last executing test programs: 6.095251046s ago: executing program 3 (id=2873): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(0xffffffffffffffff, 0xc0045401, &(0x7f00000193c0)=0x1f6) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x4b4142, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop0', 0x0, 0x0) symlinkat(&(0x7f0000000280)='./file2\x00', r1, &(0x7f0000000100)='./file2\x00') lsm_set_self_attr(0x65, &(0x7f0000000240)=ANY=[@ANYRESDEC=r1], 0x20, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x5, &(0x7f0000019340)=ANY=[@ANYRES8=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x50}, 0x90) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180)=0x2) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RELDISP(r3, 0x5605) socket$inet(0x2, 0x0, 0x2) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000080)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00'}, 0x10) r4 = syz_open_dev$radio(&(0x7f0000019300), 0x2, 0x2) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) writev(r3, &(0x7f0000000300)=[{&(0x7f0000000180)}, {&(0x7f0000000200)="2e85d88a3798dda0d406865d77e485cd159af87eb38e93ca663691b776e060", 0x1f}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) epoll_create1(0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) read$char_usb(r6, &(0x7f0000001980)=""/179, 0xb3) 3.726877928s ago: executing program 0 (id=2885): sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)={0x14, 0x12, 0xa01, 0x0, 0x0, {0x7, 0x2}}, 0x1f}}, 0x0) 3.657275899s ago: executing program 0 (id=2886): r0 = openat$ndctl0(0xffffff9c, &(0x7f0000002f80), 0x0, 0x0) ioctl$MEDIA_IOC_DEVICE_INFO(r0, 0xc1007c00, 0x0) (fail_nth: 2) 3.496976755s ago: executing program 0 (id=2887): r0 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x1f1f, 0x300}) 3.424998407s ago: executing program 0 (id=2889): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$xdp(0x2c, 0x3, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) creat(&(0x7f0000000000)='./bus\x00', 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x9, 0x9]}, 0x8) r1 = io_uring_setup(0x7583, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x2, 0x0, r0}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20) 3.226665653s ago: executing program 3 (id=2891): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'macvtap0\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0x541b, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0a00100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000000000000000000000111"], 0xffe) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x2, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x15, 0x0, &(0x7f0000001400)) memfd_create(0x0, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80) 2.727217645s ago: executing program 0 (id=2893): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$fuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000140)={0x0, 0x0}) sched_getparam(r1, &(0x7f00000000c0)) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa}]}, 0x40}}, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0) setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2acf53c4, 0x0) r4 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSETD(r4, 0x5423, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r5 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$CDROM_SEND_PACKET(r5, 0x125e, 0x0) mkdir(&(0x7f0000000600)='./file1\x00', 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000a00)='./file1\x00', &(0x7f0000000000)='reiserfs\x00', 0x0, &(0x7f0000000a80)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r3) 2.576465747s ago: executing program 3 (id=2894): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x3, 0x70bd25, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000) sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r1, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4008040) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) sendmsg$NL80211_CMD_DEL_INTERFACE(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r2, 0x0, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4028015}, 0x840) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x20, r3, 0x300, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x1, 0x1}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x8040) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x44, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x4044) r4 = accept4$rose(0xffffffffffffffff, 0x0, &(0x7f0000000600), 0x800) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000640)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0xdc, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null]}) (async) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000640)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0xdc, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null]}) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000780)=0x14) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f00000007c0)={@local}, &(0x7f0000000800)=0x14) (async) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f00000007c0)={@local, 0x0}, &(0x7f0000000800)=0x14) sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000900)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x70, r5, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x4004041) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000980)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WOWLAN(r0, &(0x7f0000001740)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001700)={&(0x7f00000009c0)={0xd28, 0x0, 0x4, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_WOWLAN_TRIGGERS={0xd00, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}, @NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST={0x4}, @NL80211_WOWLAN_TRIG_TCP_CONNECTION={0x64, 0xe, 0x0, 0x1, [@NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN={0x38, 0x8, {0x100, 0x2, "9b96ca8e5f91dc4ad8e4c726376641753095c1933a33995fa2e551fe25ca3f14b2f5b5d2cf82f0ef097c6f9f"}}, @NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN={0x1e, 0x8, {0x3, 0x4, "684e2792da9b90e7f2dc0ef511d7e9a673e4"}}, @NL80211_WOWLAN_TCP_SRC_PORT={0x6, 0x4, 0x6}]}, @NL80211_WOWLAN_TRIG_ANY={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}, @NL80211_WOWLAN_TRIG_PKT_PATTERN={0xc88, 0x4, 0x0, 0x1, [{0x200, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_OFFSET={0x8}, @NL80211_PKTPAT_PATTERN={0xc4, 0x2, "84624c31529cb37b3d7bf736857b2cc6a920677eacfc78f982c4691624f4820939ba94622573f08652a37342b258c2edc0240eb74a4f9f5a79aa5e662385d4175149f61a328f69756c6641a897b9fd9c923edae46b1834d3b5137ea2316cf330da49b993630ac8b81b750f6f5690e46a1f4366ffffe27b3a36aa5659e12f4e9ae510786f26c056b898aee4c579ca1353684bcc1b7a45396d659d19c990aa8f793ae84b8ec6fac8bea0b82f747fb2a64d2ec57b13e450bcacd85eba13fd0e52dd"}, @NL80211_PKTPAT_PATTERN={0xe0, 0x2, "5ae5c1a78723d0f11d2c9be92221940937d6bedaa16cb22c08ff1679352b6955400374a7693c83365acb759befcf541be7216b7a469ca73364081b2d7305eda7084c097edcfd52a1a60497363f00fb2975f59c71d8b7adbfc3fc10f1a7d828e2c1a03f2c808fae2eafc17ed1d95e40a64c03aab3410cd29e95d4e55082c1d56070520316308a8bc6f0d6e87a4baf9a3fe9e99481720ab9286153b92de3ea6ea7d07bcb9516f4e7e7cc688a7059f046181a3f64c7f2636286f25596e7dab76f06a444cb579b4d2f44a159ca548f1d95744375125d54c0be5228f40c20"}, @NL80211_PKTPAT_MASK={0x48, 0x1, "25950b65e5ee4ee2851fdaadf090d4dc08132bbc80ed23f8b51ad33c4327304fee58fbe09d23528178c71738491ed13765d1f8965abff3c1ad2aa8ee86d7a14d025a706c"}, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x81}]}, {0x2b8, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_MASK={0xf7, 0x1, "2a188140ce7ae627361d6ffc6e77b554f824aae3a50f2cf4da5f532ac69e6607586349a74e23bb50902d59ca93bbb4d4d3fa971bbdcc28845f440a169176d2ab0bc00adaa377911acef9efeff922b0d605cc6a6db8fbb3635544d4b568fa86743834ac9e4b4eba27648bb7f885e6ef0b7320ac90e7e7a0533f35ac3ae969f105231ed37e63369e6ce3d80aa5bc2474b279a59f24070f611eef2abdbfd2045cf2a3c16ec2acffe9afdc5405eb79bbeeba32e705acd24502f358a3383cd2d81f292b3eb23eb8b848ef521783824c6557433c1c19d31ebf6166fa44b2dd10ecbe3892f0363ef8a0d669e64a9672606e125c0d7a46"}, @NL80211_PKTPAT_MASK={0xee, 0x1, "1c2300178a8cf8cd967e24f7195f5c3aa819bcde760b98b9a52b65918a26be86f0316d0bc1549ef5513480bf00f5ed9c6282241be3cb01f07a85deb186f97a2a329a0bf79cbbcb4e08250070fdcf9d2cc8808e4dec414847fb905ff68b98fd94159597225d2acc0479d25814c147bde1314227560efe1eab7834a8c7c04357993d4265b748e2fffc1bf8d472a987df80c0c55a68982a6fd7fd7d1325b039492024e4dd4351f95902fc6674857762643420b44985c3da446dee70080295e87d314e5ebf14db0ea7e816d17354a2c0ce886e981f249e41aa99852ef856d2f8adb7447be5083fbaee2b16d3"}, @NL80211_PKTPAT_MASK={0xc2, 0x1, "9592e221b146888c220dccb23c16e9c63a0a54c488621f7d4e33575172046a9cf68208ef656c1117a8436eb4cbf6677066649aaa016ec0b28de16f8dc2da141781d0cf915d43cd650d897d9e90375bbe95f8dde30fa5792c98680bb552d3fcd59b9f951eb58105bbac0576a12c80494269f4504cb7df6b60c93c5fd9dcb2cf1a0411040ed8b122f0ae5c776740b6211c355c08c6bd165681f52082cb8210d484f208d6206c1db6fa9436b5a19b2de6248ad656d13b443630e2d7208ab7ca"}, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x8}]}, {0x334, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_MASK={0xc1, 0x1, "4d09e947e3a503e782c794a6b95bf4f6000334a9828815a464c86c04922ef43fdb86c2e9370a7df13493ca3bda983be1f3577b5465e77ea3e949fbe4b9cb9cecf23dcc26840fb342950682fb059c53655c0dd43254e10f8e9850cae6fb26fdbb487ff3e8b1ff0245abdccc60002eef28d459ca5ee0bc4f95d6bd9c4b821e75fa1da55507594bf56cb3f372ba9ccbfa58be18f89cb61faaae4e9c39d1fc900088baf25c26d2c6574f98118c2fcde9009a38bf4c711cc66376a774252f1c"}, @NL80211_PKTPAT_PATTERN={0xa3, 0x2, "5978ec91bf06d006d3d108c5fd3b071efeff72dc376bbe1f95a7b3713959afa419244212848c31c141ceab23b45f1dd7a7363b2ac02c79f9c47de0b7f6bce9ec312c2c412ae38badc1537c9a14568a4c4efe2b8703e49ec0691962e2d476c0c88f121bb3857b61457f2943683d60006ba02d8803d6f430fa3fc051faa016130bc5d928c1c210d8ba03e64fb41a1d419b8b3a601e5b2babd8f64fa85d21eecb"}, @NL80211_PKTPAT_PATTERN={0xbd, 0x2, "271d7ec23dce1eab738dfad9f1f0b9f170c1af553bc4321ce769ebac809102d822f8cb69febe345ec157afa9cce2ae14e90126ca0c0ecf64f5b49a018b1b8bbcc5f7dfa786c78768f82156f6d0d335180226f3fcbc8fc315b1ba8f1b037a0930dcb4fda3ceacafb8ede87c7d3d87920aeb9e39128923dcc2d2d6a6b31cb5f4e1f218c49636d333ba7bc3a3f565db227ee4556e201baa5df2cf632edcb50fec4db1dbd6712cbe96d912f246f5f7e94297abd8ab2f8dd68d6e98"}, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x100}, @NL80211_PKTPAT_PATTERN={0xfd, 0x2, "00971f604e60eab65d39660ae10e7080701449a021b003fd619919aff92bb24a20e92908e560d43b2a64755aa30c012406887e303d47a023bf529151449e5d252374287d6c978682942111f1310efa31367632e36fe2ee843afd8aee77a6257363be5193fe35eb221ddc84359aaa279b8e7e34b98025431b6cfc2c6660742c72cae7efe39aaa230c90dddbce8383cfe7ec0a08f5d318e0f4cf87f42babb8976e7b1970d7520fdfed79ff7fc143a7cd5d42efd6c932f445fe5e59d5dd837c9adaca725cd3c764437d2be9c026375ceeacd8e975bbbd2bbb8f71843c091c4596b21bd54ba2188693c1d60af2e989ece95db24cbee289a84868b2"}]}, {0x94, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_OFFSET={0x8, 0x3, 0xed}, @NL80211_PKTPAT_PATTERN={0x80, 0x2, "eeea799e1abb6273d2ec1b779f07112d956d8d58174b84cbe2dd7cf62617f966efe79c36511555490f4360e9ebb8f2f5b7628c705486aab8412c3ee4296bf43418141eeeb2874430f212e8c8134b545a6f6efa9dd7a4bbe745d61e7f7abddbe917bc397f28987955c145c3dc21c3d4e9b4c7683719b894d8db50eff3"}, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x80}]}, {0x1e4, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_MASK={0xf1, 0x1, "2ff65ce2c5fcf8afc489a2a424c2b85dc7a0015a289902d92a32d8b8e2fd3ef5a268250decbbb97747dd47252866e4ade8714e75ccfe785f842a3a5dd36f88ae9f551003ceba49f1d52ee1836e40cccd31f7504237d8c5ac496348bf79d89e9942dad1da308945749494e7a1c435a01415a59f1c6b6248892d94cdc0b3454f5d376aad1c93809785f1b7418a98bbb16f2065d0bc34cd5a711893b8526852d58f3f02dae22c49fe97e1bb1c0c18798f7f6450aa1f93c3f0f2f53ea5135a342084fe1115b50d12d5a41aa870212e1d2d62caefde0ee677c66cea4338b79829b6079b62dc22a8307dda2afd702852"}, @NL80211_PKTPAT_OFFSET={0x8}, @NL80211_PKTPAT_PATTERN={0x14, 0x2, "4184b48f7321a7866c413baa798cd666"}, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x7ff}, @NL80211_PKTPAT_MASK={0xc7, 0x1, "a02e13395e833b03c0acbc9837c54c4fb43d1898e91c3ef6a342a63bdebb624a43518fc659d95a3c3665af98228290ba1738a1f30b7d87411a0cc48d62d2cafd687799ec8465a07369b20f2ad58c37dd473f3a1b4666a01cc0b0f9bb39ba92f24177a2b91dafef7011783e2aacccabc0b680da7cac4ce44296924e3dc2408128c6c6a2d7f705d381a507d7e6e105da6ac24451dcc2799cb526a00ed2a7e0496dc88951cc6248da07f1b1280e92a7f25bb38f84b00e6e77af2f717086a790361f102840"}]}, {0xb0, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_PATTERN={0xac, 0x2, "49673a5ecf9290a6ef37992e37fd7a8d1d8be65be044711d43774922765f023708b8e33aac79e9a8883f9539f4856c9c8b749e7aaff19fbc26e2fe0478d090b1b1bcc83e5d0afc511bbdbb2b5826125a7d8929717711014db08575105bd77e172faa56ad8f275248bcd173fa7447b5edf4c41c0d32e28f2302da6a0616047351eb746e222b2ff7b42467fb9c03b4e9550764efc0457d30beaf8bad097c6970031702b71aa75b4fa1"}]}, {0x164, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x3}, @NL80211_PKTPAT_PATTERN={0x60, 0x2, "e71051dc4013f022059706926f09ee5515b87dcd832f454d99e39be3eb1e9c4a76e5afe683663bc7eb31fe2a66e108e8f67354fab23b2774b20ff8dfe2e7781c9343b008f5775ed2c0b7cbdaaf6c28a0147cc3b4dd5c3c02b9a2b1a4"}, @NL80211_PKTPAT_MASK={0xc9, 0x1, "7736955b483997ffd56fc4d56eee96dce66752f875adcb3e6ecdfee7ba9df5a34cc92a8745fc95cd98dc5469ab04f0e57c3e3c7bf4ea746167141198b3f7e0635cd6003d57edb17beddef2ec267f752a5a51b3f7163fecda621f9a73ef433eb4351fc041c35b27b9517f9977842fae7faf81e0119baf149d35648e7bef2827a7599cecaea257182dd8dd664dfca52ff0afb8482c66624609aa6db429fcca34cbeda813213f901e41361a1406a34276f4d5de3e12dded8b7c30f317d5a962bfc8c7a8a30f66"}, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x8}, @NL80211_PKTPAT_MASK={0x24, 0x1, "3ef92d0862d4b84715d179f96eb27ea77ee6e82b33e9748b2eccbab22691edca"}]}]}]}, @NL80211_ATTR_WOWLAN_TRIGGERS={0xc, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_MAGIC_PKT={0x4}, @NL80211_WOWLAN_TRIG_ANY={0x4}]}]}, 0xd28}, 0x1, 0x0, 0x0, 0x800}, 0x8000) r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000017c0), r0) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000001880)={&(0x7f0000001780)={0x10, 0x0, 0x0, 0xe5ed565ed71c1ebe}, 0xc, &(0x7f0000001840)={&(0x7f0000001800)={0x30, r9, 0x300, 0x70bd2a, 0x25dfdbfd, {{}, {}, {0x14, 0x18, {0x1, @bearer=@l2={'ib', 0x3a, 'ipvlan1\x00'}}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000010}, 0x10) (async) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000001880)={&(0x7f0000001780)={0x10, 0x0, 0x0, 0xe5ed565ed71c1ebe}, 0xc, &(0x7f0000001840)={&(0x7f0000001800)={0x30, r9, 0x300, 0x70bd2a, 0x25dfdbfd, {{}, {}, {0x14, 0x18, {0x1, @bearer=@l2={'ib', 0x3a, 'ipvlan1\x00'}}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000010}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000018c0), r0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000018c0), r0) bpf$MAP_CREATE(0x0, &(0x7f0000001900)=@bloom_filter={0x1e, 0xe, 0xfffffff9, 0x8000, 0x2016, 0xffffffffffffffff, 0x9, '\x00', r7, 0xffffffffffffffff, 0x4, 0x1, 0x1, 0x2}, 0x48) (async) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000001900)=@bloom_filter={0x1e, 0xe, 0xfffffff9, 0x8000, 0x2016, 0xffffffffffffffff, 0x9, '\x00', r7, 0xffffffffffffffff, 0x4, 0x1, 0x1, 0x2}, 0x48) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001980), 0x4) (async) r11 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001980), 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000019c0)={0x2, 0x4, 0x8, 0x1, 0x80, r10, 0x9, '\x00', r7, r11, 0x0, 0x0, 0x2}, 0x48) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000001b40)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x8000002}, 0xc, &(0x7f0000001b00)={&(0x7f0000001a80)={0x68, 0x0, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast1}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x4}, @FOU_ATTR_PEER_V6={0x14, 0x9, @mcast2}]}, 0x68}}, 0x40000) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x40, &(0x7f0000001b80)=0xadc, 0x4) (async) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x40, &(0x7f0000001b80)=0xadc, 0x4) r12 = openat$loop_ctrl(0xffffff9c, &(0x7f0000001bc0), 0x8000, 0x0) ioctl$LOOP_CTL_GET_FREE(r12, 0x4c82) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r0, &(0x7f0000001cc0)={&(0x7f0000001c00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001c80)={&(0x7f0000001c40)={0x34, r3, 0x400, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x8ac7, 0x26}}}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x3f}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x32}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000011}, 0x9236476bce72eaef) bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=@base={0x1, 0x5, 0x3, 0x8001, 0x1080, r10, 0x80000001, '\x00', r7, r11, 0x5, 0x3, 0x3}, 0x48) ioctl$CDROM_DEBUG(0xffffffffffffffff, 0x5330, 0x0) (async) ioctl$CDROM_DEBUG(0xffffffffffffffff, 0x5330, 0x0) 2.376574846s ago: executing program 3 (id=2895): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) signalfd4(r0, &(0x7f0000000180)={[0x84b0, 0x2]}, 0x8, 0x800) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mbind(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x4, 0x0, 0x0, 0x0) gettid() ioperm(0x0, 0xfffc, 0x8005) syz_usbip_server_init(0x4) openat$cuse(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) getuid() writev(r1, &(0x7f0000000100)=[{&(0x7f0000000580)="90a71777941836f98e6aa229b1fc0d0f3559792403d4771b3cfbcdf850eb4d10ab44943950ae09ad53ce8038fa1c89e9587df286fd741ffb651776a7681cab802725296403fbe10cfee1d39a05e36acead88449426db8cc52b76d49bc073cceee31932fe63ecb97d078ecde5f4bf7b56c2bfac08ed8b558e3d0275675760d308428c6511dab2007ab97bec", 0x8b}], 0x1) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3", 0x4) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000005080)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="09de", 0x2}, {&(0x7f0000000340)="d5bb69fd2ec3a88c5df48b69469a", 0xe}], 0x2, &(0x7f0000000540)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x0) recvmmsg(r3, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000800)=""/84, 0x54}, {&(0x7f0000000880)=""/214, 0xd6}], 0x2}}], 0x1, 0x0, 0x0) sendmsg$ETHTOOL_MSG_EEE_SET(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[], 0x54}}, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000040)=0xb6, 0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000019340), 0x0, 0x0) read$msr(r5, &(0x7f0000000300)=""/102400, 0x19000) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141a42, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) 2.254339359s ago: executing program 2 (id=2896): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) r3 = syz_genetlink_get_family_id$smc(&(0x7f00000001c0), 0xffffffffffffffff) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r5 = socket$pppl2tp(0x18, 0x1, 0x1) sendmmsg$inet(r5, &(0x7f0000000400)=[{{&(0x7f0000000240)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000280)="ac363fffc5a0c6d62d6806169cb8da", 0xf}, {&(0x7f00000002c0)="aeb2e1869c80c6ebe263470a82c36ae9c5d02b448202e1a6dcbdc07dd274470bbe607780fdc57641b63e767cbd55b8f44a10ce2729e7136df7b26b76cc8ffaa215e2c537bce285b7f731b2d6f6b7bfa974f462d24f97b54810903d43eb0c8a5cd3ab2572ec20418ea4fcb6a4f9414e627617936905fcc24fde5aebaa40d2d85f6a100e23b45ddc5746b9384779bb1380b24e4d831736ac7ae352c80ddc8a221d4975e5af6ad04d226435a1406fc4a7c9efea506161daffce987b25aefb6e37848a960c0afe5193e01973ff041de644083398645772c992d32c0485520a74893a8cfea6f8fb6f24f839c49ab17436651b1b82b4b0c7b9", 0xf6}], 0x2}}], 0x1, 0x891) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = dup(r6) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x5, 0x0, 0xf0ffff, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x10}]}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000140)='dctcp\x00', 0x6) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r8, 0x6, 0x16, &(0x7f0000000100)=[@window={0x3, 0x5, 0x100}, @sack_perm, @timestamp], 0x3) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r9, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x1a, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="080029bd7000fcdbdf25010000000900030073797a300000000005000400020000000900010073797a320000000005000400020000000900010073797a31000000000900010073797a3000000000050004000100000005000400020000002b25d7516dabdd08f7fa4c17e11c1d9c596ffe8361405913c9764e009311b09c34ffc12bcbd4fb803dd2710633292002a16d77c205ee0f9ccbe01f1aacedf96bf57e91c9cf7a2be3008cdb4f8bfa516b3959e5d68de138733397868e722bb633b5b9a588368d8ef9d2e13e046a927ddee93a6d1fd08e396b474d3126cac912a80eca754bd91725bb18fc57af23c3eef1ab43fbee35bff2d9ef3738f2450c6f1c5d82f4a4ea197c770eab527a46a4f1b77b86ade68ba5bb599eaead284af212476a07185e6632aac4d8de00"], 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x4008850) r10 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r10, 0x4601, &(0x7f0000000100)={0x1f00, 0x300}) 2.189383257s ago: executing program 1 (id=2897): r0 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x1f1f, 0x300}) 1.959029128s ago: executing program 1 (id=2898): memfd_create(&(0x7f0000000040)='rootmode', 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000008"], 0x24d8}], 0x1}, 0x0) 1.95824424s ago: executing program 1 (id=2899): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000587b377115a789008380adefc907253e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) r2 = socket$netlink(0x10, 0x3, 0x9) sendmsg$NFT_BATCH(r2, &(0x7f0000004a80)={0x0, 0x0, &(0x7f0000004a40)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_DELSET={0x14}], {0x14, 0x3f8}}, 0x3c}}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_PROBE_CLIENT(r2, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x50, r3, 0x100, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x48004}, 0x0) setsockopt$sock_int(r5, 0x1, 0x7, &(0x7f0000000080), 0x4) bind$inet(r5, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r5, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r5, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={r8, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x90}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000340)={r7, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x9c) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000032c0)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff) r11 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r11, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r11, 0x894b, 0x0) 1.784836129s ago: executing program 1 (id=2900): memfd_create(&(0x7f0000000040)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xa1\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?$^\xe1Ob\xe1YV\xeb\x91\x83;\xeb\xf1\xd0\xce\xe5\x19T\xff\x01\x00\x00\xe2\xb8\xd9\xae\xcf>/\x05\x00\x00\x00\x15\x00\xbe`\'\xcb\xb6\xaf\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\t9\x11A\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfc\x00\xe3\xde\x00\x00\xa8\xcbo\x90\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x16\xdf\xb9q\xb6^r\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3U\xe6\xa9B\n\xc9%\x82\xed#?\xab\x1c\x11\x00\xc5\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x14M\x8b\xd0\xc0\xb8E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\x00\x00\x00D~\xc9=\x95\xd4\x18\x97J\x1d\xb7\x11\xcbcE\x0eAU\xe6\x19*\x98}!\xde\xf1\xd3\xf7\x84\x9c\xb4\xf1\x17\xf9-\xc6\xba\xe3\xa8oz\b\xfe\xbc\x1b\xff$\xac=\xf2V**\x8f\x84Oq\xe3\xa16\x1d{f\x91\xbbBORJ\xbcm\xfb\xb0Q\x1c\xd9\x1bg\xf5\xc9p\xc5lo\x90\xb0\xd5\x90\x86\x19\xafC\xee7\x91O)\xf1\xf0\x00\x00\x00\x00\x00\x00\x00\x05t\v\x12\x03\xf5hRQ\b\x97\xc3d-\xfb\x12\x1e\xb2\xce\x9br*M\x10\xd5g\fwx\xb8\xa9\t\xc5\xf9W\x9b\x06\xcc\xa0\x1a\x03\v\x14n7\x92{\x8bH\x9d\x95\xe31\xf4hy\xf6%\xcdC\x9cT\xec57\xbd\xd5\x81\xd9\x13\xee\xdf\xef\xf3\x17H\xd2\xe3k\xe0\xe3^y\xe3\xbb(fEt\x15\xeb/\x90\xca\xde\x189\xdfN 7}|\xa8 2\xd9;\xfa\xeayZS\x10.\x8b,\xd0\x02J\xf8>\xe9\xf0\r\xc2A\xc8q\x89\"+\xa6\xa9^E94\x01\xb5\xba]\xa8\xe9\x86\xea\xe5\xbaH\x11\x8fLLJ(\xfb\x96\x15\xbb\a\xcbj\x1b\xfdL\x88\xbf\xd7\x00\x00\x00\x00\x00t\xdd\xe7z\x87N\x9a\xd1\xe8\xe6\xe5\xa5\rz\\ljD\x19|\x84\x90\xaa\x91\x93\xc7\xdf\xd2\xe9h', 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f00000004c0)={0x0, 0x1, r0, 0x4}) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b705000000000000850000007200000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="20000000010805000000000000000000000000000900010073797a3000000080"], 0x20}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x4b, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYRESDEC=r0, @ANYRES64, @ANYRES32, @ANYRES32=r4], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000010000000000a4c000000060a01040000000000009fe3f26be984b46baf000002000000200004801c0001800900010068e173"], 0x74}}, 0x0) listen(r5, 0x4) r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000000580)) ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000180)={0x60, 0x0, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0, 0x0}) r8 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r8, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r9 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r9, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) 1.71757491s ago: executing program 1 (id=2901): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$xdp(0x2c, 0x3, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) creat(&(0x7f0000000000)='./bus\x00', 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x9, 0x9]}, 0x8) r1 = io_uring_setup(0x7583, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x2, 0x0, r0}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20) 1.156941387s ago: executing program 2 (id=2902): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000510000100000000000000009520000000000000"], &(0x7f00000003c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x10010, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x801) r4 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) setsockopt$CAN_RAW_FD_FRAMES(r4, 0x65, 0x5, &(0x7f0000000180), 0x4) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) io_setup(0x8, &(0x7f0000004200)=0x0) io_submit(r5, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000380)="27e7efdb6ced449ae8609404291ac39713b6ce4cbff9bb5fe301d94acec457edd9146a383ab578bd8a48f979e6d27b725d446d45854bc97d91b1e81a341768bc290c1b383c7cde06", 0x0, 0x48) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x4e22, 0xfffffffd, @local, 0x60}, 0x1c) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x5, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r7 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) 1.0663659s ago: executing program 1 (id=2903): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0xc0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) close(0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) inotify_init1(0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) msgget$private(0x0, 0x0) 547.012291ms ago: executing program 2 (id=2904): add_key(0x0, 0x0, &(0x7f0000000340)="143fda06ec07c23f", 0x8, 0x0) fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) write$binfmt_script(r2, &(0x7f00000000c0), 0xfea7) close_range(r1, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="00005500a01100000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="05040500d3fc09000000478803", 0xd, 0x0, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r8, 0xae9a) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80) r10 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0) r11 = fsmount(r10, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r9, r11}, 0x10) sendmmsg$inet6(r11, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000380)="fc8af6eb9386ca0bd184bfa915cf41878335215ee2664c9d98de41ccf9a3a91d63f3498b6aba366893b33516d9d424d962039ef8600bed839b2a8df0e509a8f285f7c68a032079291ac382d56a42dd53cb4f0ba7d075feebfc33993102b4b6e4078c517d96fdd5ac82d9615cf9317fa7ee4b02db95754fe6ed41c1c59b", 0x7d}, {&(0x7f00000001c0)="30e314b8", 0x4}, {&(0x7f0000000480)="16a694706153db1930b7824db448408c4f88f32ea6c5b257fdd2483a8e0f0a1d658dc8dcd4cce97f7c5c12e94a52bdb24e4a5a818f08eb56cad768318b9691ddbb2dcb126fdde808931dfc132cec9bc5dcb4e9997bf3ba7ca1aca6e0f4072a2681881f4dc5d0bec9beeff4831ea50b724ca5124e3a79746e29ec23219072d0c21017c687595f859896391cc4201e70c2a4c9c222d3d4c345356850f9dc943be7c3604e72d07b2ee156d2cb598f", 0xad}, {&(0x7f0000000540)="8f2e45c13b6dafa87406e2e0e008fe2b51fdbad0d0a3db956a62fbf921d622bbaf1f00460ac17dab1043c2bbdc53f0ee4ccb22dbc24441d2674d6c0e15006b229631d6dee21a2148c95bb47f7fa6ed4f1f5f1174a9d07d9d8b6d9fd3888f6706e4afedbe8170ecca839a33eaebd9ce7b9b850873c4c2d7ebbace0c97a1a1db49badec4508d2ceff4eebe3b52a51783ab1070ff42a5044fbf57d206fd27b2f84d0b33bb54da1a0db5f154b24f4db005443998dee97293bf749ff29bddca4b", 0xbe}, {&(0x7f0000000600)}, {&(0x7f0000000680)="b4982c7f2127ddb15600d51f82fed2317d0dd40dd30173a2f5904a", 0x1b}], 0x6, &(0x7f0000000700)=[@dontfrag={{0x10, 0x29, 0x3e, 0x10001}}, @rthdrdstopts={{0xec, 0x29, 0x37, {0x3c, 0x1a, '\x00', [@jumbo={0xc2, 0x4, 0x3}, @enc_lim={0x4, 0x1, 0x48}, @generic={0x7, 0x8a, "49c22b6d69099a150ed5da57264d36cffd55c8aeadef80cf4c723bdce8394a7e3560101e5992f459e78ca7a02e8c34dfaa5cd902042f4665209d43a08e862b0defd465ee5f365b97f878d036d3b54a67edb8b73efaabccf9ace08a9470ea49ec025ab3797022823429d6a8099021a832c329c44d3f96d2a6dbbb60d8b977ce1f3a767879bbf2471f892d"}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @private0}, @calipso={0x7, 0x10, {0x3, 0x2, 0xe2, 0xfff, [0x1]}}, @enc_lim={0x4, 0x1, 0x3}]}}}], 0xfc}}], 0x1, 0x0) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004ca]}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r8, 0xae80, 0x0) 476.223733ms ago: executing program 3 (id=2905): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000180)={{}, {0x1, 0x5}}, 0x24, 0x1) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) llistxattr(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000480)=""/6, 0xfffffffffffffe7f) truncate(&(0x7f0000000080)='./file0\x00', 0xfffffe00) r1 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}}, 0x24) bind$rxrpc(r1, &(0x7f0000000100)=@in4={0x21, 0x400, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000040)) 426.718765ms ago: executing program 3 (id=2906): socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[], 0x232) socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="250000000000fcffffff010000000000000009410000004c00180008000062726f61646361f1ffffff69a88600000000000000000000000000000000000000000000000000000000000008000000000000000000"], 0x68}}, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x0, 0x0, 0x0) sendmmsg$sock(r6, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'veth0_vlan\x00', @random="010000201000"}) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r7 = io_uring_setup(0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) r8 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@ip_tos_u8={{0xd}}, @ip_ttl={{0x10, 0x110}}], 0x20}, 0x0) epoll_create(0x80) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000000500000035050000000000d28500000007009c880000950000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x90) 202.679317ms ago: executing program 0 (id=2907): socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[], 0x232) socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="250000000000fcffffff010000000000000009410000004c00180008000062726f61646361f1ffffff69a88600000000000000000000000000000000000000000000000000000000000008000000000000000000"], 0x68}}, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x0, 0x0, 0x0) sendmmsg$sock(r6, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'veth0_vlan\x00', @random="010000201000"}) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r7 = io_uring_setup(0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) r8 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@ip_tos_u8={{0xd}}, @ip_ttl={{0x10, 0x110}}], 0x20}, 0x0) epoll_create(0x80) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000000500000035050000000000d28500000007009c880000950000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x90) 179.694075ms ago: executing program 2 (id=2908): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000400)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @private}}}}) setsockopt$inet_udp_int(r1, 0x11, 0x0, 0x0, 0x0) 96.857565ms ago: executing program 2 (id=2909): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x300}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x300}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x2}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x10, 0x6, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x10, 0x6, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000001000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xd6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xc}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xd6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xc}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc) syz_clone(0x2000400, &(0x7f0000000080)="5bd52c5d5c0b28a79fd276ae4bdb17a5eb1e0020cf3a33fc1f32", 0x1a, &(0x7f00000001c0), &(0x7f0000000280), &(0x7f00000002c0)='wA') (async) syz_clone(0x2000400, &(0x7f0000000080)="5bd52c5d5c0b28a79fd276ae4bdb17a5eb1e0020cf3a33fc1f32", 0x1a, &(0x7f00000001c0), &(0x7f0000000280), &(0x7f00000002c0)='wA') r4 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r4, &(0x7f0000000480)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r5 = dup2(r4, r4) sendmmsg$unix(r5, &(0x7f0000001e80)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="12f8a2b2236d539f42b67e083fcd9b5de2cb490c038d25210290c4cc3afacede0f7d823ef5968c9a", 0x28}], 0x1}}, {{&(0x7f0000000440)=@abs, 0x18, 0x0}}], 0x2, 0x0) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000580)=[@textreal={0x8, &(0x7f0000000600)="baf80c66b8246a648666efbafc0ced0f0fbba200a7ff1c67f30f09660f38813564dbe8660f38205a000f1c47080f01c366b80a0000000f23c00f21f86635010004000f23f8", 0x45}], 0x1, 0xe0, &(0x7f0000000680)=[@dstype3={0x7, 0x4}], 0x1) (async) syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000580)=[@textreal={0x8, &(0x7f0000000600)="baf80c66b8246a648666efbafc0ced0f0fbba200a7ff1c67f30f09660f38813564dbe8660f38205a000f1c47080f01c366b80a0000000f23c00f21f86635010004000f23f8", 0x45}], 0x1, 0xe0, &(0x7f0000000680)=[@dstype3={0x7, 0x4}], 0x1) select(0x40, &(0x7f0000000440)={0xffffffffffff7095, 0x34ed, 0xd, 0x3, 0xf892, 0x6, 0x4}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x2710}) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000005c0)={@cgroup, 0xffffffffffffffff, 0x10, 0x0, 0x0, @link_id}, 0x20) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000005c0)={@cgroup, 0xffffffffffffffff, 0x10, 0x0, 0x0, @link_id}, 0x20) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000003c0), 0x12) write(0xffffffffffffffff, &(0x7f0000000000)="4434e655133affcedf05d1fdb9ed716669025296de918121e7a8316779acedf6f2a4ae9f2025e606d665d1cc013f3bb0e150ebbee90a6e3beb954995b2034cd02b62bd1902ed6a55a44ef2d173c398af21d46ed6ab4f0ddb36f6c60a1b63aca9cc0c944b9df1c7dffafd4e297a95c10fae50bbb3caf8602f473369d247a969c034772ca174ec1ad563ccd73b566d986b51b0db8d64319e55214de93659033eb0", 0xa0) (async) write(0xffffffffffffffff, &(0x7f0000000000)="4434e655133affcedf05d1fdb9ed716669025296de918121e7a8316779acedf6f2a4ae9f2025e606d665d1cc013f3bb0e150ebbee90a6e3beb954995b2034cd02b62bd1902ed6a55a44ef2d173c398af21d46ed6ab4f0ddb36f6c60a1b63aca9cc0c944b9df1c7dffafd4e297a95c10fae50bbb3caf8602f473369d247a969c034772ca174ec1ad563ccd73b566d986b51b0db8d64319e55214de93659033eb0", 0xa0) 0s ago: executing program 2 (id=2910): read$FUSE(0xffffffffffffffff, &(0x7f00000077c0)={0x2020}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r1 = accept4(r0, &(0x7f00000000c0)=@isdn, &(0x7f0000000140)=0x80, 0x80000) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) inotify_init1(0x80000) open_by_handle_at(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="90000000fb00000000fb90020425d260ab0f3bb2484f36e249eb6626130b9de4d8ee1059f73d2edd5538b933bacb0f4cf3bd4357886e866641916c2bad87e57068afc57315ff801505cf5febe02f4837654e4d662015965ea41c59dabb330000000000000001cb761e82859704d2312c4dec2f57b96fc12e5c161eb89eb11414ac00c6b7a32471f53f138ea506468b71a029"], 0x80000) bind$can_j1939(r1, &(0x7f0000000200)={0x1d, r2, 0x1, {0x2, 0xf0, 0x1}}, 0x18) socket$kcm(0x10, 0x3, 0x10) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r4 = socket$key(0xf, 0x3, 0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f00000003c0)=0x11, 0x4) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000001a00)=0x9, 0x4) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='io.stat\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r6}, 0x10) sendmsg$IPVS_CMD_GET_INFO(r6, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe000000008500000028000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5071bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000380)="7c53310100f9ff61efd106939fc1", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$SO_J1939_PROMISC(r6, 0x6b, 0x2, &(0x7f0000000000), 0x4) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11) sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="020306001b0000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000000000a0000000000000100000000000000000000000000000000000000000000000004000400000080000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000fe8800000000000000000000000000010000000000000000030007000000000002000000ffffffff0000000000000000020013"], 0xd8}}, 0x0) kernel console output (not intermixed with test programs): 3e0 [ 672.670205][T14056] tomoyo_realpath_from_path+0x1a7/0x710 [ 672.672584][T14056] tomoyo_path_number_perm+0x245/0x5b0 [ 672.674859][T14056] ? tomoyo_path_number_perm+0x232/0x5b0 [ 672.677328][T14056] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 672.679975][T14056] ? __pfx_lock_release+0x10/0x10 [ 672.681978][T14056] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 672.684398][T14056] ? __fget_files+0x256/0x400 [ 672.686452][T14056] security_file_ioctl_compat+0x75/0xc0 [ 672.688863][T14056] __do_compat_sys_ioctl+0x5d/0x330 [ 672.691140][T14056] __do_fast_syscall_32+0x73/0x120 [ 672.693394][T14056] do_fast_syscall_32+0x32/0x80 [ 672.695568][T14056] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 672.698073][T14056] RIP: 0023:0xf7f22579 [ 672.699810][T14056] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 672.707953][T14056] RSP: 002b:00000000f56d657c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 672.711650][T14056] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c01064c7 [ 672.714807][T14056] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 672.718208][T14056] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 672.721435][T14056] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 672.724823][T14056] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 672.728322][T14056] [ 672.733786][T14056] ERROR: Out of memory at tomoyo_realpath_from_path. [ 672.929034][ T5356] Bluetooth: hci3: unexpected event for opcode 0x042c [ 673.106190][T14074] FAULT_INJECTION: forcing a failure. [ 673.106190][T14074] name failslab, interval 1, probability 0, space 0, times 0 [ 673.110456][T14074] CPU: 0 UID: 0 PID: 14074 Comm: syz.2.2332 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 673.113984][T14074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 673.115430][T14076] FAULT_INJECTION: forcing a failure. [ 673.115430][T14076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 673.117703][T14074] Call Trace: [ 673.117711][T14074] [ 673.117716][T14074] dump_stack_lvl+0x16c/0x1f0 [ 673.126612][T14074] should_fail_ex+0x497/0x5b0 [ 673.128167][T14074] ? fs_reclaim_acquire+0xae/0x160 [ 673.129818][T14074] should_failslab+0xc2/0x120 [ 673.131453][T14074] kmem_cache_alloc_node_noprof+0x71/0x310 [ 673.133635][T14074] ? __alloc_skb+0x2b3/0x380 [ 673.135411][T14074] __alloc_skb+0x2b3/0x380 [ 673.136790][T14074] ? __pfx___alloc_skb+0x10/0x10 [ 673.138336][T14074] ? __pfx_aa_sk_perm+0x10/0x10 [ 673.140199][T14074] pfkey_sendmsg+0x16e/0x840 [ 673.141951][T14074] ? security_socket_sendmsg+0x8c/0xc0 [ 673.143587][T14074] ____sys_sendmsg+0x9b4/0xb50 [ 673.145171][T14074] ? __pfx_____sys_sendmsg+0x10/0x10 [ 673.147175][T14074] ? get_compat_msghdr+0x11b/0x170 [ 673.148976][T14074] ? __pfx___lock_acquire+0x10/0x10 [ 673.150511][T14074] ___sys_sendmsg+0x135/0x1e0 [ 673.152228][T14074] ? __pfx____sys_sendmsg+0x10/0x10 [ 673.154186][T14074] ? ksys_write+0x21c/0x260 [ 673.155757][T14074] ? __fget_light+0x173/0x210 [ 673.157155][T14074] __sys_sendmsg+0x117/0x1f0 [ 673.158801][T14074] ? __pfx___sys_sendmsg+0x10/0x10 [ 673.160694][T14074] __do_fast_syscall_32+0x73/0x120 [ 673.162494][T14074] do_fast_syscall_32+0x32/0x80 [ 673.164145][T14074] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 673.166377][T14074] RIP: 0023:0xf749e579 [ 673.167926][T14074] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 673.174624][T14074] RSP: 002b:00000000f57b657c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 673.177792][T14074] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000280 [ 673.180974][T14074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 673.183761][T14074] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 673.186750][T14074] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 673.189796][T14074] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 673.192845][T14074] [ 673.193986][T14076] CPU: 3 UID: 0 PID: 14076 Comm: syz.3.2333 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 673.198285][T14076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 673.202602][T14076] Call Trace: [ 673.204085][T14076] [ 673.205386][T14076] dump_stack_lvl+0x16c/0x1f0 [ 673.207492][T14076] should_fail_ex+0x497/0x5b0 [ 673.209394][T14076] _copy_from_user+0x30/0xf0 [ 673.211227][T14076] memdup_user+0x71/0xd0 [ 673.212932][T14076] strndup_user+0x78/0xe0 [ 673.214768][T14076] __ia32_sys_mount+0x138/0x310 [ 673.216933][T14076] ? __pfx___ia32_sys_mount+0x10/0x10 [ 673.219296][T14076] __do_fast_syscall_32+0x73/0x120 [ 673.221597][T14076] do_fast_syscall_32+0x32/0x80 [ 673.223818][T14076] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 673.226307][T14076] RIP: 0023:0xf7f22579 [ 673.228081][T14076] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 673.236359][T14076] RSP: 002b:00000000f56d657c EFLAGS: 00000292 ORIG_RAX: 0000000000000015 [ 673.239971][T14076] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 673.243372][T14076] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 00000000200003c0 [ 673.246872][T14076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 673.250342][T14076] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 673.253814][T14076] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 673.257118][T14076] [ 673.389172][T14078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2335'. [ 674.511994][ T39] audit: type=1326 audit(1722742027.915:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.2.2343" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x0 [ 674.616066][T14106] FAULT_INJECTION: forcing a failure. [ 674.616066][T14106] name failslab, interval 1, probability 0, space 0, times 0 [ 674.621224][T14106] CPU: 2 UID: 0 PID: 14106 Comm: syz.1.2345 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 674.625186][T14106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 674.629000][T14106] Call Trace: [ 674.630341][T14106] [ 674.631615][T14106] dump_stack_lvl+0x16c/0x1f0 [ 674.633270][T14106] should_fail_ex+0x497/0x5b0 [ 674.634899][T14106] ? fs_reclaim_acquire+0xae/0x160 [ 674.636683][T14106] should_failslab+0xc2/0x120 [ 674.638316][T14106] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 674.640179][T14106] ? ptlock_alloc+0x1f/0x70 [ 674.641960][T14106] ptlock_alloc+0x1f/0x70 [ 674.643497][T14106] pte_alloc_one+0x74/0x370 [ 674.645203][T14106] __handle_mm_fault+0x37c6/0x5360 [ 674.646963][T14106] ? __pfx_mt_find+0x10/0x10 [ 674.648889][T14106] ? __pfx___handle_mm_fault+0x10/0x10 [ 674.651261][T14106] ? find_vma+0xc0/0x140 [ 674.653142][T14106] ? __pfx_find_vma+0x10/0x10 [ 674.654922][T14106] handle_mm_fault+0x44e/0x7b0 [ 674.656831][T14106] ? __pkru_allows_pkey+0x52/0xb0 [ 674.659045][T14106] do_user_addr_fault+0x7a3/0x13f0 [ 674.661139][T14106] exc_page_fault+0x5c/0xc0 [ 674.662805][T14106] asm_exc_page_fault+0x26/0x30 [ 674.664908][T14106] RIP: 0010:__get_user_4+0x11/0x20 [ 674.666997][T14106] Code: 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 674.674186][T14106] RSP: 0018:ffffc900228cf9e8 EFLAGS: 00050206 [ 674.676709][T14106] RAX: 0000000020000000 RBX: 0000000000000084 RCX: ffffc900228cf950 [ 674.679910][T14106] RDX: 0000000000000000 RSI: ffffffff8a46ca32 RDI: ffffffff8bb04260 [ 674.683028][T14106] RBP: ffffc900228cfcf0 R08: 0000000000000000 R09: fffffbfff20220db [ 674.686533][T14106] R10: ffffffff901106df R11: 0000000000000000 R12: 0000000000000000 [ 674.690064][T14106] R13: ffff88802a099e00 R14: 0000000000000001 R15: ffffffff88d8f3d0 [ 674.693616][T14106] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 674.696165][T14106] ? sctp_getsockopt+0x292/0x7ae0 [ 674.698309][T14106] sctp_getsockopt+0x29e/0x7ae0 [ 674.700348][T14106] ? aa_label_sk_perm+0x165/0x560 [ 674.702512][T14106] ? __lock_acquire+0xbdd/0x3cb0 [ 674.704627][T14106] ? __pfx_sctp_getsockopt+0x10/0x10 [ 674.706852][T14106] ? __might_fault+0x13b/0x190 [ 674.708911][T14106] ? __pfx___lock_acquire+0x10/0x10 [ 674.711110][T14106] ? hlock_class+0x4e/0x130 [ 674.712686][T14106] ? __pfx___might_resched+0x10/0x10 [ 674.714485][T14106] ? __pfx___lock_acquire+0x10/0x10 [ 674.716276][T14106] ? __pfx_lock_release+0x10/0x10 [ 674.718011][T14106] ? aa_sk_perm+0x2f5/0xb40 [ 674.719600][T14106] ? __pfx_aa_sk_perm+0x10/0x10 [ 674.721321][T14106] ? find_held_lock+0x2d/0x110 [ 674.723014][T14106] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 674.725360][T14106] ? do_sock_getsockopt+0x2e5/0x7c0 [ 674.727410][T14106] do_sock_getsockopt+0x2e5/0x7c0 [ 674.729409][T14106] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 674.731582][T14106] ? __fget_files+0x256/0x400 [ 674.733439][T14106] ? __fget_light+0x173/0x210 [ 674.735297][T14106] __sys_getsockopt+0x1a1/0x270 [ 674.737234][T14106] ? __pfx___sys_getsockopt+0x10/0x10 [ 674.739345][T14106] ? fput+0x32/0x390 [ 674.740898][T14106] ? ksys_write+0x1ab/0x260 [ 674.742803][T14106] ? __pfx_ksys_write+0x10/0x10 [ 674.744364][T14110] serio: Serial port pts1 [ 674.744753][T14106] __ia32_sys_getsockopt+0xbc/0x160 [ 674.748731][T14106] ? lockdep_hardirqs_on+0x7c/0x110 [ 674.750786][T14106] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 674.753356][T14106] __do_fast_syscall_32+0x73/0x120 [ 674.755367][T14106] do_fast_syscall_32+0x32/0x80 [ 674.757283][T14106] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 674.759765][T14106] RIP: 0023:0xf7fa3579 [ 674.761316][T14106] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 674.768739][T14106] RSP: 002b:00000000f575657c EFLAGS: 00000292 ORIG_RAX: 000000000000016d [ 674.771962][T14106] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084 [ 674.775010][T14106] RDX: 0000000000000001 RSI: 0000000020000f00 RDI: 0000000020000000 [ 674.778011][T14106] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 674.781010][T14106] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 674.784102][T14106] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 674.787173][T14106] [ 674.852890][T12526] Bluetooth: hci6: sending frame failed (-49) [ 674.861649][ T5356] Bluetooth: hci6: Opcode 0x1003 failed: -49 [ 674.864934][T14116] FAULT_INJECTION: forcing a failure. [ 674.864934][T14116] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 674.871028][T14116] CPU: 1 UID: 0 PID: 14116 Comm: syz.3.2348 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 674.875423][T14116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 674.880110][T14116] Call Trace: [ 674.881461][T14116] [ 674.882700][T14116] dump_stack_lvl+0x16c/0x1f0 [ 674.884500][T14116] should_fail_ex+0x497/0x5b0 [ 674.886256][T14116] _copy_from_user+0x30/0xf0 [ 674.888132][T14116] __do_compat_sys_socketcall+0x14f/0x700 [ 674.890643][T14116] ? __pfx___do_compat_sys_socketcall+0x10/0x10 [ 674.893366][T14116] ? fput+0x32/0x390 [ 674.895082][T14116] ? ksys_write+0x1ab/0x260 [ 674.897089][T14116] ? __pfx_ksys_write+0x10/0x10 [ 674.899218][T14116] __do_fast_syscall_32+0x73/0x120 [ 674.901505][T14116] do_fast_syscall_32+0x32/0x80 [ 674.903621][T14116] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 674.906340][T14116] RIP: 0023:0xf7f22579 [ 674.908149][T14116] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 674.915146][T14117] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2346'. [ 674.916349][T14116] RSP: 002b:00000000f56d54d0 EFLAGS: 00000282 ORIG_RAX: 0000000000000066 [ 674.922982][T14116] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f56d54e0 [ 674.926428][T14116] RDX: 00000000f73acff4 RSI: 0000000000000000 RDI: 0000000000000000 [ 674.929936][T14116] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 674.933130][T14116] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 674.936182][T14116] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 674.939438][T14116] [ 674.940798][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.944050][T14116] IPv6: Can't replace route, no match found [ 675.021081][T14120] IPv6: Can't replace route, no match found [ 675.620693][T14133] FAULT_INJECTION: forcing a failure. [ 675.620693][T14133] name failslab, interval 1, probability 0, space 0, times 0 [ 675.626045][T14133] CPU: 2 UID: 0 PID: 14133 Comm: syz.1.2352 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 675.630529][T14133] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 675.635078][T14133] Call Trace: [ 675.636532][T14133] [ 675.637816][T14133] dump_stack_lvl+0x16c/0x1f0 [ 675.639872][T14133] should_fail_ex+0x497/0x5b0 [ 675.641899][T14133] ? fs_reclaim_acquire+0xae/0x160 [ 675.644094][T14133] should_failslab+0xc2/0x120 [ 675.646115][T14133] __kmalloc_noprof+0xcb/0x410 [ 675.648203][T14133] ? __pfx_d_absolute_path+0x10/0x10 [ 675.650502][T14133] tomoyo_encode2+0x100/0x3e0 [ 675.652587][T14133] tomoyo_realpath_from_path+0x1a7/0x710 [ 675.655028][T14133] tomoyo_path_number_perm+0x245/0x5b0 [ 675.657371][T14133] ? tomoyo_path_number_perm+0x232/0x5b0 [ 675.659805][T14133] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 675.662215][T14133] ? __pfx_lock_release+0x10/0x10 [ 675.664228][T14133] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 675.666734][T14133] ? __fget_files+0x256/0x400 [ 675.668758][T14133] security_file_ioctl_compat+0x75/0xc0 [ 675.671094][T14133] __do_compat_sys_ioctl+0x5d/0x330 [ 675.673235][T14133] __do_fast_syscall_32+0x73/0x120 [ 675.675324][T14133] do_fast_syscall_32+0x32/0x80 [ 675.677255][T14133] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 675.679391][T14133] RIP: 0023:0xf7fa3579 [ 675.681074][T14133] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 675.687716][T14133] RSP: 002b:00000000f573557c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 675.691305][T14133] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000540a [ 675.694355][T14133] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 675.697236][T14133] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 675.700629][T14133] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 675.703952][T14133] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 675.707343][T14133] [ 675.709689][T14133] ERROR: Out of memory at tomoyo_realpath_from_path. [ 675.912990][T14131] nbd2: detected capacity change from 0 to 4 [ 676.441580][ T5356] block nbd2: Receive control failed (result -104) [ 676.783014][ T5410] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 676.984230][ T5410] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 676.987841][ T5410] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 676.991885][ T5410] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 676.995649][ T5410] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.024505][T14141] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 677.031473][ T5410] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 677.895295][T14164] ntfs3: Unknown parameter '' [ 679.073011][ T39] audit: type=1400 audit(1722742032.465:934): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE6161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616 [ 679.388118][ T8] usb 5-1: USB disconnect, device number 33 [ 679.654818][T14185] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 679.657887][T14185] netlink: 3440 bytes leftover after parsing attributes in process `syz.1.2368'. [ 679.660954][T14185] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2368'. [ 679.664591][T14185] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 679.667741][T14185] netlink: 5888 bytes leftover after parsing attributes in process `syz.1.2368'. [ 680.828904][T14216] trusted_key: encrypted_key: keylen parameter is missing [ 680.910435][T14226] team0: Device wg2 is of different type [ 681.119020][T14237] Bluetooth: MGMT ver 1.23 [ 682.121992][T14250] FAULT_INJECTION: forcing a failure. [ 682.121992][T14250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 682.130632][T14250] CPU: 2 UID: 0 PID: 14250 Comm: syz.1.2387 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 682.135434][T14250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 682.140210][T14250] Call Trace: [ 682.141733][T14250] [ 682.143082][T14250] dump_stack_lvl+0x16c/0x1f0 [ 682.145235][T14250] should_fail_ex+0x497/0x5b0 [ 682.147368][T14250] _copy_from_user+0x30/0xf0 [ 682.149506][T14250] get_compat_msghdr+0xa8/0x170 [ 682.151725][T14250] ? __pfx_get_compat_msghdr+0x10/0x10 [ 682.154179][T14250] ? kfree+0x245/0x3b0 [ 682.156034][T14250] ? find_held_lock+0x2d/0x110 [ 682.158196][T14250] ___sys_recvmsg+0x193/0x1a0 [ 682.160342][T14250] ? __pfx____sys_recvmsg+0x10/0x10 [ 682.162865][T14250] ? __pfx___might_resched+0x10/0x10 [ 682.165313][T14250] ? __fget_light+0x173/0x210 [ 682.167460][T14250] do_recvmmsg+0x51a/0x750 [ 682.169534][T14250] ? __pfx_do_recvmmsg+0x10/0x10 [ 682.171781][T14250] ? __pfx_lock_release+0x10/0x10 [ 682.174048][T14250] ? vfs_write+0x14d/0x1140 [ 682.176153][T14250] __sys_recvmmsg+0x21e/0x280 [ 682.178290][T14250] ? __pfx___sys_recvmmsg+0x10/0x10 [ 682.180624][T14250] ? __pfx_ksys_write+0x10/0x10 [ 682.182825][T14250] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 682.185632][T14250] ? lockdep_hardirqs_on+0x7c/0x110 [ 682.187994][T14250] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 682.190943][T14250] __do_fast_syscall_32+0x73/0x120 [ 682.193254][T14250] do_fast_syscall_32+0x32/0x80 [ 682.195452][T14250] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 682.198308][T14250] RIP: 0023:0xf7fa3579 [ 682.200166][T14250] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 682.208669][T14250] RSP: 002b:00000000f575657c EFLAGS: 00000292 ORIG_RAX: 0000000000000151 [ 682.212385][T14250] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 682.215957][T14250] RDX: 0000000000000284 RSI: 000000000000002b RDI: 0000000000000000 [ 682.219462][T14250] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 682.222990][T14250] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 682.226515][T14250] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 682.230052][T14250] [ 682.924070][ T5356] Bluetooth: hci3: command 0x0406 tx timeout [ 684.110939][T14281] FAULT_INJECTION: forcing a failure. [ 684.110939][T14281] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 684.116572][T14281] CPU: 0 UID: 0 PID: 14281 Comm: syz.3.2396 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 684.120696][T14281] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 684.124986][T14281] Call Trace: [ 684.126204][T14281] [ 684.127209][T14281] dump_stack_lvl+0x16c/0x1f0 [ 684.128848][T14281] should_fail_ex+0x497/0x5b0 [ 684.130431][T14281] _copy_from_user+0x30/0xf0 [ 684.132414][T14281] kstrtouint_from_user+0xd7/0x1c0 [ 684.134511][T14281] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 684.136840][T14281] ? __pfx_lock_acquire+0x10/0x10 [ 684.138843][T14281] proc_fail_nth_write+0x84/0x270 [ 684.140562][T14281] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 684.142827][T14281] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 684.145642][T14281] vfs_write+0x29a/0x1140 [ 684.147583][T14281] ? __fdget_pos+0xeb/0x180 [ 684.149546][T14281] ? __pfx_vfs_write+0x10/0x10 [ 684.151200][T14281] ? __pfx___mutex_lock+0x10/0x10 [ 684.153021][T14281] ? __fget_files+0x256/0x400 [ 684.154579][T14281] ksys_write+0x12f/0x260 [ 684.156335][T14281] ? __pfx_ksys_write+0x10/0x10 [ 684.158397][T14281] __do_fast_syscall_32+0x73/0x120 [ 684.160610][T14281] do_fast_syscall_32+0x32/0x80 [ 684.162575][T14281] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.165238][T14281] RIP: 0023:0xf7f22579 [ 684.166638][T14281] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 684.175588][T14281] RSP: 002b:00000000f56b55b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 684.178689][T14281] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f56b5630 [ 684.182026][T14281] RDX: 0000000000000001 RSI: 00000000f73acff4 RDI: 0000000000000000 [ 684.185481][T14281] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 684.188923][T14281] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 684.192399][T14281] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 684.195838][T14281] [ 684.482154][T14293] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 684.587363][T14295] FAULT_INJECTION: forcing a failure. [ 684.587363][T14295] name failslab, interval 1, probability 0, space 0, times 0 [ 684.592681][T14295] CPU: 1 UID: 0 PID: 14295 Comm: syz.3.2400 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 684.596944][T14295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 684.600872][T14295] Call Trace: [ 684.602112][T14295] [ 684.603364][T14295] dump_stack_lvl+0x16c/0x1f0 [ 684.605539][T14295] should_fail_ex+0x497/0x5b0 [ 684.607833][T14295] ? fs_reclaim_acquire+0xae/0x160 [ 684.610330][T14295] should_failslab+0xc2/0x120 [ 684.612523][T14295] __kmalloc_noprof+0xcb/0x410 [ 684.614678][T14295] ? __pfx_lock_release+0x10/0x10 [ 684.616752][T14295] process_vm_rw_core.constprop.0+0x1e5/0xa10 [ 684.619468][T14295] ? ___kmalloc_large_node+0x127/0x1a0 [ 684.622006][T14295] ? lockdep_hardirqs_on+0x7c/0x110 [ 684.624475][T14295] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 684.627489][T14295] ? rcu_is_watching+0x12/0xc0 [ 684.629760][T14295] process_vm_rw+0x301/0x360 [ 684.631654][T14295] ? __pfx_process_vm_rw+0x10/0x10 [ 684.633603][T14295] ? ksys_write+0x21c/0x260 [ 684.635573][T14295] ? __pfx_lock_release+0x10/0x10 [ 684.637916][T14295] ? ksys_write+0x1ab/0x260 [ 684.639583][T14295] ? __pfx_ksys_write+0x10/0x10 [ 684.641271][T14295] __ia32_sys_process_vm_readv+0xdf/0x1b0 [ 684.643821][T14295] ? lockdep_hardirqs_on+0x7c/0x110 [ 684.646226][T14295] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 684.649184][T14295] __do_fast_syscall_32+0x73/0x120 [ 684.651427][T14295] do_fast_syscall_32+0x32/0x80 [ 684.653679][T14295] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 684.656551][T14295] RIP: 0023:0xf7f22579 [ 684.658368][T14295] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 684.667045][T14295] RSP: 002b:00000000f56b557c EFLAGS: 00000292 ORIG_RAX: 000000000000015b [ 684.670719][T14295] RAX: ffffffffffffffda RBX: 000000000000016c RCX: 0000000020008400 [ 684.674213][T14295] RDX: 0000000000000002 RSI: 0000000020008640 RDI: 0000000000000286 [ 684.677326][T14295] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 684.680828][T14295] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 684.684394][T14295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 684.687987][T14295] [ 684.973704][ T39] audit: type=1326 audit(1722742038.385:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14297 comm="syz.3.2401" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f22579 code=0x0 [ 685.172216][T14302] FAULT_INJECTION: forcing a failure. [ 685.172216][T14302] name failslab, interval 1, probability 0, space 0, times 0 [ 685.181388][T14302] CPU: 3 UID: 0 PID: 14302 Comm: syz.1.2402 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 685.186039][T14302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 685.190671][T14302] Call Trace: [ 685.192150][T14302] [ 685.193474][T14302] dump_stack_lvl+0x16c/0x1f0 [ 685.195570][T14302] should_fail_ex+0x497/0x5b0 [ 685.197607][T14302] ? fs_reclaim_acquire+0xae/0x160 [ 685.199805][T14302] should_failslab+0xc2/0x120 [ 685.201749][T14302] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 685.204027][T14302] ? sctp_chunkify+0x51/0x2d0 [ 685.206076][T14302] sctp_chunkify+0x51/0x2d0 [ 685.208081][T14302] _sctp_make_chunk+0x148/0x270 [ 685.210216][T14302] sctp_make_datafrag_empty+0x15c/0x220 [ 685.212806][T14302] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 685.215528][T14302] sctp_datamsg_from_user+0x590/0x1320 [ 685.217638][T14302] sctp_sendmsg_to_asoc+0xafd/0x1ad0 [ 685.219680][T14302] ? sctp_assoc_add_peer+0x254/0x14b0 [ 685.221892][T14302] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 685.224102][T14302] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 685.226293][T14302] ? mark_held_locks+0x9f/0xe0 [ 685.228144][T14302] ? sctp_sendmsg+0x112f/0x1f10 [ 685.229828][T14302] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 685.232002][T14302] sctp_sendmsg+0x129c/0x1f10 [ 685.234096][T14302] ? __pfx___lock_acquire+0x10/0x10 [ 685.236023][T14302] ? __pfx_sctp_sendmsg+0x10/0x10 [ 685.237682][T14302] ? __pfx___might_resched+0x10/0x10 [ 685.239427][T14302] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 685.241451][T14302] ? __pfx_aa_sk_perm+0x10/0x10 [ 685.243079][T14302] ? __import_iovec+0x1fd/0x6e0 [ 685.244718][T14302] ? __pfx_sctp_sendmsg+0x10/0x10 [ 685.246424][T14302] inet_sendmsg+0x119/0x140 [ 685.247972][T14302] ____sys_sendmsg+0x90d/0xb50 [ 685.249603][T14302] ? __pfx_____sys_sendmsg+0x10/0x10 [ 685.251484][T14302] ? get_compat_msghdr+0x11b/0x170 [ 685.253563][T14302] ? __pfx___lock_acquire+0x10/0x10 [ 685.255297][T14302] ___sys_sendmsg+0x135/0x1e0 [ 685.257210][T14302] ? __pfx____sys_sendmsg+0x10/0x10 [ 685.259388][T14302] ? __pfx_lock_release+0x10/0x10 [ 685.261132][T14302] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 685.263319][T14302] ? __fget_light+0x173/0x210 [ 685.265028][T14302] __sys_sendmmsg+0x2a5/0x450 [ 685.266653][T14302] ? __pfx___sys_sendmmsg+0x10/0x10 [ 685.268437][T14302] ? vfs_write+0x14d/0x1140 [ 685.270031][T14302] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 685.272066][T14302] ? fput+0x32/0x390 [ 685.273407][T14302] ? ksys_write+0x1ab/0x260 [ 685.274961][T14302] ? __pfx_ksys_write+0x10/0x10 [ 685.276720][T14302] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 685.278514][T14302] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 685.281152][T14302] __do_fast_syscall_32+0x73/0x120 [ 685.283005][T14302] do_fast_syscall_32+0x32/0x80 [ 685.284518][T14302] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 685.286854][T14302] RIP: 0023:0xf7fa3579 [ 685.288284][T14302] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 685.295169][T14302] RSP: 002b:00000000f575657c EFLAGS: 00000292 ORIG_RAX: 0000000000000159 [ 685.298089][T14302] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020002440 [ 685.300928][T14302] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 685.304292][T14302] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 685.307008][T14302] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 685.309775][T14302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 685.312575][T14302] [ 686.187737][ T5356] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 686.200267][ T5356] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 686.207300][ T5356] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 686.211291][ T5356] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 686.218454][ T5356] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 686.222138][ T5356] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 686.498196][T14316] chnl_net:caif_netlink_parms(): no params data found [ 686.590634][T14316] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.593779][T14316] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.597266][T14316] bridge_slave_0: entered allmulticast mode [ 686.601036][T14316] bridge_slave_0: entered promiscuous mode [ 686.607682][T14316] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.610982][T14316] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.614293][T14316] bridge_slave_1: entered allmulticast mode [ 686.618321][T14316] bridge_slave_1: entered promiscuous mode [ 686.689880][T14316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 686.691526][T12700] usb 8-1: new high-speed USB device number 37 using dummy_hcd [ 686.697205][T14316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 686.779713][T14316] team0: Port device team_slave_0 added [ 686.786163][T14316] team0: Port device team_slave_1 added [ 686.843739][T14316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 686.846832][T14316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 686.857592][T14316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 686.866401][T14316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 686.869422][T14316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 686.883548][T14316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 686.895456][T12700] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 686.900031][T12700] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 686.905871][T12700] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 686.909916][T12700] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.934297][T14319] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 686.965358][T12700] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 686.968503][T14316] hsr_slave_0: entered promiscuous mode [ 686.976647][T14316] hsr_slave_1: entered promiscuous mode [ 686.983035][T14316] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 686.986191][T14316] Cannot create hsr debugfs directory [ 687.298011][T14316] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.467872][T14316] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.614739][T14316] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.754970][T14316] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.928008][T14316] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 687.933628][T14316] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 687.940714][T14316] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 687.947556][T14316] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 688.040173][T14316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 688.062148][T14316] 8021q: adding VLAN 0 to HW filter on device team0 [ 688.074745][T12835] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.078050][T12835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 688.090667][T12835] bridge0: port 2(bridge_slave_1) entered blocking state [ 688.093911][T12835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 688.293129][ T5356] Bluetooth: hci6: command tx timeout [ 688.352764][T14316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 688.356681][T13056] Bluetooth: hci7: Frame reassembly failed (-84) [ 688.406580][T14316] veth0_vlan: entered promiscuous mode [ 688.417372][T14316] veth1_vlan: entered promiscuous mode [ 688.442041][T14316] veth0_macvtap: entered promiscuous mode [ 688.450752][T14316] veth1_macvtap: entered promiscuous mode [ 688.465464][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.469775][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.474517][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.478871][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.483120][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.487992][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.492183][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.496883][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.501102][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.505676][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.509936][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.514555][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.528819][T14316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 688.539328][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.544230][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.548309][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.552756][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.557093][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.562532][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.566940][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.571083][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.574942][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.579066][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.583241][T14316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.587583][T14316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.594201][T14316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 688.605020][T14316] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.608837][T14316] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.612499][T14316] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.616974][T14316] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.681601][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 688.688845][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 688.708373][T12693] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 688.711750][T12693] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 688.773280][ T57] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 688.986283][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 688.994112][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 689.003913][ T57] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 689.015669][ T57] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 689.024759][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.033970][ T57] usb 5-1: config 0 descriptor?? [ 689.122152][T12700] usb 8-1: USB disconnect, device number 37 [ 689.461451][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.472994][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.476311][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.480662][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.493448][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.497461][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.500914][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.504470][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.507776][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.511434][ T57] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 689.520094][ T57] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 689.528171][T14374] FAULT_INJECTION: forcing a failure. [ 689.528171][T14374] name failslab, interval 1, probability 0, space 0, times 0 [ 689.534940][T14374] CPU: 2 UID: 0 PID: 14374 Comm: syz.2.2416 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 689.536575][ T57] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 689.539480][T14374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 689.549267][T14374] Call Trace: [ 689.550692][T14374] [ 689.552006][T14374] dump_stack_lvl+0x16c/0x1f0 [ 689.554045][T14374] should_fail_ex+0x497/0x5b0 [ 689.555969][T14374] ? fs_reclaim_acquire+0xae/0x160 [ 689.558374][T14374] should_failslab+0xc2/0x120 [ 689.561149][T14374] __kmalloc_cache_noprof+0x6b/0x310 [ 689.563350][T14374] ? rxrpc_lookup_local+0x53e/0x1240 [ 689.565583][T14374] rxrpc_lookup_local+0x53e/0x1240 [ 689.567677][T14374] ? lockdep_hardirqs_on_prepare+0xa0/0x420 [ 689.570063][T14374] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 689.572300][T14374] ? rxrpc_sendmsg+0x113/0x5f0 [ 689.574449][T14374] ? __local_bh_enable_ip+0xa4/0x120 [ 689.576708][T14374] rxrpc_sendmsg+0x375/0x5f0 [ 689.578469][T14374] ____sys_sendmsg+0x9b4/0xb50 [ 689.580352][T14374] ? __pfx_____sys_sendmsg+0x10/0x10 [ 689.582501][T14374] ? get_compat_msghdr+0x11b/0x170 [ 689.584224][T14374] ? __pfx___lock_acquire+0x10/0x10 [ 689.585948][T14374] ___sys_sendmsg+0x135/0x1e0 [ 689.587535][T14374] ? __pfx____sys_sendmsg+0x10/0x10 [ 689.589367][T14374] ? ksys_write+0x21c/0x260 [ 689.590950][T14374] ? __fget_light+0x173/0x210 [ 689.592969][T14374] __sys_sendmsg+0x117/0x1f0 [ 689.594983][T14374] ? __pfx___sys_sendmsg+0x10/0x10 [ 689.597192][T14374] __do_fast_syscall_32+0x73/0x120 [ 689.599389][T14374] do_fast_syscall_32+0x32/0x80 [ 689.601511][T14374] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 689.604215][T14374] RIP: 0023:0xf7f20579 [ 689.605928][T14374] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 689.613519][T14374] RSP: 002b:00000000f56d657c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 689.616745][T14374] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000080 [ 689.620068][T14374] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 689.623427][T14374] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 689.626764][T14374] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 689.630115][T14374] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 689.633193][T14374] [ 689.749883][ T57] usb 5-1: USB disconnect, device number 34 [ 689.775635][T14379] syzkaller1: entered promiscuous mode [ 689.778156][T14379] syzkaller1: entered allmulticast mode [ 690.203015][T12526] Bluetooth: hci5: command 0x0406 tx timeout [ 690.363048][T12526] Bluetooth: hci6: command tx timeout [ 690.363087][ T5356] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 690.363428][ T5352] Bluetooth: hci7: command 0x1003 tx timeout [ 691.086069][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.088721][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.782229][ T5356] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 691.785778][ T5356] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 692.443270][ T5356] Bluetooth: hci6: command tx timeout [ 692.751599][T14425] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2428'. [ 692.820498][T14427] 9pnet_fd: Insufficient options for proto=fd [ 694.198539][T14441] input: syz0 as /devices/virtual/input/input20 [ 694.426170][T14446] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2434'. [ 694.523660][ T5356] Bluetooth: hci6: command tx timeout [ 695.354415][T14452] netlink: 'syz.1.2437': attribute type 10 has an invalid length. [ 695.393010][T14452] macvlan0: entered promiscuous mode [ 695.401476][T14452] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 695.409991][T14457] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2438'. [ 695.424410][T14457] FAULT_INJECTION: forcing a failure. [ 695.424410][T14457] name failslab, interval 1, probability 0, space 0, times 0 [ 695.451039][T14457] CPU: 3 UID: 0 PID: 14457 Comm: syz.3.2438 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 695.455090][T14457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 695.459744][T14457] Call Trace: [ 695.461182][T14457] [ 695.462218][T14457] dump_stack_lvl+0x16c/0x1f0 [ 695.463836][T14457] should_fail_ex+0x497/0x5b0 [ 695.465781][T14457] ? fs_reclaim_acquire+0xae/0x160 [ 695.467944][T14457] should_failslab+0xc2/0x120 [ 695.469562][T14457] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 695.471830][T14457] ? __kernfs_new_node+0xd3/0x890 [ 695.473954][T14457] ? kstrdup+0x5c/0x80 [ 695.475661][T14457] __kernfs_new_node+0xd3/0x890 [ 695.477728][T14457] ? __pfx___lock_acquire+0x10/0x10 [ 695.479896][T14457] ? __pfx___kernfs_new_node+0x10/0x10 [ 695.481776][T14457] ? __pfx_lock_release+0x10/0x10 [ 695.483432][T14457] ? down_write+0x14e/0x200 [ 695.484837][T14457] ? lock_acquire+0x1b1/0x560 [ 695.486479][T14457] ? find_held_lock+0x2d/0x110 [ 695.488207][T14457] kernfs_new_node+0x186/0x240 [ 695.489956][T14457] kernfs_create_link+0xcc/0x240 [ 695.491750][T14457] sysfs_do_create_link_sd+0x90/0x140 [ 695.493965][T14457] sysfs_create_link+0x61/0xc0 [ 695.495911][T14457] device_add+0x62e/0x1a70 [ 695.497717][T14457] ? __pfx_device_add+0x10/0x10 [ 695.499870][T14457] ? __init_waitqueue_head+0xca/0x150 [ 695.502176][T14457] netdev_register_kobject+0x187/0x3f0 [ 695.504181][T14457] register_netdevice+0x1473/0x1e20 [ 695.506319][T14457] ? __pfx_register_netdevice+0x10/0x10 [ 695.508610][T14457] ip6gre_newlink_common.constprop.0+0x178/0x370 [ 695.511244][T14457] ? __pfx_ip6gre_newlink_common.constprop.0+0x10/0x10 [ 695.514021][T14457] ip6gre_newlink+0x12b/0x360 [ 695.515903][T14457] ? __pfx_ip6gre_newlink+0x10/0x10 [ 695.518038][T14457] __rtnl_newlink+0x119c/0x1960 [ 695.520110][T14457] ? __pfx___rtnl_newlink+0x10/0x10 [ 695.522229][T14457] rtnl_newlink+0x67/0xa0 [ 695.524024][T14457] ? __pfx_rtnl_newlink+0x10/0x10 [ 695.526189][T14457] rtnetlink_rcv_msg+0x3c7/0xea0 [ 695.528273][T14457] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 695.530505][T14457] ? __pfx___lock_acquire+0x10/0x10 [ 695.532491][T14457] ? __pfx___dev_queue_xmit+0x10/0x10 [ 695.534489][T14457] netlink_rcv_skb+0x165/0x410 [ 695.536289][T14457] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 695.538091][T14457] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 695.539870][T14457] ? rcu_is_watching+0x12/0xc0 [ 695.541631][T14457] netlink_unicast+0x544/0x830 [ 695.543319][T14457] ? __pfx_netlink_unicast+0x10/0x10 [ 695.545170][T14457] ? __phys_addr_symbol+0x30/0x80 [ 695.547205][T14457] ? __check_object_size+0x497/0x720 [ 695.549384][T14457] netlink_sendmsg+0x8b8/0xd70 [ 695.551405][T14457] ? __pfx_netlink_sendmsg+0x10/0x10 [ 695.553576][T14457] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 695.555432][T14457] ____sys_sendmsg+0x9b4/0xb50 [ 695.555662][T14452] fuse: Bad value for 'fd' [ 695.557310][T14457] ? __pfx_____sys_sendmsg+0x10/0x10 [ 695.561350][T14457] ? get_compat_msghdr+0x11b/0x170 [ 695.563517][T14457] ? __pfx___lock_acquire+0x10/0x10 [ 695.565494][T14457] ___sys_sendmsg+0x135/0x1e0 [ 695.567289][T14457] ? __pfx____sys_sendmsg+0x10/0x10 [ 695.569279][T14457] ? ksys_write+0x21c/0x260 [ 695.570952][T14457] ? __fget_light+0x173/0x210 [ 695.573008][T14457] __sys_sendmsg+0x117/0x1f0 [ 695.574851][T14457] ? __pfx___sys_sendmsg+0x10/0x10 [ 695.577035][T14457] __do_fast_syscall_32+0x73/0x120 [ 695.579148][T14457] do_fast_syscall_32+0x32/0x80 [ 695.581256][T14457] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 695.583949][T14457] RIP: 0023:0xf7f22579 [ 695.585680][T14457] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 695.593638][T14457] RSP: 002b:00000000f56d657c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 695.597120][T14457] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 695.600398][T14457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 695.603730][T14457] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 695.607022][T14457] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 695.610388][T14457] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 695.613684][T14457] [ 698.523039][T12526] Bluetooth: hci5: command 0x0406 tx timeout [ 699.334808][T14492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2447'. [ 699.492473][T14498] bridge_slave_0: left allmulticast mode [ 699.497560][T14498] bridge_slave_0: left promiscuous mode [ 699.499903][T14498] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.506663][T14498] bridge_slave_1: left allmulticast mode [ 699.508651][T14498] bridge_slave_1: left promiscuous mode [ 699.511075][T14498] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.519413][T14498] bond0: (slave bond_slave_0): Releasing backup interface [ 699.528596][T14498] bond0: (slave bond_slave_1): Releasing backup interface [ 699.571684][T14498] team0: Port device team_slave_0 removed [ 699.588239][T14498] team0: Port device team_slave_1 removed [ 699.591735][T14498] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 699.596465][T14498] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 699.601601][T14498] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 699.605681][T14498] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 699.676160][T14501] team0: Port device wg2 added [ 699.883372][T12526] Bluetooth: hci7: command 0x1003 tx timeout [ 699.886796][ T5356] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 701.519824][T14448] syz.0.2435 (14448) used greatest stack depth: 19376 bytes left [ 703.191689][T14572] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 703.196186][T14572] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 704.182705][T14595] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 704.197666][T14595] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 705.163966][ T5356] Bluetooth: hci6: command tx timeout [ 705.335389][T14625] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2489'. [ 705.341275][T14625] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2489'. [ 705.351216][T14625] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2489'. [ 705.359694][T14625] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 705.361882][T14625] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 705.364497][T14625] vhci_hcd vhci_hcd.0: Device attached [ 705.371688][T14626] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 0 [ 705.383251][T13088] vhci_hcd: stop threads [ 705.383263][T13088] vhci_hcd: release socket [ 705.383277][T13088] vhci_hcd: disconnect device [ 705.522830][T14629] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2490'. [ 705.554074][T14629] overlay: Bad value for 'redirect_dir' [ 706.417988][T14652] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2497'. [ 706.497237][ T1129] block nbd2: Possible stuck request ffff88801fa48000: control (read@0,2048B). Runtime 30 seconds [ 706.506520][T14657] FAULT_INJECTION: forcing a failure. [ 706.506520][T14657] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 706.511792][T14657] CPU: 2 UID: 0 PID: 14657 Comm: syz.0.2498 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 706.515847][T14657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 706.519887][T14657] Call Trace: [ 706.521201][T14657] [ 706.522451][T14657] dump_stack_lvl+0x16c/0x1f0 [ 706.524332][T14657] should_fail_ex+0x497/0x5b0 [ 706.525995][T14657] _copy_to_user+0x30/0xc0 [ 706.527880][T14657] environ_read+0x295/0x440 [ 706.529718][T14657] ? __pfx_environ_read+0x10/0x10 [ 706.531538][T14657] vfs_readv+0x6cb/0x8a0 [ 706.533322][T14657] ? __pfx_vfs_readv+0x10/0x10 [ 706.535352][T14657] ? find_held_lock+0x2d/0x110 [ 706.537374][T14657] ? __pfx_lock_release+0x10/0x10 [ 706.539516][T14657] ? do_preadv+0x1b2/0x260 [ 706.541418][T14657] do_preadv+0x1b2/0x260 [ 706.542905][T14657] ? __pfx_do_preadv+0x10/0x10 [ 706.544700][T14657] __do_fast_syscall_32+0x73/0x120 [ 706.546849][T14657] do_fast_syscall_32+0x32/0x80 [ 706.548858][T14657] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 706.550810][T14657] RIP: 0023:0xf7f52579 [ 706.552289][T14657] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 706.559721][T14657] RSP: 002b:00000000f56e557c EFLAGS: 00000292 ORIG_RAX: 000000000000014d [ 706.563185][T14657] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020001400 [ 706.566420][T14657] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 706.569367][T14657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 706.572392][T14657] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 706.575425][T14657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 706.578476][T14657] [ 707.243262][ T5356] Bluetooth: hci6: command tx timeout [ 707.766660][T14678] overlay: ./file0 is not a directory [ 707.894239][T14678] syz.1.2503 (14678): drop_caches: 2 [ 707.896729][T14678] syz.1.2503 (14678): drop_caches: 2 [ 708.963006][ T5410] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 709.235961][ T5410] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 709.240142][ T5410] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 709.252992][ T5410] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 709.262992][ T5410] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.267486][T14698] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 709.272636][ T5410] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 709.339560][ T5356] Bluetooth: hci4: unexpected subevent 0x01 length: 25 > 18 [ 709.673023][ T5410] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 709.856202][ T5410] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 709.860906][ T5410] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 709.865326][ T5410] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 709.869547][ T5410] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.882722][T14709] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 709.898916][ T5410] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 709.922750][ T5356] Bluetooth: hci5: unexpected event 0x08 length: 78 > 4 [ 709.928642][ T39] audit: type=1326 audit(1722742063.335:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 709.956732][ T39] audit: type=1326 audit(1722742063.335:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 709.970344][ T39] audit: type=1326 audit(1722742063.345:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 709.985723][ T39] audit: type=1326 audit(1722742063.345:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 710.003335][ T39] audit: type=1326 audit(1722742063.345:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 710.012891][ T39] audit: type=1326 audit(1722742063.345:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 710.030939][ T39] audit: type=1326 audit(1722742063.345:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 710.046375][ T39] audit: type=1326 audit(1722742063.355:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 710.061024][ T39] audit: type=1326 audit(1722742063.375:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 710.071132][ T39] audit: type=1326 audit(1722742063.385:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14711 comm="syz.1.2513" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7ffc0000 [ 711.043227][T14722] input: syz0 as /devices/virtual/input/input21 [ 711.413110][ T5356] Bluetooth: hci4: command tx timeout [ 711.538000][ T5392] usb 5-1: USB disconnect, device number 35 [ 711.956136][T14740] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2521'. [ 712.264452][ T5425] usb 7-1: USB disconnect, device number 30 [ 714.238671][T14357] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 714.425125][T14357] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 714.429514][T14357] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.441791][T14357] usb 5-1: config 0 descriptor?? [ 714.448206][T14357] cp210x 5-1:0.0: cp210x converter detected [ 714.468810][T14779] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 714.472463][T14779] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 714.689755][T14787] fuse: Bad value for 'fd' [ 714.826019][T14788] devpts: called with bogus options [ 714.855569][T14357] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 714.864400][T14769] FAULT_INJECTION: forcing a failure. [ 714.864400][T14769] name failslab, interval 1, probability 0, space 0, times 0 [ 714.887421][T14769] CPU: 0 UID: 0 PID: 14769 Comm: syz.0.2528 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 714.891881][T14769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 714.896511][T14769] Call Trace: [ 714.898001][T14769] [ 714.899311][T14769] dump_stack_lvl+0x16c/0x1f0 [ 714.901377][T14769] should_fail_ex+0x497/0x5b0 [ 714.903442][T14769] ? fs_reclaim_acquire+0xae/0x160 [ 714.905681][T14769] should_failslab+0xc2/0x120 [ 714.907783][T14769] __kmalloc_node_noprof+0xd1/0x440 [ 714.909959][T14769] ? crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 714.912303][T14769] ? __pfx_crypto_alg_extsize+0x10/0x10 [ 714.914771][T14769] crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 714.917212][T14769] crypto_create_tfm_node+0x83/0x320 [ 714.919528][T14769] crypto_alloc_tfm_node+0x102/0x260 [ 714.921493][T14769] sctp_inet_listen+0x85e/0xaf0 [ 714.923513][T14769] ? __pfx_sctp_inet_listen+0x10/0x10 [ 714.925638][T14769] ? __pfx_aa_sk_perm+0x10/0x10 [ 714.927776][T14769] ? __fget_files+0x256/0x400 [ 714.929656][T14769] ? bpf_lsm_socket_listen+0x9/0x10 [ 714.931800][T14769] __sys_listen_socket+0x114/0x160 [ 714.933521][T14769] __ia32_sys_listen+0xdb/0x190 [ 714.935263][T14769] ? __pfx___ia32_sys_listen+0x10/0x10 [ 714.937231][T14769] ? __pfx_ksys_write+0x10/0x10 [ 714.938918][T14769] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 714.941199][T14769] __do_fast_syscall_32+0x73/0x120 [ 714.943182][T14769] do_fast_syscall_32+0x32/0x80 [ 714.944927][T14769] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 714.947471][T14769] RIP: 0023:0xf7f52579 [ 714.949036][T14769] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 714.956156][T14769] RSP: 002b:00000000f570657c EFLAGS: 00000292 ORIG_RAX: 000000000000016b [ 714.959380][T14769] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000000003a5 [ 714.962472][T14769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 714.965552][T14769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 714.968118][T14769] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 714.971258][T14769] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 714.974295][T14769] [ 714.975806][ C0] vkms_vblank_simulate: vblank timer overrun [ 714.993518][T14769] sctp: failed to load transform for md5: -12 [ 715.040395][T14357] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 715.043720][T14357] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 715.049367][T14357] usb 5-1: cp210x converter now attached to ttyUSB0 [ 715.061604][T14357] usb 5-1: USB disconnect, device number 36 [ 715.111860][T14357] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 715.120780][T14357] cp210x 5-1:0.0: device disconnected [ 715.387744][T14794] team0: mtu less than device minimum [ 715.963102][ T5356] Bluetooth: hci4: command tx timeout [ 716.453651][ T5356] Bluetooth: hci5: command 0x0406 tx timeout [ 716.652228][T14806] netlink: 'syz.2.2537': attribute type 12 has an invalid length. [ 716.656213][T14806] netlink: 'syz.2.2537': attribute type 11 has an invalid length. [ 716.659658][T14806] netlink: 'syz.2.2537': attribute type 11 has an invalid length. [ 716.664595][T14806] netlink: 'syz.2.2537': attribute type 11 has an invalid length. [ 716.667813][T14806] netlink: 'syz.2.2537': attribute type 11 has an invalid length. [ 716.671252][T14806] netlink: 'syz.2.2537': attribute type 11 has an invalid length. [ 716.676781][T14806] netlink: 'syz.2.2537': attribute type 11 has an invalid length. [ 716.680190][T14806] netlink: 196720 bytes leftover after parsing attributes in process `syz.2.2537'. [ 716.692585][T14806] ufs: You didn't specify the type of your ufs filesystem [ 716.692585][T14806] [ 716.692585][T14806] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 716.692585][T14806] [ 716.692585][T14806] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 716.707949][T14806] ufs: ufstype=old is supported read-only [ 716.712817][T14806] ufs: ufs_fill_super(): bad magic number [ 717.149881][T14824] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2543'. [ 718.923037][ T5356] Bluetooth: hci4: command tx timeout [ 719.276697][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 719.617869][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 720.264441][T14895] binder: 14894:14895 ioctl c00c620f 20000340 returned -22 [ 720.498299][T14903] netlink: 'syz.3.2568': attribute type 1 has an invalid length. [ 720.501472][T14903] netlink: 9388 bytes leftover after parsing attributes in process `syz.3.2568'. [ 720.512164][T14903] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2568'. [ 721.083931][ T25] usb 8-1: new high-speed USB device number 38 using dummy_hcd [ 721.285271][ T25] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 721.289610][ T25] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 721.295746][ T25] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 721.300941][ T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.326280][T14907] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 721.340066][ T25] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 721.460318][ T6349] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 721.672101][ T6349] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 721.683303][ T6349] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 721.691215][ T6349] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 721.705456][ T6349] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.723394][T14916] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 721.726044][ T6349] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 722.179392][T14920] fuse: Bad value for 'fd' [ 722.333031][ T5425] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 722.531932][ T5425] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 722.535707][ T5425] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 722.538989][ T5425] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 722.542085][ T5425] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 722.548142][T14926] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 722.555341][ T5425] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 723.606679][T12835] usb 8-1: USB disconnect, device number 38 [ 724.057097][ T5410] usb 5-1: USB disconnect, device number 37 [ 725.322024][ T5425] usb 7-1: USB disconnect, device number 31 [ 726.372715][T14961] fuse: Invalid rootmode [ 728.247617][T13056] Bluetooth: hci7: Frame reassembly failed (-84) [ 728.841325][T13056] Bluetooth: hci8: Frame reassembly failed (-84) [ 728.846846][T14996] FAULT_INJECTION: forcing a failure. [ 728.846846][T14996] name failslab, interval 1, probability 0, space 0, times 0 [ 728.851875][T14996] CPU: 2 UID: 0 PID: 14996 Comm: syz.2.2594 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 728.855998][T14996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 728.859915][T14996] Call Trace: [ 728.861335][T14996] [ 728.862600][T14996] dump_stack_lvl+0x16c/0x1f0 [ 728.864262][T14996] should_fail_ex+0x497/0x5b0 [ 728.866158][T14996] ? fs_reclaim_acquire+0xae/0x160 [ 728.868204][T14996] should_failslab+0xc2/0x120 [ 728.870076][T14996] __kmalloc_noprof+0xcb/0x410 [ 728.871847][T14996] ? __pfx_lock_acquire+0x10/0x10 [ 728.873753][T14996] tomoyo_realpath_from_path+0xbf/0x710 [ 728.875870][T14996] ? tomoyo_profile+0x47/0x60 [ 728.877492][T14996] tomoyo_path_number_perm+0x245/0x5b0 [ 728.879653][T14996] ? tomoyo_path_number_perm+0x232/0x5b0 [ 728.881894][T14996] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 728.884291][T14996] ? __pfx_lock_release+0x10/0x10 [ 728.886183][T14996] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 728.888221][T14996] ? __fget_files+0x256/0x400 [ 728.889837][T14996] security_file_ioctl_compat+0x75/0xc0 [ 728.891860][T14996] __do_compat_sys_ioctl+0x5d/0x330 [ 728.894169][T14996] __do_fast_syscall_32+0x73/0x120 [ 728.896463][T14996] do_fast_syscall_32+0x32/0x80 [ 728.898226][T14996] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 728.900402][T14996] RIP: 0023:0xf7f20579 [ 728.901904][T14996] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 728.910716][T14996] RSP: 002b:00000000f56d657c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 728.914412][T14996] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000005437 [ 728.917941][T14996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 728.921402][T14996] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 728.924921][T14996] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 728.928400][T14996] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 728.931895][T14996] [ 728.940126][T14996] ERROR: Out of memory at tomoyo_realpath_from_path. [ 729.014729][ T5359] Bluetooth: hci4: command 0x0406 tx timeout [ 730.283169][ T5356] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 730.287331][T12526] Bluetooth: hci7: command 0x1003 tx timeout [ 730.853280][ T5356] Bluetooth: hci8: command 0x1003 tx timeout [ 730.853755][ T5352] Bluetooth: hci8: Opcode 0x1003 failed: -110 [ 733.880186][T15069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2614'. [ 733.900600][T15069] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2614'. [ 733.905792][T15069] team1: Mode changed to "roundrobin" [ 733.909926][T15069] team1: Mode changed to "activebackup" [ 735.168431][T15099] syz.0.2623 (15099): drop_caches: 2 [ 735.173377][ T39] kauditd_printk_skb: 39 callbacks suppressed [ 735.173391][ T39] audit: type=1804 audit(1722742088.555:985): pid=15099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2623" name="/newroot/489/bus/file0" dev="overlay" ino=2646 res=1 errno=0 [ 735.188415][T15099] syz.0.2623 (15099): drop_caches: 2 [ 735.202743][ T39] audit: type=1800 audit(1722742088.555:986): pid=15099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2623" name="file0" dev="overlay" ino=2646 res=0 errno=0 [ 735.697354][ T5352] Bluetooth: hci4: unexpected event for opcode 0x0c1a [ 736.539511][ T1129] block nbd2: Possible stuck request ffff88801fa48000: control (read@0,2048B). Runtime 60 seconds [ 736.754444][T15129] FAULT_INJECTION: forcing a failure. [ 736.754444][T15129] name failslab, interval 1, probability 0, space 0, times 0 [ 736.779709][T15129] CPU: 1 UID: 0 PID: 15129 Comm: syz.2.2632 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 736.784223][T15129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 736.788777][T15129] Call Trace: [ 736.790237][T15129] [ 736.791546][T15129] dump_stack_lvl+0x16c/0x1f0 [ 736.793428][T15129] should_fail_ex+0x497/0x5b0 [ 736.795669][T15129] ? fs_reclaim_acquire+0xae/0x160 [ 736.797711][T15129] should_failslab+0xc2/0x120 [ 736.799612][T15129] __kmalloc_cache_noprof+0x6b/0x310 [ 736.801807][T15129] ? macvlan_hash_add_source+0x96/0x3a0 [ 736.804141][T15129] macvlan_hash_add_source+0x96/0x3a0 [ 736.806405][T15129] macvlan_changelink_sources+0x202/0x490 [ 736.808886][T15129] macvlan_common_newlink+0xe7c/0x1a10 [ 736.811273][T15129] ? __pfx_macvlan_common_newlink+0x10/0x10 [ 736.813739][T15129] ? rtnl_create_link+0xa2e/0xf10 [ 736.815875][T15129] ? __pfx_macvlan_newlink+0x10/0x10 [ 736.818107][T15129] __rtnl_newlink+0x119c/0x1960 [ 736.820213][T15129] ? __pfx___rtnl_newlink+0x10/0x10 [ 736.822416][T15129] rtnl_newlink+0x67/0xa0 [ 736.824377][T15129] ? __pfx_rtnl_newlink+0x10/0x10 [ 736.826551][T15129] rtnetlink_rcv_msg+0x3c7/0xea0 [ 736.828694][T15129] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 736.830990][T15129] ? __pfx___dev_queue_xmit+0x10/0x10 [ 736.833273][T15129] netlink_rcv_skb+0x165/0x410 [ 736.835366][T15129] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 736.837707][T15129] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 736.840039][T15129] ? netlink_deliver_tap+0x1ae/0xcf0 [ 736.842287][T15129] netlink_unicast+0x544/0x830 [ 736.844455][T15129] ? __pfx_netlink_unicast+0x10/0x10 [ 736.846698][T15129] ? __phys_addr_symbol+0x30/0x80 [ 736.848911][T15129] ? __check_object_size+0x497/0x720 [ 736.851207][T15129] netlink_sendmsg+0x8b8/0xd70 [ 736.853301][T15129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 736.855556][T15129] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 736.857800][T15129] ____sys_sendmsg+0x9b4/0xb50 [ 736.859805][T15129] ? __pfx_____sys_sendmsg+0x10/0x10 [ 736.862006][T15129] ? get_compat_msghdr+0x11b/0x170 [ 736.864216][T15129] ? __pfx___lock_acquire+0x10/0x10 [ 736.866421][T15129] ___sys_sendmsg+0x135/0x1e0 [ 736.868485][T15129] ? __pfx____sys_sendmsg+0x10/0x10 [ 736.870775][T15129] ? ksys_write+0x21c/0x260 [ 736.872774][T15129] ? __fget_light+0x173/0x210 [ 736.874815][T15129] __sys_sendmsg+0x117/0x1f0 [ 736.876831][T15129] ? __pfx___sys_sendmsg+0x10/0x10 [ 736.879214][T15129] __do_fast_syscall_32+0x73/0x120 [ 736.881414][T15129] do_fast_syscall_32+0x32/0x80 [ 736.883601][T15129] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 736.886308][T15129] RIP: 0023:0xf7f20579 [ 736.888076][T15129] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 736.896161][T15129] RSP: 002b:00000000f56d657c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 736.899784][T15129] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000280 [ 736.903284][T15129] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 736.906706][T15129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 736.910150][T15129] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 736.913691][T15129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 736.917204][T15129] [ 736.918638][ C1] vkms_vblank_simulate: vblank timer overrun [ 737.413006][ T833] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 737.594993][ T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 737.603006][ T833] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 737.608823][ T833] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 737.622771][ T833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 737.628859][ T833] usb 5-1: config 0 descriptor?? [ 738.045794][ T833] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 738.049701][ T833] plantronics 0003:047F:FFFF.0007: unbalanced collection at end of report description [ 738.053831][ T833] plantronics 0003:047F:FFFF.0007: parse failed [ 738.056863][ T833] plantronics 0003:047F:FFFF.0007: probe with driver plantronics failed with error -22 [ 738.252563][ T5394] usb 5-1: USB disconnect, device number 38 [ 738.828843][T15160] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2642'. [ 738.890500][T15161] netlink: 1264 bytes leftover after parsing attributes in process `syz.0.2642'. [ 739.723543][ T5352] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 739.728325][ T5352] Bluetooth: hci4: Injecting HCI hardware error event [ 739.734560][ T5356] Bluetooth: hci4: hardware error 0x00 [ 740.083044][ T6349] usb 5-1: new low-speed USB device number 39 using dummy_hcd [ 740.284999][ T6349] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 740.289814][ T6349] usb 5-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=dd.34 [ 740.304886][ T6349] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.321461][ T6349] usb 5-1: config 0 descriptor?? [ 740.326221][T15164] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 740.332459][ T6349] option 5-1:0.0: GSM modem (1-port) converter detected [ 740.539870][T14357] usb 5-1: USB disconnect, device number 39 [ 740.544248][T14357] option 5-1:0.0: device disconnected [ 740.592202][T15185] FAULT_INJECTION: forcing a failure. [ 740.592202][T15185] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 740.598422][T15185] CPU: 0 UID: 0 PID: 15185 Comm: syz.3.2647 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 740.603385][T15185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 740.608394][T15185] Call Trace: [ 740.609994][T15185] [ 740.611407][T15185] dump_stack_lvl+0x16c/0x1f0 [ 740.613535][T15185] should_fail_ex+0x497/0x5b0 [ 740.615611][T15185] _copy_to_user+0x30/0xc0 [ 740.617481][T15185] simple_read_from_buffer+0xd0/0x160 [ 740.619487][T15185] proc_fail_nth_read+0x1b0/0x290 [ 740.621254][T15185] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 740.623253][T15185] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 740.625722][T15185] vfs_read+0x1d4/0xbd0 [ 740.627601][T15185] ? ip4_datagram_connect+0x38/0x50 [ 740.630008][T15185] ? __fdget_pos+0xeb/0x180 [ 740.632150][T15185] ? inet_dgram_connect+0x166/0x2f0 [ 740.634479][T15185] ? __pfx_vfs_read+0x10/0x10 [ 740.636737][T15185] ? __pfx___mutex_lock+0x10/0x10 [ 740.639088][T15185] ? __fget_files+0x256/0x400 [ 740.640747][T15185] ksys_read+0x12f/0x260 [ 740.642242][T15185] ? __pfx_ksys_read+0x10/0x10 [ 740.643940][T15185] __do_fast_syscall_32+0x73/0x120 [ 740.645789][T15185] do_fast_syscall_32+0x32/0x80 [ 740.647776][T15185] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 740.650693][T15185] RIP: 0023:0xf7f22579 [ 740.652600][T15185] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 740.661515][T15185] RSP: 002b:00000000f56b55b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 740.664947][T15185] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f56b5630 [ 740.668632][T15185] RDX: 000000000000000f RSI: 00000000f73acff4 RDI: 0000000000000000 [ 740.672277][T15185] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 740.675800][T15185] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 740.679428][T15185] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 740.682958][T15185] [ 741.292769][T15192] overlayfs: failed to resolve './file0': -2 [ 741.453003][T10413] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 741.643657][T10413] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 741.649248][T10413] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 741.654245][T10413] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 741.659120][T10413] usb 7-1: config 0 interface 0 has no altsetting 0 [ 741.664244][T10413] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 741.668243][T10413] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 741.673965][T10413] usb 7-1: config 0 interface 0 has no altsetting 0 [ 741.678564][T10413] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 741.681908][T10413] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 741.687255][T10413] usb 7-1: config 0 interface 0 has no altsetting 0 [ 741.692088][T10413] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 741.696804][T10413] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 741.701070][T10413] usb 7-1: config 0 interface 0 has no altsetting 0 [ 741.705122][T10413] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 741.709442][T10413] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 741.714489][T10413] usb 7-1: config 0 interface 0 has no altsetting 0 [ 741.718395][T10413] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 741.721516][T10413] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 741.725643][T10413] usb 7-1: config 0 interface 0 has no altsetting 0 [ 741.729060][T10413] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 741.732093][T10413] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 741.736437][T10413] usb 7-1: config 0 interface 0 has no altsetting 0 [ 741.739848][T10413] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 741.743837][T10413] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 741.748541][T10413] usb 7-1: config 0 interface 0 has no altsetting 0 [ 741.754641][T10413] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 741.758478][T10413] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 741.761993][T10413] usb 7-1: Product: syz [ 741.764357][T10413] usb 7-1: Manufacturer: syz [ 741.766405][T10413] usb 7-1: SerialNumber: syz [ 741.774210][T10413] usb 7-1: config 0 descriptor?? [ 741.783318][T10413] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 741.813121][ T5356] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 742.159836][T15200] overlayfs: missing 'workdir' [ 742.200628][T15200] overlay: Unknown parameter 'euid' [ 742.772025][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.784426][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.787770][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.791062][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.801858][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.805435][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.808759][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.812043][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.821913][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.833195][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.836517][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.839800][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.849181][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.852513][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.857044][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.860363][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.870843][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.875943][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.879231][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.882542][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.893148][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.909642][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.913624][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.916937][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.920212][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.943638][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.947004][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.950239][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.954600][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.957918][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.961261][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.969107][ T5394] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 742.975437][ T5394] hid-generic 0000:0000:0000.0008: hidraw1: HID v0.00 Device [syz0] on syz0 [ 744.123186][ C1] usb 7-1: yurex_control_callback - control failed: -2 [ 744.126299][ C1] usb 7-1: yurex_control_callback - control failed: -32 [ 744.162259][T14357] usb 7-1: USB disconnect, device number 32 [ 744.168181][T14357] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 744.210919][T15243] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2663'. [ 744.216209][T15243] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2663'. [ 744.223859][T15243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2663'. [ 745.013019][ T1414] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 745.168527][T15249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2665'. [ 745.193027][ T1414] usb 7-1: Using ep0 maxpacket: 8 [ 745.204356][ T1414] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 745.213742][ T1414] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 745.225513][ T1414] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.243854][ T1414] usb 7-1: config 0 descriptor?? [ 745.270313][T15257] pim6reg: entered allmulticast mode [ 745.279721][T15257] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2669'. [ 745.282759][T15257] batadv_slave_0: entered allmulticast mode [ 745.492043][ T1414] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 745.801069][ T5394] usb 7-1: USB disconnect, device number 33 [ 745.803232][ C2] iowarrior 7-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 745.832080][ T5394] iowarrior 7-1:0.0: I/O-Warror #0 now disconnected [ 746.343093][ T5356] Bluetooth: hci6: link tx timeout [ 746.349144][ T5356] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 746.433189][ T5352] Bluetooth: hci6: link tx timeout [ 746.436397][ T5352] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 746.442633][ T5352] Bluetooth: hci6: link tx timeout [ 746.445104][ T5352] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 746.483021][ T5352] Bluetooth: hci6: link tx timeout [ 746.485090][ T5352] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 746.502968][ T5352] Bluetooth: hci6: link tx timeout [ 746.504867][ T5352] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 746.507982][ T5352] Bluetooth: hci6: link tx timeout [ 746.510298][ T5352] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 746.833243][ T5394] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 747.023685][ T5394] usb 7-1: Using ep0 maxpacket: 8 [ 747.026824][ T5394] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 747.030752][ T5394] usb 7-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=dd.34 [ 747.036105][ T5394] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.055602][T15293] FAULT_INJECTION: forcing a failure. [ 747.055602][T15293] name failslab, interval 1, probability 0, space 0, times 0 [ 747.060316][T15293] CPU: 2 UID: 0 PID: 15293 Comm: syz.3.2679 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 747.064029][T15293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 747.067780][T15293] Call Trace: [ 747.068965][T15293] [ 747.070213][T15293] dump_stack_lvl+0x16c/0x1f0 [ 747.071910][T15293] should_fail_ex+0x497/0x5b0 [ 747.073977][T15293] ? fs_reclaim_acquire+0xae/0x160 [ 747.076006][T15293] should_failslab+0xc2/0x120 [ 747.077754][T15293] __kmalloc_node_track_caller_noprof+0xcf/0x440 [ 747.080028][T15293] ? key_alloc+0x441/0x13a0 [ 747.081631][T15293] kmemdup_noprof+0x29/0x60 [ 747.083255][T15293] key_alloc+0x441/0x13a0 [ 747.084789][T15293] ? trace_kmalloc+0x2d/0xe0 [ 747.086600][T15293] ? __pfx_key_alloc+0x10/0x10 [ 747.088387][T15293] ? apparmor_cred_prepare+0xad/0x140 [ 747.090317][T15293] keyring_alloc+0x44/0xc0 [ 747.091938][T15293] lookup_user_key+0xa34/0x12f0 [ 747.093883][T15293] ? __pfx_lookup_user_key+0x10/0x10 [ 747.095809][T15293] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 747.098289][T15293] ? fput+0x32/0x390 [ 747.099654][T15293] keyctl_keyring_move+0xb4/0x150 [ 747.101677][T15293] __do_compat_sys_keyctl+0x17c/0x440 [ 747.103613][T15293] __do_fast_syscall_32+0x73/0x120 [ 747.105641][T15293] do_fast_syscall_32+0x32/0x80 [ 747.107777][T15293] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 747.110601][T15293] RIP: 0023:0xf7f22579 [ 747.112330][T15293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 747.120203][T15293] RSP: 002b:00000000f56b557c EFLAGS: 00000292 ORIG_RAX: 0000000000000120 [ 747.123730][T15293] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 000000001ee3bb4b [ 747.126544][T15293] RDX: 00000000fffffffb RSI: 00000000fffffffe RDI: 0000000000000001 [ 747.130073][T15293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 747.133205][T15293] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 747.136573][T15293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 747.139579][T15293] [ 747.140849][ C2] vkms_vblank_simulate: vblank timer overrun [ 747.147375][ T5394] usb 7-1: config 0 descriptor?? [ 747.151921][ T5394] option 7-1:0.0: GSM modem (1-port) converter detected [ 747.368652][ T5394] usb 7-1: USB disconnect, device number 34 [ 747.372581][ T5394] option 7-1:0.0: device disconnected [ 747.921834][T15302] FAULT_INJECTION: forcing a failure. [ 747.921834][T15302] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 747.927790][T15302] CPU: 3 UID: 0 PID: 15302 Comm: syz.2.2683 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 747.932438][T15302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 747.937067][T15302] Call Trace: [ 747.938540][T15302] [ 747.939911][T15302] dump_stack_lvl+0x16c/0x1f0 [ 747.941996][T15302] should_fail_ex+0x497/0x5b0 [ 747.944076][T15302] _copy_to_user+0x30/0xc0 [ 747.946062][T15302] bpf_verifier_vlog+0x25d/0x6a0 [ 747.948330][T15302] ? __might_fault+0x13b/0x190 [ 747.950440][T15302] __btf_verifier_log+0xc4/0x100 [ 747.952640][T15302] ? __pfx___btf_verifier_log+0x10/0x10 [ 747.954630][T15302] ? __pfx___might_resched+0x10/0x10 [ 747.956588][T15302] ? __might_fault+0xe3/0x190 [ 747.958194][T15302] ? bpf_verifier_vlog+0x26a/0x6a0 [ 747.959945][T15302] btf_new_fd+0xcec/0x4f20 [ 747.961454][T15302] ? hlock_class+0x4e/0x130 [ 747.963001][T15302] ? __lock_acquire+0xbdd/0x3cb0 [ 747.964678][T15302] ? aa_get_newest_label+0x376/0x680 [ 747.966484][T15302] ? __pfx_btf_new_fd+0x10/0x10 [ 747.968164][T15302] ? apparmor_capable+0x126/0x1e0 [ 747.969866][T15302] ? bpf_lsm_capable+0x9/0x10 [ 747.971623][T15302] ? security_capable+0x98/0xd0 [ 747.973348][T15302] ? ns_capable+0xd7/0x110 [ 747.975228][T15302] __sys_bpf+0x1d67/0x5600 [ 747.977163][T15302] ? __pfx___sys_bpf+0x10/0x10 [ 747.979287][T15302] ? ksys_write+0x12f/0x260 [ 747.980878][T15302] ? find_held_lock+0x2d/0x110 [ 747.982623][T15302] ? ksys_write+0x21c/0x260 [ 747.984605][T15302] ? __pfx_lock_release+0x10/0x10 [ 747.986839][T15302] ? vfs_write+0x14d/0x1140 [ 747.988883][T15302] ? __mutex_unlock_slowpath+0x164/0x650 [ 747.991277][T15302] ? fput+0x32/0x390 [ 747.993007][T15302] ? ksys_write+0x1ab/0x260 [ 747.994999][T15302] ? __pfx_ksys_write+0x10/0x10 [ 747.996929][T15302] __ia32_sys_bpf+0x76/0xe0 [ 747.998963][T15302] __do_fast_syscall_32+0x73/0x120 [ 748.001161][T15302] do_fast_syscall_32+0x32/0x80 [ 748.002867][T15302] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 748.004976][T15302] RIP: 0023:0xf7f20579 [ 748.006346][T15302] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 748.012775][T15302] RSP: 002b:00000000f56d657c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 748.015549][T15302] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 00000000200000c0 [ 748.018182][T15302] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000 [ 748.021393][T15302] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 748.024803][T15302] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 748.028269][T15302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 748.031734][T15302] [ 748.443355][ T5352] Bluetooth: hci6: command 0x0406 tx timeout [ 750.031910][ T5356] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 750.096743][T15333] FAULT_INJECTION: forcing a failure. [ 750.096743][T15333] name failslab, interval 1, probability 0, space 0, times 0 [ 750.108651][T15333] CPU: 0 UID: 0 PID: 15333 Comm: syz.2.2691 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 750.112749][T15333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 750.116507][T15333] Call Trace: [ 750.117636][T15333] [ 750.118636][T15333] dump_stack_lvl+0x16c/0x1f0 [ 750.120259][T15333] should_fail_ex+0x497/0x5b0 [ 750.121866][T15333] ? fs_reclaim_acquire+0xae/0x160 [ 750.123680][T15333] should_failslab+0xc2/0x120 [ 750.125299][T15333] __kmalloc_noprof+0xcb/0x410 [ 750.126925][T15333] ? __pfx_lock_acquire+0x10/0x10 [ 750.128820][T15333] tomoyo_realpath_from_path+0xbf/0x710 [ 750.131149][T15333] ? tomoyo_profile+0x47/0x60 [ 750.132788][T15333] tomoyo_path_number_perm+0x245/0x5b0 [ 750.134713][T15333] ? tomoyo_path_number_perm+0x232/0x5b0 [ 750.136607][T15333] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 750.138680][T15333] ? find_held_lock+0x2d/0x110 [ 750.140304][T15333] ? __fget_files+0x256/0x400 [ 750.141980][T15333] security_file_ioctl_compat+0x75/0xc0 [ 750.143932][T15333] __do_compat_sys_ioctl+0x5d/0x330 [ 750.145676][T15333] __do_fast_syscall_32+0x73/0x120 [ 750.147410][T15333] do_fast_syscall_32+0x32/0x80 [ 750.149051][T15333] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 750.151195][T15333] RIP: 0023:0xf7f20579 [ 750.152581][T15333] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 750.158988][T15333] RSP: 002b:00000000f56b557c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 750.161781][T15333] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000400448cc [ 750.164592][T15333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 750.167415][T15333] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 750.170186][T15333] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 750.173356][T15333] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 750.176009][T15333] [ 750.193596][T15333] ERROR: Out of memory at tomoyo_realpath_from_path. [ 750.516631][T15351] overlayfs: missing 'lowerdir' [ 750.530581][T15351] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 750.540902][T15351] CIFS mount error: No usable UNC path provided in device string! [ 750.540902][T15351] [ 750.553383][T15351] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 750.594694][T15351] overlayfs: failed to resolve './file0': -2 [ 752.525350][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.528260][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.712183][T15380] can: request_module (can-proto-0) failed. [ 752.737379][T15380] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 753.429336][T15389] 9pnet_fd: Insufficient options for proto=fd [ 753.591504][T15396] netlink: 'syz.0.2707': attribute type 14 has an invalid length. [ 754.605975][T15412] tmpfs: Bad value for 'mpol' [ 754.889793][T15416] sctp: [Deprecated]: syz.0.2713 (pid 15416) Use of int in max_burst socket option. [ 754.889793][T15416] Use struct sctp_assoc_value instead [ 756.143050][ T5394] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 756.355926][ T5394] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 756.360452][ T5394] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 756.371348][ T5394] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 756.375211][ T5394] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.381893][T15439] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 756.413018][ T5394] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 758.672229][ T8] usb 5-1: USB disconnect, device number 40 [ 759.876255][T15469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2726'. [ 762.150033][T15506] input: syz0 as /devices/virtual/input/input22 [ 765.400673][ T5352] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 765.408286][ T5352] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 765.414102][ T5352] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 765.420042][ T5352] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 765.425331][ T5352] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 765.429227][ T5352] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 765.532043][ T105] Bluetooth: hci8: Frame reassembly failed (-84) [ 765.732590][T15557] chnl_net:caif_netlink_parms(): no params data found [ 765.864482][T15557] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.867732][T15557] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.870905][T15557] bridge_slave_0: entered allmulticast mode [ 765.877401][T15557] bridge_slave_0: entered promiscuous mode [ 765.882705][T15557] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.886387][T15557] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.889475][T15557] bridge_slave_1: entered allmulticast mode [ 765.903346][T15557] bridge_slave_1: entered promiscuous mode [ 765.995667][T15557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 766.006077][T15557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 766.009370][T15577] input: syz0 as /devices/virtual/input/input23 [ 766.106190][T15557] team0: Port device team_slave_0 added [ 766.113924][T15557] team0: Port device team_slave_1 added [ 766.174913][T15557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 766.177882][T15557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.187145][T15557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 766.195904][T15557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 766.198628][T15557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.210970][T15557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 766.287484][T15557] hsr_slave_0: entered promiscuous mode [ 766.291139][T15557] hsr_slave_1: entered promiscuous mode [ 766.297911][T15557] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 766.301248][T15557] Cannot create hsr debugfs directory [ 766.550616][T15557] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.568692][T15583] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 766.572720][T15583] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 766.603316][ T1129] block nbd2: Possible stuck request ffff88801fa48000: control (read@0,2048B). Runtime 90 seconds [ 766.645901][T15557] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.749304][T15557] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.825927][T15557] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.012233][T15557] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 767.019798][T15557] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 767.033380][T15557] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 767.040123][T15557] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 767.137535][T15557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 767.159274][T15557] 8021q: adding VLAN 0 to HW filter on device team0 [ 767.168453][ T1414] bridge0: port 1(bridge_slave_0) entered blocking state [ 767.171724][ T1414] bridge0: port 1(bridge_slave_0) entered forwarding state [ 767.184041][ T1414] bridge0: port 2(bridge_slave_1) entered blocking state [ 767.187020][ T1414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 767.446343][T15557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 767.483422][ T5356] Bluetooth: hci7: command tx timeout [ 767.485425][T15557] veth0_vlan: entered promiscuous mode [ 767.495368][T15557] veth1_vlan: entered promiscuous mode [ 767.529400][T15557] veth0_macvtap: entered promiscuous mode [ 767.534521][T15557] veth1_macvtap: entered promiscuous mode [ 767.544948][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.548526][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.551887][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.556444][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.560220][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.563111][ T5356] Bluetooth: hci8: command 0x1003 tx timeout [ 767.564375][ T5352] Bluetooth: hci8: Opcode 0x1003 failed: -110 [ 767.572475][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.576153][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.580545][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.585106][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.589485][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.595063][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.599221][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.613907][T15557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 767.624067][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.627472][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.632394][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.641776][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.646805][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.650943][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.664339][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.668403][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.672138][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.679499][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.683718][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.687791][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.698525][T15557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 767.707034][T15557] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.710189][T15557] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.714857][T15557] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.718601][T15557] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.820350][T13088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 767.823713][T13088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 767.863554][T12693] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 767.866931][T12693] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 769.391023][T15618] netlink: 'syz.2.2766': attribute type 23 has an invalid length. [ 769.563442][ T5352] Bluetooth: hci7: command tx timeout [ 769.830296][T15627] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 769.839250][T15627] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 770.605968][ T5356] Bluetooth: hci8: sending frame failed (-49) [ 770.610647][ T5352] Bluetooth: hci8: Opcode 0x1003 failed: -49 [ 772.727229][T15671] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 772.730575][T15671] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 772.763021][ T5356] Bluetooth: hci7: command tx timeout [ 773.004322][ T5352] Bluetooth: hci8: Opcode 0x1003 failed: -110 [ 773.004533][ T5356] Bluetooth: hci8: command 0x1003 tx timeout [ 774.090081][T15684] hfs: unable to parse mount options [ 774.853151][ T5352] Bluetooth: hci7: command tx timeout [ 776.895525][T15725] syz.1.2795 (15725): drop_caches: 2 [ 776.898258][T15725] syz.1.2795 (15725): drop_caches: 2 [ 776.915649][T15731] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2796'. [ 777.691489][T15742] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 777.694623][T15742] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 777.968665][T15744] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2800'. [ 779.753668][T15782] input: syz0 as /devices/virtual/input/input24 [ 781.719117][T15812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2821'. [ 782.303002][ T5410] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 782.513280][ T5410] usb 5-1: Using ep0 maxpacket: 32 [ 782.523676][ T5410] usb 5-1: config 1 interface 0 has no altsetting 0 [ 782.549685][ T5410] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 782.554315][ T5410] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 782.557881][ T5410] usb 5-1: Product: Й [ 782.559816][ T5410] usb 5-1: Manufacturer: 侃웥⸪ઌ뜖扝롩騄獊扦鱡膛炞☏澜琱閦齔⍴퀼⧾꾇㒥鱼NJ憁㌸ⷘ绊 [ 782.565315][ T5410] usb 5-1: SerialNumber: Щ [ 782.776474][T15829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2828'. [ 782.793197][T15817] ufs: You didn't specify the type of your ufs filesystem [ 782.793197][T15817] [ 782.793197][T15817] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 782.793197][T15817] [ 782.793197][T15817] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 782.817108][T15817] ufs: ufstype=old is supported read-only [ 782.820000][T15817] ufs: ufs_fill_super(): bad magic number [ 782.842545][ T5410] usb 5-1: USB disconnect, device number 41 [ 783.347169][ T5352] Bluetooth: hci7: connection err: -111 [ 783.464353][T15835] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 783.468160][T15835] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 783.557558][T15838] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaaaaaa. [ 783.654497][T15836] Process accounting resumed [ 783.703692][T15841] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 785.115440][T15863] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 785.327090][T15862] ALSA: mixer_oss: invalid OSS volume '' [ 785.329651][T15862] ALSA: mixer_oss: invalid OSS volume 'ұB;T`@$EcXMYd,' [ 785.334178][T15862] ALSA: mixer_oss: invalid OSS volume 'b@h#' [ 785.337002][T15862] ALSA: mixer_oss: invalid OSS volume 'h4XS4v=0_>&' [ 785.340518][T15862] ALSA: mixer_oss: invalid OSS volume '|/"tj' [ 785.343989][T15862] ALSA: mixer_oss: invalid OSS volume '-z5c^J6$' [ 785.347441][T15862] ALSA: mixer_oss: invalid OSS volume '0Ty󉴪jP&at' [ 785.350427][T15862] ALSA: mixer_oss: invalid OSS volume '|~\' [ 785.353867][T15862] ALSA: mixer_oss: invalid OSS volume '@^3bɜ}G$#\("/oL' [ 785.357724][T15862] ALSA: mixer_oss: invalid OSS volume 'I :' [ 785.360593][T15862] ALSA: mixer_oss: invalid OSS volume '%^vhcGJPr('⍯Q=' [ 785.364945][T15862] ALSA: mixer_oss: invalid OSS volume ' Gj;4Ìz3WҼ0F=%' [ 785.368665][T15862] ALSA: mixer_oss: invalid OSS volume ';4 4fh߇GIבQ5oJ' [ 785.372315][T15862] ALSA: mixer_oss: invalid OSS volume 'Wl]Y1-J<A>o' [ 785.473185][T13056] Bluetooth: hci8: Frame reassembly failed (-84) [ 785.476029][ T1103] Bluetooth: hci8: Frame reassembly failed (-84) [ 785.603060][T15878] input: syz1 as /devices/virtual/input/input25 [ 785.702535][T15882] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2840'. [ 786.675545][T15894] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 786.679286][T15894] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 787.483217][ T5356] Bluetooth: hci8: command 0x1003 tx timeout [ 787.488096][ T5352] Bluetooth: hci8: Opcode 0x1003 failed: -110 [ 788.156985][T15917] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2855'. [ 788.228255][T15918] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2855'. [ 788.484037][T15925] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 788.486937][T15925] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 789.295288][T15927] program syz.2.2857 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 789.455596][ T5356] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 789.460989][ T5356] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 789.469386][ T5356] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 789.473092][ T5356] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 789.477110][ T5356] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 789.481064][ T5356] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 789.752445][T15933] chnl_net:caif_netlink_parms(): no params data found [ 789.886447][T15933] bridge0: port 1(bridge_slave_0) entered blocking state [ 789.889647][T15933] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.892719][T15933] bridge_slave_0: entered allmulticast mode [ 789.897034][T15933] bridge_slave_0: entered promiscuous mode [ 789.902145][T15933] bridge0: port 2(bridge_slave_1) entered blocking state [ 789.905369][T15933] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.908586][T15933] bridge_slave_1: entered allmulticast mode [ 789.912378][T15933] bridge_slave_1: entered promiscuous mode [ 790.011848][T15933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 790.019615][T15933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 790.113473][T15933] team0: Port device team_slave_0 added [ 790.119219][T15933] team0: Port device team_slave_1 added [ 790.173267][T15933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 790.176081][T15933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 790.186268][T15933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 790.191593][T15933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 790.196611][T15933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 790.206895][T15933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 790.325792][T15933] hsr_slave_0: entered promiscuous mode [ 790.331804][T15933] hsr_slave_1: entered promiscuous mode [ 790.341743][T15933] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 790.346452][T15933] Cannot create hsr debugfs directory [ 790.498716][T15949] nvme_fabrics: missing parameter 'transport=%s' [ 790.501562][T15949] nvme_fabrics: missing parameter 'nqn=%s' [ 790.582235][T15933] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.664711][T15933] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.753668][T15933] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.836996][T15933] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 791.114239][T15933] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 791.147678][T15933] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 791.157652][T15933] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 791.165132][T15933] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 791.258677][T15933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 791.278611][T15933] 8021q: adding VLAN 0 to HW filter on device team0 [ 791.299789][T15590] bridge0: port 1(bridge_slave_0) entered blocking state [ 791.303035][T15590] bridge0: port 1(bridge_slave_0) entered forwarding state [ 791.321700][T15590] bridge0: port 2(bridge_slave_1) entered blocking state [ 791.324978][T15590] bridge0: port 2(bridge_slave_1) entered forwarding state [ 791.345224][ T40] Bluetooth: hci9: Frame reassembly failed (-84) [ 791.519501][T15933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 791.556210][T15933] veth0_vlan: entered promiscuous mode [ 791.563936][T15933] veth1_vlan: entered promiscuous mode [ 791.564162][ T5356] Bluetooth: hci8: command tx timeout [ 791.590943][T15933] veth0_macvtap: entered promiscuous mode [ 791.599746][T15933] veth1_macvtap: entered promiscuous mode [ 791.618567][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 791.623154][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.627575][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 791.632176][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.637750][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 791.642513][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.651192][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 791.656207][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.660277][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 791.664953][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.669042][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 791.674721][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.678885][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 791.683398][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.689741][T15933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 791.711497][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 791.716467][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.720519][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 791.726652][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.730777][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 791.736355][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.740444][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 791.745236][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.749360][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 791.754025][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.758107][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 791.762001][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.766344][T15933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 791.770619][T15933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 791.777007][T15933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 791.788083][T15933] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.791868][T15933] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.796410][T15933] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.800194][T15933] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.892015][T12693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 791.896475][T12693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 791.943935][T13056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 791.947361][T13056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 792.092335][T15966] FAULT_INJECTION: forcing a failure. [ 792.092335][T15966] name failslab, interval 1, probability 0, space 0, times 0 [ 792.103053][T15966] CPU: 2 UID: 0 PID: 15966 Comm: syz.3.2859 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 792.107926][T15966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 792.112731][T15966] Call Trace: [ 792.114269][T15966] [ 792.115663][T15966] dump_stack_lvl+0x16c/0x1f0 [ 792.117855][T15966] should_fail_ex+0x497/0x5b0 [ 792.120057][T15966] ? fs_reclaim_acquire+0xae/0x160 [ 792.122399][T15966] should_failslab+0xc2/0x120 [ 792.124541][T15966] __kmalloc_noprof+0xcb/0x410 [ 792.126742][T15966] ? down_write_nested+0x152/0x210 [ 792.129073][T15966] security_sb_alloc+0x1da/0x270 [ 792.131191][T15966] alloc_super+0x245/0xbd0 [ 792.133230][T15966] ? __pfx_super_s_dev_test+0x10/0x10 [ 792.135664][T15966] sget_fc+0x116/0xb90 [ 792.137475][T15966] ? __pfx_gfs2_parse_param+0x10/0x10 [ 792.139907][T15966] ? __pfx_super_s_dev_set+0x10/0x10 [ 792.142312][T15966] get_tree_bdev+0x155/0x610 [ 792.144425][T15966] ? __pfx_gfs2_fill_super+0x10/0x10 [ 792.146834][T15966] ? __pfx_get_tree_bdev+0x10/0x10 [ 792.149178][T15966] ? apparmor_capable+0x126/0x1e0 [ 792.151495][T15966] gfs2_get_tree+0x4e/0x280 [ 792.153627][T15966] vfs_get_tree+0x8f/0x380 [ 792.155678][T15966] path_mount+0x6e1/0x1f10 [ 792.157714][T15966] ? __pfx_path_mount+0x10/0x10 [ 792.159942][T15966] ? putname+0x12e/0x170 [ 792.161873][T15966] ? putname+0x12e/0x170 [ 792.163811][T15966] __ia32_sys_mount+0x292/0x310 [ 792.166035][T15966] ? __pfx___ia32_sys_mount+0x10/0x10 [ 792.168513][T15966] __do_fast_syscall_32+0x73/0x120 [ 792.170838][T15966] do_fast_syscall_32+0x32/0x80 [ 792.173049][T15966] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 792.175903][T15966] RIP: 0023:0xf7f67579 [ 792.177742][T15966] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 792.186196][T15966] RSP: 002b:00000000f571657c EFLAGS: 00000292 ORIG_RAX: 0000000000000015 [ 792.189930][T15966] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000020000080 [ 792.193477][T15966] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 792.197042][T15966] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 792.200579][T15966] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 792.204137][T15966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 792.207701][T15966] [ 793.403145][ T5356] Bluetooth: hci9: command 0x1003 tx timeout [ 793.407315][ T5352] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 793.499742][T15984] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2869'. [ 793.643342][ T5352] Bluetooth: hci8: command tx timeout [ 793.804939][ T5352] Bluetooth: hci7: connection err: -111 [ 793.939516][T15999] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 793.944669][T15999] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 794.175451][T16002] vivid-002: ================= START STATUS ================= [ 794.178929][T16002] vivid-002: Radio HW Seek Mode: Bounded [ 794.181422][T16002] vivid-002: Radio Programmable HW Seek: false [ 794.185577][T16002] vivid-002: RDS Rx I/O Mode: Block I/O [ 794.187990][T16002] vivid-002: Generate RBDS Instead of RDS: false [ 794.190384][T16002] vivid-002: RDS Reception: true [ 794.192439][T16002] vivid-002: RDS Program Type: 0 inactive [ 794.195620][T16002] vivid-002: RDS PS Name: inactive [ 794.197915][T16002] vivid-002: RDS Radio Text: inactive [ 794.200483][T16002] vivid-002: RDS Traffic Announcement: false inactive [ 794.204537][T16002] vivid-002: RDS Traffic Program: false inactive [ 794.207577][T16002] vivid-002: RDS Music: false inactive [ 794.210127][T16002] vivid-002: ================== END STATUS ================== [ 794.910084][T16013] cdrom: dropping to single frame dma [ 794.945041][T16018] netlink: 9412 bytes leftover after parsing attributes in process `syz.0.2879'. [ 795.188855][T16013] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 795.723567][ T5352] Bluetooth: hci8: command tx timeout [ 795.880651][ T5356] Bluetooth: hci9: sending frame failed (-49) [ 795.885430][ T5352] Bluetooth: hci9: Opcode 0x1003 failed: -49 [ 796.004151][T16035] qrtr: Invalid version 47 [ 796.198454][T16043] FAULT_INJECTION: forcing a failure. [ 796.198454][T16043] name failslab, interval 1, probability 0, space 0, times 0 [ 796.204083][T16043] CPU: 3 UID: 0 PID: 16043 Comm: syz.0.2886 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 796.208616][T16043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 796.213236][T16043] Call Trace: [ 796.214801][T16043] [ 796.216165][T16043] dump_stack_lvl+0x16c/0x1f0 [ 796.218180][T16043] should_fail_ex+0x497/0x5b0 [ 796.220275][T16043] ? fs_reclaim_acquire+0xae/0x160 [ 796.222506][T16043] should_failslab+0xc2/0x120 [ 796.224546][T16043] __kmalloc_noprof+0xcb/0x410 [ 796.226636][T16043] ? __pfx_d_absolute_path+0x10/0x10 [ 796.228875][T16043] tomoyo_encode2+0x100/0x3e0 [ 796.230981][T16043] tomoyo_realpath_from_path+0x1a7/0x710 [ 796.233427][T16043] tomoyo_path_number_perm+0x245/0x5b0 [ 796.235810][T16043] ? tomoyo_path_number_perm+0x232/0x5b0 [ 796.238248][T16043] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 796.240847][T16043] ? __pfx_lock_release+0x10/0x10 [ 796.243044][T16043] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 796.245596][T16043] ? __fget_files+0x256/0x400 [ 796.247621][T16043] security_file_ioctl_compat+0x75/0xc0 [ 796.250020][T16043] __do_compat_sys_ioctl+0x5d/0x330 [ 796.252260][T16043] __do_fast_syscall_32+0x73/0x120 [ 796.254441][T16043] do_fast_syscall_32+0x32/0x80 [ 796.256504][T16043] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 796.259240][T16043] RIP: 0023:0xf7f52579 [ 796.260978][T16043] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 796.269115][T16043] RSP: 002b:00000000f570657c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 796.272672][T16043] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c1007c00 [ 796.276046][T16043] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 796.279418][T16043] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 796.282744][T16043] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 796.286038][T16043] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 796.289354][T16043] [ 796.308996][T16043] ERROR: Out of memory at tomoyo_realpath_from_path. [ 796.455833][T16050] netlink: 9412 bytes leftover after parsing attributes in process `syz.2.2888'. [ 796.684084][ T1129] block nbd2: Possible stuck request ffff88801fa48000: control (read@0,2048B). Runtime 120 seconds [ 796.843577][T16056] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2892'. [ 796.971883][T16061] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2892'. [ 797.383799][T16070] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 797.704558][T16078] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 797.707147][T16078] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 797.714277][T16078] vhci_hcd vhci_hcd.0: Device attached [ 797.803078][ T5352] Bluetooth: hci8: command tx timeout [ 797.878748][T16088] netlink: 9412 bytes leftover after parsing attributes in process `syz.1.2898'. [ 797.903179][ T6349] vhci_hcd: vhci_device speed not set [ 797.974090][ T6349] usb 19-1: new full-speed USB device number 2 using vhci_hcd [ 798.009440][T13088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 798.012642][T13088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 798.451996][T16079] vhci_hcd: connection reset by peer [ 798.455132][ T1164] vhci_hcd: stop threads [ 798.456745][ T1164] vhci_hcd: release socket [ 798.458646][ T1164] vhci_hcd: disconnect device [ 799.340655][T16104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2904'. [ 800.018182][ T5352] BUG: workqueue leaked atomic, lock or RCU: kworker/u33:3[5352] [ 800.018182][ T5352] preempt=0x00000000 lock=0->1 RCU=0->0 workfn=hci_rx_work [ 800.027539][ T5352] 1 lock held by kworker/u33:3/5352: [ 800.029696][ T5352] #0: ffff888063cf5518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x14f6/0x8e20 [ 800.033682][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: kworker/u33:3 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 800.037390][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 800.041539][ T5352] Workqueue: hci7 hci_rx_work [ 800.043803][ T5352] Call Trace: [ 800.045066][ T5352] [ 800.046090][ T5352] dump_stack_lvl+0x16c/0x1f0 [ 800.047842][ T5352] process_one_work+0x1170/0x1ad0 [ 800.049607][ T5352] ? __pfx_hci_rx_work+0x10/0x10 [ 800.051426][ T5352] ? __pfx_hci_rx_work+0x10/0x10 [ 800.053137][ T5352] ? __pfx_hci_rx_work+0x10/0x10 [ 800.054869][ T5352] ? __pfx_process_one_work+0x10/0x10 [ 800.056821][ T5352] ? assign_work+0x1a0/0x250 [ 800.058435][ T5352] worker_thread+0x6c8/0xf20 [ 800.060169][ T5352] ? __pfx_worker_thread+0x10/0x10 [ 800.061939][ T5352] kthread+0x2c1/0x3a0 [ 800.063387][ T5352] ? _raw_spin_unlock_irq+0x23/0x50 [ 800.065172][ T5352] ? __pfx_kthread+0x10/0x10 [ 800.066781][ T5352] ret_from_fork+0x45/0x80 [ 800.068446][ T5352] ? __pfx_kthread+0x10/0x10 [ 800.070273][ T5352] ret_from_fork_asm+0x1a/0x30 [ 800.072115][ T5352] [ 800.074442][ T5410] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 800.745612][ T105] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 800.896725][ T105] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 800.995972][ T105] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 801.095286][ T105] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 801.306870][ T105] bridge_slave_1: left allmulticast mode [ 801.309080][ T105] bridge_slave_1: left promiscuous mode [ 801.311432][ T105] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.318558][ T105] bridge_slave_0: left allmulticast mode [ 801.321777][ T105] bridge_slave_0: left promiscuous mode [ 801.325090][ T105] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.750766][ T105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 801.760576][ T105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 801.768964][ T105] bond0 (unregistering): Released all slaves [ 802.308846][ T105] hsr_slave_0: left promiscuous mode [ 802.312134][ T105] hsr_slave_1: left promiscuous mode [ 802.319769][ T105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 802.323224][ T105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 802.327160][ T105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 802.330385][ T105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 802.380988][ T105] veth1_macvtap: left promiscuous mode [ 802.383519][ T105] veth0_macvtap: left promiscuous mode [ 802.386064][ T105] veth1_vlan: left promiscuous mode [ 802.388486][ T105] veth0_vlan: left promiscuous mode [ 803.087198][ T6349] vhci_hcd: vhci_device speed not set [ 803.393225][ T105] team0 (unregistering): Port device team_slave_1 removed [ 803.508903][ T105] team0 (unregistering): Port device team_slave_0 removed [ 804.901935][ T105] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.975144][ T105] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 805.067650][ T105] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 805.160565][ T105] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 805.308106][ T105] bridge_slave_1: left allmulticast mode [ 805.310201][ T105] bridge_slave_1: left promiscuous mode [ 805.312749][ T105] bridge0: port 2(bridge_slave_1) entered disabled state [ 805.317147][ T105] bridge_slave_0: left allmulticast mode [ 805.319051][ T105] bridge_slave_0: left promiscuous mode [ 805.321037][ T105] bridge0: port 1(bridge_slave_0) entered disabled state [ 805.325848][ T5410] usb 5-1: device descriptor read/all, error -110 [ 805.473047][ T5410] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 805.623036][ T5410] usb 5-1: device descriptor read/64, error -32 [ 805.698316][ T105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 805.703745][ T105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 805.710034][ T105] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 805.715476][ T105] bond0 (unregistering): Released all slaves [ 805.744844][ T5410] usb usb5-port1: attempt power cycle [ 806.173026][ T5410] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 806.214171][ T5410] usb 5-1: device descriptor read/8, error -32 [ 806.331260][ T105] hsr_slave_0: left promiscuous mode [ 806.345160][ T105] hsr_slave_1: left promiscuous mode [ 806.349805][ T105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 806.358536][ T105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 806.362282][ T105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 806.367949][ T105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 806.420941][ T105] veth1_macvtap: left promiscuous mode [ 806.423596][ T105] veth0_macvtap: left promiscuous mode [ 806.426128][ T105] veth1_vlan: left promiscuous mode [ 806.428591][ T105] veth0_vlan: left promiscuous mode [ 806.493192][ T105] infiniband syz2: set down [ 806.513051][ T5410] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 806.553403][ T5410] usb 5-1: device descriptor read/8, error -32 [ 806.674642][ T5410] raw-gadget.0 gadget.0: failed to queue suspend event [ 806.677284][ T5410] usb usb5-port1: unable to enumerate USB device [ 807.506324][ T105] team0 (unregistering): Port device team_slave_1 removed [ 807.512162][ T1164] smc: removing ib device syz2 [ 807.622653][ T105] team0 (unregistering): Port device team_slave_0 removed [ 808.095264][ T105] smc: removing net device wg0 with user defined pnetid SYZ0 VM DIAGNOSIS: 03:29:13 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff84fa3fb0 RDI=ffffffff9511a3c0 RBP=ffffffff9511a380 RSP=ffffc90002e97830 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000015 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff2a234ca R15=dffffc0000000000 RIP=ffffffff84fa3fd7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f56d3530 CR3=000000004a2ea000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000202b50b RBX=0000000000000001 RCX=ffffffff8b062b09 RDX=0000000000000000 RSI=ffffffff8b4cd060 RDI=ffffffff8bb04260 RBP=ffffed1002d6b910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed1005826fd9 R10=ffff88802c137ecb R11=0000000000000000 R12=0000000000000001 R13=ffff888016b5c880 R14=ffffffff901106d8 R15=0000000000000000 RIP=ffffffff8b063eff RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020020000 CR3=000000005e29e000 CR4=00350ef0 DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001c000000000 0000000700000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff81f22b01 RDX=ffff88801a61c880 RSI=ffffffff81f22b0f RDI=0000000000000005 RBP=ffffea0001247e80 RSP=ffffc90003a472d0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000247 R11=0000000000000000 R12=0000000000000000 R13=ffffea0001247ec0 R14=0000000000000001 R15=0000000000000000 RIP=ffffffff81dcfeb8 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f9898d7dd00 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055bdb710f000 CR3=00000000215a6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=fcab2424fcab2424 fcab2424fcab2424 fcab2424fcab2424 fcab2424fcab2424 fcab2424fcab2424 fcab2424fcab2424 fcab2424fcab2424 fcab2424fcab2424 ZMM22=629b4a06629b4a06 629b4a06629b4a06 629b4a06629b4a06 629b4a06629b4a06 629b4a06629b4a06 629b4a06629b4a06 629b4a06629b4a06 629b4a06629b4a06 ZMM23=43e1771e43e1771e 43e1771e43e1771e 43e1771e43e1771e 43e1771e43e1771e 43e1771e43e1771e 43e1771e43e1771e 43e1771e43e1771e 43e1771e43e1771e ZMM24=838754aa838754aa 838754aa838754aa 838754aa838754aa 838754aa838754aa 838754aa838754aa 838754aa838754aa 838754aa838754aa 838754aa838754aa ZMM25=b48536ecb48536ec b48536ecb48536ec b48536ecb48536ec b48536ecb48536ec b48536ecb48536ec b48536ecb48536ec b48536ecb48536ec b48536ecb48536ec ZMM26=8233857682338576 8233857682338576 8233857682338576 8233857682338576 8233857682338576 8233857682338576 8233857682338576 8233857682338576 ZMM27=1591788b1591788b 1591788b1591788b 1591788b1591788b 1591788b1591788b 1591788b1591788b 1591788b1591788b 1591788b1591788b 1591788b1591788b ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=a6170000a6170000 a6170000a6170000 a6170000a6170000 a6170000a6170000 a6170000a6170000 a6170000a6170000 a6170000a6170000 a6170000a6170000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=0000000000000727 RCX=ffffffff81685fee RDX=fffffbfff28b66f5 RSI=0000000000000008 RDI=ffffffff945b37a0 RBP=ffffc90000f5f3c8 RSP=ffffc90000f5f280 R8 =0000000000000000 R9 =fffffbfff28b66f4 R10=ffffffff945b37a7 R11=0000000000000000 R12=ffff88801a77a440 R13=0000000000000040 R14=0000000000000006 R15=1ffff920001ebe58 RIP=ffffffff81685ff6 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020037000 CR3=0000000059dee000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001c000000000 0000000700000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000