] usb 6-1: USB disconnect, device number 17 [ 293.045019][ T8936] siw: device registration error -23 [ 293.225511][ T8926] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.414521][ T8926] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.423301][ T8941] ebtables: wrong size: *len 264, entries_size 144, replsz 144 [ 293.429795][ T8941] binder: 8940:8941 ioctl c0385720 0 returned -22 [ 293.432812][ T8941] binder: 8940:8941 ioctl c0306201 80000480 returned -11 [ 293.467281][ T8948] tipc: Enabling of bearer rejected, failed to enable media [ 293.652896][ T8926] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.697949][ T8954] vlan1: entered promiscuous mode [ 293.700326][ T8954] vlan1: entered allmulticast mode [ 293.702479][ T8954] veth0_vlan: entered allmulticast mode [ 293.776820][ T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.784811][ T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.793431][ T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.801760][ T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.891358][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 302.381340][ T8980] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 302.385420][ T8980] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 302.388760][ T8980] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 302.508364][ T8985] netlink: 24 bytes leftover after parsing attributes in process `syz.2.636'. [ 303.347158][ T9005] tipc: Enabling of bearer rejected, failed to enable media [ 303.510195][ T29] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 303.620114][ T6214] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 303.650040][ T29] usb 6-1: device descriptor read/64, error -71 [ 303.773298][ T6214] usb 7-1: Using ep0 maxpacket: 8 [ 303.777997][ T6214] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 303.782569][ T6214] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 303.786362][ T6214] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 303.790559][ T6214] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 303.796271][ T6214] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 303.800377][ T6214] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.890123][ T29] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 304.007943][ T6214] usb 7-1: GET_CAPABILITIES returned 0 [ 304.009902][ T6214] usbtmc 7-1:16.0: can't read capabilities [ 304.020106][ T29] usb 6-1: device descriptor read/64, error -71 [ 304.140677][ T29] usb usb6-port1: attempt power cycle [ 304.211616][ T1327] usb 7-1: USB disconnect, device number 18 [ 304.417742][ T9025] 9pnet_fd: p9_fd_create_tcp (9025): problem connecting socket to 127.0.0.1 [ 304.480110][ T29] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 304.500467][ T29] usb 6-1: device descriptor read/8, error -71 [ 304.660107][ T6214] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 304.740125][ T29] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 304.760575][ T29] usb 6-1: device descriptor read/8, error -71 [ 304.814692][ T6214] usb 8-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 304.818537][ T6214] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.822200][ T6214] usb 8-1: Product: syz [ 304.824169][ T6214] usb 8-1: Manufacturer: syz [ 304.826493][ T6214] usb 8-1: SerialNumber: syz [ 304.827939][ T9032] FAULT_INJECTION: forcing a failure. [ 304.827939][ T9032] name failslab, interval 1, probability 0, space 0, times 0 [ 304.834462][ T9032] CPU: 3 UID: 0 PID: 9032 Comm: syz.2.650 Not tainted syzkaller #0 PREEMPT(full) [ 304.834483][ T9032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 304.834494][ T9032] Call Trace: [ 304.834500][ T9032] [ 304.834506][ T9032] dump_stack_lvl+0x16c/0x1f0 [ 304.834529][ T9032] should_fail_ex+0x512/0x640 [ 304.834551][ T9032] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 304.834576][ T9032] should_failslab+0xc2/0x120 [ 304.834598][ T9032] kmem_cache_alloc_noprof+0x75/0x6e0 [ 304.834614][ T9032] ? skb_clone+0x190/0x3f0 [ 304.834636][ T9032] ? skb_clone+0x190/0x3f0 [ 304.834652][ T9032] skb_clone+0x190/0x3f0 [ 304.834670][ T9032] netlink_deliver_tap+0xabd/0xd30 [ 304.834697][ T9032] netlink_unicast+0x64c/0x870 [ 304.834722][ T9032] ? __pfx_netlink_unicast+0x10/0x10 [ 304.834741][ T9032] ? __pfx___might_resched+0x10/0x10 [ 304.834766][ T9032] netlink_sendmsg+0x8c8/0xdd0 [ 304.834788][ T9032] ? __pfx_netlink_sendmsg+0x10/0x10 [ 304.834816][ T9032] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 304.834842][ T9032] ____sys_sendmsg+0xa98/0xc70 [ 304.834871][ T9032] ? __pfx_____sys_sendmsg+0x10/0x10 [ 304.834892][ T9032] ? get_compat_msghdr+0x11a/0x170 [ 304.834920][ T9032] ___sys_sendmsg+0x134/0x1d0 [ 304.834939][ T9032] ? __pfx____sys_sendmsg+0x10/0x10 [ 304.834968][ T9032] ? find_held_lock+0x2b/0x80 [ 304.835001][ T9032] __sys_sendmsg+0x16d/0x220 [ 304.835023][ T9032] ? __pfx___sys_sendmsg+0x10/0x10 [ 304.835053][ T9032] ? rcu_is_watching+0x12/0xc0 [ 304.835074][ T9032] __do_fast_syscall_32+0x7c/0x300 [ 304.835095][ T9032] do_fast_syscall_32+0x32/0x80 [ 304.835114][ T9032] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 304.835133][ T9032] RIP: 0023:0xf7f76579 [ 304.835146][ T9032] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 304.835163][ T9032] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 304.835181][ T9032] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 304.835191][ T9032] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 304.835200][ T9032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 304.835209][ T9032] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 304.835217][ T9032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 304.835239][ T9032] [ 304.890410][ T29] usb usb6-port1: unable to enumerate USB device [ 305.041198][ T6214] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 305.041237][ T6214] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 305.041280][ T6214] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 305.106593][ T6214] lan78xx 8-1:1.0: probe with driver lan78xx failed with error -71 [ 305.132419][ T6214] usb 8-1: USB disconnect, device number 19 [ 305.574369][ T9044] tipc: Enabling of bearer rejected, failed to enable media [ 305.851998][ T9049] netlink: 40 bytes leftover after parsing attributes in process `syz.2.654'. [ 306.299765][ T9054] tipc: Enabled bearer , priority 0 [ 306.303336][ T9054] syzkaller0: entered promiscuous mode [ 306.305699][ T9054] syzkaller0: entered allmulticast mode [ 306.323259][ T9056] lo speed is unknown, defaulting to 1000 [ 306.343667][ T9054] tipc: Resetting bearer [ 306.369832][ T9053] tipc: Resetting bearer [ 306.380800][ T9053] tipc: Disabling bearer [ 306.470255][ T60] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 306.540265][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 306.622849][ T60] usb 5-1: not running at top speed; connect to a high speed hub [ 306.640377][ T60] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 306.646725][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.655964][ T60] usb 5-1: Product: Ь [ 306.662282][ T60] usb 5-1: Manufacturer: 菟汙퀴뒺닿 [ 306.665463][ T60] usb 5-1: SerialNumber: 谗壇Ł频鋄淼⌰瓄釻Ἕ藚涒䏸첁补鋖㷃⍧櫦㖔꿠깖ϸ㪘鞮혗柧蕐豖Ϊ퐗Ⓖ唯㷴彙ຝ䎒☿﷡镈斡౱鱿儭鸞ԁ蚑鹥⟢㨌卜롴윅ዂ밊롮讃謫䵎⎡ꇝၒ㵛创ẗ惒퍓쾪ﳵ૬ꋹ鰽䒸漊珮덿䡚擫 [ 306.677157][ T9071] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 306.680365][ T9071] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 306.684736][ T9071] vhci_hcd vhci_hcd.0: Device attached [ 306.709404][ T9077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.660'. [ 306.767793][ T9072] vhci_hcd: connection closed [ 306.768227][ T83] vhci_hcd: stop threads [ 306.773219][ T83] vhci_hcd: release socket [ 306.775249][ T83] vhci_hcd: disconnect device [ 307.104568][ T9052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.112684][ T9052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.122948][ T9052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.128620][ T9052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.136990][ T9052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.146004][ T9052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.157618][ T9052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.172838][ T9052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.181459][ T9052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.188793][ T9052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.270705][ T60] cdc_ncm 5-1:1.0: bind() failure [ 307.284552][ T60] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 307.289245][ T60] cdc_ncm 5-1:1.1: bind() failure [ 307.297035][ T60] usb 5-1: USB disconnect, device number 15 [ 307.843613][ T9090] netlink: 'syz.0.662': attribute type 14 has an invalid length. [ 307.868149][ T9090] netlink: 'syz.0.662': attribute type 4 has an invalid length. [ 307.896753][ T1327] lo speed is unknown, defaulting to 1000 [ 307.899384][ T1327] syz2: Port: 1 Link DOWN [ 307.900748][ T9090] netlink: 'syz.0.662': attribute type 4 has an invalid length. [ 307.907830][ T24] lo speed is unknown, defaulting to 1000 [ 307.910791][ T24] syz2: Port: 1 Link ACTIVE [ 308.028570][ T9090] tipc: Started in network mode [ 308.038453][ T9090] tipc: Node identity 4, cluster identity 4711 [ 308.042484][ T9090] tipc: Node number set to 4 [ 308.144903][ T9094] siw: device registration error -23 [ 308.694063][ T9108] tipc: Enabling of bearer rejected, failed to enable media [ 309.893252][ T40] audit: type=1326 audit(1759949105.641:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9136 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7579 code=0x7ffc0000 [ 309.900217][ T40] audit: type=1326 audit(1759949105.641:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9136 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7579 code=0x7ffc0000 [ 309.954642][ T40] audit: type=1326 audit(1759949105.701:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9148 comm="syz.3.678" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 309.967358][ T40] audit: type=1326 audit(1759949105.711:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9148 comm="syz.3.678" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 309.985802][ T40] audit: type=1326 audit(1759949105.711:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9148 comm="syz.3.678" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 310.011050][ T40] audit: type=1326 audit(1759949105.711:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9148 comm="syz.3.678" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 310.019551][ T40] audit: type=1326 audit(1759949105.711:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9148 comm="syz.3.678" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 310.023084][ T9154] siw: device registration error -23 [ 310.033247][ T40] audit: type=1326 audit(1759949105.711:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9148 comm="syz.3.678" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 310.034045][ T9149] tmpfs: Unknown parameter 'mLave' [ 310.040312][ T40] audit: type=1326 audit(1759949105.711:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9148 comm="syz.3.678" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 310.051223][ T9149] syzkaller1: entered promiscuous mode [ 310.052982][ T40] audit: type=1326 audit(1759949105.721:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9148 comm="syz.3.678" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000 [ 310.054407][ T9149] syzkaller1: entered allmulticast mode [ 310.466224][ T9169] tipc: Enabling of bearer rejected, failed to enable media [ 310.862737][ T9178] MTD: Couldn't look up '/dev/sg0': -15 [ 311.824881][ T9193] siw: device registration error -23 [ 312.637436][ T9218] tipc: Enabling of bearer rejected, failed to enable media [ 313.064058][ T9232] FAULT_INJECTION: forcing a failure. [ 313.064058][ T9232] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 313.077284][ T9232] CPU: 1 UID: 0 PID: 9232 Comm: syz.0.697 Not tainted syzkaller #0 PREEMPT(full) [ 313.077306][ T9232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 313.077315][ T9232] Call Trace: [ 313.077319][ T9232] [ 313.077325][ T9232] dump_stack_lvl+0x16c/0x1f0 [ 313.077345][ T9232] should_fail_ex+0x512/0x640 [ 313.077364][ T9232] _copy_from_user+0x2e/0xd0 [ 313.077383][ T9232] bpf_prog_load+0x1d93/0x2850 [ 313.077401][ T9232] ? __pfx_bpf_prog_load+0x10/0x10 [ 313.077412][ T9232] ? __lock_acquire+0xb97/0x1ce0 [ 313.077464][ T9232] __sys_bpf+0x3e72/0x4980 [ 313.077482][ T9232] ? __pfx___sys_bpf+0x10/0x10 [ 313.077495][ T9232] ? find_held_lock+0x2b/0x80 [ 313.077513][ T9232] ? find_held_lock+0x2b/0x80 [ 313.077531][ T9232] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 313.077558][ T9232] ? fput+0x9b/0xd0 [ 313.077576][ T9232] ? ksys_write+0x1ac/0x250 [ 313.077590][ T9232] ? __pfx_ksys_write+0x10/0x10 [ 313.077607][ T9232] __ia32_sys_bpf+0x76/0xe0 [ 313.077621][ T9232] __do_fast_syscall_32+0x7c/0x300 [ 313.077639][ T9232] do_fast_syscall_32+0x32/0x80 [ 313.077654][ T9232] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 313.077671][ T9232] RIP: 0023:0xf703d579 [ 313.077681][ T9232] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 313.077700][ T9232] RSP: 002b:00000000f53eb55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 313.077714][ T9232] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000340 [ 313.077723][ T9232] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 313.077731][ T9232] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 313.077739][ T9232] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 313.077747][ T9232] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 313.077765][ T9232] [ 313.887849][ T9251] siw: device registration error -23 [ 314.559509][ T9264] tipc: Enabling of bearer rejected, failed to enable media [ 314.782444][ T9271] FAULT_INJECTION: forcing a failure. [ 314.782444][ T9271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 314.787298][ T9271] CPU: 3 UID: 0 PID: 9271 Comm: syz.0.709 Not tainted syzkaller #0 PREEMPT(full) [ 314.787314][ T9271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 314.787320][ T9271] Call Trace: [ 314.787325][ T9271] [ 314.787330][ T9271] dump_stack_lvl+0x16c/0x1f0 [ 314.787347][ T9271] should_fail_ex+0x512/0x640 [ 314.787363][ T9271] _copy_from_user+0x2e/0xd0 [ 314.787378][ T9271] memdup_user+0x6b/0xe0 [ 314.787391][ T9271] msr_io+0xea/0x4e0 [ 314.787406][ T9271] ? __pfx_do_set_msr+0x10/0x10 [ 314.787423][ T9271] ? __pfx_msr_io+0x10/0x10 [ 314.787438][ T9271] ? find_held_lock+0x2b/0x80 [ 314.787452][ T9271] kvm_arch_vcpu_ioctl+0x1469/0x5570 [ 314.787466][ T9271] ? kvm_arch_vcpu_ioctl+0x1444/0x5570 [ 314.787481][ T9271] ? is_bpf_text_address+0x94/0x1a0 [ 314.787497][ T9271] ? kernel_text_address+0x8d/0x100 [ 314.787513][ T9271] ? widen_string+0xdc/0x2d0 [ 314.787531][ T9271] ? __kernel_text_address+0xd/0x40 [ 314.787541][ T9271] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 314.787555][ T9271] ? arch_stack_walk+0xa6/0x100 [ 314.787574][ T9271] ? __lock_acquire+0xb97/0x1ce0 [ 314.787591][ T9271] ? kasan_save_stack+0x33/0x60 [ 314.787605][ T9271] ? __mutex_trylock_common+0xe9/0x250 [ 314.787620][ T9271] ? __pfx___mutex_trylock_common+0x10/0x10 [ 314.787635][ T9271] ? __pfx___might_resched+0x10/0x10 [ 314.787647][ T9271] ? rcu_is_watching+0x12/0xc0 [ 314.787659][ T9271] ? trace_contention_end+0xdd/0x130 [ 314.787674][ T9271] ? __mutex_lock+0x1c5/0x1060 [ 314.787690][ T9271] ? __pfx___mutex_lock+0x10/0x10 [ 314.787708][ T9271] ? kasan_quarantine_put+0x10a/0x240 [ 314.787722][ T9271] ? kvm_vcpu_ioctl+0x1235/0x1690 [ 314.787732][ T9271] kvm_vcpu_ioctl+0x1235/0x1690 [ 314.787745][ T9271] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 314.787756][ T9271] ? tomoyo_path_number_perm+0x18d/0x580 [ 314.787776][ T9271] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 314.787797][ T9271] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 314.787815][ T9271] ? do_vfs_ioctl+0x128/0x14f0 [ 314.787831][ T9271] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 314.787851][ T9271] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 314.787863][ T9271] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 314.787875][ T9271] ? __fget_files+0x20e/0x3c0 [ 314.787887][ T9271] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 314.787899][ T9271] __ia32_compat_sys_ioctl+0x23f/0x370 [ 314.787916][ T9271] __do_fast_syscall_32+0x7c/0x300 [ 314.787930][ T9271] do_fast_syscall_32+0x32/0x80 [ 314.787942][ T9271] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.787955][ T9271] RIP: 0023:0xf703d579 [ 314.787964][ T9271] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 314.787974][ T9271] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 314.787984][ T9271] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004008ae89 [ 314.787991][ T9271] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000 [ 314.787997][ T9271] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 314.788003][ T9271] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 314.788009][ T9271] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 314.788022][ T9271] [ 314.909601][ C3] vkms_vblank_simulate: vblank timer overrun [ 315.519560][ T40] kauditd_printk_skb: 50 callbacks suppressed [ 315.519572][ T40] audit: type=1800 audit(1759949111.261:176): pid=9293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.713" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 315.640756][ T1327] usb 8-1: new full-speed USB device number 20 using dummy_hcd [ 315.943941][ T1327] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 315.946645][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 315.951960][ T1327] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 315.956554][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 315.960743][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 315.965388][ T1327] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 315.968356][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 315.974001][ T1327] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 315.977850][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 315.981892][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 315.987227][ T1327] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 315.989794][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 315.994132][ T1327] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 315.998005][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 316.002743][ T1327] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 316.011204][ T1327] usb 8-1: string descriptor 0 read error: -22 [ 316.013775][ T1327] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 316.017181][ T1327] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.041269][ T1327] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 316.273899][ T60] usb 8-1: USB disconnect, device number 20 [ 316.274050][ T9300] tipc: Enabling of bearer rejected, failed to enable media [ 316.703867][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.794037][ T9314] usb 1-1: USB disconnect, device number 2 [ 317.828722][ T9336] tipc: Enabling of bearer rejected, failed to enable media [ 317.913029][ T9341] tipc: Started in network mode [ 317.914741][ T9341] tipc: Node identity , cluster identity 4711 [ 317.916750][ T9341] tipc: Failed to set node id, please configure manually [ 317.919011][ T9341] tipc: Enabling of bearer rejected, failed to enable media [ 318.049614][ T9353] tipc: Enabling of bearer rejected, media not registered [ 318.104349][ T9356] lo speed is unknown, defaulting to 1000 [ 318.380438][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 318.504511][ T9374] program syz.0.738 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 318.560402][ T1112] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 [ 318.569481][ T9376] netlink: 'syz.1.739': attribute type 10 has an invalid length. [ 318.592234][ T9376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.601713][ T9376] team0: Port device bond0 added [ 318.630965][ T1112] ata1.00: irq_stat 0x40000000 [ 318.632684][ T1112] ata1.00: failed command: ZAC MANAGEMENT OUT [ 318.635011][ T1112] ata1.00: cmd 9f/02:00:00:00:00/00:00:00:00:00/40 tag 6 [ 318.635011][ T1112] res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error) [ 318.639935][ T1112] ata1.00: status: { DRDY ERR } [ 318.643263][ T1112] ata1.00: error: { ABRT } [ 318.644825][ T1112] ata1.00: device reported invalid CHS sector 0 [ 318.652779][ C3] ata1: illegal qc_active transition (00000000->00001002) [ 318.663881][ T9380] tipc: Enabling of bearer rejected, failed to enable media [ 319.016928][ T1112] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 319.024432][ T1112] ata1.00: configured for UDMA/100 [ 319.165535][ T9386] lo speed is unknown, defaulting to 1000 [ 319.365908][ T9391] FAULT_INJECTION: forcing a failure. [ 319.365908][ T9391] name failslab, interval 1, probability 0, space 0, times 0 [ 319.371206][ T9391] CPU: 3 UID: 0 PID: 9391 Comm: syz.3.744 Not tainted syzkaller #0 PREEMPT(full) [ 319.371226][ T9391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 319.371235][ T9391] Call Trace: [ 319.371240][ T9391] [ 319.371246][ T9391] dump_stack_lvl+0x16c/0x1f0 [ 319.371268][ T9391] should_fail_ex+0x512/0x640 [ 319.371285][ T9391] ? __kmalloc_noprof+0xca/0x880 [ 319.371311][ T9391] should_failslab+0xc2/0x120 [ 319.371332][ T9391] __kmalloc_noprof+0xdd/0x880 [ 319.371354][ T9391] ? nl80211_trigger_scan+0x4d5/0x2000 [ 319.371376][ T9391] ? nl80211_trigger_scan+0x4d5/0x2000 [ 319.371391][ T9391] nl80211_trigger_scan+0x4d5/0x2000 [ 319.371410][ T9391] ? nl80211_pre_doit+0x1b0/0xb10 [ 319.371426][ T9391] genl_family_rcv_msg_doit+0x206/0x2f0 [ 319.371448][ T9391] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 319.371481][ T9391] ? bpf_lsm_capable+0x9/0x10 [ 319.371498][ T9391] ? security_capable+0x7e/0x260 [ 319.371518][ T9391] ? ns_capable+0xd7/0x110 [ 319.371535][ T9391] genl_rcv_msg+0x55c/0x800 [ 319.371557][ T9391] ? __pfx_genl_rcv_msg+0x10/0x10 [ 319.371575][ T9391] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 319.371588][ T9391] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 319.371604][ T9391] ? __pfx_nl80211_post_doit+0x10/0x10 [ 319.371626][ T9391] ? __lock_acquire+0x62e/0x1ce0 [ 319.371649][ T9391] netlink_rcv_skb+0x155/0x420 [ 319.371665][ T9391] ? __pfx_genl_rcv_msg+0x10/0x10 [ 319.371685][ T9391] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 319.371710][ T9391] ? netlink_deliver_tap+0x1ae/0xd30 [ 319.371729][ T9391] genl_rcv+0x28/0x40 [ 319.371746][ T9391] netlink_unicast+0x5aa/0x870 [ 319.371764][ T9391] ? __pfx_netlink_unicast+0x10/0x10 [ 319.371781][ T9391] ? __pfx___might_resched+0x10/0x10 [ 319.371803][ T9391] netlink_sendmsg+0x8c8/0xdd0 [ 319.371823][ T9391] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.371842][ T9391] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 319.371866][ T9391] ____sys_sendmsg+0xa98/0xc70 [ 319.371889][ T9391] ? __pfx_____sys_sendmsg+0x10/0x10 [ 319.371908][ T9391] ? get_compat_msghdr+0x11a/0x170 [ 319.371932][ T9391] ___sys_sendmsg+0x134/0x1d0 [ 319.371949][ T9391] ? __pfx____sys_sendmsg+0x10/0x10 [ 319.371974][ T9391] ? find_held_lock+0x2b/0x80 [ 319.372001][ T9391] __sys_sendmsg+0x16d/0x220 [ 319.372017][ T9391] ? __pfx___sys_sendmsg+0x10/0x10 [ 319.372043][ T9391] ? rcu_is_watching+0x12/0xc0 [ 319.372062][ T9391] __do_fast_syscall_32+0x7c/0x300 [ 319.372080][ T9391] do_fast_syscall_32+0x32/0x80 [ 319.372096][ T9391] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 319.372114][ T9391] RIP: 0023:0xf704d579 [ 319.372126][ T9391] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 319.372141][ T9391] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 319.372156][ T9391] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000340 [ 319.372164][ T9391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 319.372172][ T9391] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 319.372180][ T9391] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 319.372188][ T9391] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 319.372207][ T9391] [ 319.381782][ T9393] netlink: 16 bytes leftover after parsing attributes in process `syz.0.743'. [ 319.690455][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 319.701695][ T9395] lo speed is unknown, defaulting to 1000 [ 319.775351][ T9404] random: crng reseeded on system resumption [ 320.055672][ T9407] tipc: Enabling of bearer rejected, failed to enable media [ 320.198094][ T9411] lo speed is unknown, defaulting to 1000 [ 320.638472][ T9396] overlayfs: missing 'lowerdir' [ 320.952946][ T9428] syz.0.753: calling unsupported SCSI_IOCTL_SEND_COMMAND [ 320.953451][ T9429] netlink: 80 bytes leftover after parsing attributes in process `syz.0.753'. [ 320.959347][ T9429] netlink: 80 bytes leftover after parsing attributes in process `syz.0.753'. [ 321.500151][ T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 321.520220][ T53] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 321.684938][ T53] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 321.689154][ T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.692881][ T53] usb 8-1: Product: syz [ 321.694935][ T53] usb 8-1: Manufacturer: syz [ 321.696856][ T53] usb 8-1: SerialNumber: syz [ 321.708360][ T53] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 321.729410][ T841] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 322.031834][ T9445] lo speed is unknown, defaulting to 1000 [ 322.131649][ T9] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 322.134812][ T9] usb 7-1: config 0 interface 0 has no altsetting 0 [ 322.139573][ T9] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 322.143083][ T9] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 322.146242][ T9] usb 7-1: Product: syz [ 322.147956][ T9] usb 7-1: Manufacturer: syz [ 322.149441][ T9] usb 7-1: SerialNumber: syz [ 322.153206][ T9] usb 7-1: config 0 descriptor?? [ 322.161642][ T9] usb 7-1: selecting invalid altsetting 0 [ 322.175850][ T53] usb 8-1: USB disconnect, device number 21 [ 322.210441][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 322.257233][ T9452] tipc: Enabling of bearer rejected, failed to enable media [ 322.326310][ T9460] FAULT_INJECTION: forcing a failure. [ 322.326310][ T9460] name failslab, interval 1, probability 0, space 0, times 0 [ 322.331361][ T9460] CPU: 1 UID: 0 PID: 9460 Comm: syz.0.761 Not tainted syzkaller #0 PREEMPT(full) [ 322.331388][ T9460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 322.331399][ T9460] Call Trace: [ 322.331406][ T9460] [ 322.331414][ T9460] dump_stack_lvl+0x16c/0x1f0 [ 322.331443][ T9460] should_fail_ex+0x512/0x640 [ 322.331466][ T9460] ? __kmalloc_cache_noprof+0x5f/0x780 [ 322.331499][ T9460] should_failslab+0xc2/0x120 [ 322.331524][ T9460] __kmalloc_cache_noprof+0x72/0x780 [ 322.331554][ T9460] ? binder_alloc_new_buf+0x1c0/0x3190 [ 322.331587][ T9460] ? binder_alloc_new_buf+0x1c0/0x3190 [ 322.331614][ T9460] binder_alloc_new_buf+0x1c0/0x3190 [ 322.331645][ T9460] ? __pfx_binder_debug+0x10/0x10 [ 322.331676][ T9460] ? __pfx_binder_alloc_new_buf+0x10/0x10 [ 322.331716][ T9460] binder_transaction+0x1d09/0x9d10 [ 322.331769][ T9460] ? __lock_acquire+0x62e/0x1ce0 [ 322.331796][ T9460] ? __pfx_binder_transaction+0x10/0x10 [ 322.331856][ T9460] ? find_held_lock+0x2b/0x80 [ 322.331875][ T9460] ? __might_fault+0xe3/0x190 [ 322.331894][ T9460] ? __might_fault+0xe3/0x190 [ 322.331910][ T9460] ? __might_fault+0x13b/0x190 [ 322.331939][ T9460] binder_thread_write+0x1417/0x4e70 [ 322.331976][ T9460] ? __lock_acquire+0xb97/0x1ce0 [ 322.332000][ T9460] ? __pfx_binder_thread_write+0x10/0x10 [ 322.332027][ T9460] ? binder_debug+0xde/0x1a0 [ 322.332057][ T9460] ? find_held_lock+0x2b/0x80 [ 322.332077][ T9460] ? __might_fault+0xe3/0x190 [ 322.332094][ T9460] ? __might_fault+0x13b/0x190 [ 322.332122][ T9460] ? __pfx_binder_ioctl+0x10/0x10 [ 322.332146][ T9460] binder_ioctl+0x253d/0x71f0 [ 322.332179][ T9460] ? tomoyo_path_number_perm+0x295/0x580 [ 322.332213][ T9460] ? tomoyo_path_number_perm+0x18d/0x580 [ 322.332243][ T9460] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 322.332272][ T9460] ? __pfx_binder_ioctl+0x10/0x10 [ 322.332304][ T9460] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 322.332338][ T9460] ? do_vfs_ioctl+0x128/0x14f0 [ 322.332367][ T9460] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 322.332403][ T9460] ? find_held_lock+0x2b/0x80 [ 322.332422][ T9460] ? hook_file_ioctl_common+0x145/0x410 [ 322.332458][ T9460] ? __fget_files+0x20e/0x3c0 [ 322.332475][ T9460] ? __might_fault+0x70/0x190 [ 322.332495][ T9460] ? __pfx_binder_ioctl+0x10/0x10 [ 322.332519][ T9460] compat_ptr_ioctl+0x6b/0xa0 [ 322.332544][ T9460] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 322.332570][ T9460] __ia32_compat_sys_ioctl+0x23f/0x370 [ 322.332602][ T9460] __do_fast_syscall_32+0x7c/0x300 [ 322.332627][ T9460] do_fast_syscall_32+0x32/0x80 [ 322.332649][ T9460] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 322.332674][ T9460] RIP: 0023:0xf703d579 [ 322.332690][ T9460] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 322.332715][ T9460] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 322.332735][ T9460] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201 [ 322.332748][ T9460] RDX: 0000000080004a40 RSI: 0000000000000000 RDI: 0000000000000000 [ 322.332760][ T9460] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 322.332771][ T9460] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 322.332783][ T9460] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 322.332811][ T9460] [ 322.360814][ T9] usb 7-1: USB disconnect, device number 19 [ 322.371896][ T9463] fuse: Unknown parameter 'roXhF'xRVZ0000t' [ 322.428878][ T9469] binder: Unknown parameter '^:$/]u[' [ 322.790680][ T841] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive [ 322.791966][ T9485] lo speed is unknown, defaulting to 1000 [ 322.795528][ T841] ath9k_htc: Failed to initialize the device [ 322.807676][ T53] usb 8-1: ath9k_htc: USB layer deinitialized [ 325.011409][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 331.288132][ T9514] lo speed is unknown, defaulting to 1000 [ 331.329544][ T9522] netlink: 12 bytes leftover after parsing attributes in process `syz.0.767'. [ 331.340990][ T9526] tipc: Enabling of bearer rejected, failed to enable media [ 331.547240][ T9536] tmpfs: Invalid gid '0x00000000ffffffff' [ 331.923248][ T9544] netlink: 28 bytes leftover after parsing attributes in process `syz.3.776'. [ 332.506599][ T9551] lo speed is unknown, defaulting to 1000 [ 332.973611][ T9571] netlink: 'syz.0.784': attribute type 4 has an invalid length. [ 332.989651][ T53] lo speed is unknown, defaulting to 1000 [ 332.991902][ T53] syz2: Port: 1 Link DOWN [ 333.001361][ T9571] netlink: 'syz.0.784': attribute type 4 has an invalid length. [ 333.012838][ T1327] lo speed is unknown, defaulting to 1000 [ 333.014849][ T1327] syz2: Port: 1 Link ACTIVE [ 333.017905][ T9] lo speed is unknown, defaulting to 1000 [ 333.019725][ T9] syz2: Port: 1 Link DOWN [ 333.360227][ T9577] tipc: Enabling of bearer rejected, failed to enable media [ 333.836121][ T9586] binder_alloc: 9585: binder_alloc_buf size 61760 failed, no address space [ 333.839507][ T9586] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 333.990999][ T9590] netlink: 28 bytes leftover after parsing attributes in process `syz.1.788'. [ 334.590824][ T53] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 334.750182][ T53] usb 8-1: Using ep0 maxpacket: 32 [ 334.754409][ T53] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 334.760356][ T53] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 334.763211][ T53] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 334.765914][ T53] usb 8-1: Product: syz [ 334.767500][ T53] usb 8-1: Manufacturer: syz [ 334.769392][ T53] usb 8-1: SerialNumber: syz [ 334.773861][ T53] usb 8-1: config 0 descriptor?? [ 334.777782][ T9600] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 335.056659][ T9611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 335.062738][ T9611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.109868][ T96] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.112656][ T96] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.680629][ T9618] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 335.682982][ T9618] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 335.686250][ T9618] vhci_hcd vhci_hcd.0: Device attached [ 335.971041][ T29] usb 40-1: SetAddress Request (6) to port 0 [ 335.973346][ T29] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd [ 336.360212][ T9619] vhci_hcd: connection reset by peer [ 336.363385][ T13] vhci_hcd: stop threads [ 336.365230][ T13] vhci_hcd: release socket [ 336.367146][ T13] vhci_hcd: disconnect device [ 336.964304][ T9630] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 337.809131][ T9645] netlink: 28 bytes leftover after parsing attributes in process `syz.0.802'. [ 338.092017][ T9653] tipc: Started in network mode [ 338.093889][ T9653] tipc: Node identity 8ea5cf3e56eb, cluster identity 4711 [ 338.096339][ T9653] tipc: Enabled bearer , priority 0 [ 338.102052][ T9653] syzkaller0: entered promiscuous mode [ 338.104730][ T9653] syzkaller0: entered allmulticast mode [ 338.112616][ T1327] usb 8-1: reset high-speed USB device number 22 using dummy_hcd [ 338.132172][ T1327] usb 8-1: device reset changed ep0 maxpacket size! [ 338.146841][ T1327] usb 8-1: USB disconnect, device number 22 [ 338.480098][ T1327] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 338.648631][ T1327] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 338.655381][ T1327] usb 8-1: config 0 interface 0 has no altsetting 0 [ 338.678340][ T1327] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 338.682841][ T1327] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 338.692940][ T1327] usb 8-1: Product: syz [ 338.694907][ T1327] usb 8-1: Manufacturer: syz [ 338.697462][ T1327] usb 8-1: SerialNumber: syz [ 338.769683][ T1327] usb 8-1: config 0 descriptor?? [ 338.839496][ T1327] usb 8-1: selecting invalid altsetting 0 [ 338.910450][ T40] audit: type=1326 audit(1759949134.661:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9652 comm="syz.1.807" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd7579 code=0x0 [ 339.023510][ T6214] usb 8-1: USB disconnect, device number 23 [ 339.114065][ T9666] fuse: Bad value for 'fd' [ 339.153096][ T9670] Invalid logical block size (117440512) [ 339.178552][ T9652] tipc: Resetting bearer [ 339.191073][ T9652] tipc: Disabling bearer [ 339.426559][ T9648] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 339.428697][ T9648] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 339.431392][ T9648] vhci_hcd vhci_hcd.0: Device attached [ 339.438445][ T9686] vhci_hcd: connection closed [ 339.439109][ T61] vhci_hcd: stop threads [ 339.442904][ T61] vhci_hcd: release socket [ 339.444832][ T61] vhci_hcd: disconnect device [ 339.529306][ T9689] netlink: 20 bytes leftover after parsing attributes in process `syz.0.816'. [ 340.020048][ T24] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 340.332473][ T24] usb 6-1: config 0 has an invalid interface number: 120 but max is 0 [ 340.335948][ T24] usb 6-1: config 0 has no interface number 0 [ 340.338699][ T24] usb 6-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 340.343770][ T24] usb 6-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 52, changing to 9 [ 340.348284][ T24] usb 6-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 8241, setting to 1024 [ 340.354135][ T24] usb 6-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 340.357915][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.363565][ T24] usb 6-1: config 0 descriptor?? [ 340.371978][ T24] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.120/input/input21 [ 340.387224][ C3] usbtouchscreen 6-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -1 [ 340.520143][ T1327] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 340.604113][ T9682] random: crng reseeded on system resumption [ 340.680134][ T1327] usb 5-1: Invalid ep0 maxpacket: 16 [ 340.749039][ T6214] usb 6-1: USB disconnect, device number 22 [ 340.830055][ T1327] usb 5-1: new low-speed USB device number 17 using dummy_hcd [ 340.865873][ T9710] Illegal XDP return value 4294967274 on prog (id 239) dev N/A, expect packet loss! [ 340.917105][ T9712] tipc: Enabling of bearer rejected, failed to enable media [ 340.993120][ T1327] usb 5-1: Invalid ep0 maxpacket: 16 [ 340.995806][ T1327] usb usb5-port1: attempt power cycle [ 341.010350][ T29] usb 40-1: device descriptor read/8, error -110 [ 341.330157][ T1327] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 341.361896][ T1327] usb 5-1: Invalid ep0 maxpacket: 16 [ 341.420994][ T29] usb usb40-port1: attempt power cycle [ 341.435480][ T9721] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.600313][ T1327] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 341.621287][ T1327] usb 5-1: Invalid ep0 maxpacket: 16 [ 341.623592][ T1327] usb usb5-port1: unable to enumerate USB device [ 341.651852][ T9721] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.750361][ T9727] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 341.753801][ T9727] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 341.757821][ T9727] vhci_hcd vhci_hcd.0: Device attached [ 341.797767][ T9721] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.967837][ T9721] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.110720][ T29] usb usb40-port1: unable to enumerate USB device [ 342.140391][ T1327] usb 44-1: SetAddress Request (2) to port 0 [ 342.140450][ T1327] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 342.181631][ T9735] netlink: 20 bytes leftover after parsing attributes in process `syz.2.829'. [ 342.189783][ T9728] vhci_hcd: connection reset by peer [ 342.196911][ T96] vhci_hcd: stop threads [ 342.196939][ T96] vhci_hcd: release socket [ 342.198740][ T96] vhci_hcd: disconnect device [ 342.240554][ T96] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.244856][ T96] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.249320][ T96] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.258435][ T1143] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.311847][ T9738] netlink: 40 bytes leftover after parsing attributes in process `syz.1.830'. [ 342.356548][ T9740] syzkaller1: entered promiscuous mode [ 342.356569][ T9740] syzkaller1: entered allmulticast mode [ 343.080213][ T53] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 343.232157][ T53] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 343.236259][ T53] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 343.240245][ T53] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 343.250085][ T53] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 343.253871][ T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.257412][ T53] usb 7-1: Product: syz [ 343.259188][ T53] usb 7-1: Manufacturer: syz [ 343.261719][ T53] usb 7-1: SerialNumber: syz [ 343.472218][ T53] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 343.675379][ T5647] usb 7-1: USB disconnect, device number 20 [ 343.681720][ T5647] usblp0: removed [ 345.211044][ T9781] loop4: detected capacity change from 0 to 524255232 [ 345.270904][ T9781] loop4: detected capacity change from 524255232 to 524287956 [ 345.429376][ T9787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.845'. [ 345.430413][ C0] vcan0: j1939_session_tx_dat: 0xffff88805fc90c00: queue data error: -100 [ 345.619247][ T9786] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 345.619298][ T9786] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 345.619459][ T9786] vhci_hcd vhci_hcd.0: Device attached [ 345.620109][ T5647] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 345.621744][ T9793] vhci_hcd: connection closed [ 345.623143][ T96] vhci_hcd: stop threads [ 345.637873][ T96] vhci_hcd: release socket [ 345.637890][ T96] vhci_hcd: disconnect device [ 345.770185][ T5647] usb 8-1: Using ep0 maxpacket: 16 [ 345.772914][ T5647] usb 8-1: too many configurations: 123, using maximum allowed: 8 [ 345.773899][ T5647] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.781529][ T5647] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.782355][ T5647] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.789193][ T5647] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.790341][ T5647] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.799695][ T5647] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.800818][ T5647] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.801665][ T5647] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.812127][ T5647] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 345.812145][ T5647] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 345.812155][ T5647] usb 8-1: SerialNumber: syz [ 345.813401][ T5647] usb 8-1: config 0 descriptor?? [ 345.825483][ T5647] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input22 [ 346.040374][ T9789] input: syz1 as /devices/virtual/input/input23 [ 346.055436][ T5333] bcm5974 8-1:0.0: could not read from device [ 346.057824][ T5647] usb 8-1: USB disconnect, device number 24 [ 346.063849][ T5333] bcm5974 8-1:0.0: could not read from device [ 346.523601][ T9805] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 346.838276][ T9817] FAULT_INJECTION: forcing a failure. [ 346.838276][ T9817] name failslab, interval 1, probability 0, space 0, times 0 [ 346.842927][ T9817] CPU: 0 UID: 0 PID: 9817 Comm: syz.3.855 Not tainted syzkaller #0 PREEMPT(full) [ 346.842954][ T9817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 346.842961][ T9817] Call Trace: [ 346.842967][ T9817] [ 346.842971][ T9817] dump_stack_lvl+0x16c/0x1f0 [ 346.842987][ T9817] should_fail_ex+0x512/0x640 [ 346.843001][ T9817] ? __kmalloc_noprof+0xca/0x880 [ 346.843018][ T9817] should_failslab+0xc2/0x120 [ 346.843032][ T9817] __kmalloc_noprof+0xdd/0x880 [ 346.843048][ T9817] ? arch_stack_walk+0xa6/0x100 [ 346.843058][ T9817] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 346.843078][ T9817] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 346.843093][ T9817] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 346.843112][ T9817] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 346.843127][ T9817] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 346.843147][ T9817] ? bpf_lsm_capable+0x9/0x10 [ 346.843165][ T9817] ? security_capable+0x7e/0x260 [ 346.843180][ T9817] ? ns_capable+0xd7/0x110 [ 346.843192][ T9817] genl_rcv_msg+0x55c/0x800 [ 346.843209][ T9817] ? __pfx_genl_rcv_msg+0x10/0x10 [ 346.843223][ T9817] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 346.843233][ T9817] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 346.843245][ T9817] ? __pfx_nl80211_post_doit+0x10/0x10 [ 346.843261][ T9817] ? __lock_acquire+0x62e/0x1ce0 [ 346.843278][ T9817] netlink_rcv_skb+0x155/0x420 [ 346.843290][ T9817] ? __pfx_genl_rcv_msg+0x10/0x10 [ 346.843306][ T9817] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 346.843324][ T9817] ? netlink_deliver_tap+0x1ae/0xd30 [ 346.843338][ T9817] genl_rcv+0x28/0x40 [ 346.843350][ T9817] netlink_unicast+0x5aa/0x870 [ 346.843365][ T9817] ? __pfx_netlink_unicast+0x10/0x10 [ 346.843383][ T9817] netlink_sendmsg+0x8c8/0xdd0 [ 346.843398][ T9817] ? __pfx_netlink_sendmsg+0x10/0x10 [ 346.843414][ T9817] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 346.843431][ T9817] ____sys_sendmsg+0xa98/0xc70 [ 346.843446][ T9817] ? btrfs_uuid_scan_kthread+0x9c4/0xb90 [ 346.843461][ T9817] ? __pfx_____sys_sendmsg+0x10/0x10 [ 346.843475][ T9817] ? get_compat_msghdr+0x11a/0x170 [ 346.843493][ T9817] ___sys_sendmsg+0x134/0x1d0 [ 346.843506][ T9817] ? __pfx____sys_sendmsg+0x10/0x10 [ 346.843524][ T9817] ? find_held_lock+0x2b/0x80 [ 346.843544][ T9817] __sys_sendmsg+0x16d/0x220 [ 346.843556][ T9817] ? __pfx___sys_sendmsg+0x10/0x10 [ 346.843575][ T9817] ? rcu_is_watching+0x12/0xc0 [ 346.843588][ T9817] __do_fast_syscall_32+0x7c/0x300 [ 346.843602][ T9817] do_fast_syscall_32+0x32/0x80 [ 346.843615][ T9817] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 346.843629][ T9817] RIP: 0023:0xf704d579 [ 346.843637][ T9817] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 346.843647][ T9817] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 346.843660][ T9817] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000380 [ 346.843666][ T9817] RDX: 0000000004000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 346.843674][ T9817] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 346.843680][ T9817] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 346.843686][ T9817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 346.843699][ T9817] [ 346.977110][ T9815] ufs: You didn't specify the type of your ufs filesystem [ 346.977110][ T9815] [ 346.977110][ T9815] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 346.977110][ T9815] [ 346.977110][ T9815] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 346.987575][ T9815] ufs: ufstype=old is supported read-only [ 347.170269][ T1327] usb 44-1: device descriptor read/8, error -110 [ 347.725867][ T1327] usb usb44-port1: attempt power cycle [ 347.980285][ T5647] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 348.140548][ T5647] usb 7-1: Using ep0 maxpacket: 16 [ 348.144346][ T5647] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 348.155119][ T5647] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 348.157924][ T5647] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.162283][ T5647] usb 7-1: Product: syz [ 348.170167][ T5647] usb 7-1: Manufacturer: syz [ 348.171981][ T5647] usb 7-1: SerialNumber: syz [ 348.175045][ T5647] usb 7-1: config 0 descriptor?? [ 348.180933][ T5647] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 348.188935][ T5647] em28xx 7-1:0.0: DVB interface 0 found: bulk [ 348.338167][ T9860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.865'. [ 348.440671][ T5647] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 348.524481][ T1327] usb usb44-port1: unable to enumerate USB device [ 348.603784][ T5647] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 348.603826][ T5647] em28xx 7-1:0.0: board has no eeprom [ 348.721583][ T5647] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 348.721602][ T5647] em28xx 7-1:0.0: dvb set to bulk mode. [ 348.732384][ T60] em28xx 7-1:0.0: Binding DVB extension [ 348.756596][ T5647] usb 7-1: USB disconnect, device number 21 [ 348.759711][ T5647] em28xx 7-1:0.0: Disconnecting em28xx [ 348.849595][ T60] em28xx 7-1:0.0: Registering input extension [ 348.850545][ T5647] em28xx 7-1:0.0: Closing input extension [ 348.934248][ T5647] em28xx 7-1:0.0: Freeing device [ 349.033815][ T9880] siw: device registration error -23 [ 349.317627][ T9887] netlink: 'syz.1.870': attribute type 3 has an invalid length. [ 349.321031][ T9887] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.870'. [ 349.352172][ T9883] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 349.354655][ T9883] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 349.357672][ T9883] vhci_hcd vhci_hcd.0: Device attached [ 349.363470][ T9883] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 349.366735][ T9889] vhci_hcd: connection closed [ 349.367014][ T96] vhci_hcd: stop threads [ 349.376116][ T96] vhci_hcd: release socket [ 349.377986][ T96] vhci_hcd: disconnect device [ 350.033856][ T9905] loop9: detected capacity change from 0 to 7 [ 350.041212][ T9905] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 350.043217][ T9905] loop9: partition table partially beyond EOD, truncated [ 350.046774][ T9905] loop9: p1 size 2437361653 extends beyond EOD, truncated [ 350.084447][ T9908] @: renamed from vlan0 (while UP) [ 350.183688][ T9913] netlink: 32 bytes leftover after parsing attributes in process `syz.3.876'. [ 350.330934][ T9913] FAULT_INJECTION: forcing a failure. [ 350.330934][ T9913] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 350.355797][ T9913] CPU: 0 UID: 0 PID: 9913 Comm: syz.3.876 Not tainted syzkaller #0 PREEMPT(full) [ 350.355816][ T9913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 350.355822][ T9913] Call Trace: [ 350.355827][ T9913] [ 350.355844][ T9913] dump_stack_lvl+0x16c/0x1f0 [ 350.355864][ T9913] should_fail_ex+0x512/0x640 [ 350.355881][ T9913] _copy_from_iter+0x29f/0x1720 [ 350.355900][ T9913] ? __pfx__copy_from_iter+0x10/0x10 [ 350.355948][ T9913] ? rcu_is_watching+0x12/0xc0 [ 350.355961][ T9913] ? trace_kmem_cache_alloc+0x28/0xc0 [ 350.355976][ T9913] ? kmem_cache_alloc_node_noprof+0x2d8/0x770 [ 350.356009][ T9913] copy_page_from_iter+0xde/0x180 [ 350.356024][ T9913] skb_copy_datagram_from_iter+0x2a0/0x740 [ 350.356050][ T9913] skb_copy_datagram_from_iter_full+0xf6/0x190 [ 350.356068][ T9913] ? __pfx_skb_copy_datagram_from_iter_full+0x10/0x10 [ 350.356088][ T9913] ? alloc_skb_with_frags+0x53e/0x860 [ 350.356106][ T9913] virtio_transport_alloc_skb+0x7b4/0x10d0 [ 350.356128][ T9913] ? __pfx_virtio_transport_alloc_skb+0x10/0x10 [ 350.356152][ T9913] virtio_transport_send_pkt_info+0x7d7/0x1020 [ 350.356176][ T9913] virtio_transport_stream_enqueue+0xbb/0x100 [ 350.356194][ T9913] ? __pfx_virtio_transport_stream_enqueue+0x10/0x10 [ 350.356217][ T9913] ? mark_held_locks+0x49/0x80 [ 350.356241][ T9913] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 350.356262][ T9913] ? lockdep_hardirqs_on+0x7c/0x110 [ 350.356283][ T9913] vsock_connectible_sendmsg+0xe49/0x1280 [ 350.356318][ T9913] ? __pfx_vsock_connectible_sendmsg+0x10/0x10 [ 350.356344][ T9913] ? __pfx_aa_sk_perm+0x10/0x10 [ 350.356375][ T9913] ? __pfx_woken_wake_function+0x10/0x10 [ 350.356401][ T9913] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 350.356419][ T9913] sock_write_iter+0x566/0x610 [ 350.356436][ T9913] ? __pfx_sock_write_iter+0x10/0x10 [ 350.356466][ T9913] ? __lock_acquire+0x62e/0x1ce0 [ 350.356483][ T9913] do_iter_readv_writev+0x65f/0x9e0 [ 350.356504][ T9913] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 350.356525][ T9913] ? bpf_lsm_file_permission+0x9/0x10 [ 350.356538][ T9913] ? security_file_permission+0x71/0x210 [ 350.356549][ T9913] ? rw_verify_area+0xcf/0x6c0 [ 350.356567][ T9913] vfs_writev+0x35f/0xde0 [ 350.356583][ T9913] ? __pfx_vfs_writev+0x10/0x10 [ 350.356604][ T9913] ? __fget_files+0x20e/0x3c0 [ 350.356623][ T9913] ? do_writev+0x28c/0x340 [ 350.356633][ T9913] do_writev+0x28c/0x340 [ 350.356647][ T9913] ? __pfx_do_writev+0x10/0x10 [ 350.356659][ T9913] ? rcu_is_watching+0x12/0xc0 [ 350.356672][ T9913] __do_fast_syscall_32+0x7c/0x300 [ 350.356715][ T9913] do_fast_syscall_32+0x32/0x80 [ 350.356729][ T9913] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 350.356743][ T9913] RIP: 0023:0xf704d579 [ 350.356753][ T9913] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 350.356764][ T9913] RSP: 002b:00000000f541c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 350.356775][ T9913] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800002c0 [ 350.356782][ T9913] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 350.356788][ T9913] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 350.356794][ T9913] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 350.356801][ T9913] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 350.356815][ T9913] [ 350.971658][ T9924] FAULT_INJECTION: forcing a failure. [ 350.971658][ T9924] name failslab, interval 1, probability 0, space 0, times 0 [ 350.978939][ T9924] CPU: 3 UID: 0 PID: 9924 Comm: syz.0.881 Not tainted syzkaller #0 PREEMPT(full) [ 350.978966][ T9924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 350.978978][ T9924] Call Trace: [ 350.978985][ T9924] [ 350.978991][ T9924] dump_stack_lvl+0x16c/0x1f0 [ 350.979015][ T9924] should_fail_ex+0x512/0x640 [ 350.979037][ T9924] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 350.979057][ T9924] should_failslab+0xc2/0x120 [ 350.979079][ T9924] kmem_cache_alloc_noprof+0x75/0x6e0 [ 350.979096][ T9924] ? __kvm_mmu_topup_memory_cache+0x455/0x600 [ 350.979115][ T9924] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 350.979139][ T9924] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 350.979158][ T9924] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 350.979185][ T9924] mmu_topup_memory_caches+0x25/0x170 [ 350.979222][ T9924] kvm_mmu_load+0xd6/0x23c0 [ 350.979248][ T9924] ? kvm_apic_has_interrupt+0x106/0x1f0 [ 350.979269][ T9924] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 350.979295][ T9924] ? __pfx_kvm_mmu_load+0x10/0x10 [ 350.979322][ T9924] ? kvm_cpu_has_injectable_intr+0x9c/0x1a0 [ 350.979346][ T9924] ? kvm_check_and_inject_events+0x71c/0x1310 [ 350.979376][ T9924] vcpu_run+0x3779/0x54d0 [ 350.979397][ T9924] ? kvm_mmu_post_init_vm+0x280/0x380 [ 350.979418][ T9924] ? __lock_acquire+0xb97/0x1ce0 [ 350.979450][ T9924] ? __pfx_vcpu_run+0x10/0x10 [ 350.979481][ T9924] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 350.979502][ T9924] ? __local_bh_enable_ip+0xa4/0x120 [ 350.979530][ T9924] ? kvm_arch_vcpu_ioctl_run+0x1023/0x1970 [ 350.979554][ T9924] kvm_arch_vcpu_ioctl_run+0x1023/0x1970 [ 350.979589][ T9924] kvm_vcpu_ioctl+0x5eb/0x1690 [ 350.979613][ T9924] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 350.979635][ T9924] ? tomoyo_path_number_perm+0x18d/0x580 [ 350.979666][ T9924] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 350.979704][ T9924] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 350.979737][ T9924] ? do_vfs_ioctl+0x128/0x14f0 [ 350.979764][ T9924] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 350.979804][ T9924] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 350.979827][ T9924] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 350.979848][ T9924] ? __fget_files+0x20e/0x3c0 [ 350.979863][ T9924] ? __might_fault+0x70/0x190 [ 350.979887][ T9924] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 350.979908][ T9924] __ia32_compat_sys_ioctl+0x23f/0x370 [ 350.979937][ T9924] __do_fast_syscall_32+0x7c/0x300 [ 350.979979][ T9924] do_fast_syscall_32+0x32/0x80 [ 350.980000][ T9924] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 350.980022][ T9924] RIP: 0023:0xf703d579 [ 350.980037][ T9924] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 350.980055][ T9924] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 350.980073][ T9924] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 350.980103][ T9924] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 350.980113][ T9924] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 350.980125][ T9924] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 350.980135][ T9924] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 350.980161][ T9924] [ 351.298515][ T9933] fuseblk: Bad value for 'fd' [ 351.333916][ T40] audit: type=1326 audit(1759949147.081:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9930 comm="syz.3.882" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x0 [ 351.346724][ T9935] netlink: 8 bytes leftover after parsing attributes in process `syz.0.884'. [ 352.342088][ T9956] syzkaller1: entered promiscuous mode [ 352.343884][ T9956] syzkaller1: entered allmulticast mode [ 352.352724][ T9958] netlink: 100 bytes leftover after parsing attributes in process `syz.1.893'. [ 352.355649][ T9958] netlink: 100 bytes leftover after parsing attributes in process `syz.1.893'. [ 352.453643][ T9963] fuse: Unknown parameter 'roXhF'xRVZ0000t' [ 352.457966][ T9963] binder: Unknown parameter '^:$/]u[' [ 352.790505][ T7751] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 352.950043][ T7751] usb 5-1: Using ep0 maxpacket: 16 [ 352.952255][ T7751] usb 5-1: too many configurations: 123, using maximum allowed: 8 [ 352.956251][ T7751] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.961326][ T7751] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.965419][ T7751] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.969545][ T7751] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.977192][ T7751] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.981558][ T7751] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.986075][ T7751] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.990651][ T7751] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.995249][ T7751] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 352.998495][ T7751] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 353.001611][ T7751] usb 5-1: SerialNumber: syz [ 353.004925][ T7751] usb 5-1: config 0 descriptor?? [ 353.012244][ T7751] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input25 [ 353.212253][ T9968] FAULT_INJECTION: forcing a failure. [ 353.212253][ T9968] name failslab, interval 1, probability 0, space 0, times 0 [ 353.216804][ T9968] CPU: 2 UID: 0 PID: 9968 Comm: syz.0.897 Not tainted syzkaller #0 PREEMPT(full) [ 353.216822][ T9968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 353.216830][ T9968] Call Trace: [ 353.216835][ T9968] [ 353.216841][ T9968] dump_stack_lvl+0x16c/0x1f0 [ 353.216860][ T9968] should_fail_ex+0x512/0x640 [ 353.216876][ T9968] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 353.216889][ T9968] should_failslab+0xc2/0x120 [ 353.216904][ T9968] kmem_cache_alloc_noprof+0x75/0x6e0 [ 353.216915][ T9968] ? __kernfs_new_node+0xd2/0x8e0 [ 353.216932][ T9968] ? __kernfs_new_node+0xd2/0x8e0 [ 353.216944][ T9968] __kernfs_new_node+0xd2/0x8e0 [ 353.216958][ T9968] ? __pfx___kernfs_new_node+0x10/0x10 [ 353.216975][ T9968] ? find_held_lock+0x2b/0x80 [ 353.216988][ T9968] ? kernfs_root+0xee/0x2a0 [ 353.217003][ T9968] kernfs_new_node+0x13c/0x1e0 [ 353.217021][ T9968] __kernfs_create_file+0x53/0x350 [ 353.217034][ T9968] sysfs_add_file_mode_ns+0x207/0x3c0 [ 353.217050][ T9968] internal_create_group+0x578/0xf30 [ 353.217067][ T9968] ? __pfx_internal_create_group+0x10/0x10 [ 353.217083][ T9968] ? kernfs_create_link+0x1bd/0x240 [ 353.217095][ T9968] internal_create_groups+0x9d/0x150 [ 353.217110][ T9968] device_add+0x731/0x1aa0 [ 353.217127][ T9968] ? __pfx_device_add+0x10/0x10 [ 353.217140][ T9968] ? rcu_is_watching+0x12/0xc0 [ 353.217152][ T9968] ? lockdep_init_map_type+0x5c/0x280 [ 353.217170][ T9968] input_register_device+0x7e8/0x1180 [ 353.217188][ T9968] ? input_ff_create+0x256/0x350 [ 353.217206][ T9968] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 353.217218][ T9968] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 353.217237][ T9968] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 353.217264][ T9968] ? find_held_lock+0x2b/0x80 [ 353.217284][ T9968] ? __might_fault+0x70/0x190 [ 353.217297][ T9968] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 353.217322][ T9968] ? __pfx_uinput_compat_ioctl+0x10/0x10 [ 353.217336][ T9968] __ia32_compat_sys_ioctl+0x23f/0x370 [ 353.217360][ T9968] __do_fast_syscall_32+0x7c/0x300 [ 353.217379][ T9968] do_fast_syscall_32+0x32/0x80 [ 353.217398][ T9968] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 353.217417][ T9968] RIP: 0023:0xf703d579 [ 353.217429][ T9968] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 353.217442][ T9968] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 353.217459][ T9968] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000005501 [ 353.217469][ T9968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 353.217478][ T9968] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 353.217488][ T9968] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 353.217496][ T9968] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 353.217515][ T9968] [ 353.219589][ T5333] bcm5974 5-1:0.0: could not read from device [ 353.364561][ T5333] bcm5974 5-1:0.0: could not read from device [ 353.368551][ T5333] bcm5974 5-1:0.0: could not read from device [ 353.369870][ T7751] usb 5-1: USB disconnect, device number 20 [ 353.373725][ T5333] bcm5974 5-1:0.0: could not read from device [ 353.518720][ T9988] netlink: 12 bytes leftover after parsing attributes in process `syz.3.901'. [ 353.790151][ T53] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 353.883738][T10001] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 353.889266][T10001] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 353.914082][T10001] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 353.918860][T10001] overlayfs: failed to look up (tracing) for ino (-66) [ 353.922418][ T53] usb 6-1: device descriptor read/64, error -71 [ 353.930393][T10001] netlink: 76 bytes leftover after parsing attributes in process `syz.0.905'. [ 353.935200][T10001] netlink: 292 bytes leftover after parsing attributes in process `syz.0.905'. [ 353.939077][T10001] netlink: 292 bytes leftover after parsing attributes in process `syz.0.905'. [ 353.948579][ T5942] Bluetooth: hci3: connection err: -111 [ 354.160154][ T53] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 354.596679][T10019] infiniband syz1: set active [ 354.598934][T10019] infiniband syz1: added syz_tun [ 354.634043][T10019] RDS/IB: syz1: added [ 354.636499][T10019] smc: adding ib device syz1 with port count 1 [ 354.639310][T10019] smc: ib device syz1 port 1 has no pnetid [ 354.759211][T10024] netlink: 16 bytes leftover after parsing attributes in process `syz.3.911'. [ 354.764581][ T53] usb 6-1: device descriptor read/64, error -71 [ 354.957736][T10026] netlink: 32 bytes leftover after parsing attributes in process `syz.2.910'. [ 355.078458][ T53] usb usb6-port1: attempt power cycle [ 355.415704][T10034] FAULT_INJECTION: forcing a failure. [ 355.415704][T10034] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.420177][ T53] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 355.425714][T10034] CPU: 3 UID: 0 PID: 10034 Comm: syz.2.913 Not tainted syzkaller #0 PREEMPT(full) [ 355.425743][T10034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 355.425755][T10034] Call Trace: [ 355.425762][T10034] [ 355.425770][T10034] dump_stack_lvl+0x16c/0x1f0 [ 355.425799][T10034] should_fail_ex+0x512/0x640 [ 355.425829][T10034] _copy_to_user+0x32/0xd0 [ 355.425857][T10034] simple_read_from_buffer+0xcb/0x170 [ 355.425890][T10034] proc_fail_nth_read+0x197/0x240 [ 355.425913][T10034] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 355.425935][T10034] ? rw_verify_area+0xcf/0x6c0 [ 355.425966][T10034] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 355.425986][T10034] vfs_read+0x1e1/0xcf0 [ 355.426014][T10034] ? __pfx_vfs_read+0x10/0x10 [ 355.426032][T10034] ? find_held_lock+0x2b/0x80 [ 355.426060][T10034] ? __fget_files+0x20e/0x3c0 [ 355.426089][T10034] ksys_read+0x12a/0x250 [ 355.426109][T10034] ? __pfx_ksys_read+0x10/0x10 [ 355.426133][T10034] ? rcu_is_watching+0x12/0xc0 [ 355.426159][T10034] __do_fast_syscall_32+0x7c/0x300 [ 355.426186][T10034] do_fast_syscall_32+0x32/0x80 [ 355.426209][T10034] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 355.426233][T10034] RIP: 0023:0xf7f76579 [ 355.426249][T10034] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 355.426267][T10034] RSP: 002b:00000000f5466590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 355.426286][T10034] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5466620 [ 355.426305][T10034] RDX: 000000000000000f RSI: 00000000f7405ff4 RDI: 0000000000000000 [ 355.426317][T10034] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 355.426328][T10034] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 355.426339][T10034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 355.426368][T10034] [ 355.517326][ C3] vkms_vblank_simulate: vblank timer overrun [ 355.526050][ T53] usb 6-1: device descriptor read/8, error -71 [ 355.616233][T10042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.915'. [ 355.725702][T10048] fuse: Bad value for 'fd' [ 355.780176][ T53] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 355.811550][ T53] usb 6-1: device descriptor read/8, error -71 [ 355.849449][T10052] netlink: 'syz.3.918': attribute type 10 has an invalid length. [ 355.876041][T10052] 8021q: adding VLAN 0 to HW filter on device bond1 [ 355.891666][T10052] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 355.895977][ T61] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:b0a1:d3ff:fe16:280b error=-28 [ 355.896606][T10052] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 355.930427][ T53] usb usb6-port1: unable to enumerate USB device [ 355.991896][ T61] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 355.993590][T10059] FAULT_INJECTION: forcing a failure. [ 355.993590][T10059] name failslab, interval 1, probability 0, space 0, times 0 [ 356.000196][T10059] CPU: 1 UID: 0 PID: 10059 Comm: syz.3.921 Not tainted syzkaller #0 PREEMPT(full) [ 356.000212][T10059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 356.000218][T10059] Call Trace: [ 356.000222][T10059] [ 356.000227][T10059] dump_stack_lvl+0x16c/0x1f0 [ 356.000244][T10059] should_fail_ex+0x512/0x640 [ 356.000258][T10059] ? __kmalloc_noprof+0xca/0x880 [ 356.000276][T10059] should_failslab+0xc2/0x120 [ 356.000290][T10059] __kmalloc_noprof+0xdd/0x880 [ 356.000306][T10059] ? nl80211_trigger_scan+0x4d5/0x2000 [ 356.000322][T10059] ? nl80211_trigger_scan+0x4d5/0x2000 [ 356.000334][T10059] nl80211_trigger_scan+0x4d5/0x2000 [ 356.000348][T10059] ? nl80211_pre_doit+0x1b0/0xb10 [ 356.000360][T10059] genl_family_rcv_msg_doit+0x206/0x2f0 [ 356.000383][T10059] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 356.000402][T10059] ? bpf_lsm_capable+0x9/0x10 [ 356.000416][T10059] ? security_capable+0x7e/0x260 [ 356.000430][T10059] ? ns_capable+0xd7/0x110 [ 356.000443][T10059] genl_rcv_msg+0x55c/0x800 [ 356.000460][T10059] ? __pfx_genl_rcv_msg+0x10/0x10 [ 356.000474][T10059] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 356.000483][T10059] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 356.000495][T10059] ? __pfx_nl80211_post_doit+0x10/0x10 [ 356.000510][T10059] ? __lock_acquire+0x62e/0x1ce0 [ 356.000528][T10059] netlink_rcv_skb+0x155/0x420 [ 356.000541][T10059] ? __pfx_genl_rcv_msg+0x10/0x10 [ 356.000556][T10059] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 356.000576][T10059] ? netlink_deliver_tap+0x1ae/0xd30 [ 356.000743][T10059] genl_rcv+0x28/0x40 [ 356.000757][T10059] netlink_unicast+0x5aa/0x870 [ 356.000772][T10059] ? __pfx_netlink_unicast+0x10/0x10 [ 356.000784][T10059] ? __pfx___might_resched+0x10/0x10 [ 356.000800][T10059] netlink_sendmsg+0x8c8/0xdd0 [ 356.000816][T10059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 356.000830][T10059] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 356.000847][T10059] ____sys_sendmsg+0xa98/0xc70 [ 356.000865][T10059] ? __pfx_____sys_sendmsg+0x10/0x10 [ 356.000879][T10059] ? get_compat_msghdr+0x11a/0x170 [ 356.000897][T10059] ___sys_sendmsg+0x134/0x1d0 [ 356.000910][T10059] ? __pfx____sys_sendmsg+0x10/0x10 [ 356.000928][T10059] ? find_held_lock+0x2b/0x80 [ 356.000948][T10059] __sys_sendmsg+0x16d/0x220 [ 356.000960][T10059] ? __pfx___sys_sendmsg+0x10/0x10 [ 356.000978][T10059] ? rcu_is_watching+0x12/0xc0 [ 356.000991][T10059] __do_fast_syscall_32+0x7c/0x300 [ 356.001006][T10059] do_fast_syscall_32+0x32/0x80 [ 356.001019][T10059] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 356.001033][T10059] RIP: 0023:0xf704d579 [ 356.001043][T10059] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 356.001053][T10059] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 356.001063][T10059] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 356.001070][T10059] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 356.001076][T10059] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 356.001084][T10059] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 356.001092][T10059] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 356.001106][T10059] [ 356.004303][ T61] bond1: (slave macvlan2): link status up again after 0 ms [ 356.126393][ T61] bond1: (slave macvlan2): failed to get link speed/duplex [ 356.129680][ T61] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 356.241954][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 356.280121][ T1327] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 356.350237][ T61] bond1: (slave macvlan2): failed to get link speed/duplex [ 356.440179][ T1327] usb 8-1: Using ep0 maxpacket: 16 [ 356.444889][ T1327] usb 8-1: config 4 has an invalid interface number: 213 but max is 1 [ 356.448270][ T1327] usb 8-1: config 4 has an invalid interface number: 7 but max is 1 [ 356.451856][ T1327] usb 8-1: config 4 has an invalid interface number: 80 but max is 1 [ 356.455136][ T1327] usb 8-1: config 4 has 3 interfaces, different from the descriptor's value: 2 [ 356.460603][ T1143] bond1: (slave macvlan2): failed to get link speed/duplex [ 356.460714][ T1327] usb 8-1: config 4 has no interface number 0 [ 356.466402][ T1327] usb 8-1: config 4 has no interface number 1 [ 356.469246][ T1327] usb 8-1: config 4 has no interface number 2 [ 356.472694][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0xF has an invalid bInterval 80, changing to 7 [ 356.477219][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 356.482449][ T1327] usb 8-1: config 4 interface 213 altsetting 115 has an invalid descriptor for endpoint zero, skipping [ 356.487797][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0x6 has an invalid bInterval 64, changing to 7 [ 356.493842][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0x6 has invalid maxpacket 34710, setting to 1024 [ 356.500757][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 356.506846][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0xD has invalid wMaxPacketSize 0 [ 356.512290][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 356.517179][ T1327] usb 8-1: config 4 interface 213 altsetting 115 has a duplicate endpoint with address 0x2, skipping [ 356.521783][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0x1 has an invalid bInterval 234, changing to 11 [ 356.526389][ T1327] usb 8-1: config 4 interface 213 altsetting 115 has an invalid descriptor for endpoint zero, skipping [ 356.531640][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 356.536933][ T1327] usb 8-1: config 4 interface 213 altsetting 115 has an invalid descriptor for endpoint zero, skipping [ 356.542737][ T1327] usb 8-1: config 4 interface 213 altsetting 115 has an invalid descriptor for endpoint zero, skipping [ 356.548689][ T1327] usb 8-1: config 4 interface 213 altsetting 115 has a duplicate endpoint with address 0x6, skipping [ 356.553689][ T1327] usb 8-1: config 4 interface 213 altsetting 115 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 356.558689][ T1327] usb 8-1: config 4 interface 213 altsetting 115 has a duplicate endpoint with address 0x1, skipping [ 356.563705][ T1327] usb 8-1: config 4 interface 7 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 356.567632][ T1327] usb 8-1: config 4 interface 7 altsetting 0 has a duplicate endpoint with address 0xC, skipping [ 356.571188][ T1327] usb 8-1: config 4 interface 7 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 356.574847][ T1327] usb 8-1: too many endpoints for config 4 interface 80 altsetting 187: 41, using maximum allowed: 30 [ 356.580258][ T1327] usb 8-1: config 4 interface 80 altsetting 187 has 0 endpoint descriptors, different from the interface descriptor's value: 41 [ 356.585100][ T1327] usb 8-1: config 4 interface 213 has no altsetting 0 [ 356.585143][ T1143] bond1: (slave macvlan2): failed to get link speed/duplex [ 356.587369][ T1327] usb 8-1: config 4 interface 80 has no altsetting 0 [ 356.602639][ T1327] usb 8-1: New USB device found, idVendor=0803, idProduct=4310, bcdDevice=52.a2 [ 356.606596][ T1327] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.609585][ T1327] usb 8-1: Product: 哲⧴⣨亂೬넸뾹ଫﯪ阶뻷영䔜깝椓絽꣱‹쓔ᭊ햃嫪遁뾯퓄٬ꊌᓠ遠†齪揜璥證䜜ⵦ흭般臅찂鮞閖ᛃ硹앇ꥆꥴ뉖ۮ✌ﴼ㤍從幗⠊ [ 356.616234][ T1327] usb 8-1: Manufacturer: 彂뭌쵘體፟药ﶶ胭멉ẜ궕橹壇兹蜃छ虎㖅쩢坅肕衴赀儥힂吩큽ᓃꝬㄣ쏵栟멈뜒릘 [ 356.624043][ T1327] usb 8-1: SerialNumber: င [ 356.644113][T10061] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 356.670622][T10065] FAULT_INJECTION: forcing a failure. [ 356.670622][T10065] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 356.675056][T10065] CPU: 0 UID: 0 PID: 10065 Comm: syz.1.924 Not tainted syzkaller #0 PREEMPT(full) [ 356.675073][T10065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 356.675079][T10065] Call Trace: [ 356.675084][T10065] [ 356.675088][T10065] dump_stack_lvl+0x16c/0x1f0 [ 356.675115][T10065] should_fail_ex+0x512/0x640 [ 356.675132][T10065] should_fail_alloc_page+0xe7/0x130 [ 356.675149][T10065] prepare_alloc_pages+0x3c2/0x610 [ 356.675163][T10065] ? rcu_is_watching+0x12/0xc0 [ 356.675177][T10065] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 356.675190][T10065] ? __lock_acquire+0xb97/0x1ce0 [ 356.675212][T10065] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 356.675223][T10065] ? do_raw_spin_lock+0x12c/0x2b0 [ 356.675241][T10065] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 356.675258][T10065] ? find_held_lock+0x2b/0x80 [ 356.675273][T10065] ? __lock_acquire+0xb97/0x1ce0 [ 356.675288][T10065] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 356.675308][T10065] ? policy_nodemask+0xea/0x4e0 [ 356.675324][T10065] alloc_pages_mpol+0x1fb/0x550 [ 356.675339][T10065] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 356.675358][T10065] folio_alloc_mpol_noprof+0x36/0x2f0 [ 356.675375][T10065] shmem_alloc_folio+0x135/0x160 [ 356.675393][T10065] shmem_alloc_and_add_folio+0x499/0xc20 [ 356.675414][T10065] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 356.675433][T10065] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 356.675448][T10065] shmem_get_folio_gfp+0x67f/0x1610 [ 356.675462][T10065] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 356.675477][T10065] shmem_write_begin+0x160/0x300 [ 356.675489][T10065] ? __pfx_shmem_write_begin+0x10/0x10 [ 356.675501][T10065] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 356.675520][T10065] generic_perform_write+0x3c4/0x900 [ 356.675542][T10065] ? __pfx_generic_perform_write+0x10/0x10 [ 356.675559][T10065] ? inode_needs_update_time.part.0+0x191/0x270 [ 356.675576][T10065] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 356.675588][T10065] shmem_file_write_iter+0x10e/0x140 [ 356.675603][T10065] __kernel_write_iter+0x31a/0xb10 [ 356.675616][T10065] ? __pfx___kernel_write_iter+0x10/0x10 [ 356.675636][T10065] kernel_write+0x1f4/0x6c0 [ 356.675648][T10065] ? __pfx_kernel_write+0x10/0x10 [ 356.675658][T10065] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 356.675678][T10065] ? __shmem_file_setup+0x8e/0x330 [ 356.675697][T10065] big_key_preparse+0x3a8/0x5b0 [ 356.675710][T10065] ? __pfx_big_key_preparse+0x10/0x10 [ 356.675721][T10065] ? __pfx_down_read+0x10/0x10 [ 356.675737][T10065] ? __pfx_big_key_preparse+0x10/0x10 [ 356.675750][T10065] __key_create_or_update+0x458/0xe10 [ 356.675763][T10065] ? __pfx___key_create_or_update+0x10/0x10 [ 356.675774][T10065] ? lookup_user_key+0x2ce/0x1300 [ 356.675798][T10065] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 356.675818][T10065] key_create_or_update+0x42/0x60 [ 356.675831][T10065] __do_sys_add_key+0x29d/0x470 [ 356.675845][T10065] ? __pfx___do_sys_add_key+0x10/0x10 [ 356.675861][T10065] ? rcu_is_watching+0x12/0xc0 [ 356.675874][T10065] __do_fast_syscall_32+0x7c/0x300 [ 356.675889][T10065] do_fast_syscall_32+0x32/0x80 [ 356.675902][T10065] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 356.675916][T10065] RIP: 0023:0xf7fd7579 [ 356.675925][T10065] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 356.675936][T10065] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 000000000000011e [ 356.675947][T10065] RAX: ffffffffffffffda RBX: 00000000800018c0 RCX: 0000000080001900 [ 356.675954][T10065] RDX: 0000000080001940 RSI: 00000000000fffff RDI: 00000000fffffffe [ 356.675960][T10065] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 356.675967][T10065] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 356.675973][T10065] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 356.675988][T10065] [ 356.823643][ T1143] bond1: (slave macvlan2): failed to get link speed/duplex [ 356.903421][T10073] block device autoloading is deprecated and will be removed. [ 356.930803][ T1143] bond1: (slave macvlan2): failed to get link speed/duplex [ 357.104605][ T1327] usb 8-1: USB disconnect, device number 25 [ 357.340129][ T5647] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 357.500204][ T5647] usb 5-1: Using ep0 maxpacket: 16 [ 357.504007][ T5647] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 357.510858][ T5647] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 357.514732][ T5647] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.517905][ T5647] usb 5-1: Product: syz [ 357.519249][ T5647] usb 5-1: Manufacturer: syz [ 357.522191][ T5647] usb 5-1: SerialNumber: syz [ 357.524901][ T5647] usb 5-1: config 0 descriptor?? [ 357.529607][ T5647] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 357.532899][ T5647] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 357.570954][T10105] overlayfs: missing 'lowerdir' [ 358.135929][ T5647] em28xx 5-1:0.0: chip ID is em2765 [ 358.271472][T10118] hsr0: left allmulticast mode [ 358.273377][T10118] hsr_slave_0: left allmulticast mode [ 358.275407][T10118] hsr_slave_1: left allmulticast mode [ 358.282643][T10118] __nla_validate_parse: 1 callbacks suppressed [ 358.282655][T10118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.941'. [ 358.456097][T10123] ufs: failed to set blocksize [ 358.615262][T10136] input: syz1 as /devices/virtual/input/input27 [ 358.765187][T10091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 358.768814][T10091] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 358.913241][ T5647] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 358.916426][ T5647] em28xx 5-1:0.0: board has no eeprom [ 358.990199][ T5647] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 358.993741][ T5647] em28xx 5-1:0.0: dvb set to bulk mode. [ 358.996132][ T7751] em28xx 5-1:0.0: Binding DVB extension [ 359.006558][ T5647] usb 5-1: USB disconnect, device number 21 [ 359.013519][ T5647] em28xx 5-1:0.0: Disconnecting em28xx [ 359.021504][ T7751] em28xx 5-1:0.0: Registering input extension [ 359.024678][ T5647] em28xx 5-1:0.0: Closing input extension [ 359.037301][ T5647] em28xx 5-1:0.0: Freeing device [ 359.369331][T10152] netlink: 28 bytes leftover after parsing attributes in process `syz.0.951'. [ 359.623043][T10163] siw: device registration error -23 [ 360.026131][T10169] netlink: 4 bytes leftover after parsing attributes in process `syz.0.957'. [ 360.089261][T10171] netlink: 80 bytes leftover after parsing attributes in process `syz.0.958'. [ 360.094718][T10171] netlink: 80 bytes leftover after parsing attributes in process `syz.0.958'. [ 360.418382][T10175] fuse: Bad value for 'fd' [ 360.433842][T10177] loop2: detected capacity change from 0 to 7 [ 360.438755][ T9661] Dev loop2: unable to read RDB block 7 [ 360.441724][ T9661] loop2: unable to read partition table [ 360.443867][ T9661] loop2: partition table beyond EOD, truncated [ 360.455291][T10177] Dev loop2: unable to read RDB block 7 [ 360.457352][T10177] loop2: unable to read partition table [ 360.459517][T10177] loop2: partition table beyond EOD, truncated [ 360.463157][T10177] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 360.497873][T10182] FAULT_INJECTION: forcing a failure. [ 360.497873][T10182] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 360.498609][T10182] [ 360.498615][T10182] ====================================================== [ 360.498619][T10182] WARNING: possible circular locking dependency detected [ 360.498623][T10182] syzkaller #0 Not tainted [ 360.498628][T10182] ------------------------------------------------------ [ 360.498632][T10182] syz.1.962/10182 is trying to acquire lock: [ 360.498636][T10182] ffffffff8e2d1540 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x61/0x80 [ 360.498663][T10182] [ 360.498663][T10182] but task is already holding lock: [ 360.498666][T10182] ffff88802b239820 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x6c9/0x1160 [ 360.498692][T10182] [ 360.498692][T10182] which lock already depends on the new lock. [ 360.498692][T10182] [ 360.498695][T10182] [ 360.498695][T10182] the existing dependency chain (in reverse order) is: [ 360.498699][T10182] [ 360.498699][T10182] -> #3 (&pool->lock){-.-.}-{2:2}: [ 360.498711][T10182] _raw_spin_lock+0x2e/0x40 [ 360.498728][T10182] __queue_work+0x26b/0x1160 [ 360.498743][T10182] queue_work_on+0x15f/0x1f0 [ 360.498750][T10182] rpm_suspend+0xeba/0x11d0 [ 360.498761][T10182] rpm_idle+0x607/0x780 [ 360.498769][T10182] __pm_runtime_idle+0xba/0x1a0 [ 360.498778][T10182] __device_attach+0x37e/0x4b0 [ 360.498788][T10182] bus_probe_device+0x17f/0x1c0 [ 360.498802][T10182] device_add+0x1148/0x1aa0 [ 360.498813][T10182] serial_base_port_add+0x362/0x4c0 [ 360.498823][T10182] serial_core_register_port+0x13c/0x25d0 [ 360.498839][T10182] serial8250_register_8250_port+0x15a3/0x23e0 [ 360.498850][T10182] serial_pnp_probe+0x431/0x910 [ 360.498861][T10182] pnp_device_probe+0x2a5/0x4d0 [ 360.498871][T10182] really_probe+0x241/0xa90 [ 360.498879][T10182] __driver_probe_device+0x1de/0x440 [ 360.498888][T10182] driver_probe_device+0x4c/0x1b0 [ 360.498896][T10182] __driver_attach+0x283/0x580 [ 360.498905][T10182] bus_for_each_dev+0x13e/0x1d0 [ 360.498918][T10182] bus_add_driver+0x2e9/0x690 [ 360.498932][T10182] driver_register+0x15c/0x4b0 [ 360.498942][T10182] serial8250_init+0xc9/0x1e0 [ 360.498951][T10182] do_one_initcall+0x120/0x6e0 [ 360.498961][T10182] kernel_init_freeable+0x5c2/0x910 [ 360.498976][T10182] kernel_init+0x1c/0x2b0 [ 360.498989][T10182] ret_from_fork+0x675/0x7d0 [ 360.499004][T10182] ret_from_fork_asm+0x1a/0x30 [ 360.499014][T10182] [ 360.499014][T10182] -> #2 (&dev->power.lock){-...}-{3:3}: [ 360.499036][T10182] _raw_spin_lock_irqsave+0x3a/0x60 [ 360.499044][T10182] __pm_runtime_resume+0xa9/0x170 [ 360.499054][T10182] __uart_start+0x1b0/0x500 [ 360.499065][T10182] uart_write+0x218/0xb30 [ 360.499078][T10182] n_tty_write+0x41b/0x11e0 [ 360.499087][T10182] file_tty_write.constprop.0+0x500/0x9b0 [ 360.499102][T10182] redirected_tty_write+0xd4/0x150 [ 360.499115][T10182] vfs_write+0x7d3/0x11d0 [ 360.499125][T10182] ksys_write+0x12a/0x250 [ 360.499134][T10182] do_syscall_64+0xcd/0xfa0 [ 360.499144][T10182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.499154][T10182] [ 360.499154][T10182] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 360.499166][T10182] _raw_spin_lock_irqsave+0x3a/0x60 [ 360.499174][T10182] serial8250_console_write+0x181/0x1890 [ 360.499185][T10182] console_flush_all+0x801/0xc60 [ 360.499194][T10182] console_unlock+0xd8/0x210 [ 360.499202][T10182] vprintk_emit+0x3d7/0x680 [ 360.499211][T10182] _printk+0xc7/0x100 [ 360.499223][T10182] register_console+0xc2d/0x11b0 [ 360.499233][T10182] univ8250_console_init+0x5f/0x90 [ 360.499241][T10182] console_init+0x14f/0x680 [ 360.499249][T10182] start_kernel+0x29f/0x4e0 [ 360.499263][T10182] x86_64_start_reservations+0x18/0x30 [ 360.499278][T10182] x86_64_start_kernel+0x130/0x190 [ 360.499293][T10182] common_startup_64+0x13e/0x148 [ 360.499302][T10182] [ 360.499302][T10182] -> #0 (console_owner){-.-.}-{0:0}: [ 360.499314][T10182] __lock_acquire+0x12a6/0x1ce0 [ 360.499327][T10182] lock_acquire+0x179/0x350 [ 360.499339][T10182] console_lock_spinning_enable+0x72/0x80 [ 360.499347][T10182] console_flush_all+0x7aa/0xc60 [ 360.499356][T10182] console_unlock+0xd8/0x210 [ 360.499364][T10182] vprintk_emit+0x3d7/0x680 [ 360.499373][T10182] _printk+0xc7/0x100 [ 360.499385][T10182] should_fail_ex+0x4e7/0x640 [ 360.499397][T10182] strncpy_from_user+0x3b/0x2e0 [ 360.499406][T10182] strncpy_from_user_nofault+0x7f/0x180 [ 360.499416][T10182] bpf_probe_read_compat_str+0xe8/0x180 [ 360.499431][T10182] bpf_prog_336c7b50ce4432df+0x8b/0x91 [ 360.499439][T10182] bpf_trace_run3+0x248/0x5a0 [ 360.499454][T10182] __bpf_trace_workqueue_queue_work+0x100/0x140 [ 360.499467][T10182] __queue_work+0x4fa/0x1160 [ 360.499481][T10182] __queue_delayed_work+0x35b/0x460 [ 360.499490][T10182] mod_delayed_work_on+0x198/0x1c0 [ 360.499498][T10182] kblockd_mod_delayed_work_on+0x29/0x40 [ 360.499512][T10182] scsi_run_queue+0x614/0xc90 [ 360.499524][T10182] scsi_run_host_queues+0x4c/0x70 [ 360.499537][T10182] scsi_ioctl_reset+0x438/0x850 [ 360.499546][T10182] scsi_ioctl+0xfa3/0x1830 [ 360.499559][T10182] sr_block_ioctl+0x202/0x250 [ 360.499570][T10182] blkdev_compat_ptr_ioctl+0x9f/0xe0 [ 360.499585][T10182] compat_blkdev_ioctl+0x2ee/0x7a0 [ 360.499594][T10182] __ia32_compat_sys_ioctl+0x23f/0x370 [ 360.499608][T10182] __do_fast_syscall_32+0x7c/0x300 [ 360.499618][T10182] do_fast_syscall_32+0x32/0x80 [ 360.499629][T10182] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 360.499641][T10182] [ 360.499641][T10182] other info that might help us debug this: [ 360.499641][T10182] [ 360.499643][T10182] Chain exists of: [ 360.499643][T10182] console_owner --> &dev->power.lock --> &pool->lock [ 360.499643][T10182] [ 360.499657][T10182] Possible unsafe locking scenario: [ 360.499657][T10182] [ 360.499659][T10182] CPU0 CPU1 [ 360.499662][T10182] ---- ---- [ 360.499664][T10182] lock(&pool->lock); [ 360.499670][T10182] lock(&dev->power.lock); [ 360.499676][T10182] lock(&pool->lock); [ 360.499682][T10182] lock(console_owner); [ 360.499688][T10182] [ 360.499688][T10182] *** DEADLOCK *** [ 360.499688][T10182] [ 360.499690][T10182] 6 locks held by syz.1.962/10182: [ 360.499696][T10182] #0: ffff8880277fd110 (&cd->lock){+.+.}-{4:4}, at: sr_block_ioctl+0x118/0x250 [ 360.499718][T10182] #1: ffffffff8e3c4320 (rcu_read_lock){....}-{1:3}, at: __queue_work+0xe7/0x1160 [ 360.499745][T10182] #2: ffff88802b239820 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x6c9/0x1160 [ 360.499772][T10182] #3: ffffffff8e3c4320 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run3+0x1cb/0x5a0 [ 360.499799][T10182] #4: ffffffff8e3b1980 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100 [ 360.499823][T10182] #5: ffffffff8e3b19f0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60 [ 360.499844][T10182] [ 360.499844][T10182] stack backtrace: [ 360.499849][T10182] CPU: 0 UID: 0 PID: 10182 Comm: syz.1.962 Not tainted syzkaller #0 PREEMPT(full) [ 360.499860][T10182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 360.499866][T10182] Call Trace: [ 360.499870][T10182] [ 360.499874][T10182] dump_stack_lvl+0x116/0x1f0 [ 360.499885][T10182] print_circular_bug+0x275/0x350 [ 360.499899][T10182] check_noncircular+0x14c/0x170 [ 360.499914][T10182] __lock_acquire+0x12a6/0x1ce0 [ 360.499930][T10182] lock_acquire+0x179/0x350 [ 360.499943][T10182] ? console_lock_spinning_enable+0x61/0x80 [ 360.499971][T10182] ? console_lock_spinning_enable+0x4a/0x80 [ 360.499982][T10182] console_lock_spinning_enable+0x72/0x80 [ 360.500009][T10182] ? console_lock_spinning_enable+0x61/0x80 [ 360.500022][T10182] console_flush_all+0x7aa/0xc60 [ 360.500033][T10182] ? __pfx_console_flush_all+0x10/0x10 [ 360.500045][T10182] ? is_printk_cpu_sync_owner+0x32/0x40 [ 360.500058][T10182] console_unlock+0xd8/0x210 [ 360.500067][T10182] ? __pfx_console_unlock+0x10/0x10 [ 360.500076][T10182] ? do_raw_spin_unlock+0x160/0x230 [ 360.500093][T10182] ? _printk+0xc7/0x100 [ 360.500106][T10182] ? __down_trylock_console_sem+0xb0/0x140 [ 360.500122][T10182] vprintk_emit+0x3d7/0x680 [ 360.500132][T10182] ? __pfx_vprintk_emit+0x10/0x10 [ 360.500144][T10182] _printk+0xc7/0x100 [ 360.500158][T10182] ? __pfx__printk+0x10/0x10 [ 360.500173][T10182] ? __pfx____ratelimit+0x10/0x10 [ 360.500181][T10182] ? __lock_acquire+0x62e/0x1ce0 [ 360.500196][T10182] should_fail_ex+0x4e7/0x640 [ 360.500208][T10182] strncpy_from_user+0x3b/0x2e0 [ 360.500219][T10182] strncpy_from_user_nofault+0x7f/0x180 [ 360.500230][T10182] bpf_probe_read_compat_str+0xe8/0x180 [ 360.500246][T10182] bpf_prog_336c7b50ce4432df+0x8b/0x91 [ 360.500254][T10182] bpf_trace_run3+0x248/0x5a0 [ 360.500269][T10182] ? __pfx_bpf_trace_run3+0x10/0x10 [ 360.500288][T10182] __bpf_trace_workqueue_queue_work+0x100/0x140 [ 360.500302][T10182] ? __pfx___bpf_trace_workqueue_queue_work+0x10/0x10 [ 360.500317][T10182] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 360.500332][T10182] ? __queue_work+0x6c0/0x1160 [ 360.500361][T10182] __queue_work+0x4fa/0x1160 [ 360.500379][T10182] ? __pfx_clear_pending_if_disabled+0x10/0x10 [ 360.500392][T10182] __queue_delayed_work+0x35b/0x460 [ 360.500402][T10182] mod_delayed_work_on+0x198/0x1c0 [ 360.500412][T10182] ? __pfx_mod_delayed_work_on+0x10/0x10 [ 360.500423][T10182] kblockd_mod_delayed_work_on+0x29/0x40 [ 360.500437][T10182] scsi_run_queue+0x614/0xc90 [ 360.500452][T10182] ? __pfx_scsi_run_queue+0x10/0x10 [ 360.500463][T10182] ? lockdep_hardirqs_on+0x7c/0x110 [ 360.500474][T10182] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 360.500484][T10182] ? __scsi_iterate_devices+0x1ae/0x230 [ 360.500498][T10182] scsi_run_host_queues+0x4c/0x70 [ 360.500513][T10182] scsi_ioctl_reset+0x438/0x850 [ 360.500524][T10182] scsi_ioctl+0xfa3/0x1830 [ 360.500538][T10182] ? rpm_resume+0x7fc/0x1320 [ 360.500548][T10182] ? __pfx_scsi_ioctl+0x10/0x10 [ 360.500563][T10182] ? __pfx_rpm_resume+0x10/0x10 [ 360.500572][T10182] ? do_raw_spin_lock+0x12c/0x2b0 [ 360.500606][T10182] ? find_held_lock+0x2b/0x80 [ 360.500620][T10182] ? lockdep_hardirqs_on+0x7c/0x110 [ 360.500630][T10182] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 360.500640][T10182] ? __pm_runtime_resume+0xc3/0x170 [ 360.500651][T10182] sr_block_ioctl+0x202/0x250 [ 360.500663][T10182] ? __pfx_sr_block_ioctl+0x10/0x10 [ 360.500673][T10182] blkdev_compat_ptr_ioctl+0x9f/0xe0 [ 360.500689][T10182] ? __pfx_blkdev_compat_ptr_ioctl+0x10/0x10 [ 360.500706][T10182] compat_blkdev_ioctl+0x2ee/0x7a0 [ 360.500715][T10182] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 360.500724][T10182] ? __might_fault+0x70/0x190 [ 360.500735][T10182] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 360.500744][T10182] __ia32_compat_sys_ioctl+0x23f/0x370 [ 360.500760][T10182] __do_fast_syscall_32+0x7c/0x300 [ 360.500772][T10182] do_fast_syscall_32+0x32/0x80 [ 360.500784][T10182] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 360.500796][T10182] RIP: 0023:0xf7fd7579 [ 360.500804][T10182] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 360.500814][T10182] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 360.500823][T10182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000002284 [ 360.500829][T10182] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 360.500835][T10182] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 360.500841][T10182] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 360.500847][T10182] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 360.500856][T10182] [ 360.887937][T10182] CPU: 0 UID: 0 PID: 10182 Comm: syz.1.962 Not tainted syzkaller #0 PREEMPT(full) [ 360.887951][T10182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 360.887958][T10182] Call Trace: [ 360.887964][T10182] [ 360.887969][T10182] dump_stack_lvl+0x116/0x1f0 [ 360.887985][T10182] should_fail_ex+0x512/0x640 [ 360.888004][T10182] strncpy_from_user+0x3b/0x2e0 [ 360.888016][T10182] strncpy_from_user_nofault+0x7f/0x180 [ 360.888029][T10182] bpf_probe_read_compat_str+0xe8/0x180 [ 360.888046][T10182] bpf_prog_336c7b50ce4432df+0x8b/0x91 [ 360.888054][T10182] bpf_trace_run3+0x248/0x5a0 [ 360.888070][T10182] ? __pfx_bpf_trace_run3+0x10/0x10 [ 360.888089][T10182] __bpf_trace_workqueue_queue_work+0x100/0x140 [ 360.888105][T10182] ? __pfx___bpf_trace_workqueue_queue_work+0x10/0x10 [ 360.888120][T10182] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 360.888136][T10182] ? __queue_work+0x6c0/0x1160 [ 360.888153][T10182] __queue_work+0x4fa/0x1160 [ 360.888170][T10182] ? __pfx_clear_pending_if_disabled+0x10/0x10 [ 360.888183][T10182] __queue_delayed_work+0x35b/0x460 [ 360.888193][T10182] mod_delayed_work_on+0x198/0x1c0 [ 360.888203][T10182] ? __pfx_mod_delayed_work_on+0x10/0x10 [ 360.888215][T10182] kblockd_mod_delayed_work_on+0x29/0x40 [ 360.888230][T10182] scsi_run_queue+0x614/0xc90 [ 360.888245][T10182] ? __pfx_scsi_run_queue+0x10/0x10 [ 360.888257][T10182] ? lockdep_hardirqs_on+0x7c/0x110 [ 360.888268][T10182] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 360.888278][T10182] ? __scsi_iterate_devices+0x1ae/0x230 [ 360.888293][T10182] scsi_run_host_queues+0x4c/0x70 [ 360.888307][T10182] scsi_ioctl_reset+0x438/0x850 [ 360.888319][T10182] scsi_ioctl+0xfa3/0x1830 [ 360.888334][T10182] ? rpm_resume+0x7fc/0x1320 [ 360.888345][T10182] ? __pfx_scsi_ioctl+0x10/0x10 [ 360.888360][T10182] ? __pfx_rpm_resume+0x10/0x10 [ 360.888369][T10182] ? do_raw_spin_lock+0x12c/0x2b0 [ 360.888385][T10182] ? find_held_lock+0x2b/0x80 [ 360.888396][T10182] ? lockdep_hardirqs_on+0x7c/0x110 [ 360.888407][T10182] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 360.888417][T10182] ? __pm_runtime_resume+0xc3/0x170 [ 360.888428][T10182] sr_block_ioctl+0x202/0x250 [ 360.888440][T10182] ? __pfx_sr_block_ioctl+0x10/0x10 [ 360.888451][T10182] blkdev_compat_ptr_ioctl+0x9f/0xe0 [ 360.888468][T10182] ? __pfx_blkdev_compat_ptr_ioctl+0x10/0x10 [ 360.888485][T10182] compat_blkdev_ioctl+0x2ee/0x7a0 [ 360.888495][T10182] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 360.888504][T10182] ? __might_fault+0x70/0x190 [ 360.888514][T10182] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 360.888524][T10182] __ia32_compat_sys_ioctl+0x23f/0x370 [ 360.888541][T10182] __do_fast_syscall_32+0x7c/0x300 [ 360.888554][T10182] do_fast_syscall_32+0x32/0x80 [ 360.888565][T10182] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 360.888579][T10182] RIP: 0023:0xf7fd7579 [ 360.888608][T10182] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 360.888618][T10182] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 360.888628][T10182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000002284 [ 360.888635][T10182] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 360.888640][T10182] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 360.888646][T10182] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 360.888652][T10182] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 360.888662][T10182] [ 361.002780][ T13] net_ratelimit: 31 callbacks suppressed [ 361.002793][ T13] bond1: (slave macvlan2): failed to get link speed/duplex [ 361.003529][ T5950] Bluetooth: hci3: command 0x0406 tx timeout [ 361.110666][ T83] bond1: (slave macvlan2): failed to get link speed/duplex [ 361.220244][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 361.340316][ T1223] bond1: (slave macvlan2): failed to get link speed/duplex [ 361.450857][ T83] bond1: (slave macvlan2): failed to get link speed/duplex [ 361.560910][ T1223] bond1: (slave macvlan2): failed to get link speed/duplex [ 361.670710][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 361.781371][ T1223] bond1: (slave macvlan2): failed to get link speed/duplex [ 361.890666][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 362.000861][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 366.110633][ T96] net_ratelimit: 36 callbacks suppressed [ 366.110654][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 366.220515][ T83] bond1: (slave macvlan2): failed to get link speed/duplex [ 366.330922][ T83] bond1: (slave macvlan2): failed to get link speed/duplex [ 366.440140][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 366.560365][ T13] bond1: (slave macvlan2): failed to get link speed/duplex [ 366.680230][ T13] bond1: (slave macvlan2): failed to get link speed/duplex [ 366.800206][ T83] bond1: (slave macvlan2): failed to get link speed/duplex [ 366.920507][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 367.030460][ T96] bond1: (slave macvlan2): failed to get link speed/duplex [ 367.140587][ T13] bond1: (slave macvlan2): failed to get link speed/duplex VM DIAGNOSIS: 18:45:56 Registers: info registers vcpu 0 CPU#0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff852ca615 RDI=ffffffff9adebe40 RBP=ffffffff9adebe00 RSP=ffffc900074a7210 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff9adebe00 R15=ffffffff852ca5b0 RIP=ffffffff852ca63f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977e7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f54c5fac CR3=000000006c311000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000047f5dc RBX=0000000000000001 RCX=ffffffff8b61f2d9 RDX=ffffed1005666656 RSI=ffffffff8bf1d4c0 RDI=ffffffff81913bcd RBP=ffffed1003b5d490 RSP=ffffc9000046fde8 R8 =0000000000000000 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001 R12=0000000000000001 R13=ffff88801daea480 R14=ffffffff908358d0 R15=0000000000000000 RIP=ffffffff8b61dd8f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000056f5a4c0 CR3=00000000270b1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000004 00c800a400000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000002 RBX=ffff88802b242500 RCX=ffffffff81afd041 RDX=ffff8880236a8000 RSI=ffffffff81afd01b RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900230df810 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=dffffc0000000000 R13=ffffed10056484a1 R14=0000000000000001 R15=0000000000000000 RIP=ffffffff81bbd4a6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979e7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000005f44b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88802b53b6c0 RCX=ffffffff81afe793 RDX=ffff88801daac900 RSI=ffffffff81afe76d RDI=0000000000000005 RBP=ffffc9000044fcf8 RSP=ffffc9000044fba0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1c79e36 R12=1ffff92000089f7c R13=0000000000000002 R14=0000000000000001 R15=ffffed10056a76d9 RIP=ffffffff81afe773 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097ae7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000800000c0 CR3=000000006d88d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000004 00c800a400000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000