last executing test programs: 34.885241181s ago: executing program 2 (id=1250): r0 = socket$kcm(0x10, 0x2, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000061482f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close(0x3) socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000001680)={&(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000180)="c7", 0xff04}], 0x1, &(0x7f0000000040)=[@ip_retopts={{0x20, 0x84, 0x2}}], 0x20}, 0x0) 34.884858593s ago: executing program 2 (id=1252): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x7, [@struct={0x5, 0x1, 0x0, 0xf, 0x0, 0x5, [{0x9, 0x7, 0x2}]}]}, {0x0, [0x5f, 0x0, 0x0, 0x61, 0x61]}}, 0x0, 0x37, 0x0, 0x0, 0x8, 0x0, @void, @value}, 0x28) 34.834261306s ago: executing program 2 (id=1253): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000c00050006c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 34.83399445s ago: executing program 2 (id=1255): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10) socket$kcm(0x2, 0x5, 0x84) 34.779793326s ago: executing program 2 (id=1259): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x101, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1, 0xffffffffffffffff}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000880)={r2, &(0x7f0000000680), 0x0}, 0x20) 34.654010419s ago: executing program 2 (id=1266): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 2.374511709s ago: executing program 0 (id=2057): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="3400000010001fff000000000800000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100766574"], 0x34}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@newtaction={0x18, 0x31, 0x3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 2.374282118s ago: executing program 0 (id=2058): r0 = epoll_create1(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r2, r1, 0x4, r1}, 0x7) r3 = socket$unix(0x1, 0x1, 0x0) close(r3) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000340)={0x20000002}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz0\x00', 0x200002, 0x0) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe000000000000000800040001000000", 0x24) sendmsg$NFT_BATCH(r6, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0xa8, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x6}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x4}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_EXPRESSIONS={0x7c, 0x12, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x1}]}}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x1c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xd0}, 0x1, 0x0, 0x0, 0x24040015}, 0x5) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x2d, 0x9, 0x70bd27, 0x25dfdbfe, {0x5}, [@typed={0x8, 0xa, 0x0, 0x0, @uid}]}, 0x1c}}, 0x20000086) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000000)=ANY=[], 0x114}], 0x1, 0x0, 0x0, 0x800}, 0x48010) 2.305158484s ago: executing program 0 (id=2059): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x24, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xfff1}, {0x2, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4040040) 2.304819995s ago: executing program 0 (id=2060): r0 = epoll_create(0x8) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0xc, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x400) mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x200000a, 0x8012, r1, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0x5008, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000"], 0x0) syz_usb_disconnect(r3) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) 1.118168255s ago: executing program 1 (id=2063): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socket$kcm(0x10, 0x2, 0x4) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b23000d"], 0xffdd) 954.490093ms ago: executing program 1 (id=2064): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000017c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="33022dbd7000fcdbdf251b00000008000300", @ANYRES32=r1, @ANYBLOB="10002e800c0004"], 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x240048d4) 954.321886ms ago: executing program 1 (id=2065): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b050000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x16, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB="2600000000000000bf6530498f2fbf1456df42cb74f9d800000000", @ANYRES32, @ANYBLOB], 0x10) close(r0) close(r2) 954.255245ms ago: executing program 1 (id=2066): sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="74010000", @ANYRES16=0x0, @ANYBLOB], 0x174}, 0x1, 0x0, 0x0, 0xc0}, 0x81) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff07000700263a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) 896.708145ms ago: executing program 1 (id=2067): r0 = epoll_create1(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r2, r1, 0x4, r1}, 0x7) r3 = socket$unix(0x1, 0x1, 0x0) close(r3) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000340)={0x20000002}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz0\x00', 0x200002, 0x0) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe000000000000000800040001000000", 0x24) sendmsg$NFT_BATCH(r6, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0xa8, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x6}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x4}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_EXPRESSIONS={0x7c, 0x12, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x1}]}}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x1c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xd0}, 0x1, 0x0, 0x0, 0x24040015}, 0x5) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x2d, 0x9, 0x70bd27, 0x25dfdbfe, {0x5}, [@typed={0x8, 0xa, 0x0, 0x0, @uid}]}, 0x1c}}, 0x20000086) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000000)=ANY=[], 0x114}], 0x1, 0x0, 0x0, 0x800}, 0x48010) 835.173353ms ago: executing program 1 (id=2069): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) socket(0x28, 0x5, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(0xffffffffffffffff, 0x4) r0 = accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x800) recvfrom$unix(r0, &(0x7f0000000140)=""/231, 0x20000, 0x14142, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r1}, &(0x7f0000001c00), &(0x7f0000001c40)=r2}, 0x20) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000ff0100001000000001000000181100005c5fb22b2da07714f87e77543ef0876fc0661ada1562e531e0a1c9e3ff311f1afcf1d11bad5a9123a8b384c1eef81b41ecd77db2149909c9b9dcede01fcd21e52446307e2f04a762787cf88a12f2398e83914e1ac832319c12508b580c42bace9f398791217ece9f990c46700000802262f62aa19b2f8184f82236d37e0ede8eba68e9f925a89485fecf827a487acda8ad47f6ab19956b57d44c6e829f1bac357754f98b84839c0d279b2b", @ANYRES32], &(0x7f00000003c0)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x29, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94) r3 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r3, 0x29, 0x22, 0x0, 0x0) syz_usb_connect(0x0, 0x36, 0x0, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="4400000009060102000000ffffffde00000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c00028008000140e0004001de69e6f994419ae8ef404ec0f30c416df944effa0791f108164ffa5a32dac2777336a8f9c54b9d791b"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) 757.562067ms ago: executing program 0 (id=2070): socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000300)=@newtaction={0x5c, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0xec0, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000000c0)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]}) 703.85042ms ago: executing program 0 (id=2071): unshare(0x2040600) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) futex(0x0, 0x80000000000b, 0x4, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bc8900000000000035090100000000009500000000000000b7080000000000007b9a00fe00000000b509000000000000c3aaf0fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004608ebff76000000bf9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 334.812226ms ago: executing program 3 (id=2077): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000280)={0x3}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=ANY=[], 0x18}}, 0x20000000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000100)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 234.360009ms ago: executing program 3 (id=2078): ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_open_dev$tty1(0xc, 0x4, 0x2) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 65.151877ms ago: executing program 3 (id=2079): sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 64.984436ms ago: executing program 3 (id=2080): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x30, 0x10, 0x403, 0xffffffe4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x30}, 0x1, 0x0, 0x0, 0x600}, 0x0) 11.179346ms ago: executing program 3 (id=2081): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000023c0)="8ce2ad4d4f95e087a7", 0x9, 0x0, &(0x7f0000002400)={0x2, 0x0, @local}, 0x10) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x14}}, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$netlink(0x10, 0x3, 0x0) 0s ago: executing program 3 (id=2082): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, 0x0, 0x0) listen(r0, 0xfffffffd) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) writev(r2, &(0x7f0000003500)=[{&(0x7f00000035c0)="34325a3ec95335e2316325bc217474e55486f13461aa6d72f8ad90ba36f13758495616c22692c9888acd74c8141f760b360d963b2ea9defa4e0d04a1b08b1e9bca95a6fef2e1e2e3bcdf3fe633f09f44363b28eec64030d7269c6024f118efe0eaeda4ce2ffd74748748ea9e1f264a4efc5eb41bc90831fc6d70a3bb367f094dd21b1165959e0a48e43d1e01976a1b9b430e28acd780f7ea7bb157a161644979b927f6c7109538395a73f29cfbc4b79f775dc80ac55ec12ebf839793e3a665921c15820a20298addeb88eddabce5fcef43cc3e81dd4aa8a5f84a0f9f996f3705c0e88146b1e19b21aee9d4143adf57e60a482507714ac4d52d2d2160cdf2809ec84ec9d77d208fd5f432ec3b99343b90e4acc82033da76f34a63a14afae361533e1fcfa6af0a79632c6c794fc1ec142eac90249a1a805b5ed73226f01b33f95f41fb", 0x142}], 0x1) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000500)={0x0, 0x3, 0x9, 0x8, 0x9c1, 0x6, 0x4, 0x5, {0x0, @in={{0x2, 0x4e21, @broadcast}}, 0x4, 0xfffffffc, 0x6, 0x6, 0x1}}, &(0x7f0000000140)=0xb0) kernel console output (not intermixed with test programs): Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 109.801203][ T7246] Call Trace: [ 109.801206][ T7246] [ 109.801210][ T7246] dump_stack_lvl+0x16c/0x1f0 [ 109.801227][ T7246] should_fail_ex+0x512/0x640 [ 109.801253][ T7246] ? fs_reclaim_acquire+0xae/0x150 [ 109.801269][ T7246] ? tomoyo_encode2+0x100/0x3e0 [ 109.801282][ T7246] should_failslab+0xc2/0x120 [ 109.801294][ T7246] __kmalloc_noprof+0xd2/0x510 [ 109.801308][ T7246] tomoyo_encode2+0x100/0x3e0 [ 109.801323][ T7246] tomoyo_encode+0x29/0x50 [ 109.801335][ T7246] tomoyo_realpath_from_path+0x18f/0x6e0 [ 109.801350][ T7246] ? tomoyo_profile+0x47/0x60 [ 109.801366][ T7246] tomoyo_path_number_perm+0x245/0x580 [ 109.801376][ T7246] ? tomoyo_path_number_perm+0x237/0x580 [ 109.801388][ T7246] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 109.801400][ T7246] ? finish_task_switch.isra.0+0x221/0xc10 [ 109.801423][ T7246] ? find_held_lock+0x2b/0x80 [ 109.801431][ T7246] ? hook_file_ioctl_common+0x145/0x410 [ 109.801442][ T7246] ? __fget_files+0x204/0x3c0 [ 109.801458][ T7246] ? __fget_files+0x20e/0x3c0 [ 109.801472][ T7246] ? fput+0x20/0xf0 [ 109.801484][ T7246] security_file_ioctl_compat+0x9b/0x240 [ 109.801498][ T7246] __ia32_compat_sys_ioctl+0xc3/0x360 [ 109.801513][ T7246] __do_fast_syscall_32+0x73/0x120 [ 109.801528][ T7246] do_fast_syscall_32+0x32/0x80 [ 109.801541][ T7246] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 109.801553][ T7246] RIP: 0023:0xf711e579 [ 109.801562][ T7246] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 109.801571][ T7246] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 109.801581][ T7246] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 000000000000ae80 [ 109.801586][ T7246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.801592][ T7246] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 109.801597][ T7246] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 109.801602][ T7246] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.801614][ T7246] [ 109.801676][ T7246] ERROR: Out of memory at tomoyo_realpath_from_path. [ 110.596378][ T7265] fuse: Bad value for 'group_id' [ 110.598267][ T7265] fuse: Bad value for 'group_id' [ 111.007057][ T7272] lo speed is unknown, defaulting to 1000 [ 111.119028][ T7266] TCP: out of memory -- consider tuning tcp_mem [ 111.264067][ T7279] 9pnet: Unknown protocol version 9p200 [ 111.274293][ T7279] bridge_slave_0: left allmulticast mode [ 111.276293][ T7279] bridge_slave_0: left promiscuous mode [ 111.279188][ T7279] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.290115][ T7279] bridge_slave_1: left allmulticast mode [ 111.291986][ T7279] bridge_slave_1: left promiscuous mode [ 111.293973][ T7279] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.302496][ T7279] bond0: (slave bond_slave_0): Releasing backup interface [ 111.307294][ T7279] bond0: (slave bond_slave_1): Releasing backup interface [ 111.322614][ T7279] team0: Port device team_slave_0 removed [ 111.327869][ T7279] team0: Port device team_slave_1 removed [ 111.332023][ T7279] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.334473][ T7279] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.337813][ T7279] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.341344][ T7279] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.468710][ T7284] netlink: 4 bytes leftover after parsing attributes in process `syz.1.355'. [ 111.727954][ C1] TCP: out of memory -- consider tuning tcp_mem [ 111.738296][ T7290] lo speed is unknown, defaulting to 1000 [ 111.835799][ T7292] lo speed is unknown, defaulting to 1000 [ 112.285486][ T7297] netlink: 'syz.1.359': attribute type 1 has an invalid length. [ 112.289220][ T7297] netlink: 224 bytes leftover after parsing attributes in process `syz.1.359'. [ 112.397887][ T7301] tmpfs: Bad value for 'mpol' [ 112.850136][ T7312] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 113.401212][ T7325] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 113.728019][ C1] TCP: out of memory -- consider tuning tcp_mem [ 113.764864][ T7337] lo speed is unknown, defaulting to 1000 [ 114.348889][ T7348] lo speed is unknown, defaulting to 1000 [ 114.591809][ T7349] lo speed is unknown, defaulting to 1000 [ 116.447986][ C2] TCP: out of memory -- consider tuning tcp_mem [ 116.489355][ T7381] lo speed is unknown, defaulting to 1000 [ 116.558457][ T7379] lo speed is unknown, defaulting to 1000 [ 116.630839][ T7385] lo speed is unknown, defaulting to 1000 [ 116.937957][ C1] TCP: out of memory -- consider tuning tcp_mem [ 116.947453][ T7391] lo speed is unknown, defaulting to 1000 [ 117.262160][ T7398] mkiss: ax0: crc mode is auto. [ 117.799570][ T7420] netlink: 'syz.1.393': attribute type 1 has an invalid length. [ 117.802849][ T7420] netlink: 'syz.1.393': attribute type 2 has an invalid length. [ 117.937079][ T7420] netlink: 284 bytes leftover after parsing attributes in process `syz.1.393'. [ 118.230949][ T7430] lo speed is unknown, defaulting to 1000 [ 118.685598][ T7443] lo speed is unknown, defaulting to 1000 [ 118.889499][ T7449] lo speed is unknown, defaulting to 1000 [ 118.931462][ T7453] syzkaller0: entered promiscuous mode [ 118.933312][ T7453] syzkaller0: entered allmulticast mode [ 119.060384][ T40] audit: type=1800 audit(1746662713.698:2): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.402" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 119.375109][ T7467] mkiss: ax0: crc mode is auto. [ 119.571855][ T7468] syzkaller1: entered promiscuous mode [ 119.574237][ T7468] syzkaller1: entered allmulticast mode [ 120.048102][ T5951] Bluetooth: hci2: command 0x0406 tx timeout [ 121.303365][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.3.414'. [ 121.408000][ C1] TCP: out of memory -- consider tuning tcp_mem [ 121.407995][ C2] TCP: out of memory -- consider tuning tcp_mem [ 121.463031][ T7495] lo speed is unknown, defaulting to 1000 [ 121.540652][ T7489] lo speed is unknown, defaulting to 1000 [ 122.391818][ T40] audit: type=1326 audit(1746662717.028:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7521 comm="syz.0.423" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x0 [ 122.890464][ T7538] lo speed is unknown, defaulting to 1000 [ 123.024162][ T7542] lo speed is unknown, defaulting to 1000 [ 123.210983][ T7544] lo speed is unknown, defaulting to 1000 [ 123.672803][ T7553] lo speed is unknown, defaulting to 1000 [ 124.760637][ T7586] lo speed is unknown, defaulting to 1000 [ 124.942136][ T7585] lo speed is unknown, defaulting to 1000 [ 125.684158][ T7608] Driver unsupported XDP return value 0 on prog (id 64) dev N/A, expect packet loss! [ 125.887953][ C1] TCP: out of memory -- consider tuning tcp_mem [ 126.127262][ T7604] lo speed is unknown, defaulting to 1000 [ 126.191368][ T7611] lo speed is unknown, defaulting to 1000 [ 127.167056][ T7635] tipc: Started in network mode [ 127.168853][ T7635] tipc: Node identity 4000004, cluster identity 4711 [ 127.171032][ T7635] tipc: Node number set to 67108868 [ 128.163698][ T7642] lo speed is unknown, defaulting to 1000 [ 128.288000][ C1] TCP: out of memory -- consider tuning tcp_mem [ 128.403199][ T7645] lo speed is unknown, defaulting to 1000 [ 128.556861][ T7650] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 129.102105][ T7655] tipc: Started in network mode [ 129.103776][ T7655] tipc: Node identity 4000004, cluster identity 4711 [ 129.108215][ T7655] tipc: Node number set to 67108868 [ 129.897405][ T7673] lo speed is unknown, defaulting to 1000 [ 130.234519][ T7680] lo speed is unknown, defaulting to 1000 [ 130.929825][ T7692] lo speed is unknown, defaulting to 1000 [ 130.994509][ T7693] lo speed is unknown, defaulting to 1000 [ 130.997972][ C1] TCP: out of memory -- consider tuning tcp_mem [ 131.007942][ C1] TCP: out of memory -- consider tuning tcp_mem [ 131.997408][ T7711] usb 2-1: USB disconnect, device number 2 [ 132.398612][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.400828][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.819373][ T7717] hub 2-0:1.0: USB hub found [ 132.848079][ T7717] hub 2-0:1.0: 6 ports detected [ 132.906567][ T40] audit: type=1400 audit(1746662727.538:4): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=3A3A0AE10CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A552C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=7725 comm="syz.0.474" [ 133.076842][ T29] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 133.435182][ T7741] lo speed is unknown, defaulting to 1000 [ 133.535483][ T7743] lo speed is unknown, defaulting to 1000 [ 133.552231][ T29] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 133.556321][ T29] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 133.562694][ T29] usb 2-1: Product: QEMU USB Tablet [ 133.575602][ T7744] lo speed is unknown, defaulting to 1000 [ 133.628631][ T29] usb 2-1: Manufacturer: QEMU [ 133.631370][ T29] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 133.662171][ T29] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0002/input/input7 [ 133.737755][ T29] hid-generic 0003:0627:0001.0002: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 133.767417][ T7737] TCP: out of memory -- consider tuning tcp_mem [ 133.843061][ T7738] TCP: out of memory -- consider tuning tcp_mem [ 134.207957][ C2] TCP: out of memory -- consider tuning tcp_mem [ 134.462445][ T65] IPVS: starting estimator thread 0... [ 134.558105][ T7764] IPVS: using max 48 ests per chain, 115200 per kthread [ 135.857418][ T7787] lo speed is unknown, defaulting to 1000 [ 136.943815][ T7825] lo speed is unknown, defaulting to 1000 [ 138.267526][ T7856] netlink: 12 bytes leftover after parsing attributes in process `syz.1.497'. [ 138.271525][ T7856] netlink: 72 bytes leftover after parsing attributes in process `syz.1.497'. [ 138.405724][ T7859] lo speed is unknown, defaulting to 1000 [ 138.761996][ T7868] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 138.768884][ T7868] qnx6: wrong signature (magic) in superblock #1. [ 138.771581][ T7868] qnx6: unable to read the first superblock [ 138.961934][ T7877] FAULT_INJECTION: forcing a failure. [ 138.961934][ T7877] name failslab, interval 1, probability 0, space 0, times 0 [ 138.966792][ T7877] CPU: 2 UID: 0 PID: 7877 Comm: syz.0.501 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 138.966806][ T7877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 138.966812][ T7877] Call Trace: [ 138.966816][ T7877] [ 138.966820][ T7877] dump_stack_lvl+0x16c/0x1f0 [ 138.966837][ T7877] should_fail_ex+0x512/0x640 [ 138.966865][ T7877] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 138.966890][ T7877] should_failslab+0xc2/0x120 [ 138.966903][ T7877] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 138.966915][ T7877] ? __request_module+0x2cb/0x690 [ 138.966931][ T7877] kstrdup+0x53/0x100 [ 138.966945][ T7877] __request_module+0x2cb/0x690 [ 138.966958][ T7877] ? __pfx___request_module+0x10/0x10 [ 138.966977][ T7877] ? crypto_alg_lookup+0x113/0x1e0 [ 138.966991][ T7877] ? crypto_alg_mod_lookup+0x11e/0x520 [ 138.967004][ T7877] crypto_alg_mod_lookup+0x367/0x520 [ 138.967017][ T7877] crypto_type_has_alg+0x2c/0x80 [ 138.967031][ T7877] xfrm_probe_algs+0x7c/0x3f0 [ 138.967043][ T7877] pfkey_register+0xf9/0x910 [ 138.967052][ T7877] ? pfkey_broadcast+0x2af/0x460 [ 138.967061][ T7877] ? __pfx_pfkey_register+0x10/0x10 [ 138.967071][ T7877] pfkey_process+0x6d9/0x840 [ 138.967079][ T7877] ? __pfx___might_resched+0x10/0x10 [ 138.967092][ T7877] ? __pfx_pfkey_process+0x10/0x10 [ 138.967100][ T7877] ? trace_contention_end+0xdd/0x130 [ 138.967124][ T7877] ? __pfx_aa_sk_perm+0x10/0x10 [ 138.967138][ T7877] pfkey_sendmsg+0x435/0x850 [ 138.967149][ T7877] ____sys_sendmsg+0xa95/0xc70 [ 138.967163][ T7877] ? gfs2_create_inode+0x1c20/0x32c0 [ 138.967175][ T7877] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.967188][ T7877] ? get_compat_msghdr+0x11a/0x170 [ 138.967204][ T7877] ___sys_sendmsg+0x134/0x1d0 [ 138.967216][ T7877] ? __pfx____sys_sendmsg+0x10/0x10 [ 138.967244][ T7877] __sys_sendmsg+0x16d/0x220 [ 138.967254][ T7877] ? __pfx___sys_sendmsg+0x10/0x10 [ 138.967271][ T7877] ? rcu_is_watching+0x12/0xc0 [ 138.967282][ T7877] __do_fast_syscall_32+0x73/0x120 [ 138.967297][ T7877] do_fast_syscall_32+0x32/0x80 [ 138.967311][ T7877] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 138.967322][ T7877] RIP: 0023:0xf710e579 [ 138.967330][ T7877] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 138.967339][ T7877] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 138.967348][ T7877] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 138.967354][ T7877] RDX: 0000000004000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 138.967360][ T7877] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 138.967365][ T7877] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 138.967370][ T7877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 138.967383][ T7877] [ 139.607163][ T7926] netlink: 24 bytes leftover after parsing attributes in process `syz.3.506'. [ 140.737054][ T7953] lo speed is unknown, defaulting to 1000 [ 141.239432][ T7968] lo speed is unknown, defaulting to 1000 [ 142.762408][ T5954] Bluetooth: hci2: unexpected cc 0x2007 length: 100 > 2 [ 142.765847][ T5954] Bluetooth: hci2: unexpected event for opcode 0x2007 [ 143.017996][ T6291] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 143.230640][ T8003] lo speed is unknown, defaulting to 1000 [ 143.234327][ T6291] usb 7-1: Using ep0 maxpacket: 32 [ 143.261043][ T6291] usb 7-1: config 0 has an invalid interface number: 184 but max is 0 [ 143.278508][ T6291] usb 7-1: config 0 has no interface number 0 [ 143.281689][ T6291] usb 7-1: config 0 interface 184 has no altsetting 0 [ 143.348608][ T6291] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 143.351785][ T6291] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.354805][ T6291] usb 7-1: Product: syz [ 143.356187][ T6291] usb 7-1: Manufacturer: syz [ 143.357718][ T6291] usb 7-1: SerialNumber: syz [ 143.374201][ T6291] usb 7-1: config 0 descriptor?? [ 143.390420][ T6291] smsc75xx v1.0.0 [ 143.391921][ T6291] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 143.395999][ T6291] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -22 [ 143.581319][ T7987] netlink: 52 bytes leftover after parsing attributes in process `syz.2.522'. [ 143.590875][ T6291] usb 7-1: USB disconnect, device number 3 [ 143.807994][ C1] TCP: out of memory -- consider tuning tcp_mem [ 143.839918][ T8015] lo speed is unknown, defaulting to 1000 [ 143.885701][ T5951] Bluetooth: hci3: link tx timeout [ 143.887405][ T5951] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 143.979719][ T8013] Process accounting resumed [ 144.230408][ T8025] tipc: Started in network mode [ 144.232113][ T8025] tipc: Node identity 4000004, cluster identity 4711 [ 144.234288][ T8025] tipc: Node number set to 67108868 [ 144.521844][ T8031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.531'. [ 145.441451][ T8054] lo speed is unknown, defaulting to 1000 [ 145.512880][ T8060] openvswitch: netlink: Port 10289156 exceeds max allowable 65535 [ 145.699965][ T8061] lo speed is unknown, defaulting to 1000 [ 145.808034][ T5951] Bluetooth: hci0: command 0x0406 tx timeout [ 145.968612][ T5954] Bluetooth: hci3: command 0x0406 tx timeout [ 146.536897][ T8090] lo speed is unknown, defaulting to 1000 [ 146.788482][ T5945] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 146.791351][ T5945] Bluetooth: hci2: Injecting HCI hardware error event [ 146.795354][ T5945] Bluetooth: hci2: hardware error 0x00 [ 146.940725][ T8113] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 146.940773][ T8113] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 146.941170][ T8113] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 146.941206][ T8113] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 147.274895][ T8138] process 'syz.1.554' launched './file0' with NULL argv: empty string added [ 147.606191][ T8150] lo speed is unknown, defaulting to 1000 [ 147.647967][ C1] TCP: out of memory -- consider tuning tcp_mem [ 147.995468][ T8156] lo speed is unknown, defaulting to 1000 [ 148.337026][ T8165] FAULT_INJECTION: forcing a failure. [ 148.337026][ T8165] name failslab, interval 1, probability 0, space 0, times 0 [ 148.342003][ T8165] CPU: 2 UID: 0 PID: 8165 Comm: syz.1.557 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 148.342018][ T8165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.342024][ T8165] Call Trace: [ 148.342027][ T8165] [ 148.342031][ T8165] dump_stack_lvl+0x16c/0x1f0 [ 148.342049][ T8165] should_fail_ex+0x512/0x640 [ 148.342063][ T8165] ? fs_reclaim_acquire+0xae/0x150 [ 148.342079][ T8165] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 148.342092][ T8165] should_failslab+0xc2/0x120 [ 148.342104][ T8165] __kmalloc_noprof+0xd2/0x510 [ 148.342118][ T8165] tomoyo_realpath_from_path+0xc2/0x6e0 [ 148.342132][ T8165] ? tomoyo_profile+0x47/0x60 [ 148.342148][ T8165] tomoyo_path_number_perm+0x245/0x580 [ 148.342159][ T8165] ? tomoyo_path_number_perm+0x237/0x580 [ 148.342171][ T8165] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 148.342196][ T8165] ? find_held_lock+0x2b/0x80 [ 148.342205][ T8165] ? hook_file_ioctl_common+0x145/0x410 [ 148.342216][ T8165] ? __fget_files+0x204/0x3c0 [ 148.342233][ T8165] ? __fget_files+0x20e/0x3c0 [ 148.342246][ T8165] ? fput+0x20/0xf0 [ 148.342259][ T8165] security_file_ioctl_compat+0x9b/0x240 [ 148.342273][ T8165] __ia32_compat_sys_ioctl+0xc3/0x360 [ 148.342288][ T8165] __do_fast_syscall_32+0x73/0x120 [ 148.342303][ T8165] do_fast_syscall_32+0x32/0x80 [ 148.342317][ T8165] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 148.342329][ T8165] RIP: 0023:0xf711e579 [ 148.342337][ T8165] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 148.342346][ T8165] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 148.342356][ T8165] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080045510 [ 148.342362][ T8165] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 148.342367][ T8165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 148.342372][ T8165] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 148.342378][ T8165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 148.342390][ T8165] [ 148.342394][ T8165] ERROR: Out of memory at tomoyo_realpath_from_path. [ 148.566187][ T8155] TCP: out of memory -- consider tuning tcp_mem [ 148.589350][ T8175] lo speed is unknown, defaulting to 1000 [ 148.723609][ T8180] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 148.726492][ T8180] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 148.737575][ T8180] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 148.742641][ T8180] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 148.848084][ T5945] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 150.227239][ T8201] syzkaller0: entered promiscuous mode [ 150.229678][ T8201] syzkaller0: entered allmulticast mode [ 150.849713][ C1] TCP: out of memory -- consider tuning tcp_mem [ 151.216949][ T8210] lo speed is unknown, defaulting to 1000 [ 151.225865][ T8212] lo speed is unknown, defaulting to 1000 [ 151.648208][ T8223] lo speed is unknown, defaulting to 1000 [ 151.732589][ T8226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'. [ 151.791429][ T8226] loop6: detected capacity change from 0 to 524287999 [ 152.026325][ T40] audit: type=1326 audit(1746662746.658:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.043939][ T40] audit: type=1326 audit(1746662746.668:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.051082][ T40] audit: type=1326 audit(1746662746.668:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.058243][ T40] audit: type=1326 audit(1746662746.668:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.064902][ T40] audit: type=1326 audit(1746662746.668:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.071929][ T40] audit: type=1326 audit(1746662746.678:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.079053][ T40] audit: type=1326 audit(1746662746.678:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.086377][ T40] audit: type=1326 audit(1746662746.678:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=241 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.093594][ T40] audit: type=1326 audit(1746662746.678:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.100881][ T40] audit: type=1326 audit(1746662746.678:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.577" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 152.448802][ T8249] netlink: 256 bytes leftover after parsing attributes in process `syz.0.577'. [ 152.451768][ T8249] netlink: 56 bytes leftover after parsing attributes in process `syz.0.577'. [ 152.562370][ T8251] FAULT_INJECTION: forcing a failure. [ 152.562370][ T8251] name failslab, interval 1, probability 0, space 0, times 0 [ 152.566338][ T8251] CPU: 1 UID: 0 PID: 8251 Comm: syz.2.580 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 152.566363][ T8251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 152.566370][ T8251] Call Trace: [ 152.566374][ T8251] [ 152.566378][ T8251] dump_stack_lvl+0x16c/0x1f0 [ 152.566395][ T8251] should_fail_ex+0x512/0x640 [ 152.566409][ T8251] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 152.566426][ T8251] should_failslab+0xc2/0x120 [ 152.566438][ T8251] __kmalloc_cache_noprof+0x6a/0x3e0 [ 152.566453][ T8251] ? cgroup_dev_func_proto+0x16e/0x210 [ 152.566464][ T8251] ? do_check_common+0x1df/0xc2a0 [ 152.566474][ T8251] ? get_call_summary+0xf6/0x740 [ 152.566499][ T8251] do_check_common+0x1df/0xc2a0 [ 152.566520][ T8251] ? mark_fastcall_pattern_for_call+0x611/0x770 [ 152.566537][ T8251] ? __pfx_do_check_common+0x10/0x10 [ 152.566548][ T8251] ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10 [ 152.566564][ T8251] ? kfree+0x2b6/0x4d0 [ 152.566571][ T8251] ? bpf_check+0x6c86/0xb460 [ 152.566580][ T8251] ? bpf_check+0x7b2f/0xb460 [ 152.566591][ T8251] bpf_check+0x7f51/0xb460 [ 152.566611][ T8251] ? __pfx_bpf_check+0x10/0x10 [ 152.566626][ T8251] ? __lock_acquire+0xaa4/0x1ba0 [ 152.566639][ T8251] ? __pfx_verbose+0x10/0x10 [ 152.566653][ T8251] ? __pfx_disasm_kfunc_name+0x10/0x10 [ 152.566672][ T8251] ? find_held_lock+0x2b/0x80 [ 152.566684][ T8251] ? __asan_memset+0x23/0x50 [ 152.566699][ T8251] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 152.566713][ T8251] bpf_prog_load+0xe41/0x2490 [ 152.566729][ T8251] ? __pfx_bpf_prog_load+0x10/0x10 [ 152.566752][ T8251] ? bpf_lsm_bpf+0x9/0x10 [ 152.566763][ T8251] __sys_bpf+0x433c/0x4d80 [ 152.566778][ T8251] ? __pfx___sys_bpf+0x10/0x10 [ 152.566792][ T8251] ? ksys_write+0x190/0x240 [ 152.566803][ T8251] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 152.566824][ T8251] ? fput+0x70/0xf0 [ 152.566835][ T8251] ? ksys_write+0x1b9/0x240 [ 152.566844][ T8251] ? __pfx_ksys_write+0x10/0x10 [ 152.566855][ T8251] __ia32_sys_bpf+0x76/0xe0 [ 152.566869][ T8251] __do_fast_syscall_32+0x73/0x120 [ 152.566883][ T8251] do_fast_syscall_32+0x32/0x80 [ 152.566897][ T8251] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 152.566909][ T8251] RIP: 0023:0xf703e579 [ 152.566917][ T8251] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 152.566926][ T8251] RSP: 002b:00000000f4fec55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 152.566935][ T8251] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0 [ 152.566941][ T8251] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 152.566946][ T8251] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 152.566952][ T8251] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 152.566957][ T8251] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 152.566969][ T8251] [ 153.696221][ T8276] lo speed is unknown, defaulting to 1000 [ 154.232606][ T8290] (syz.0.587,8290,2):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 154.235811][ T8290] (syz.0.587,8290,2):ocfs2_fill_super:1177 ERROR: status = -22 [ 154.283751][ T8295] FAULT_INJECTION: forcing a failure. [ 154.283751][ T8295] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.288213][ T8295] CPU: 3 UID: 0 PID: 8295 Comm: syz.3.589 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 154.288227][ T8295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 154.288233][ T8295] Call Trace: [ 154.288237][ T8295] [ 154.288241][ T8295] dump_stack_lvl+0x16c/0x1f0 [ 154.288279][ T8295] should_fail_ex+0x512/0x640 [ 154.288302][ T8295] _copy_from_iter+0x2a4/0x15b0 [ 154.288318][ T8295] ? __alloc_skb+0x200/0x380 [ 154.288329][ T8295] ? __pfx__copy_from_iter+0x10/0x10 [ 154.288344][ T8295] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 154.288360][ T8295] netlink_sendmsg+0x829/0xdd0 [ 154.288374][ T8295] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.288386][ T8295] ? __import_iovec+0x1c8/0x660 [ 154.288403][ T8295] ____sys_sendmsg+0xa95/0xc70 [ 154.288418][ T8295] ? __pfx_____sys_sendmsg+0x10/0x10 [ 154.288431][ T8295] ? get_compat_msghdr+0x11a/0x170 [ 154.288447][ T8295] ___sys_sendmsg+0x134/0x1d0 [ 154.288458][ T8295] ? __pfx____sys_sendmsg+0x10/0x10 [ 154.288489][ T8295] __sys_sendmsg+0x16d/0x220 [ 154.288500][ T8295] ? __pfx___sys_sendmsg+0x10/0x10 [ 154.288516][ T8295] ? rcu_is_watching+0x12/0xc0 [ 154.288527][ T8295] __do_fast_syscall_32+0x73/0x120 [ 154.288542][ T8295] do_fast_syscall_32+0x32/0x80 [ 154.288555][ T8295] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 154.288567][ T8295] RIP: 0023:0xf70ee579 [ 154.288575][ T8295] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 154.288584][ T8295] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 154.288594][ T8295] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 154.288600][ T8295] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 154.288605][ T8295] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 154.288610][ T8295] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 154.288616][ T8295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 154.288628][ T8295] [ 154.373611][ T8298] lo speed is unknown, defaulting to 1000 [ 154.385243][ T5945] Bluetooth: hci0: adv larger than maximum supported [ 154.385273][ T5945] Bluetooth: hci0: Malformed LE Event: 0x0d [ 155.873391][ T8338] lo speed is unknown, defaulting to 1000 [ 156.063904][ T8342] lo speed is unknown, defaulting to 1000 [ 157.043806][ T8370] syz.3.606 (8370): /proc/8368/oom_adj is deprecated, please use /proc/8368/oom_score_adj instead. [ 157.075330][ T8370] Cannot find del_set index 0 as target [ 157.103352][ T8373] lo speed is unknown, defaulting to 1000 [ 158.030671][ T8397] lo speed is unknown, defaulting to 1000 [ 158.064632][ T8399] lo speed is unknown, defaulting to 1000 [ 158.370345][ T8403] lo speed is unknown, defaulting to 1000 [ 158.547188][ T8396] TCP: out of memory -- consider tuning tcp_mem [ 159.063706][ T99] Bluetooth: hci4: Frame reassembly failed (-84) [ 159.066005][ T99] Bluetooth: hci4: Frame reassembly failed (-84) [ 159.069092][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 159.146349][ T8422] lo speed is unknown, defaulting to 1000 [ 159.396866][ T8425] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.400283][ T8425] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.402712][ T8425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.418475][ T8442] lo speed is unknown, defaulting to 1000 [ 161.088107][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 161.105888][ T8451] netlink: 36 bytes leftover after parsing attributes in process `syz.3.626'. [ 161.110037][ T8451] netlink: 16 bytes leftover after parsing attributes in process `syz.3.626'. [ 161.114035][ T8451] netlink: 36 bytes leftover after parsing attributes in process `syz.3.626'. [ 161.119056][ T8451] netlink: 36 bytes leftover after parsing attributes in process `syz.3.626'. [ 161.255551][ T8455] lo speed is unknown, defaulting to 1000 [ 161.818022][ C1] TCP: out of memory -- consider tuning tcp_mem [ 161.940692][ T8454] TCP: out of memory -- consider tuning tcp_mem [ 162.102831][ T8470] lo speed is unknown, defaulting to 1000 [ 162.525113][ T8490] batadv_slave_0: entered promiscuous mode [ 163.719886][ T8511] netlink: 12 bytes leftover after parsing attributes in process `syz.3.643'. [ 163.817001][ T8515] ======================================================= [ 163.817001][ T8515] WARNING: The mand mount option has been deprecated and [ 163.817001][ T8515] and is ignored by this kernel. Remove the mand [ 163.817001][ T8515] option from the mount to silence this warning. [ 163.817001][ T8515] ======================================================= [ 164.352416][ T8522] lo speed is unknown, defaulting to 1000 [ 164.835510][ T8530] netlink: 'syz.1.649': attribute type 1 has an invalid length. [ 165.562685][ T8543] lo speed is unknown, defaulting to 1000 [ 165.673189][ T8546] lo speed is unknown, defaulting to 1000 [ 166.412501][ T8563] lo speed is unknown, defaulting to 1000 [ 166.487012][ T8566] syz.1.655: attempt to access beyond end of device [ 166.487012][ T8566] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 166.491341][ T8566] syz.1.655: attempt to access beyond end of device [ 166.491341][ T8566] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 166.498709][ T8566] Mount JFS Failure: -5 [ 166.512785][ T8566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.655'. [ 166.542813][ T8549] orangefs_mount: mount request failed with -4 [ 167.007958][ C0] TCP: out of memory -- consider tuning tcp_mem [ 167.018911][ T8579] lo speed is unknown, defaulting to 1000 [ 167.197945][ C1] TCP: out of memory -- consider tuning tcp_mem [ 167.248078][ C1] TCP: out of memory -- consider tuning tcp_mem [ 167.310225][ T8584] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 167.521731][ T8576] TCP: out of memory -- consider tuning tcp_mem [ 167.912930][ T8617] netlink: 'syz.2.667': attribute type 10 has an invalid length. [ 167.916923][ T8617] FAULT_INJECTION: forcing a failure. [ 167.916923][ T8617] name failslab, interval 1, probability 0, space 0, times 0 [ 167.928036][ T8617] CPU: 2 UID: 0 PID: 8617 Comm: syz.2.667 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 167.928051][ T8617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 167.928057][ T8617] Call Trace: [ 167.928061][ T8617] [ 167.928065][ T8617] dump_stack_lvl+0x16c/0x1f0 [ 167.928083][ T8617] should_fail_ex+0x512/0x640 [ 167.928097][ T8617] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 167.928110][ T8617] should_failslab+0xc2/0x120 [ 167.928122][ T8617] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 167.928154][ T8617] ? lockdep_rtnl_is_held+0x26/0x40 [ 167.928170][ T8617] ? fib_table_insert+0x765/0x1c40 [ 167.928182][ T8617] fib_table_insert+0x765/0x1c40 [ 167.928199][ T8617] ? __pfx_fib_table_insert+0x10/0x10 [ 167.928207][ T8617] ? __lock_acquire+0xaa4/0x1ba0 [ 167.928224][ T8617] ? find_held_lock+0x2b/0x80 [ 167.928237][ T8617] ? fib_magic+0x4d4/0x5c0 [ 167.928247][ T8617] fib_magic+0x4d4/0x5c0 [ 167.928258][ T8617] ? __pfx_fib_magic+0x10/0x10 [ 167.928274][ T8617] ? lockdep_rtnl_is_held+0x26/0x40 [ 167.928287][ T8617] ? ip_mc_up+0x1b0/0x3b0 [ 167.928299][ T8617] fib_add_ifaddr+0x3a1/0x580 [ 167.928314][ T8617] fib_netdev_event+0x38a/0x710 [ 167.928328][ T8617] notifier_call_chain+0xb9/0x410 [ 167.928347][ T8617] ? __pfx_fib_netdev_event+0x10/0x10 [ 167.928362][ T8617] call_netdevice_notifiers_info+0xbe/0x140 [ 167.928377][ T8617] netif_open+0x142/0x160 [ 167.928387][ T8617] ? __pfx_netif_open+0x10/0x10 [ 167.928397][ T8617] ? __kmalloc_noprof+0x242/0x510 [ 167.928421][ T8617] dev_open+0xb2/0x260 [ 167.928434][ T8617] team_add_slave+0xaf0/0x21a0 [ 167.928449][ T8617] ? __pfx_team_add_slave+0x10/0x10 [ 167.928458][ T8617] ? __pfx___dev_change_flags+0x10/0x10 [ 167.928468][ T8617] ? validate_linkmsg+0x57c/0xb60 [ 167.928478][ T8617] ? lock_acquire+0x179/0x350 [ 167.928491][ T8617] ? __pfx_team_add_slave+0x10/0x10 [ 167.928501][ T8617] do_set_master+0x40c/0x730 [ 167.928510][ T8617] ? netif_change_flags+0x50/0x160 [ 167.928521][ T8617] do_setlink.constprop.0+0xe66/0x44b0 [ 167.928537][ T8617] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 167.928550][ T8617] ? __bpf_trace_contention_end+0xc9/0x110 [ 167.928564][ T8617] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 167.928579][ T8617] ? __pfx___mutex_trylock_common+0x10/0x10 [ 167.928594][ T8617] ? rcu_is_watching+0x12/0xc0 [ 167.928603][ T8617] ? trace_contention_end+0xdd/0x130 [ 167.928616][ T8617] ? __mutex_lock+0x1ca/0xb90 [ 167.928629][ T8617] ? rcu_is_watching+0x12/0xc0 [ 167.928638][ T8617] ? rtnl_newlink+0x600/0x2000 [ 167.928647][ T8617] ? trace_cap_capable+0x18d/0x200 [ 167.928657][ T8617] ? __pfx___mutex_lock+0x10/0x10 [ 167.928670][ T8617] ? apparmor_capable+0x114/0x1d0 [ 167.928685][ T8617] ? netlink_ns_capable+0xfa/0x130 [ 167.928698][ T8617] rtnl_newlink+0x1446/0x2000 [ 167.928714][ T8617] ? __pfx_rtnl_newlink+0x10/0x10 [ 167.928726][ T8617] ? kasan_quarantine_put+0x10a/0x240 [ 167.928736][ T8617] ? lockdep_hardirqs_on+0x7c/0x110 [ 167.928751][ T8617] ? kfree_skbmem+0x1a4/0x1f0 [ 167.928766][ T8617] ? __lock_acquire+0x5ca/0x1ba0 [ 167.928780][ T8617] ? rcu_is_watching+0x12/0xc0 [ 167.928788][ T8617] ? trace_cap_capable+0x18d/0x200 [ 167.928801][ T8617] ? find_held_lock+0x2b/0x80 [ 167.928809][ T8617] ? __pfx_rtnl_newlink+0x10/0x10 [ 167.928819][ T8617] ? __pfx_rtnl_newlink+0x10/0x10 [ 167.928829][ T8617] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 167.928841][ T8617] ? __pfx_rtnl_newlink+0x10/0x10 [ 167.928852][ T8617] rtnetlink_rcv_msg+0x95b/0xe90 [ 167.928864][ T8617] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 167.928882][ T8617] netlink_rcv_skb+0x16a/0x440 [ 167.928894][ T8617] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 167.928906][ T8617] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 167.928925][ T8617] ? netlink_deliver_tap+0x1ae/0xd30 [ 167.928939][ T8617] netlink_unicast+0x53a/0x7f0 [ 167.928952][ T8617] ? __pfx_netlink_unicast+0x10/0x10 [ 167.928967][ T8617] netlink_sendmsg+0x8d1/0xdd0 [ 167.928981][ T8617] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.928994][ T8617] ? __import_iovec+0x1c8/0x660 [ 167.929011][ T8617] ____sys_sendmsg+0xa95/0xc70 [ 167.929026][ T8617] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.929039][ T8617] ? get_compat_msghdr+0x11a/0x170 [ 167.929055][ T8617] ___sys_sendmsg+0x134/0x1d0 [ 167.929067][ T8617] ? __pfx____sys_sendmsg+0x10/0x10 [ 167.929095][ T8617] __sys_sendmsg+0x16d/0x220 [ 167.929105][ T8617] ? __pfx___sys_sendmsg+0x10/0x10 [ 167.929122][ T8617] ? rcu_is_watching+0x12/0xc0 [ 167.929132][ T8617] __do_fast_syscall_32+0x73/0x120 [ 167.929147][ T8617] do_fast_syscall_32+0x32/0x80 [ 167.929161][ T8617] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 167.929173][ T8617] RIP: 0023:0xf703e579 [ 167.929181][ T8617] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 167.929190][ T8617] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 167.929199][ T8617] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 167.929204][ T8617] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 167.929210][ T8617] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 167.929215][ T8617] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 167.929220][ T8617] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 167.929232][ T8617] [ 167.931685][ T8617] team0: Device ipvlan1 failed to register rx_handler [ 168.720355][ T6291] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 168.848072][ T6291] usb 5-1: device descriptor read/64, error -71 [ 168.898671][ T8643] syz.2.671: attempt to access beyond end of device [ 168.898671][ T8643] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 168.902885][ T8643] syz.2.671: attempt to access beyond end of device [ 168.902885][ T8643] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 168.907014][ T8643] Mount JFS Failure: -5 [ 168.937879][ T8643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.671'. [ 169.098170][ T6291] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 169.248021][ T6291] usb 5-1: device descriptor read/64, error -71 [ 169.261056][ T8648] lo speed is unknown, defaulting to 1000 [ 169.358234][ T6291] usb usb5-port1: attempt power cycle [ 169.526748][ T8651] FAULT_INJECTION: forcing a failure. [ 169.526748][ T8651] name failslab, interval 1, probability 0, space 0, times 0 [ 169.532500][ T8651] CPU: 1 UID: 0 PID: 8651 Comm: syz.2.672 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 169.532523][ T8651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.532533][ T8651] Call Trace: [ 169.532540][ T8651] [ 169.532547][ T8651] dump_stack_lvl+0x16c/0x1f0 [ 169.532575][ T8651] should_fail_ex+0x512/0x640 [ 169.532597][ T8651] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 169.532625][ T8651] should_failslab+0xc2/0x120 [ 169.532646][ T8651] __kmalloc_cache_noprof+0x6a/0x3e0 [ 169.532672][ T8651] ? uprobe_register+0x17c/0xb60 [ 169.532697][ T8651] uprobe_register+0x17c/0xb60 [ 169.532725][ T8651] bpf_uprobe_multi_link_attach+0x8ea/0x1070 [ 169.532760][ T8651] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 169.532782][ T8651] ? __fget_files+0x20e/0x3c0 [ 169.532811][ T8651] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 169.532836][ T8651] __sys_bpf+0x3fb6/0x4d80 [ 169.532858][ T8651] ? __pfx___sys_bpf+0x10/0x10 [ 169.532880][ T8651] ? ksys_write+0x190/0x240 [ 169.532899][ T8651] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 169.532936][ T8651] ? fput+0x70/0xf0 [ 169.532955][ T8651] ? ksys_write+0x1b9/0x240 [ 169.532969][ T8651] ? __pfx_ksys_write+0x10/0x10 [ 169.532989][ T8651] __ia32_sys_bpf+0x76/0xe0 [ 169.533013][ T8651] __do_fast_syscall_32+0x73/0x120 [ 169.533035][ T8651] do_fast_syscall_32+0x32/0x80 [ 169.533058][ T8651] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 169.533078][ T8651] RIP: 0023:0xf703e579 [ 169.533091][ T8651] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 169.533105][ T8651] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 169.533121][ T8651] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00000000800005c0 [ 169.533130][ T8651] RDX: 000000000000003c RSI: 0000000000000000 RDI: 0000000000000000 [ 169.533137][ T8651] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 169.533145][ T8651] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 169.533153][ T8651] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 169.533187][ T8651] [ 169.717985][ T6291] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 169.738662][ T6291] usb 5-1: device descriptor read/8, error -71 [ 169.866271][ T8657] lo speed is unknown, defaulting to 1000 [ 170.049270][ T6291] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 170.068503][ T6291] usb 5-1: device descriptor read/8, error -71 [ 170.125908][ T8663] lo speed is unknown, defaulting to 1000 [ 170.178261][ T6291] usb usb5-port1: unable to enumerate USB device [ 170.208159][ T5945] Bluetooth: hci1: command 0x0406 tx timeout [ 170.315292][ T8669] FAULT_INJECTION: forcing a failure. [ 170.315292][ T8669] name failslab, interval 1, probability 0, space 0, times 0 [ 170.320422][ T8669] CPU: 0 UID: 0 PID: 8669 Comm: syz.3.677 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 170.320436][ T8669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 170.320441][ T8669] Call Trace: [ 170.320446][ T8669] [ 170.320463][ T8669] dump_stack_lvl+0x16c/0x1f0 [ 170.320480][ T8669] should_fail_ex+0x512/0x640 [ 170.320494][ T8669] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 170.320507][ T8669] should_failslab+0xc2/0x120 [ 170.320519][ T8669] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 170.320529][ T8669] ? __lock_acquire+0xaa4/0x1ba0 [ 170.320541][ T8669] ? __break_lease+0xce/0x1810 [ 170.320556][ T8669] __break_lease+0xce/0x1810 [ 170.320571][ T8669] ? __pfx___break_lease+0x10/0x10 [ 170.320585][ T8669] ? mnt_get_write_access+0x54/0x300 [ 170.320598][ T8669] ? mnt_get_write_access+0x20c/0x300 [ 170.320616][ T8669] vfs_truncate+0x4d3/0x6e0 [ 170.320628][ T8669] ? __pfx_vfs_truncate+0x10/0x10 [ 170.320638][ T8669] ? putname+0x154/0x1a0 [ 170.320651][ T8669] __ia32_compat_sys_truncate+0x171/0x1e0 [ 170.320662][ T8669] ? __pfx___ia32_compat_sys_truncate+0x10/0x10 [ 170.320677][ T8669] do_int80_emulation+0x104/0x200 [ 170.320692][ T8669] asm_int80_emulation+0x1a/0x20 [ 170.320703][ T8669] RIP: 0023:0xf70ee579 [ 170.320711][ T8669] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 170.320720][ T8669] RSP: 002b:00000000f505855c EFLAGS: 00000296 ORIG_RAX: 000000000000005c [ 170.320729][ T8669] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000000000000 [ 170.320735][ T8669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 170.320740][ T8669] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 170.320746][ T8669] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 170.320751][ T8669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 170.320763][ T8669] [ 171.847514][ T8692] lo speed is unknown, defaulting to 1000 [ 172.389515][ T8702] netlink: 36 bytes leftover after parsing attributes in process `syz.1.688'. [ 172.398139][ T8702] netlink: 16 bytes leftover after parsing attributes in process `syz.1.688'. [ 172.402471][ T8702] netlink: 36 bytes leftover after parsing attributes in process `syz.1.688'. [ 172.408027][ T8702] netlink: 36 bytes leftover after parsing attributes in process `syz.1.688'. [ 172.477769][ T8708] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.664204][ T8714] lo speed is unknown, defaulting to 1000 [ 174.653199][ T8740] lo speed is unknown, defaulting to 1000 [ 174.997252][ T8751] lo speed is unknown, defaulting to 1000 [ 175.670810][ T8762] lo speed is unknown, defaulting to 1000 [ 176.128534][ T8772] program syz.1.708 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 176.496258][ T8777] FAULT_INJECTION: forcing a failure. [ 176.496258][ T8777] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 176.502331][ T8777] CPU: 3 UID: 0 PID: 8777 Comm: syz.3.707 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 176.502345][ T8777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 176.502351][ T8777] Call Trace: [ 176.502355][ T8777] [ 176.502360][ T8777] dump_stack_lvl+0x16c/0x1f0 [ 176.502377][ T8777] should_fail_ex+0x512/0x640 [ 176.502393][ T8777] should_fail_alloc_page+0xe7/0x130 [ 176.502419][ T8777] prepare_alloc_pages+0x3c2/0x610 [ 176.502434][ T8777] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 176.502447][ T8777] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 176.502465][ T8777] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 176.502476][ T8777] ? find_held_lock+0x2b/0x80 [ 176.502493][ T8777] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 176.502507][ T8777] ? policy_nodemask+0xea/0x4e0 [ 176.502520][ T8777] alloc_pages_mpol+0x1fb/0x550 [ 176.502532][ T8777] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 176.502546][ T8777] ? do_raw_spin_unlock+0x172/0x230 [ 176.502561][ T8777] ? _raw_spin_unlock+0x28/0x50 [ 176.502577][ T8777] folio_alloc_mpol_noprof+0x36/0x2f0 [ 176.502593][ T8777] alloc_migration_target_by_mpol+0x246/0x490 [ 176.502610][ T8777] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 176.502624][ T8777] ? __pfx_invalid_migration_vma+0x10/0x10 [ 176.502638][ T8777] ? __pfx___might_resched+0x10/0x10 [ 176.502649][ T8777] ? folio_unlock+0x7d/0xd0 [ 176.502660][ T8777] migrate_pages_batch+0x3bc/0x31a0 [ 176.502676][ T8777] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 176.502694][ T8777] ? __pfx_migrate_pages_batch+0x10/0x10 [ 176.502710][ T8777] ? __pfx___schedule+0x10/0x10 [ 176.502722][ T8777] migrate_pages_sync+0x12d/0x8a0 [ 176.502736][ T8777] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 176.502752][ T8777] ? rcu_is_watching+0x12/0xc0 [ 176.502761][ T8777] ? __pfx_migrate_pages_sync+0x10/0x10 [ 176.502778][ T8777] ? migrate_pages+0x2aa/0x2350 [ 176.502792][ T8777] migrate_pages+0x1b28/0x2350 [ 176.502806][ T8777] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 176.502823][ T8777] ? __pfx_migrate_pages+0x10/0x10 [ 176.502838][ T8777] ? find_held_lock+0x2b/0x80 [ 176.502850][ T8777] ? up_write+0x1b2/0x520 [ 176.502864][ T8777] do_mbind+0x6f0/0xf30 [ 176.502882][ T8777] ? __pfx_do_mbind+0x10/0x10 [ 176.502894][ T8777] ? find_held_lock+0x2b/0x80 [ 176.502902][ T8777] ? ksys_write+0x190/0x240 [ 176.502917][ T8777] ? __pfx_get_nodes+0x10/0x10 [ 176.502927][ T8777] ? __fget_files+0x20e/0x3c0 [ 176.502941][ T8777] ? __rcu_read_unlock+0x250/0x580 [ 176.502955][ T8777] kernel_mbind+0x1e3/0x1f0 [ 176.502969][ T8777] ? __pfx_kernel_mbind+0x10/0x10 [ 176.502984][ T8777] ? rcu_is_watching+0x12/0xc0 [ 176.502994][ T8777] __do_fast_syscall_32+0x73/0x120 [ 176.503008][ T8777] do_fast_syscall_32+0x32/0x80 [ 176.503022][ T8777] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 176.503034][ T8777] RIP: 0023:0xf70ee579 [ 176.503042][ T8777] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 176.503051][ T8777] RSP: 002b:00000000f508b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000112 [ 176.503060][ T8777] RAX: ffffffffffffffda RBX: 0000000080001000 RCX: 0000000000800000 [ 176.503066][ T8777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 176.503071][ T8777] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 176.503076][ T8777] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 176.503082][ T8777] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 176.503094][ T8777] [ 176.753078][ T8783] bridge0: port 4(vlan2) entered blocking state [ 176.755232][ T8783] bridge0: port 4(vlan2) entered disabled state [ 176.757374][ T8783] vlan2: entered allmulticast mode [ 176.763555][ T8783] bridge0: entered allmulticast mode [ 176.766393][ T8783] vlan2: left allmulticast mode [ 176.768393][ T8783] bridge0: left allmulticast mode [ 177.405559][ T8789] lo speed is unknown, defaulting to 1000 [ 177.762581][ T8799] lo speed is unknown, defaulting to 1000 [ 178.188136][ T8808] lo speed is unknown, defaulting to 1000 [ 179.029329][ T8828] syz.1.723: attempt to access beyond end of device [ 179.029329][ T8828] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 179.033772][ T8828] syz.1.723: attempt to access beyond end of device [ 179.033772][ T8828] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 179.038577][ T8828] Mount JFS Failure: -5 [ 179.085867][ T8827] netlink: 8 bytes leftover after parsing attributes in process `syz.1.723'. [ 180.116720][ T8846] lo speed is unknown, defaulting to 1000 [ 180.262357][ T8851] team_slave_0: entered promiscuous mode [ 180.264796][ T8851] team_slave_0: left promiscuous mode [ 181.123266][ T8856] lo speed is unknown, defaulting to 1000 [ 182.064182][ T8893] lo speed is unknown, defaulting to 1000 [ 182.380725][ T8900] lo speed is unknown, defaulting to 1000 [ 182.836441][ T8907] lo speed is unknown, defaulting to 1000 [ 183.112192][ T8911] syz.1.742: attempt to access beyond end of device [ 183.112192][ T8911] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 183.128826][ T8911] syz.1.742: attempt to access beyond end of device [ 183.128826][ T8911] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 183.152374][ T8911] Mount JFS Failure: -5 [ 183.177265][ T8915] netlink: 8 bytes leftover after parsing attributes in process `syz.1.742'. [ 184.480789][ T8930] lo speed is unknown, defaulting to 1000 [ 184.728118][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 184.899138][ T9] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 184.913112][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 184.918503][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 184.922809][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 184.929812][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 184.936086][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 184.941610][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 184.955860][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 184.960175][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 184.965308][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 184.979467][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 184.984952][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 184.990961][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.002043][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.006244][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.011768][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.025404][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.034809][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.041341][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.047377][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.050527][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.054400][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.060732][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.063619][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.067262][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.075220][ T9] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 185.078389][ T9] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 185.081180][ T9] usb 5-1: Product: syz [ 185.082643][ T9] usb 5-1: Manufacturer: syz [ 185.084168][ T9] usb 5-1: SerialNumber: syz [ 185.089206][ T9] usb 5-1: config 0 descriptor?? [ 185.097685][ T9] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 185.417783][ T8944] lo speed is unknown, defaulting to 1000 [ 186.435071][ T8949] lo speed is unknown, defaulting to 1000 [ 186.449363][ T8951] team_slave_0: entered promiscuous mode [ 186.451779][ T8951] batadv0: entered promiscuous mode [ 186.453995][ T8951] hsr1: Slave A (team_slave_0) is not up; please bring it up to get a fully working HSR network [ 187.437333][ T8967] syz.3.756: attempt to access beyond end of device [ 187.437333][ T8967] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 187.443999][ T8967] syz.3.756: attempt to access beyond end of device [ 187.443999][ T8967] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 187.450369][ T8967] Mount JFS Failure: -5 [ 187.455575][ T8967] netlink: 8 bytes leftover after parsing attributes in process `syz.3.756'. [ 187.559709][ T835] usb 5-1: USB disconnect, device number 7 [ 187.598418][ T835] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 188.051109][ T8976] lo speed is unknown, defaulting to 1000 [ 188.972236][ T8987] lo speed is unknown, defaulting to 1000 [ 189.103235][ T8989] lo speed is unknown, defaulting to 1000 [ 189.565159][ T8993] team_slave_0: entered promiscuous mode [ 189.567808][ T8993] team_slave_0: left promiscuous mode [ 190.041103][ T9005] lo speed is unknown, defaulting to 1000 [ 190.352777][ T9011] syz.1.766: attempt to access beyond end of device [ 190.352777][ T9011] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 190.356927][ T9011] syz.1.766: attempt to access beyond end of device [ 190.356927][ T9011] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 190.361229][ T9011] Mount JFS Failure: -5 [ 190.403902][ T9014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.766'. [ 190.424592][ T9013] lo speed is unknown, defaulting to 1000 [ 191.456689][ T9035] lo speed is unknown, defaulting to 1000 [ 192.475817][ T9041] lo speed is unknown, defaulting to 1000 [ 192.763588][ T9050] lo speed is unknown, defaulting to 1000 [ 193.534156][ T9063] syz.2.779: attempt to access beyond end of device [ 193.534156][ T9063] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 193.538566][ T9063] syz.2.779: attempt to access beyond end of device [ 193.538566][ T9063] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 193.542769][ T9063] Mount JFS Failure: -5 [ 193.658151][ T9060] netlink: 8 bytes leftover after parsing attributes in process `syz.2.779'. [ 193.686124][ T9057] lo speed is unknown, defaulting to 1000 [ 193.747556][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.750534][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.845411][ T9066] siw: device registration error -23 [ 193.912161][ T9070] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 167772176, id = 0 [ 194.844676][ T9086] lo speed is unknown, defaulting to 1000 [ 195.071981][ T9088] lo speed is unknown, defaulting to 1000 [ 195.939220][ T9100] lo speed is unknown, defaulting to 1000 [ 196.834667][ T9110] lo speed is unknown, defaulting to 1000 [ 197.675597][ T9119] lo speed is unknown, defaulting to 1000 [ 198.346994][ T9131] lo speed is unknown, defaulting to 1000 [ 198.849398][ T9136] lo speed is unknown, defaulting to 1000 [ 200.045595][ T9149] lo speed is unknown, defaulting to 1000 [ 200.174472][ T9156] lo speed is unknown, defaulting to 1000 [ 200.887277][ T9177] lo speed is unknown, defaulting to 1000 [ 202.067668][ T9190] lo speed is unknown, defaulting to 1000 [ 202.619927][ T9195] lo speed is unknown, defaulting to 1000 [ 203.521644][ T9204] lo speed is unknown, defaulting to 1000 [ 203.684847][ T9206] lo speed is unknown, defaulting to 1000 [ 204.119532][ T9222] lo speed is unknown, defaulting to 1000 [ 204.803408][ T9233] lo speed is unknown, defaulting to 1000 [ 205.779710][ T9238] lo speed is unknown, defaulting to 1000 [ 206.618668][ T9251] lo speed is unknown, defaulting to 1000 [ 206.977497][ T9247] lo speed is unknown, defaulting to 1000 [ 207.687146][ T9267] lo speed is unknown, defaulting to 1000 [ 208.345017][ T9272] lo speed is unknown, defaulting to 1000 [ 209.322735][ T9286] lo speed is unknown, defaulting to 1000 [ 209.879039][ T9290] lo speed is unknown, defaulting to 1000 [ 210.503702][ T9305] lo speed is unknown, defaulting to 1000 [ 210.964959][ T9316] lo speed is unknown, defaulting to 1000 [ 211.206781][ T9315] syz.2.838: attempt to access beyond end of device [ 211.206781][ T9315] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 211.215073][ T9315] syz.2.838: attempt to access beyond end of device [ 211.215073][ T9315] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 211.219786][ T9315] Mount JFS Failure: -5 [ 211.302767][ T9315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.838'. [ 212.141115][ T9331] lo speed is unknown, defaulting to 1000 [ 213.625118][ T9347] lo speed is unknown, defaulting to 1000 [ 214.123502][ T9353] 9pnet: Unknown protocol version 9p200 [ 214.137831][ T9353] bridge_slave_0: left allmulticast mode [ 214.140465][ T9353] bridge_slave_0: left promiscuous mode [ 214.142439][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.147730][ T9353] bridge_slave_1: left allmulticast mode [ 214.149881][ T9353] bridge_slave_1: left promiscuous mode [ 214.151912][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.161913][ T9353] bond0: (slave bond_slave_0): Releasing backup interface [ 214.171528][ T9353] bond0: (slave bond_slave_1): Releasing backup interface [ 214.197157][ T9353] team0: Port device team_slave_0 removed [ 214.206484][ T9353] team0: Port device team_slave_1 removed [ 214.210791][ T9353] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.213857][ T9353] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.217889][ T9353] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.220785][ T9353] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.227855][ T9353] bond1: left promiscuous mode [ 214.230806][ T9353] bridge0: port 3(bond1) entered disabled state [ 214.332507][ T9353] netlink: 4 bytes leftover after parsing attributes in process `syz.3.849'. [ 214.648219][ T9363] lo speed is unknown, defaulting to 1000 [ 214.949284][ T9368] lo speed is unknown, defaulting to 1000 [ 215.045085][ T9374] syz.3.853: attempt to access beyond end of device [ 215.045085][ T9374] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 215.049469][ T9374] syz.3.853: attempt to access beyond end of device [ 215.049469][ T9374] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 215.053563][ T9374] Mount JFS Failure: -5 [ 215.062589][ T9374] netlink: 8 bytes leftover after parsing attributes in process `syz.3.853'. [ 215.745807][ T9389] lo speed is unknown, defaulting to 1000 [ 216.343509][ T9399] syz.1.858: attempt to access beyond end of device [ 216.343509][ T9399] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 216.354556][ T9399] syz.1.858: attempt to access beyond end of device [ 216.354556][ T9399] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 216.370118][ T9399] Mount JFS Failure: -5 [ 216.396684][ T9399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.858'. [ 216.551546][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 216.551727][ T40] audit: type=1326 audit(1746662811.188:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9394 comm="syz.2.857" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0 [ 217.024144][ T9410] lo speed is unknown, defaulting to 1000 [ 217.814275][ T9423] syz.0.862: attempt to access beyond end of device [ 217.814275][ T9423] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 217.818661][ T9423] syz.0.862: attempt to access beyond end of device [ 217.818661][ T9423] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 217.822672][ T9423] Mount JFS Failure: -5 [ 218.041251][ T9428] lo speed is unknown, defaulting to 1000 [ 218.555118][ T9433] lo speed is unknown, defaulting to 1000 [ 219.005616][ T9444] lo speed is unknown, defaulting to 1000 [ 219.168991][ T9439] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 220.002537][ T9458] lo speed is unknown, defaulting to 1000 [ 220.726791][ T9477] lo speed is unknown, defaulting to 1000 [ 221.252504][ T9468] lo speed is unknown, defaulting to 1000 [ 221.417144][ T9490] syz.0.875: attempt to access beyond end of device [ 221.417144][ T9490] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 221.424146][ T9490] syz.0.875: attempt to access beyond end of device [ 221.424146][ T9490] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 221.428752][ T9490] Mount JFS Failure: -5 [ 222.102478][ T9495] lo speed is unknown, defaulting to 1000 [ 222.470832][ T9503] lo speed is unknown, defaulting to 1000 [ 222.861409][ T9511] lo speed is unknown, defaulting to 1000 [ 224.189281][ T9522] lo speed is unknown, defaulting to 1000 [ 224.363864][ T9521] lo speed is unknown, defaulting to 1000 [ 225.010776][ T9532] syz.3.885: attempt to access beyond end of device [ 225.010776][ T9532] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 225.015190][ T9532] syz.3.885: attempt to access beyond end of device [ 225.015190][ T9532] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 225.019502][ T9532] Mount JFS Failure: -5 [ 225.103761][ T9538] lo speed is unknown, defaulting to 1000 [ 225.128741][ T9539] syz.1.887: attempt to access beyond end of device [ 225.128741][ T9539] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 225.133180][ T9539] syz.1.887: attempt to access beyond end of device [ 225.133180][ T9539] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 225.137760][ T9539] Mount JFS Failure: -5 [ 225.366027][ T9541] lo speed is unknown, defaulting to 1000 [ 225.674152][ T9555] lo speed is unknown, defaulting to 1000 [ 226.246597][ T9561] lo speed is unknown, defaulting to 1000 [ 226.727697][ T9573] lo speed is unknown, defaulting to 1000 [ 227.419738][ T9579] lo speed is unknown, defaulting to 1000 [ 228.045917][ T9583] netlink: 88 bytes leftover after parsing attributes in process `syz.3.898'. [ 228.626914][ T9591] lo speed is unknown, defaulting to 1000 [ 228.970554][ T9598] lo speed is unknown, defaulting to 1000 [ 229.935662][ T9615] lo speed is unknown, defaulting to 1000 [ 230.230050][ T9617] lo speed is unknown, defaulting to 1000 [ 230.646382][ T9628] netlink: 52 bytes leftover after parsing attributes in process `syz.0.907'. [ 230.649626][ T9628] netlink: 16 bytes leftover after parsing attributes in process `syz.0.907'. [ 230.652534][ T9628] netlink: 52 bytes leftover after parsing attributes in process `syz.0.907'. [ 230.808274][ T6302] IPVS: starting estimator thread 0... [ 230.968007][ T9636] lo speed is unknown, defaulting to 1000 [ 231.138559][ T9635] IPVS: using max 49 ests per chain, 117600 per kthread [ 231.386315][ T9644] lo speed is unknown, defaulting to 1000 [ 231.680012][ T9649] syz.1.920: attempt to access beyond end of device [ 231.680012][ T9649] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 231.685738][ T9649] syz.1.920: attempt to access beyond end of device [ 231.685738][ T9649] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 231.693098][ T9649] Mount JFS Failure: -5 [ 232.340524][ T9661] lo speed is unknown, defaulting to 1000 [ 232.422870][ T9660] lo speed is unknown, defaulting to 1000 [ 232.525744][ T9666] lo speed is unknown, defaulting to 1000 [ 233.118683][ T9670] lo speed is unknown, defaulting to 1000 [ 233.157858][ T9686] lo speed is unknown, defaulting to 1000 [ 233.302932][ T9691] syz.3.921: attempt to access beyond end of device [ 233.302932][ T9691] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 233.307367][ T9691] syz.3.921: attempt to access beyond end of device [ 233.307367][ T9691] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 233.311945][ T9691] Mount JFS Failure: -5 [ 233.400338][ T9693] lo speed is unknown, defaulting to 1000 [ 233.519455][ T9697] syz.3.922: attempt to access beyond end of device [ 233.519455][ T9697] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 233.524189][ T9697] syz.3.922: attempt to access beyond end of device [ 233.524189][ T9697] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 233.529053][ T9697] Mount JFS Failure: -5 [ 234.198703][ T9715] lo speed is unknown, defaulting to 1000 [ 234.556663][ T9719] netlink: 52 bytes leftover after parsing attributes in process `syz.0.928'. [ 234.559738][ T9719] netlink: 16 bytes leftover after parsing attributes in process `syz.0.928'. [ 234.562707][ T9719] netlink: 52 bytes leftover after parsing attributes in process `syz.0.928'. [ 234.577794][ T9712] lo speed is unknown, defaulting to 1000 [ 234.835889][ T9728] syz.2.930: attempt to access beyond end of device [ 234.835889][ T9728] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 234.840835][ T9728] syz.2.930: attempt to access beyond end of device [ 234.840835][ T9728] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 235.154265][ T9728] Mount JFS Failure: -5 [ 235.406244][ T9738] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 235.414520][ T9730] lo speed is unknown, defaulting to 1000 [ 235.458027][ T9742] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 235.461809][ T9742] qnx6: wrong signature (magic) in superblock #1. [ 235.464118][ T9742] qnx6: unable to read the first superblock [ 235.503550][ T9745] lo speed is unknown, defaulting to 1000 [ 236.021722][ T9759] lo speed is unknown, defaulting to 1000 [ 237.145326][ T9777] lo speed is unknown, defaulting to 1000 [ 237.510738][ T9778] lo speed is unknown, defaulting to 1000 [ 238.647512][ T9817] lo speed is unknown, defaulting to 1000 [ 238.786186][ T9809] lo speed is unknown, defaulting to 1000 [ 238.793156][ T9815] lo speed is unknown, defaulting to 1000 [ 238.956555][ T9824] pim6reg: entered allmulticast mode [ 238.971777][ T9824] pim6reg: left allmulticast mode [ 239.844250][ T9846] lo speed is unknown, defaulting to 1000 [ 240.373963][ T9850] loop2: detected capacity change from 0 to 7 [ 240.381142][ T5956] Dev loop2: unable to read RDB block 7 [ 240.383147][ T5956] loop2: AHDI p1 p2 p3 [ 240.384638][ T5956] loop2: partition table partially beyond EOD, truncated [ 240.387536][ T5956] loop2: p1 start 1601398130 is beyond EOD, truncated [ 240.390636][ T5956] loop2: p2 start 1702059890 is beyond EOD, truncated [ 240.522062][ T9850] Dev loop2: unable to read RDB block 7 [ 240.524053][ T9850] loop2: AHDI p1 p2 p3 [ 240.525498][ T9850] loop2: partition table partially beyond EOD, truncated [ 240.529778][ T9850] loop2: p1 start 1601398130 is beyond EOD, truncated [ 240.532120][ T9850] loop2: p2 start 1702059890 is beyond EOD, truncated [ 240.838671][ T9869] lo speed is unknown, defaulting to 1000 [ 241.523418][ T9873] lo speed is unknown, defaulting to 1000 [ 241.903590][ T9882] lo speed is unknown, defaulting to 1000 [ 242.441176][ T9887] netlink: 44 bytes leftover after parsing attributes in process `syz.3.967'. [ 242.444404][ T9887] netlink: 16 bytes leftover after parsing attributes in process `syz.3.967'. [ 242.447578][ T9887] netlink: 44 bytes leftover after parsing attributes in process `syz.3.967'. [ 242.493079][ T9881] netlink: 'syz.1.966': attribute type 11 has an invalid length. [ 242.496557][ T9881] netlink: 224 bytes leftover after parsing attributes in process `syz.1.966'. [ 242.606946][ T9883] lo speed is unknown, defaulting to 1000 [ 243.050337][ T9910] netlink: 4 bytes leftover after parsing attributes in process `syz.1.972'. [ 243.060736][ T9905] lo speed is unknown, defaulting to 1000 [ 243.150914][ T9910] loop6: detected capacity change from 0 to 524287999 [ 243.201772][ T9918] syz.0.973: attempt to access beyond end of device [ 243.201772][ T9918] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 243.206838][ T9918] syz.0.973: attempt to access beyond end of device [ 243.206838][ T9918] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 243.211280][ T9918] Mount JFS Failure: -5 [ 243.848151][ T9930] lo speed is unknown, defaulting to 1000 [ 244.642960][ T40] audit: type=1326 audit(1746662839.278:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.659532][ T9944] lo speed is unknown, defaulting to 1000 [ 244.665452][ T40] audit: type=1326 audit(1746662839.278:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.672690][ T40] audit: type=1326 audit(1746662839.278:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.681622][ T40] audit: type=1326 audit(1746662839.278:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.688672][ T40] audit: type=1326 audit(1746662839.278:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.695587][ T40] audit: type=1326 audit(1746662839.278:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.704434][ T40] audit: type=1326 audit(1746662839.278:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.711944][ T40] audit: type=1326 audit(1746662839.278:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.720085][ T40] audit: type=1326 audit(1746662839.288:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=241 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.727523][ T40] audit: type=1326 audit(1746662839.318:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9941 comm="syz.1.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 244.881549][ T9950] syz.2.980: attempt to access beyond end of device [ 244.881549][ T9950] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 244.885975][ T9950] syz.2.980: attempt to access beyond end of device [ 244.885975][ T9950] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 244.890376][ T9950] Mount JFS Failure: -5 [ 244.914384][ T9943] netlink: 256 bytes leftover after parsing attributes in process `syz.1.979'. [ 244.917451][ T9943] netlink: 56 bytes leftover after parsing attributes in process `syz.1.979'. [ 245.322144][ T9966] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.986'. [ 245.325286][ T9966] netlink: zone id is out of range [ 245.326965][ T9966] netlink: zone id is out of range [ 245.329341][ T9966] netlink: get zone limit has 8 unknown bytes [ 245.916649][ T9972] lo speed is unknown, defaulting to 1000 [ 245.965066][ T9980] lo speed is unknown, defaulting to 1000 [ 246.024027][ T9976] lo speed is unknown, defaulting to 1000 [ 246.468058][ T6184] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 246.585914][ T9995] lo speed is unknown, defaulting to 1000 [ 246.618018][ T6184] usb 7-1: Using ep0 maxpacket: 8 [ 246.621270][ T6184] usb 7-1: config 0 has no interfaces? [ 246.623122][ T6184] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 246.626248][ T6184] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.635597][ T6184] usb 7-1: config 0 descriptor?? [ 246.748823][ T9998] lo speed is unknown, defaulting to 1000 [ 246.842092][ T9986] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 246.847436][ T9986] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.910855][ T836] usb 7-1: USB disconnect, device number 4 [ 246.984472][T10006] syz.1.997: attempt to access beyond end of device [ 246.984472][T10006] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 246.988900][T10006] syz.1.997: attempt to access beyond end of device [ 246.988900][T10006] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 246.993201][T10006] Mount JFS Failure: -5 [ 247.602606][T10017] lo speed is unknown, defaulting to 1000 [ 247.862029][T10015] lo speed is unknown, defaulting to 1000 [ 248.310461][T10034] syz.0.1004: attempt to access beyond end of device [ 248.310461][T10034] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 248.315079][T10034] syz.0.1004: attempt to access beyond end of device [ 248.315079][T10034] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 248.320326][T10034] Mount JFS Failure: -5 [ 248.466826][T10038] lo speed is unknown, defaulting to 1000 [ 248.845214][T10044] lo speed is unknown, defaulting to 1000 [ 248.973014][T10048] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1006'. [ 248.975956][T10048] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1006'. [ 248.980436][T10048] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1006'. [ 248.983384][T10048] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1006'. [ 249.194459][T10061] syz.1.1010: attempt to access beyond end of device [ 249.194459][T10061] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 249.200436][T10061] syz.1.1010: attempt to access beyond end of device [ 249.200436][T10061] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 249.204771][T10061] Mount JFS Failure: -5 [ 249.750095][T10059] lo speed is unknown, defaulting to 1000 [ 250.295166][T10073] lo speed is unknown, defaulting to 1000 [ 250.976373][T10089] lo speed is unknown, defaulting to 1000 [ 251.687238][T10100] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1018'. [ 251.692589][T10100] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1018'. [ 251.696808][T10100] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1018'. [ 251.896269][T10113] lo speed is unknown, defaulting to 1000 [ 252.546892][T10125] lo speed is unknown, defaulting to 1000 [ 253.176647][T10140] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1029'. [ 253.179882][T10140] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1029'. [ 253.182761][T10140] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1029'. [ 253.241832][T10143] lo speed is unknown, defaulting to 1000 [ 254.473771][T10169] smc: net device bond0 applied user defined pnetid SYZ0 [ 254.553197][T10171] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1036'. [ 254.650663][T10172] lo speed is unknown, defaulting to 1000 [ 254.883113][T10178] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1037'. [ 255.183329][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.185743][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.269505][T10191] fuse: Bad value for 'group_id' [ 255.271257][T10191] fuse: Bad value for 'group_id' [ 255.798083][ T6001] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 255.950243][ T6001] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 255.958033][ T6001] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 255.963400][ T6001] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 255.967597][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.981718][T10195] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 255.996766][ T6001] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 256.998160][ T57] usb 5-1: USB disconnect, device number 8 [ 257.360510][T10235] lo speed is unknown, defaulting to 1000 [ 257.594351][T10240] syz.3.1051: attempt to access beyond end of device [ 257.594351][T10240] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 257.721038][T10240] syz.3.1051: attempt to access beyond end of device [ 257.721038][T10240] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 257.727841][T10240] Mount JFS Failure: -5 [ 257.897184][T10249] fuse: Bad value for 'group_id' [ 257.899109][T10249] fuse: Bad value for 'group_id' [ 258.507045][T10254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1055'. [ 258.516342][T10254] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1055'. [ 258.694884][T10261] syz.0.1056: attempt to access beyond end of device [ 258.694884][T10261] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 258.700613][T10261] syz.0.1056: attempt to access beyond end of device [ 258.700613][T10261] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 258.706076][T10261] Mount JFS Failure: -5 [ 259.150475][T10270] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1060'. [ 259.154744][T10270] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1060'. [ 259.207360][T10272] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1060'. [ 259.213415][T10272] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1060'. [ 259.934375][T10283] syz.0.1064: attempt to access beyond end of device [ 259.934375][T10283] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 259.940419][T10283] syz.0.1064: attempt to access beyond end of device [ 259.940419][T10283] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 259.945997][T10283] Mount JFS Failure: -5 [ 260.353542][T10288] lo speed is unknown, defaulting to 1000 [ 260.997697][T10293] fuse: Bad value for 'group_id' [ 260.999979][T10293] fuse: Bad value for 'group_id' [ 261.153436][T10301] geneve2: entered promiscuous mode [ 261.155837][T10301] geneve2: entered allmulticast mode [ 261.195557][T10304] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1066'. [ 261.197149][T10303] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1067'. [ 261.412196][T10308] geneve2: entered promiscuous mode [ 261.418261][T10308] geneve2: entered allmulticast mode [ 263.701228][ T6184] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 264.168070][ T6184] usb 5-1: Using ep0 maxpacket: 16 [ 264.171492][ T6184] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 25 [ 264.176545][ T6184] usb 5-1: can't read configurations, error -22 [ 264.308022][ T6184] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 264.488069][ T6184] usb 5-1: Using ep0 maxpacket: 16 [ 264.491721][ T6184] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 25 [ 264.494858][ T6184] usb 5-1: can't read configurations, error -22 [ 264.503556][ T6184] usb usb5-port1: attempt power cycle [ 264.760934][T10353] syz.3.1082: attempt to access beyond end of device [ 264.760934][T10353] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 264.765709][T10353] syz.3.1082: attempt to access beyond end of device [ 264.765709][T10353] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 264.770173][T10353] Mount JFS Failure: -5 [ 264.857989][ T6184] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 264.878379][ T6184] usb 5-1: Using ep0 maxpacket: 16 [ 264.881341][ T6184] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 25 [ 264.884017][ T6184] usb 5-1: can't read configurations, error -22 [ 265.027977][ T6184] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 265.048430][ T6184] usb 5-1: Using ep0 maxpacket: 16 [ 265.051488][ T6184] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 25 [ 265.054302][ T6184] usb 5-1: can't read configurations, error -22 [ 265.058208][ T6184] usb usb5-port1: unable to enumerate USB device [ 265.135378][T10361] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1085'. [ 266.365256][T10375] 9pnet_fd: Insufficient options for proto=fd [ 267.793986][T10412] 9pnet: Unknown protocol version 9 [ 268.455207][T10418] lo speed is unknown, defaulting to 1000 [ 269.445819][T10434] lo speed is unknown, defaulting to 1000 [ 270.388144][T10457] lo speed is unknown, defaulting to 1000 [ 270.508995][T10456] lo speed is unknown, defaulting to 1000 [ 270.883284][T10479] lo speed is unknown, defaulting to 1000 [ 271.366525][T10479] hfs: unable to load iocharset "io#harset" [ 271.604155][T10479] netlink: zone id is out of range [ 271.605906][T10479] netlink: zone id is out of range [ 271.612236][ T5954] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 271.852701][T10501] syz.3.1117: attempt to access beyond end of device [ 271.852701][T10501] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 271.857037][T10501] syz.3.1117: attempt to access beyond end of device [ 271.857037][T10501] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 271.861999][T10501] Mount JFS Failure: -5 [ 272.188370][T10504] netlink: 'syz.2.1118': attribute type 10 has an invalid length. [ 272.192411][T10504] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.196083][T10504] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.207003][T10504] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.210205][T10504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.214582][T10504] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.217808][T10504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.270607][T10504] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 272.309598][T10504] netlink: 'syz.2.1118': attribute type 10 has an invalid length. [ 272.317256][T10504] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.319931][T10504] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.384762][T10505] netlink: 'syz.2.1118': attribute type 10 has an invalid length. [ 272.389120][T10505] syz_tun: entered promiscuous mode [ 272.395538][T10505] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 272.716959][T10518] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1124'. [ 272.720641][T10518] trusted_key: syz.3.1124 sent an empty control message without MSG_MORE. [ 272.773384][T10520] tmpfs: Unknown parameter 'mponinuerleave:' [ 273.066030][T10528] lo speed is unknown, defaulting to 1000 [ 273.474464][T10532] ubi31: attaching mtd0 [ 273.480031][T10532] ubi31: scanning is finished [ 273.482817][T10532] ubi31: empty MTD device detected [ 273.623918][T10532] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 273.628241][T10532] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 273.631975][T10532] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 273.637456][T10532] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 273.642380][T10532] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 273.645367][T10532] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 273.651139][T10532] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 460679219 [ 273.654545][T10532] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 273.659408][T10536] ubi31: background thread "ubi_bgt31d" started, PID 10536 [ 274.679756][ T40] kauditd_printk_skb: 56 callbacks suppressed [ 274.679772][ T40] audit: type=1326 audit(1746662869.308:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10553 comm="syz.0.1131" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0 [ 275.176099][T10572] syz.1.1135: attempt to access beyond end of device [ 275.176099][T10572] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 275.184991][T10572] syz.1.1135: attempt to access beyond end of device [ 275.184991][T10572] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 275.189972][T10572] Mount JFS Failure: -5 [ 275.286139][T10575] lo speed is unknown, defaulting to 1000 [ 275.695514][T10587] lo speed is unknown, defaulting to 1000 [ 275.764571][T10588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1136'. [ 276.268868][T10598] FAULT_INJECTION: forcing a failure. [ 276.268868][T10598] name failslab, interval 1, probability 0, space 0, times 0 [ 276.278167][T10598] CPU: 2 UID: 0 PID: 10598 Comm: syz.3.1140 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 276.278183][T10598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 276.278200][T10598] Call Trace: [ 276.278205][T10598] [ 276.278209][T10598] dump_stack_lvl+0x16c/0x1f0 [ 276.278228][T10598] should_fail_ex+0x512/0x640 [ 276.278242][T10598] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 276.278259][T10598] should_failslab+0xc2/0x120 [ 276.278271][T10598] __kmalloc_cache_noprof+0x6a/0x3e0 [ 276.278287][T10598] ? io_wq_create+0xcc/0xa30 [ 276.278300][T10598] io_wq_create+0xcc/0xa30 [ 276.278313][T10598] io_uring_alloc_task_context+0x211/0x690 [ 276.278331][T10598] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 276.278348][T10598] ? __pfx_io_wq_submit_work+0x10/0x10 [ 276.278358][T10598] ? __pfx_io_wq_free_work+0x10/0x10 [ 276.278373][T10598] __io_uring_add_tctx_node+0x2dd/0x500 [ 276.278389][T10598] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 276.278406][T10598] ? __fget_files+0x20e/0x3c0 [ 276.278427][T10598] __io_uring_add_tctx_node_from_submit+0x89/0x130 [ 276.278444][T10598] __do_sys_io_uring_enter+0x123a/0x1630 [ 276.278459][T10598] ? __fget_files+0x20e/0x3c0 [ 276.278475][T10598] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 276.278495][T10598] ? fput+0x70/0xf0 [ 276.278510][T10598] ? ksys_write+0x1b9/0x240 [ 276.278526][T10598] ? __pfx_ksys_write+0x10/0x10 [ 276.278542][T10598] ? rcu_is_watching+0x12/0xc0 [ 276.278561][T10598] __do_fast_syscall_32+0x73/0x120 [ 276.278585][T10598] do_fast_syscall_32+0x32/0x80 [ 276.278607][T10598] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 276.278623][T10598] RIP: 0023:0xf70ee579 [ 276.278632][T10598] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 276.278642][T10598] RSP: 002b:00000000f505855c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 276.278652][T10598] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000000075fa [ 276.278658][T10598] RDX: 000000000000e475 RSI: 0000000000000000 RDI: 0000000000000000 [ 276.278664][T10598] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 276.278671][T10598] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 276.278676][T10598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 276.278689][T10598] [ 276.659202][T10605] lo speed is unknown, defaulting to 1000 [ 277.091522][T10607] lo speed is unknown, defaulting to 1000 [ 277.105483][ T57] kernel write not supported for file /vcs (pid: 57 comm: kworker/3:1) [ 278.407393][T10636] syz.0.1149: attempt to access beyond end of device [ 278.407393][T10636] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 278.411777][T10636] syz.0.1149: attempt to access beyond end of device [ 278.411777][T10636] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 278.416117][T10636] Mount JFS Failure: -5 [ 278.677838][T10644] lo speed is unknown, defaulting to 1000 [ 278.972415][T10655] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1153'. [ 279.206732][T10659] lo speed is unknown, defaulting to 1000 [ 279.593165][ T40] audit: type=1326 audit(1746662874.218:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.1.1154" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x0 [ 279.651617][T10669] set match dimension is over the limit! [ 280.139725][T10684] lo speed is unknown, defaulting to 1000 [ 280.738256][T10702] syz.0.1163: attempt to access beyond end of device [ 280.738256][T10702] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 280.743772][T10702] syz.0.1163: attempt to access beyond end of device [ 280.743772][T10702] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 280.758219][T10702] Mount JFS Failure: -5 [ 281.274202][T10711] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1166'. [ 282.838620][T10740] ALSA: mixer_oss: invalid OSS volume 'VMIX' [ 282.974833][T10739] lo speed is unknown, defaulting to 1000 [ 283.078167][ T6001] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 283.456493][T10751] lo speed is unknown, defaulting to 1000 [ 283.510710][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.514515][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.517872][ T6001] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 283.522158][ T6001] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 283.525256][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.531169][ T6001] usb 5-1: config 0 descriptor?? [ 283.762460][T10753] lo speed is unknown, defaulting to 1000 [ 284.057691][T10760] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1178'. [ 284.058574][ T6001] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 284.098098][ T6001] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 284.280764][ T6184] usb 5-1: USB disconnect, device number 13 [ 286.116488][T10793] lo speed is unknown, defaulting to 1000 [ 286.934122][T10810] wireguard0: entered promiscuous mode [ 286.936119][T10810] wireguard0: entered allmulticast mode [ 287.761357][T10815] lo speed is unknown, defaulting to 1000 [ 287.837574][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1192'. [ 287.840672][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1192'. [ 287.900128][T10816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 288.268025][ T34] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 288.409919][T10832] lo speed is unknown, defaulting to 1000 [ 288.428935][ T34] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 288.431576][ T34] usb 7-1: config 0 has no interface number 0 [ 288.433594][ T34] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 288.437148][ T34] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 288.446534][ T34] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 288.450898][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.454703][ T34] usb 7-1: config 0 descriptor?? [ 288.456838][T10821] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 288.466264][ T34] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 288.663180][ C1] iowarrior 7-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 288.666951][ T6302] usb 7-1: USB disconnect, device number 5 [ 289.120354][ T6158] kernel write not supported for file /1053/net/snmp6 (pid: 6158 comm: kworker/1:4) [ 289.263646][T10850] syz.0.1200 (10850) used obsolete PPPIOCDETACH ioctl [ 289.353574][T10852] netlink: 'syz.0.1201': attribute type 4 has an invalid length. [ 289.356412][T10852] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1201'. [ 289.402431][T10856] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1203'. [ 289.623210][T10876] netlink: 'syz.2.1213': attribute type 4 has an invalid length. [ 289.626589][T10876] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.1213'. [ 289.632068][T10876] netlink: 'syz.2.1213': attribute type 1 has an invalid length. [ 289.635087][T10878] syzkaller0: entered promiscuous mode [ 289.637359][T10878] syzkaller0: entered allmulticast mode [ 289.796814][T10893] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1217'. [ 289.801355][T10884] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1217'. [ 290.120622][T10909] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1229'. [ 290.692678][T10920] syzkaller0: entered promiscuous mode [ 290.694769][T10920] syzkaller0: entered allmulticast mode [ 290.699176][T10920] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 290.714851][T10922] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1231'. [ 290.718666][T10917] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1231'. [ 290.722137][T10917] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1231'. [ 290.820196][T10938] syzkaller0: entered promiscuous mode [ 290.822338][T10938] syzkaller0: entered allmulticast mode [ 290.874978][T10944] netlink: 'syz.0.1246': attribute type 29 has an invalid length. [ 290.879121][T10944] netlink: 'syz.0.1246': attribute type 29 has an invalid length. [ 290.949189][T10954] netlink: 130976 bytes leftover after parsing attributes in process `syz.3.1251'. [ 291.066224][T10413] bond0: (slave syz_tun): Releasing backup interface [ 291.071782][T10973] netlink: 'syz.0.1260': attribute type 16 has an invalid length. [ 291.243623][T10988] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 291.246554][T10988] IPv6: NLM_F_CREATE should be set when creating new route [ 291.248955][T10988] IPv6: NLM_F_CREATE should be set when creating new route [ 291.321657][T10996] netlink: 'syz.0.1270': attribute type 1 has an invalid length. [ 291.324979][T10996] netlink: 'syz.0.1270': attribute type 2 has an invalid length. [ 291.328821][T10996] netlink: 'syz.0.1270': attribute type 4 has an invalid length. [ 291.332031][T10996] netlink: 'syz.0.1270': attribute type 1 has an invalid length. [ 291.402121][ T5945] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 291.407062][ T5945] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 291.413991][ T5945] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 291.421809][ T5945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 291.425397][ T5945] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 291.446847][T11006] lo speed is unknown, defaulting to 1000 [ 291.552229][T11006] chnl_net:caif_netlink_parms(): no params data found [ 291.646487][T11006] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.650237][T11006] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.653262][T11006] bridge_slave_0: entered allmulticast mode [ 291.656731][T11006] bridge_slave_0: entered promiscuous mode [ 291.666233][T11006] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.669133][T11006] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.671624][T11006] bridge_slave_1: entered allmulticast mode [ 291.674438][T11006] bridge_slave_1: entered promiscuous mode [ 291.706181][T11006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 291.711100][T11006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.746838][T11006] team0: Port device team_slave_0 added [ 291.750988][T11006] team0: Port device team_slave_1 added [ 291.785175][T11006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 291.787534][T11006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.796108][T11006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 291.801545][T11006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 291.803844][T11006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.812945][T11006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 291.850457][T11006] hsr_slave_0: entered promiscuous mode [ 291.852826][T11006] hsr_slave_1: entered promiscuous mode [ 291.854994][T11006] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 291.857471][T11006] Cannot create hsr debugfs directory [ 291.982272][T11006] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.073661][T11006] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.145410][T11066] : renamed from bond0 (while UP) [ 292.171749][T11006] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.230488][T11074] bridge0: port 1(bridge_slave_0) entered learning state [ 292.283872][T11006] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.300932][T11078] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 292.419230][T11085] netlink: 'syz.3.1309': attribute type 11 has an invalid length. [ 292.523169][T11081] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 292.562861][T11006] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 292.581152][T11006] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 292.587415][T11006] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 292.591709][T11006] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 292.637691][T11006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 292.650271][T11006] 8021q: adding VLAN 0 to HW filter on device team0 [ 292.655641][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.658083][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.664684][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.667047][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.712838][T11109] gtp0: entered promiscuous mode [ 292.829533][T11111] batadv_slave_0: left promiscuous mode [ 292.861278][T11111] veth0_vlan: left allmulticast mode [ 292.883869][T11111] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.887020][T11111] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.889935][T11111] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.007065][T11006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.033007][T11006] veth0_vlan: entered promiscuous mode [ 293.042662][T11006] veth1_vlan: entered promiscuous mode [ 293.060991][T11006] veth0_macvtap: entered promiscuous mode [ 293.064722][T11006] veth1_macvtap: entered promiscuous mode [ 293.076972][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.081546][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.084935][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.089840][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.093802][T11006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 293.117350][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.121007][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.124136][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.127481][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.132839][T11006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 293.137279][T11006] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.140569][T11006] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.143390][T11006] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.146191][T11006] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.193118][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.197327][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.235524][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.239437][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.366604][T11168] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 293.449835][T11184] openvswitch: netlink: IP tunnel dst address not specified [ 293.498044][ T5945] Bluetooth: hci2: command tx timeout [ 294.455248][T11226] __nla_validate_parse: 22 callbacks suppressed [ 294.455265][T11226] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1373'. [ 294.464070][T11226] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1373'. [ 294.597995][T11228] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1374'. [ 294.879208][T11260] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1384'. [ 294.999335][T11272] validate_nla: 9 callbacks suppressed [ 294.999353][T11272] netlink: 'syz.3.1389': attribute type 10 has an invalid length. [ 295.005632][T11272] macvlan0: entered promiscuous mode [ 295.011244][T11272] : (slave macvlan0): Enslaving as an active interface with an up link [ 295.016545][T11272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1389'. [ 295.281134][T11293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1399'. [ 295.665051][T11334] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1409'. [ 295.852515][T11357] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1416'. [ 295.856452][T11357] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1416'. [ 295.918782][T11350] IPVS: length: 78 != 8 [ 296.689673][T11400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1428'. [ 296.693303][T11400] bridge_slave_1: left allmulticast mode [ 296.695549][T11400] bridge_slave_1: left promiscuous mode [ 296.699330][T11400] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.705099][T11400] bridge_slave_0: left allmulticast mode [ 296.707451][T11400] bridge_slave_0: left promiscuous mode [ 296.710235][T11400] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.928851][T11405] dummy0: entered allmulticast mode [ 296.931999][T11404] dummy0: left allmulticast mode [ 296.970642][T11409] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.017024][T11417] wg2: entered promiscuous mode [ 297.076694][T11409] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.155744][T11409] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.224669][T11409] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.311288][T11409] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.318642][T11409] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.325882][T11409] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.335815][T11409] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.457378][T11464] vlan2: entered allmulticast mode [ 298.460160][T11464] bond0: entered allmulticast mode [ 298.462092][T11464] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 299.689942][T11528] lo speed is unknown, defaulting to 1000 [ 299.739440][T11528] __nla_validate_parse: 3 callbacks suppressed [ 299.739456][T11528] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1486'. [ 299.747023][T11528] ªªªªªª: renamed from lo [ 300.356413][T11571] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 300.447132][T11554] bond0: (slave netdevsim0): Releasing backup interface [ 300.451397][T11554] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 300.545497][T11582] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1509'. [ 300.588289][T11585] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1510'. [ 300.621474][T11588] syz_tun: entered allmulticast mode [ 300.625458][T11587] syz_tun: left allmulticast mode [ 300.683091][T11593] tipc: Enabled bearer , priority 0 [ 300.706289][T11593] syzkaller0: entered promiscuous mode [ 300.708828][T11593] syzkaller0: entered allmulticast mode [ 300.711549][T11593] tipc: Resetting bearer [ 300.720279][T11592] tipc: Resetting bearer [ 301.688785][T11592] tipc: Disabling bearer [ 301.774401][T11602] syz.0.1518: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 301.780993][T11602] CPU: 3 UID: 0 PID: 11602 Comm: syz.0.1518 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 301.781017][T11602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 301.781028][T11602] Call Trace: [ 301.781034][T11602] [ 301.781040][T11602] dump_stack_lvl+0x16c/0x1f0 [ 301.781066][T11602] warn_alloc+0x248/0x3a0 [ 301.781087][T11602] ? __pfx_warn_alloc+0x10/0x10 [ 301.781101][T11602] ? __pfx_stack_trace_save+0x10/0x10 [ 301.781121][T11602] ? stack_depot_save_flags+0x28/0xa50 [ 301.781150][T11602] ? kasan_save_stack+0x42/0x60 [ 301.781163][T11602] ? kasan_save_stack+0x33/0x60 [ 301.781178][T11602] ? kasan_save_track+0x14/0x30 [ 301.781193][T11602] ? __kasan_kmalloc+0xaa/0xb0 [ 301.781208][T11602] ? xskq_create+0x52/0x1d0 [ 301.781234][T11602] ? do_sock_setsockopt+0x221/0x470 [ 301.781257][T11602] ? __sys_setsockopt+0x120/0x1a0 [ 301.781275][T11602] ? __ia32_sys_setsockopt+0xbc/0x160 [ 301.781296][T11602] __vmalloc_node_range_noprof+0x10ea/0x1540 [ 301.781333][T11602] ? xskq_create+0xfb/0x1d0 [ 301.781357][T11602] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 301.781389][T11602] ? xskq_create+0xfb/0x1d0 [ 301.781406][T11602] vmalloc_user_noprof+0x6b/0x90 [ 301.781431][T11602] ? xskq_create+0xfb/0x1d0 [ 301.781449][T11602] xskq_create+0xfb/0x1d0 [ 301.781468][T11602] xsk_setsockopt+0x640/0x840 [ 301.781488][T11602] ? __pfx_xsk_setsockopt+0x10/0x10 [ 301.781505][T11602] ? __pfx_aa_sk_perm+0x10/0x10 [ 301.781523][T11602] ? percpu_counter_add_batch+0xb8/0x1f0 [ 301.781542][T11602] ? errseq_sample+0x53/0x70 [ 301.781569][T11602] ? __pfx_xsk_setsockopt+0x10/0x10 [ 301.781585][T11602] do_sock_setsockopt+0x221/0x470 [ 301.781606][T11602] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 301.781640][T11602] __sys_setsockopt+0x120/0x1a0 [ 301.781662][T11602] __ia32_sys_setsockopt+0xbc/0x160 [ 301.781677][T11602] ? lockdep_hardirqs_on+0x7c/0x110 [ 301.781698][T11602] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 301.781720][T11602] __do_fast_syscall_32+0x73/0x120 [ 301.781745][T11602] do_fast_syscall_32+0x32/0x80 [ 301.781765][T11602] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 301.781786][T11602] RIP: 0023:0xf710e579 [ 301.781800][T11602] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 301.781815][T11602] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 301.781830][T11602] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b [ 301.781842][T11602] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004 [ 301.781851][T11602] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 301.781859][T11602] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 301.781871][T11602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 301.781892][T11602] [ 301.781901][T11602] Mem-Info: [ 301.880594][T11602] active_anon:5673 inactive_anon:23 isolated_anon:0 [ 301.880594][T11602] active_file:17568 inactive_file:9412 isolated_file:0 [ 301.880594][T11602] unevictable:1768 dirty:166 writeback:0 [ 301.880594][T11602] slab_reclaimable:5923 slab_unreclaimable:60935 [ 301.880594][T11602] mapped:24017 shmem:2354 pagetables:794 [ 301.880594][T11602] sec_pagetables:313 bounce:0 [ 301.880594][T11602] kernel_misc_reclaimable:0 [ 301.880594][T11602] free:58970 free_pcp:568 free_cma:0 [ 301.895628][T11602] Node 0 active_anon:520kB inactive_anon:0kB active_file:2264kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:652kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9052kB pagetables:952kB sec_pagetables:1136kB all_unreclaimable? yes Balloon:0kB [ 301.908857][T11602] Node 1 active_anon:22172kB inactive_anon:92kB active_file:68008kB inactive_file:37648kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:95416kB dirty:664kB writeback:0kB shmem:5876kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3400kB pagetables:2224kB sec_pagetables:116kB all_unreclaimable? no Balloon:0kB [ 301.920224][T11602] Node 0 DMA free:2120kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:360kB local_pcp:228kB free_cma:0kB [ 301.930460][T11602] lowmem_reserve[]: 0 293 293 293 293 [ 301.932238][T11602] Node 0 DMA32 free:23460kB boost:2048kB min:15496kB low:18856kB high:22216kB reserved_highatomic:4096KB active_anon:520kB inactive_anon:0kB active_file:2264kB inactive_file:0kB unevictable:3536kB writepending:0kB present:1032196kB managed:300228kB mlocked:0kB bounce:0kB free_pcp:1440kB local_pcp:360kB free_cma:0kB [ 301.942609][T11602] lowmem_reserve[]: 0 0 0 0 0 [ 301.944382][T11602] Node 1 DMA32 free:210240kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:4096KB active_anon:22172kB inactive_anon:92kB active_file:68008kB inactive_file:37648kB unevictable:3536kB writepending:664kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:672kB local_pcp:0kB free_cma:0kB [ 301.955044][T11602] lowmem_reserve[]: 0 0 0 0 0 [ 301.956583][T11602] Node 0 DMA: 16*4kB (UM) 23*8kB (UM) 7*16kB (UM) 5*32kB (UM) 3*64kB (UM) 1*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2120kB [ 301.961870][T11602] Node 0 DMA32: 7*4kB (UEH) 69*8kB (UMEH) 35*16kB (UMEH) 143*32kB (UMEH) 72*64kB (UMEH) 33*128kB (UMH) 8*256kB (UME) 5*512kB (UM) 2*1024kB (UM) 1*2048kB (M) 0*4096kB = 23252kB [ 301.968258][T11602] Node 1 DMA32: 896*4kB (UMEH) 1097*8kB (UMEH) 783*16kB (UMEH) 730*32kB (UMEH) 330*64kB (UMEH) 248*128kB (UMEH) 115*256kB (UME) 56*512kB (UME) 16*1024kB (UM) 11*2048kB (UM) 3*4096kB (U) = 210424kB [ 301.972946][T11615] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1523'. [ 301.975251][T11602] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 301.978100][T11615] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1523'. [ 301.984047][T11602] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 301.987106][T11602] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 301.990387][T11602] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 301.993383][T11602] 29418 total pagecache pages [ 301.994875][T11602] 88 pages in swap cache [ 301.996208][T11602] Free swap = 122044kB [ 301.997547][T11602] Total swap = 124996kB [ 301.998907][T11602] 524155 pages RAM [ 302.000135][T11602] 0 pages HighMem/MovableOnly [ 302.001590][T11602] 208187 pages reserved [ 302.002962][T11602] 0 pages cma reserved [ 302.277038][T11631] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1530'. [ 302.282039][T11631] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1530'. [ 302.699280][T11608] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 303.083851][T11650] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1537'. [ 303.122275][T11652] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1539'. [ 303.126364][T11652] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1539'. [ 303.400170][T11679] lo speed is unknown, defaulting to 1000 [ 304.087645][T11733] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 304.492724][T11742] vlan2: entered allmulticast mode [ 304.494447][T11742] : entered allmulticast mode [ 304.496108][T11742] macvlan0: entered allmulticast mode [ 304.497868][T11742] veth1_vlan: entered allmulticast mode [ 304.665210][T11766] openvswitch: netlink: VXLAN extension message has 9 unknown bytes. [ 304.748122][T11775] __nla_validate_parse: 4 callbacks suppressed [ 304.748137][T11775] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1594'. [ 304.754947][T11775] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1594'. [ 304.768215][ T5945] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 304.840745][T11782] vlan2: entered allmulticast mode [ 304.842452][T11782] bond0: entered allmulticast mode [ 304.844134][T11782] bond_slave_0: entered allmulticast mode [ 304.846052][T11782] bond_slave_1: entered allmulticast mode [ 304.848474][T11782] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 305.263746][T11798] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 305.266054][T11798] IPv6: NLM_F_CREATE should be set when creating new route [ 305.407015][T11808] lo speed is unknown, defaulting to 1000 [ 305.436708][T11810] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1611'. [ 305.441568][T11810] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1611'. [ 305.472281][T11816] netlink: 'syz.3.1614': attribute type 1 has an invalid length. [ 305.596086][T11834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1623'. [ 305.622121][T11834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1623'. [ 305.631960][T11838] ip6tnl1: entered promiscuous mode [ 305.634215][T11838] ip6tnl1: entered allmulticast mode [ 305.992709][T11864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1636'. [ 305.996090][T11864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1636'. [ 306.265998][T11874] IPVS: length: 78 != 8 [ 306.422203][T11881] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1644'. [ 306.559549][T11889] bridge_slave_0: default FDB implementation only supports local addresses [ 306.566089][T11888] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1648'. [ 306.715888][T11908] ip6tnl1: entered promiscuous mode [ 306.717633][T11908] ip6tnl1: entered allmulticast mode [ 306.987642][T11946] ip6tnl1: entered promiscuous mode [ 306.992832][T11946] ip6tnl1: entered allmulticast mode [ 307.114560][T11966] syzkaller0: entered promiscuous mode [ 307.116992][T11966] syzkaller0: entered allmulticast mode [ 307.296320][T11991] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 307.359900][T11999] syzkaller0: entered promiscuous mode [ 307.361685][T11999] syzkaller0: entered allmulticast mode [ 307.928122][T12072] netlink: 'syz.0.1730': attribute type 11 has an invalid length. [ 307.972113][T12074] can: request_module (can-proto-5) failed. [ 308.028945][T12062] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 308.151981][T12095] hsr0 speed is unknown, defaulting to 1000 [ 308.154015][T12095] hsr0 speed is unknown, defaulting to 1000 [ 308.157254][T12095] hsr0 speed is unknown, defaulting to 1000 [ 308.165010][T12095] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 308.180694][T12095] hsr0 speed is unknown, defaulting to 1000 [ 308.184836][T12095] hsr0 speed is unknown, defaulting to 1000 [ 308.187465][T12095] hsr0 speed is unknown, defaulting to 1000 [ 308.190928][T12095] hsr0 speed is unknown, defaulting to 1000 [ 308.193543][T12095] hsr0 speed is unknown, defaulting to 1000 [ 308.335454][T12128] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 308.336075][T12127] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 308.693328][T12190] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 309.219167][T12253] netlink: 'syz.0.1821': attribute type 7 has an invalid length. [ 309.393801][T12259] syz.3.1824 (12259) used greatest stack depth: 18616 bytes left [ 309.525054][T12280] lo speed is unknown, defaulting to 1000 [ 309.527733][T12280] hsr0 speed is unknown, defaulting to 1000 [ 309.733882][T12285] geneve2: entered promiscuous mode [ 309.736162][T12285] geneve2: entered allmulticast mode [ 309.827059][T12317] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 309.836530][T12314] __nla_validate_parse: 25 callbacks suppressed [ 309.836540][T12314] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1849'. [ 310.204496][T12358] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1868'. [ 310.210103][T12358] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1868'. [ 310.397045][T12372] siw: device registration error -23 [ 310.655698][T12409] openvswitch: netlink: VXLAN extension message has 9 unknown bytes. [ 311.082212][T12444] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1906'. [ 311.085635][T12444] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1906'. [ 311.531330][T12477] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1921'. [ 311.535080][T12477] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1921'. [ 311.741596][T12500] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1931'. [ 311.776405][T12505] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1933'. [ 311.780180][T12506] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1935'. [ 311.978667][T12515] Falling back ldisc for ttyS3. [ 312.040552][T12531] wg1: entered promiscuous mode [ 312.042175][T12531] wg1: entered allmulticast mode [ 313.236820][T12569] 8021q: adding VLAN 0 to HW filter on device bond1 [ 313.240506][T12569] bridge0: port 1(bond1) entered blocking state [ 313.242592][T12569] bridge0: port 1(bond1) entered disabled state [ 313.244741][T12569] bond1: entered allmulticast mode [ 313.929865][T12589] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 313.937998][T12589] qnx6: wrong signature (magic) in superblock #1. [ 313.940183][T12589] qnx6: unable to read the first superblock [ 314.391686][T12618] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 314.414864][ T40] audit: type=1107 audit(1746662909.048:104): pid=12619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 314.890220][T12639] __nla_validate_parse: 2 callbacks suppressed [ 314.890232][T12639] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1989'. [ 315.091005][T12649] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1994'. [ 316.017787][T12676] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2005'. [ 316.288251][ T836] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 316.296146][T12680] syz.0.2007 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 316.438059][ T836] usb 6-1: Using ep0 maxpacket: 32 [ 316.442560][ T836] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 316.446361][ T836] usb 6-1: config 0 has no interface number 0 [ 316.451274][ T836] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 316.455118][ T836] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.458824][ T836] usb 6-1: Product: syz [ 316.460214][ T836] usb 6-1: Manufacturer: syz [ 316.461710][ T836] usb 6-1: SerialNumber: syz [ 316.465270][ T836] usb 6-1: config 0 descriptor?? [ 316.471400][ T836] smsc95xx v2.0.0 [ 316.609679][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.611691][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.621733][ T1139] bridge_slave_1: left allmulticast mode [ 316.624102][ T1139] bridge_slave_1: left promiscuous mode [ 316.627232][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.631712][ T1139] bridge_slave_0: left allmulticast mode [ 316.633533][ T1139] bridge_slave_0: left promiscuous mode [ 316.635443][ T1139] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.751992][ T1139] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 316.818759][T12684] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2008'. [ 316.873254][ T836] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 316.876781][ T836] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 316.881743][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 316.886561][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 316.890636][ T1139] bond0 (unregistering): Released all slaves [ 316.989504][ T1139] IPVS: stopping master sync thread 6899 ... [ 317.135872][T12688] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2010'. [ 317.139422][T12688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2010'. [ 317.229251][ T1139] hsr_slave_0: left promiscuous mode [ 317.232880][ T1139] hsr_slave_1: left promiscuous mode [ 317.235319][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 317.237876][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 317.241109][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 317.244155][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 317.268797][ T1139] veth1_macvtap: left promiscuous mode [ 317.271106][ T1139] veth0_macvtap: left promiscuous mode [ 317.273438][ T1139] veth1_vlan: left promiscuous mode [ 317.275681][ T1139] veth0_vlan: left promiscuous mode [ 317.482750][ T836] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 317.487104][ T836] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 317.496807][ T836] usb 6-1: USB disconnect, device number 3 [ 317.886896][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 317.967667][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 318.494096][ T1017] lo speed is unknown, defaulting to 1000 [ 318.496515][T12692] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2011'. [ 318.499647][ T1017] syz0: Port: 1 Link DOWN [ 318.764902][ T1139] IPVS: stop unused estimator thread 0... [ 319.978808][T12743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2031'. [ 320.204786][T12748] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2033'. [ 320.211313][T12748] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2033'. [ 323.437278][T12816] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2057'. [ 323.510079][T12821] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2059'. [ 323.778417][ T1017] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 323.939322][ T1017] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 323.942650][ T1017] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 323.947970][ T1017] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 323.950793][ T1017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.958455][ T1017] usb 5-1: config 0 descriptor?? [ 324.166320][ T6291] usb 5-1: USB disconnect, device number 14 [ 324.752897][T12830] syzkaller0: entered promiscuous mode [ 324.754735][T12830] syzkaller0: entered allmulticast mode [ 324.906299][T12836] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2066'. [ 325.101323][T12845] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2070'. [ 325.104489][T12845] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2070'. [ 325.445230][T12858] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2076'. [ 325.884491][T12848] ================================================================== [ 325.887208][T12848] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320 [ 325.889905][T12848] Write of size 4064 at addr ffffc90002fe9020 by task syz.0.2071/12848 [ 325.894535][T12848] [ 325.895406][T12848] CPU: 0 UID: 0 PID: 12848 Comm: syz.0.2071 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 325.895420][T12848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 325.895426][T12848] Call Trace: [ 325.895430][T12848] [ 325.895434][T12848] dump_stack_lvl+0x116/0x1f0 [ 325.895452][T12848] print_report+0xc3/0x670 [ 325.895464][T12848] ? __virt_addr_valid+0x5e/0x590 [ 325.895478][T12848] ? vrealloc_noprof+0x132/0x320 [ 325.895487][T12848] kasan_report+0xe0/0x110 [ 325.895498][T12848] ? vrealloc_noprof+0x132/0x320 [ 325.895508][T12848] kasan_check_range+0xef/0x1a0 [ 325.895521][T12848] __asan_memset+0x23/0x50 [ 325.895536][T12848] vrealloc_noprof+0x132/0x320 [ 325.895545][T12848] push_insn_history+0x2ae/0x6c0 [ 325.895556][T12848] do_check_common+0xbd3/0xc2a0 [ 325.895572][T12848] ? __pfx_do_check_common+0x10/0x10 [ 325.895583][T12848] ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10 [ 325.895598][T12848] ? kfree+0x2b6/0x4d0 [ 325.895607][T12848] ? __sanitizer_cov_trace_switch+0x1c/0x90 [ 325.895619][T12848] ? bpf_check+0x7b2f/0xb460 [ 325.895630][T12848] bpf_check+0x7f51/0xb460 [ 325.895643][T12848] ? __pfx_bpf_check+0x10/0x10 [ 325.895653][T12848] ? pcpu_alloc_noprof+0x949/0x1470 [ 325.895666][T12848] ? __lock_acquire+0xaa4/0x1ba0 [ 325.895682][T12848] ? find_held_lock+0x2b/0x80 [ 325.895692][T12848] ? __asan_memset+0x23/0x50 [ 325.895706][T12848] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 325.895719][T12848] bpf_prog_load+0xe41/0x2490 [ 325.895733][T12848] ? __pfx_bpf_prog_load+0x10/0x10 [ 325.895745][T12848] ? __pfx___futex_wait+0x10/0x10 [ 325.895762][T12848] ? bpf_lsm_bpf+0x9/0x10 [ 325.895772][T12848] __sys_bpf+0x433c/0x4d80 [ 325.895786][T12848] ? __pfx___sys_bpf+0x10/0x10 [ 325.895798][T12848] ? __pfx___schedule+0x10/0x10 [ 325.895810][T12848] ? __lock_acquire+0xaa4/0x1ba0 [ 325.895822][T12848] ? do_futex+0x122/0x350 [ 325.895832][T12848] ? __pfx_do_futex+0x10/0x10 [ 325.895844][T12848] ? xfd_validate_state+0x5d/0x180 [ 325.895859][T12848] ? rcu_is_watching+0x12/0xc0 [ 325.895869][T12848] __ia32_sys_bpf+0x76/0xe0 [ 325.895883][T12848] __do_fast_syscall_32+0x73/0x120 [ 325.895897][T12848] do_fast_syscall_32+0x32/0x80 [ 325.895910][T12848] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 325.895923][T12848] RIP: 0023:0xf710e579 [ 325.895930][T12848] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 325.895940][T12848] RSP: 002b:00000000f50dd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 325.895949][T12848] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000700 [ 325.895956][T12848] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 325.895962][T12848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 325.895967][T12848] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 325.895973][T12848] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 325.895987][T12848] [ 325.895990][T12848] [ 325.994439][T12848] The buggy address belongs to the virtual mapping at [ 325.994439][T12848] [ffffc90002f69000, ffffc90002feb000) created by: [ 325.994439][T12848] kvrealloc_noprof+0x7d/0xd0 [ 326.000100][T12848] [ 326.000907][T12848] The buggy address belongs to the physical page: [ 326.002991][T12848] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4e8c7 [ 326.005813][T12848] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 326.008180][T12848] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 326.010995][T12848] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 326.013777][T12848] page dumped because: kasan: bad access detected [ 326.015876][T12848] page_owner tracks the page as allocated [ 326.017737][T12848] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 12848, tgid 12846 (syz.0.2071), ts 325884297872, free_ts 325813747715 [ 326.023506][T12848] post_alloc_hook+0x181/0x1b0 [ 326.025089][T12848] get_page_from_freelist+0x135c/0x3920 [ 326.026943][T12848] __alloc_frozen_pages_noprof+0x5a8/0x23a0 [ 326.028923][T12848] alloc_pages_mpol+0x1fb/0x550 [ 326.030529][T12848] alloc_pages_noprof+0x131/0x390 [ 326.032202][T12848] __vmalloc_node_range_noprof+0x732/0x1540 [ 326.034141][T12848] __kvmalloc_node_noprof+0x2ff/0x600 [ 326.035905][T12848] kvrealloc_noprof+0x7d/0xd0 [ 326.037477][T12848] push_insn_history+0x2ae/0x6c0 [ 326.039111][T12848] check_mem_access+0x3edc/0x5fb0 [ 326.040766][T12848] check_store_reg+0x2ef/0x470 [ 326.042341][T12848] do_check_common+0x4618/0xc2a0 [ 326.043971][T12848] bpf_check+0x7f51/0xb460 [ 326.045442][T12848] bpf_prog_load+0xe41/0x2490 [ 326.047008][T12848] __sys_bpf+0x433c/0x4d80 [ 326.048518][T12848] __ia32_sys_bpf+0x76/0xe0 [ 326.049993][T12848] page last free pid 6001 tgid 6001 stack trace: [ 326.052057][T12848] __free_frozen_pages+0x69d/0xff0 [ 326.053754][T12848] vfree+0x176/0x960 [ 326.055065][T12848] bpf_prog_free_deferred+0x539/0x6f0 [ 326.056856][T12848] process_one_work+0x9cc/0x1b70 [ 326.058489][T12848] worker_thread+0x6c8/0xf10 [ 326.060019][T12848] kthread+0x3c2/0x780 [ 326.061372][T12848] ret_from_fork+0x45/0x80 [ 326.062857][T12848] ret_from_fork_asm+0x1a/0x30 [ 326.064460][T12848] [ 326.065266][T12848] Memory state around the buggy address: [ 326.067146][T12848] ffffc90002fe8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 326.069782][T12848] ffffc90002fe8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 326.072398][T12848] >ffffc90002fe9000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 326.075010][T12848] ^ [ 326.076710][T12848] ffffc90002fe9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 326.079462][T12848] ffffc90002fe9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 326.082086][T12848] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 326.085017][T12848] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 326.087491][T12848] CPU: 0 UID: 0 PID: 12848 Comm: syz.0.2071 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 326.091420][T12848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 326.094900][T12848] Call Trace: [ 326.096008][T12848] [ 326.097007][T12848] dump_stack_lvl+0x3d/0x1f0 [ 326.098546][T12848] panic+0x71c/0x800 [ 326.099906][T12848] ? __pfx_panic+0x10/0x10 [ 326.101379][T12848] ? rcu_is_watching+0x12/0xc0 [ 326.102963][T12848] ? preempt_schedule_thunk+0x16/0x30 [ 326.104727][T12848] ? vrealloc_noprof+0x132/0x320 [ 326.106377][T12848] ? preempt_schedule_common+0x44/0xc0 [ 326.108263][T12848] ? vrealloc_noprof+0x132/0x320 [ 326.109922][T12848] check_panic_on_warn+0xab/0xb0 [ 326.111596][T12848] end_report+0x107/0x170 [ 326.113054][T12848] kasan_report+0xee/0x110 [ 326.114533][T12848] ? vrealloc_noprof+0x132/0x320 [ 326.116167][T12848] kasan_check_range+0xef/0x1a0 [ 326.117796][T12848] __asan_memset+0x23/0x50 [ 326.119387][T12848] vrealloc_noprof+0x132/0x320 [ 326.120969][T12848] push_insn_history+0x2ae/0x6c0 [ 326.122596][T12848] do_check_common+0xbd3/0xc2a0 [ 326.124307][T12848] ? __pfx_do_check_common+0x10/0x10 [ 326.126070][T12848] ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10 [ 326.128229][T12848] ? kfree+0x2b6/0x4d0 [ 326.129613][T12848] ? __sanitizer_cov_trace_switch+0x1c/0x90 [ 326.131552][T12848] ? bpf_check+0x7b2f/0xb460 [ 326.133090][T12848] bpf_check+0x7f51/0xb460 [ 326.134558][T12848] ? __pfx_bpf_check+0x10/0x10 [ 326.136139][T12848] ? pcpu_alloc_noprof+0x949/0x1470 [ 326.137869][T12848] ? __lock_acquire+0xaa4/0x1ba0 [ 326.139509][T12848] ? find_held_lock+0x2b/0x80 [ 326.141065][T12848] ? __asan_memset+0x23/0x50 [ 326.142594][T12848] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 326.144263][T12848] bpf_prog_load+0xe41/0x2490 [ 326.145830][T12848] ? __pfx_bpf_prog_load+0x10/0x10 [ 326.147573][T12848] ? __pfx___futex_wait+0x10/0x10 [ 326.149280][T12848] ? bpf_lsm_bpf+0x9/0x10 [ 326.150711][T12848] __sys_bpf+0x433c/0x4d80 [ 326.152205][T12848] ? __pfx___sys_bpf+0x10/0x10 [ 326.153807][T12848] ? __pfx___schedule+0x10/0x10 [ 326.155418][T12848] ? __lock_acquire+0xaa4/0x1ba0 [ 326.157084][T12848] ? do_futex+0x122/0x350 [ 326.158507][T12848] ? __pfx_do_futex+0x10/0x10 [ 326.160067][T12848] ? xfd_validate_state+0x5d/0x180 [ 326.161748][T12848] ? rcu_is_watching+0x12/0xc0 [ 326.163330][T12848] __ia32_sys_bpf+0x76/0xe0 [ 326.164828][T12848] __do_fast_syscall_32+0x73/0x120 [ 326.166507][T12848] do_fast_syscall_32+0x32/0x80 [ 326.168116][T12848] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 326.170211][T12848] RIP: 0023:0xf710e579 [ 326.171695][T12848] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 326.177972][T12848] RSP: 002b:00000000f50dd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 326.180695][T12848] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000700 [ 326.183278][T12848] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 326.185867][T12848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 326.188608][T12848] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 326.191217][T12848] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 326.193798][T12848] [ 326.195497][T12848] Kernel Offset: disabled [ 326.196929][T12848] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:08:40 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854c2175 RDI=ffffffff9addfbc0 RBP=ffffffff9addfb80 RSP=ffffc90007c8ef00 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000074697257 R12=0000000000000000 R13=0000000000000064 R14=ffffffff9addfb80 R15=ffffffff854c2110 RIP=ffffffff854c219f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977ec000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008004b000 CR3=0000000073645000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000f6c165 RBX=0000000000000001 RCX=ffffffff8b6953e9 RDX=0000000000000000 RSI=ffffffff8dbdb681 RDI=ffffffff8bf46c60 RBP=ffffed1003ad7488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000 R12=0000000000000001 R13=ffff88801d6ba440 R14=ffffffff90852310 R15=0000000000000000 RIP=ffffffff8b693c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978ec000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f119ffc CR3=0000000073645000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b241460 RCX=ffffffff81ae9e69 RDX=ffff88802144c880 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900078b7358 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed100564828d R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b43b180 RIP=ffffffff81baa692 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979ec000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ffb7ff80 CR3=000000000e180000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080000001 RBX=8400000050c8b805 RCX=ffffffff8207a69b RDX=ffff888023760000 RSI=ffffffff8207a6db RDI=0000000000000001 RBP=ffffc90003237dd0 RSP=ffffc90003237c90 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=0000000000000000 R14=0000000000000001 R15=ffff88804b34b680 RIP=ffffffff81baace7 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007faf88d82300 ffffffff 00c00000 GS =0000 ffff888097aec000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000562e675ef000 CR3=000000004af74000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a 0000002c00000012 0004000000080024 0000000000280030 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000082a 0000001000000000 0000000000000000 0000000000000015 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 006d766b2f766564 2f01ffffffffffff ffffed080880030c 0000012600000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 10000ea003208080 808010000e900300 10000e8003068002 088285b98c080001 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000002080606011e be000406b0030180 80100006a0030010 0006900300080006 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8803000800068003 00080005b9820800 0100000208060604 1da200080005b882 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0800010000000806 06021da400040001 b0d9840800088002 01c708000800489c ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0010000f80030180 80808010000ef003 0280939010000ee0 030010000ed00301 ZMM25=56c030c856c030c8 56c030c856c030c8 56c030c856c030c8 56c030c856c030c8 56c030c856c030c8 56c030c856c030c8 56c030c856c030c8 56c030c856c030c8 ZMM26=6b1335ee6b1335ee 6b1335ee6b1335ee 6b1335ee6b1335ee 6b1335ee6b1335ee 6b1335ee6b1335ee 6b1335ee6b1335ee 6b1335ee6b1335ee 6b1335ee6b1335ee ZMM27=6d8798c46d8798c4 6d8798c46d8798c4 6d8798c46d8798c4 6d8798c46d8798c4 6d8798c46d8798c4 6d8798c46d8798c4 6d8798c46d8798c4 6d8798c46d8798c4 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=6a0e00006a0e0000 6a0e00006a0e0000 6a0e00006a0e0000 6a0e00006a0e0000 6a0e00006a0e0000 6a0e00006a0e0000 6a0e00006a0e0000 6a0e00006a0e0000