last executing test programs: 5.544574707s ago: executing program 1 (id=817): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x200800, 0x0) socket(0x200000000000011, 0x2, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{0x0}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000001f00)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) prctl$PR_GET_TSC(0x59616d61, &(0x7f0000000040)) prctl$PR_MCE_KILL(0x43, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0xf0, 0x258, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x809, 0x3, 0x2, 0x0, 0xfffffffc}) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0xfe, @empty}, 0x10) 5.544117931s ago: executing program 0 (id=818): socket$alg(0x26, 0x5, 0x0) syz_emit_ethernet(0x3b6, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xb989) (async) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r1, &(0x7f0000000000), 0xe) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1a003}) (async) r3 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0) (async) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000340)={0x0, 0x0}) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002500)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb03000000000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10e98c4c38451fc5c702084e3fa9b184e0d0fba44acf3bb8a846cf680dfbf312cddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad8018bbe4424edc6d9b0e61b404bb7a2d4883bbc200de8332029cbc04a0bc52"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000040)={r4, 0x7fffffff, 0x4, 0x9b}) ioctl$IOC_PR_RELEASE(r5, 0x401070ca, &(0x7f0000000080)={0x3, 0x401, 0x1}) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) r6 = socket$key(0xf, 0x3, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000300)={0x3, &(0x7f0000000240)=[{0x5a, 0x9, 0x90, 0x5}, {0x4, 0x8, 0x3, 0xf}, {0x3d9d, 0x5, 0x6, 0xcd6}]}) (async) sendmsg$key(r6, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0) (async) sendmsg$key(r6, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="020300090a00000000000000000000000300060000000e0002000000e0000009000000000000000002000100000000000000000200000000030005000000000002000000e00000010000000000000000d6b026104c1620ee8df47574204fbbcabb7d738942d0763107e676d66c8c40f881ea95359278517cc582f08235bd9acd39490f87838af35e55d0b3193a82266ba70fce23bd01004952485e24ec580e59a1e90356ff6e134324cbc1100b39136b062537e018ec74f009d76332829ae7f5e08008c50c850c4567eac4640d41a861e2d19bf7fe2438c56a7e820adaaa13d9cfbd5986c901e59017e9a2b647091f68f9924b9ac46b71ef70f6eb7b15fe42ca923b3619c1e3224408cc4c18"], 0x50}}, 0x0) (async) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x5, 0x80, 0x1, 0x7ffc0001}]}) (async) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) (async) r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_CLAIM_PORT(r7, 0x80045518, &(0x7f0000000000)=0x1) (async) fsopen(&(0x7f0000000280)='cifs\x00', 0x0) (async) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000030800000000000000000000000000000900010073797a31000000081d00048008000340000000000800054008000000080007"], 0x3c}}, 0x0) 5.360869743s ago: executing program 0 (id=820): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0x40505331, &(0x7f0000000080)={0xffffffff}) pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ppoll(&(0x7f00000000c0)=[{r2}], 0x1, 0x0, 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x3a) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r4, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x80020, &(0x7f0000000080)={[{@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x36]}}]}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000001c0)={'pim6reg\x00', 0x1}) setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000300)={0x0, 0x1}, 0xc) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r6, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x79, &(0x7f0000000100)={0x0, 0x0, 0x600}, 0x8) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000002100)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r10, @ANYBLOB="4c003300800000000802110000010802110000005050505050500000000000020000000000000000010300006c03013c04060000000000000602000825000000002a"], 0x68}}, 0x0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000340), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r7, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x7fff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 5.356865787s ago: executing program 3 (id=821): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0a00000003000000080000000200000008000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="00000000000000c2720000000000000040000000000000000000000000000fa375b9e61ff29c0c98f1436e15c053a2e1d72250927d204ce9b182e51d89b7ab573331b2295f51d528f4251b89c11c6e82ca97c4eb56292ad6654b6efc6394e12eb7adf8654bb05e095df7447dcbf45059d7d87eef3f472a69d0b902acccddd177d7b86ba09d347340c61f405d41f3e4"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, 0x0, 0x0}, 0x20) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$vim2m(0x0, 0x0, 0x2) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="10000000141401000000000000000000b9ac02c3eb7884b2dcffc0aef6d39f36cf9b6d76e3bb9a5bdd8b6fa1892195b3c5c815e418fcdeef1dae9cd86a935313c7c0232ae1ba24beb12692c299e08d53ab9564580c238288f3ba3750b67a559cd78dd5246abd275837a057e4e3a19056f02ab734e6da8c46f7a4445e784629f6265f2cbe061a0de950cecf46ba6e8afb377e9f33a2e367d6d2f9b7ddf1723df0cf198169f48c98c3c7774e5a47197a094e65c400c10aac946db99ba9487882e5996ae52ae68971a7a0e4a9f215a3af8bd2c2acc652c6505a2b4eb60dc778d2d4948902fe18856e15bb8c810a5933b50255680baa9e372f"], 0x10}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffcb2, &(0x7f0000000800)=0x9) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002a80)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000580)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x7, &(0x7f00000001c0)="fbffffff", 0x4) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x2, @mcast2, 0xfffff774}]}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000000c0)={r6, @in6={{0xa, 0x4e21, 0xfffffffc, @loopback, 0x6}}, 0x10, 0x0, 0x0, 0x0, 0xce024d}, 0x9c) setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000000c0)={r6, 0x12f8}, 0x8) syz_open_procfs(r3, &(0x7f0000000040)='net/sockstat\x00') openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 5.304950938s ago: executing program 1 (id=822): timer_create(0xb, 0x0, &(0x7f0000000400)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$video4linux(&(0x7f00000000c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x0, 0x8d}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000000)=0x9) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x7, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r3, 0x4068aea3, &(0x7f0000000180)={0xdc}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) unshare(0x26020280) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 4.882541462s ago: executing program 3 (id=824): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000580)={'team0\x00', 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000019c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb0100180000000000000018000000180000000600000000000000010000840000000002000000030000000000000000002e303000ad32041d567b7b423866d5cb4dd9880224f1e6a046ad2e343909f905eb9d2990398040165e868a13f16a339a26aa659993e05385"], 0x0, 0x36, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xd0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x8100000018000000}, 0x0) 4.80196672s ago: executing program 3 (id=825): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setsig(r0, 0xa, 0x21) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) (fail_nth: 19) openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003b80), 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) getpid() getpid() r1 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r1, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}) 4.505523433s ago: executing program 3 (id=828): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYRESDEC=r0, @ANYRES8=r1, @ANYRESDEC=r1, @ANYRESDEC=r1, @ANYRES16=r0, @ANYRES8=r1], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r3, 0x80045b09, &(0x7f0000000040)) socket$kcm(0x29, 0x2, 0x0) r4 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) r5 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r5, 0xc0487c04, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)}) ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000000c0)={0x282d, 0x100}) 4.379159407s ago: executing program 0 (id=829): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) openat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000003e0000003e00000008000000060000000300000f0200000018928e4a00100000030000000100000018260000ff0f0000030000000200000000020000456f0c00000000000002000000000000003030303e006a00e71570aab29ce76e7d25931cb392a7fce258dd7dbb2e04643a057a8e25"], &(0x7f00000006c0)=""/87, 0x60, 0x57, 0x1, 0x3, 0x0, @void, @value}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @xdp, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', 0x0}) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f00000002c0)={0x1, 0xffff8c19, 0x8, 0xfffff643, 0xe, "4ab12e8231d99b6e7d16516991de5e092f24cd"}) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x40004) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r5, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021"], 0x54}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) r7 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r7, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x30004001) setsockopt$sock_attach_bpf(r7, 0x6, 0x5, 0x0, 0x0) setsockopt$packet_rx_ring(r6, 0x107, 0x5, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='f2fs_iostat_latency\x00', r2, 0x0, 0x9abc}, 0x18) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x300, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x40, 0x9, 0x0, 0x0, {0x2}, [@typed={0x8, 0x2, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r7, 0xf501, 0x0) r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x0) r10 = dup(r9) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r10, @ANYRESOCT=r1]) 4.125697947s ago: executing program 0 (id=830): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB="0b0000000500000000", @ANYBLOB], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r1}, 0x18) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000000c0)) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1a, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x7dd8, 0x0, @void, @value, @void, @value}, 0x48) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0xffffff7f, 0x0) 2.648222153s ago: executing program 2 (id=836): syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00') syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip6_flowlabel\x00') socket$nl_generic(0x10, 0x3, 0x10) setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000140), 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, &(0x7f00000001c0)="450f01c4f3400f090f3566470fc735a6903ee664460f01c20f01cac4c2a1b83f0f63e942783566b8ab000f00d0", 0x2d}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.428773597s ago: executing program 1 (id=837): socket(0x11, 0x800000003, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r3, 0x0, 0x11, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b722780", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000220c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="0000002100000000050000000000000095c333d4c0a3ecdd69086b8e4c36439a8808b90ea579cdf8bd475a470064827701f4169ebebecb5bba94f06f020fb64e5594a86f5f00000000000008c7533dc98a94008d7d2a7d2c23bc3f4cc1992aebd29fd21e95b3c7c49de340c24cb6ba1a33740825c424ecd87a3b02ae7840be900964b6948074a8f2ed867fd6601b0ca02215f4c2a5157135575fa1903abe92246853cb7cb868a3b2524a92bfa8aaeaf3ff3f08fb97ec0c126bfea903ef567bdf48aecb23342c8102732b7257f65b1f7d82adec836fd77d2f5c6e6c18ae428531d9e4d906b0a19827bffab9ced1e24e8f063d44fb76dd59e75486"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex, r4, 0x11, 0x0, 0x0, @void, @value=r2}, 0x20) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0) r5 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$CAPI_REGISTER(r5, 0x400c4301, &(0x7f0000000080)={0x0, 0x0, 0x8800}) syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "ffffffffff60000000000000"}]}}}}}}, 0x0) socket$inet(0x2, 0x2, 0x1) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r6, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4) syz_emit_ethernet(0x66, &(0x7f0000000080)={@local, @random="a0725ce9403b", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x30, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, {[], @time_exceed={0x4, 0x0, 0x0, 0x60, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @ipv4={'\x00', '\xff\xff', @broadcast}}}}}}}}, 0x0) recvmmsg(r6, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x40, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1, [@hopopts={0x3a}, @routing]}}}}}}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) 2.360150091s ago: executing program 2 (id=838): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000001000304000000000000000000007400", @ANYRES32=r1, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d00000000000500240000000000050016"], 0x68}}, 0x0) 2.287351371s ago: executing program 2 (id=839): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) vmsplice(r1, &(0x7f0000001300), 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x80020005, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 2.001791344s ago: executing program 0 (id=840): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, 0x0, 0x0) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101a40) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x640}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f000076e000/0x4000)=nil, 0x400000, 0x0, 0x2}) 1.525242699s ago: executing program 3 (id=841): socket(0x11, 0x800000003, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0) r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000080)={0x0, 0x0, 0x8800}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1000000}, 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) 1.524670047s ago: executing program 1 (id=842): openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/conntrack\x00', 0x2, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = userfaultfd(0x80800) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x2000, 0x0, 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r2, &(0x7f0000005b80)=[{{&(0x7f00000030c0)={0xa, 0x4e23, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000003700)=ANY=[@ANYBLOB="140000002900000036006b000000000000000000"], 0x14}}], 0x1, 0x0) mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x3000002, 0x11, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000000)={&(0x7f00001c4000/0x3000)=nil, &(0x7f0000000000/0xc00000)=nil, 0x3000, 0x0, 0x2}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000002c0)={'wg2\x00'}) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x5c, r6, 0x5, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x34, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x5c}}, 0x0) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) socket$key(0xf, 0x3, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) socket(0x10, 0x3, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_PIT(r7, 0x8048ae66, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0) 1.499518678s ago: executing program 2 (id=843): r0 = fsopen(&(0x7f00000011c0)='gfs2meta\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) readv(r1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, 0x0, 0x0) listen(r2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x20008800, &(0x7f0000000100)={0x2, 0x2d, @dev={0xac, 0x14, 0x14, 0x3f}}, 0x10) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f00000003c0), 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="2400000021002551241c0165ff00fc020a000060ff100f000ee1000c08000b0000000000", 0x24) sendmmsg$inet(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 1.429813037s ago: executing program 2 (id=844): syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$igmp6(0xa, 0x3, 0x2) pselect6(0x40, &(0x7f0000000040)={0x0, 0x300}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) syz_usb_disconnect(r0) 1.177300763s ago: executing program 0 (id=845): timer_create(0xb, 0x0, &(0x7f0000000400)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$video4linux(&(0x7f00000000c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x0, 0x8d}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000000)=0x9) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x7, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r3, 0x4068aea3, &(0x7f0000000180)={0xdc}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) unshare(0x26020280) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 696.319931ms ago: executing program 3 (id=846): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x4) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040)=0x9) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x8000) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000380)=0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f00009ea000/0x1000)=nil, 0x1000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x25, 0x20, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x37) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r1, &(0x7f0000000000)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./bus\x00') syz_open_dev$tty20(0xc, 0x4, 0x1) mount$tmpfs(0x0, &(0x7f00000006c0)='./bus\x00', 0x0, 0x40024, 0x0) r6 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000005, 0x12, r6, 0x0) 324.412599ms ago: executing program 1 (id=847): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x8040587f, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00'}, 0x10) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) getrusage(0x1, &(0x7f0000000080)={{}, {0x0}}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000140)=0x80) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r2, 0x401c5820, &(0x7f0000000940)=ANY=[@ANYBLOB="e6541de6ae59dd5078648845a3a7a173440974119d0946db8efc4a2a8755d87027aaf66dce6eaced98f70dbbd25be7067343ac9308e73862b456599dd15b54214b6614db68cf327cbfc82d60a425b1a7e165caf85b36f8320b30a049c6b8975112d2276d0ca41ac0edeb51f47ea394dfc99304e19b7ef1f14f8e5ffcb72abe5ad26fd2b87d3715227284c4d2840d20c4796f9c764f93b4d894a9cec304c91e2b2e39d513e036a93641e81849a517c9f9bcd1a8d595e4f8b6cd5cc97319067af409c6ecb73b2784", @ANYRES8=r1, @ANYRES64=r0]) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r2, 0xc008551c, &(0x7f0000000280)=ANY=[@ANYBLOB="020765b6ead25adcfd13b13be8000000"]) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYRESDEC=r3], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r4}, 0xc) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, &(0x7f0000000100)=0x8) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x2, 0x1, 0x6, 0x400}]}) openat$sndseq(0xffffff9c, &(0x7f0000000180), 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r5, 0x660c) r6 = fsopen(&(0x7f00000002c0)='ramfs\x00', 0x0) r7 = fsmount(r6, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000600)={0x8000, 0x6d9, 0x1, 'queue1\x00', 0x7fff}) fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f0000000b80)='\x00\x84\xad\xf8,I\x03b\x11,\xe3\x85\xbdB\xb1x\xa4i/e\x7f8V\xadW\x8aD\xc6\xc7\x02\x8b\x9a\xfb\x7fN\xaa6p7M\xd5\xbcuhPI4\xa5.DkXyuW\xdc\xd7\x12\x90Q\\\xc5i\xc2\x9c>\xd3\xf4\xa2\x84\xf2\xeb\x93\xaa)\xec\xa9\xb6\t\xe51\rx\xb6\x83\xf3\xf3I\xd6-\x10\xd5Kn\xec\x9f4\xff\xb8\xab\xd8\xed\xcb`\x856\xa8v\xae\xf8\xbc\x96\xa7\xd6wB\x1e\xb3&M\xc1RM\xb1\x9b\xf9M`fGP\xbc\xd6\xba\x16n)1Vk\xd5\xeaSw\t\xf8\x16O\xdd\x96\x8d79\x1b\x012z\xc0\x91h\r\xd9,\xe3\xb4.\xd64\x8f\xd4RA\x8f\x05u$\xdb\x12\x93\xb9\xdf\b\xc4\x9b+\xf5G\x94\xe8\xe4\x14w\xdf\b\x0e=\x88\xd3\xba\xe1s\xcb', &(0x7f0000000780)="0a60003a451d3cd48ab956d6c8256f819e019fe3a07dde0af168be77ee9d8d6b480837d7c94ab1e1ee00db6b4fbfe951f22622ee055b5e8199cb4ae1b0807ee64267efe071eea4e7b1b4fdc053cdef113d948091b7e3aa8aa109867a94dd87e7af6392377d5ea695963b345d998431fb7862d6bd910d91a3f0f6497ce8b708996e06fb12f69fa1d914134e8f5b8bcbfe427de47b2bdc4a73", 0x98) r8 = gettid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f00000004c0)={{0x2, 0x4, 0x401, 0x400, 'syz0\x00', 0x9}, 0x3, 0x10000000, 0x4, r8, 0x0, 0x3, 'syz0\x00', 0x0}) fsconfig$FSCONFIG_SET_PATH(r6, 0x3, 0x0, 0x0, 0xffffffffffffff9c) fsmount(0xffffffffffffffff, 0x1, 0x0) r9 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs2/binder-control\x00', 0x800, 0x0) ioctl$BINDER_CTL_ADD(r9, 0xc1086201, &(0x7f00000002c0)={'custom1\x00'}) r10 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r10, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @local}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000400)="9469400de45f84e5afa5267f3177fcba358e69375a6a5741b52981815904bd4a0daec8", 0x23}], 0x1}}, {{&(0x7f00000002c0)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00', 0xfffffffd}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000000300)='7', 0x1}, {&(0x7f0000000c80)="d9f5c22726780b7b09a847900e5888ec6f23f425c6e1f6d5a5a990c03646abd64e8f28d8ad4800124550f1efa4e509ef183e41ca19ea37db2f331803508d0c139676f3c86276af9240d8a0205a20da0bc68010087bdcea75105fce035bcbfb50f81b830c954b4d2499eedd6469ef73f371635f0b9765ce9b945d8e9458c3a9427936e6b0535fd3b2054a501754457955313ae60452745f9c049255b975deaf788c3ef8322a794f6fa55fbf3965d50a087d51289740e4a399141cf22c85b22260550befd3d8064e47d160612f9166264a9e20280ae4beabf2974948720f273536d1ab675a241bca6b4500db5d1081404727c5f15de39a3332346a654a83cfd0edbb784f27bb6ab33e752bd687de11", 0x10e}], 0x2}}], 0x2, 0x0) 323.468122ms ago: executing program 1 (id=848): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_RELDISP(r3, 0x5605) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000540)={0x14, r4, 0x301, 0x0, 0x0, {0x29}}, 0x14}}, 0x0) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r5, 0xee01, 0x0) keyctl$setperm(0x5, r5, 0x21081c22) r6 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r7) add_key$keyring(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r5) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000000), &(0x7f0000048000), 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x16}]}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000b80)={'wlan0\x00'}) socket$packet(0x11, 0x3, 0x300) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000300)='sys_enter\x00', r0}, 0x10) delete_module(0x0, 0x0) 0s ago: executing program 2 (id=849): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, 0x0, 0x0) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101a40) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x640}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f000076e000/0x4000)=nil, 0x400000, 0x0, 0x2}) (fail_nth: 3) kernel console output (not intermixed with test programs): T6066] _copy_from_iter+0x27a/0xfc0 [ 74.979199][ T6066] ? __pfx__copy_from_iter+0x10/0x10 [ 74.980582][ T6066] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 74.982171][ T6066] ? tun_build_skb.constprop.0+0x1b8/0x1390 [ 74.983718][ T6066] ? __pfx_lock_release+0x10/0x10 [ 74.985041][ T6066] copy_page_from_iter+0xa5/0x120 [ 74.986378][ T6066] tun_build_skb.constprop.0+0x294/0x1390 [ 74.987868][ T6066] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 74.989525][ T6066] ? __pfx___lock_acquire+0x10/0x10 [ 74.990897][ T6066] tun_get_user+0x888/0x3c20 [ 74.992126][ T6066] ? __pfx_tun_get_user+0x10/0x10 [ 74.993458][ T6066] ? find_held_lock+0x2d/0x110 [ 74.994714][ T6066] ? __pfx_lock_release+0x10/0x10 [ 74.996035][ T6066] tun_chr_write_iter+0xe8/0x210 [ 74.997340][ T6066] vfs_write+0x6b6/0x1140 [ 74.998472][ T6066] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 74.999913][ T6066] ? __pfx_vfs_write+0x10/0x10 [ 75.001186][ T6066] ? __fget_files+0x256/0x400 [ 75.002427][ T6066] ? __fget_light+0x173/0x210 [ 75.003665][ T6066] ksys_write+0x12f/0x260 [ 75.004801][ T6066] ? __pfx_ksys_write+0x10/0x10 [ 75.006100][ T6066] __do_fast_syscall_32+0x73/0x120 [ 75.007443][ T6066] do_fast_syscall_32+0x32/0x80 [ 75.008731][ T6066] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 75.010395][ T6066] RIP: 0023:0xf7f11579 [ 75.011456][ T6066] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 75.016427][ T6066] RSP: 002b:00000000f5696530 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 75.018625][ T6066] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020003400 [ 75.020681][ T6066] RDX: 0000000000000036 RSI: 00000000f739bff4 RDI: 0000000000000000 [ 75.022758][ T6066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 75.024814][ T6066] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 75.026876][ T6066] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 75.028976][ T6066] [ 75.078477][ T6067] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 75.199369][ T35] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 75.379169][ T35] usb 5-1: Using ep0 maxpacket: 8 [ 75.383672][ T35] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 75.386996][ T35] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 75.399137][ T35] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 75.402539][ T35] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 75.406957][ T35] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 75.419573][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.629435][ T35] usb 5-1: usb_control_msg returned -32 [ 75.630961][ T35] usbtmc 5-1:16.0: can't read capabilities [ 75.897789][ T6084] mmap: syz.1.203 (6084) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 75.918269][ T6086] Bluetooth: MGMT ver 1.23 [ 76.014072][ T25] cfg80211: failed to load regulatory.db [ 76.184789][ T5394] usb 5-1: USB disconnect, device number 3 [ 76.389154][ T30] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 76.579162][ T30] usb 8-1: Using ep0 maxpacket: 32 [ 76.581960][ T30] usb 8-1: config 0 has no interfaces? [ 76.583408][ T30] usb 8-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15 [ 76.589178][ T30] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.600106][ T30] usb 8-1: config 0 descriptor?? [ 76.677066][ T6111] FAULT_INJECTION: forcing a failure. [ 76.677066][ T6111] name failslab, interval 1, probability 0, space 0, times 0 [ 76.681143][ T6111] CPU: 0 UID: 0 PID: 6111 Comm: syz.2.213 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 76.683859][ T6111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.686612][ T6111] Call Trace: [ 76.687490][ T6111] [ 76.688385][ T6111] dump_stack_lvl+0x16c/0x1f0 [ 76.689935][ T6111] should_fail_ex+0x497/0x5b0 [ 76.691180][ T6111] ? fs_reclaim_acquire+0xae/0x160 [ 76.692534][ T6111] should_failslab+0xc2/0x120 [ 76.693973][ T6111] __kmalloc_node_track_caller_noprof+0xcf/0x440 [ 76.695723][ T6111] ? p9_client_create+0x5a1/0x11b0 [ 76.697098][ T6111] kmemdup_nul+0x34/0xb0 [ 76.698304][ T6111] p9_client_create+0x5a1/0x11b0 [ 76.699615][ T6111] ? __pfx_p9_client_create+0x10/0x10 [ 76.701043][ T6111] ? __kmalloc_node_track_caller_noprof+0x22d/0x440 [ 76.702783][ T6111] ? v9fs_session_init+0x1f8/0x1a80 [ 76.704153][ T6111] v9fs_session_init+0x1f8/0x1a80 [ 76.705497][ T6111] ? __pfx_v9fs_session_init+0x10/0x10 [ 76.706933][ T6111] ? kasan_save_track+0x14/0x30 [ 76.708210][ T6111] v9fs_mount+0xc6/0xa50 [ 76.709375][ T6111] ? __pfx_v9fs_mount+0x10/0x10 [ 76.710655][ T6111] ? apparmor_capable+0x114/0x1d0 [ 76.711981][ T6111] ? __pfx_v9fs_mount+0x10/0x10 [ 76.713274][ T6111] legacy_get_tree+0x109/0x220 [ 76.714531][ T6111] vfs_get_tree+0x8f/0x380 [ 76.715711][ T6111] path_mount+0x6e1/0x1f10 [ 76.716890][ T6111] ? __pfx_path_mount+0x10/0x10 [ 76.718226][ T6111] ? putname+0x12e/0x170 [ 76.719351][ T6111] ? putname+0x12e/0x170 [ 76.720475][ T6111] __ia32_sys_mount+0x292/0x310 [ 76.721781][ T6111] ? __pfx___ia32_sys_mount+0x10/0x10 [ 76.723194][ T6111] __do_fast_syscall_32+0x73/0x120 [ 76.724533][ T6111] do_fast_syscall_32+0x32/0x80 [ 76.725819][ T6111] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 76.727464][ T6111] RIP: 0023:0xf7f20579 [ 76.728553][ T6111] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 76.733557][ T6111] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 76.735784][ T6111] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 76.737851][ T6111] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000020000280 [ 76.739939][ T6111] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 76.741998][ T6111] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 76.744044][ T6111] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.746104][ T6111] [ 77.151296][ T6129] netlink: 44 bytes leftover after parsing attributes in process `syz.0.220'. usb_generic_handle_packet: ctrl buffer too small (16384 > 4096) [ 77.509161][ T39] audit: type=1326 audit(1726400260.018:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.515467][ T39] audit: type=1326 audit(1726400260.028:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.526883][ T39] audit: type=1326 audit(1726400260.028:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.536561][ T39] audit: type=1326 audit(1726400260.038:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.543002][ T39] audit: type=1326 audit(1726400260.038:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.549988][ T39] audit: type=1326 audit(1726400260.038:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.556517][ T39] audit: type=1326 audit(1726400260.038:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.569524][ T39] audit: type=1326 audit(1726400260.038:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.576839][ T39] audit: type=1326 audit(1726400260.038:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.589679][ T39] audit: type=1326 audit(1726400260.038:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6141 comm="syz.2.224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 77.693284][ T6149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.226'. [ 78.609843][ T6168] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 78.940329][ T6163] orangefs_mount: mount request failed with -4 [ 78.969181][ T4781] Bluetooth: hci2: command tx timeout [ 79.022007][ T6187] netlink: 'syz.0.237': attribute type 4 has an invalid length. [ 79.080863][ T35] usb 8-1: USB disconnect, device number 4 [ 79.330690][ T30] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 79.539132][ T30] usb 7-1: Using ep0 maxpacket: 8 [ 79.541685][ T30] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 79.544190][ T30] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 79.546696][ T30] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 79.549692][ T30] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 79.553037][ T30] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 79.555370][ T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.594386][ T6204] netlink: 4 bytes leftover after parsing attributes in process `syz.1.245'. [ 79.624346][ T6205] netlink: 20 bytes leftover after parsing attributes in process `syz.0.244'. [ 79.775416][ T30] usb 7-1: GET_CAPABILITIES returned 0 [ 79.777122][ T30] usbtmc 7-1:16.0: can't read capabilities [ 80.056616][ T35] usb 7-1: USB disconnect, device number 2 [ 80.240227][ T6216] netlink: 'syz.3.248': attribute type 4 has an invalid length. [ 80.490686][ T6221] random: crng reseeded on system resumption [ 80.496314][ T6221] Restarting kernel threads ... done. [ 80.500355][ T6221] 9pnet_fd: Insufficient options for proto=fd [ 80.504399][ T6221] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 80.602499][ T6225] random: crng reseeded on system resumption [ 80.613643][ T6225] Restarting kernel threads ... done. [ 80.622900][ T6225] 9pnet_fd: Insufficient options for proto=fd [ 80.630524][ T6225] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 80.872005][ T6234] netlink: 'syz.3.255': attribute type 1 has an invalid length. [ 80.874050][ T6234] netlink: 224 bytes leftover after parsing attributes in process `syz.3.255'. [ 80.947632][ T6238] netlink: 'syz.2.257': attribute type 4 has an invalid length. [ 81.027765][ T6245] 9pnet_fd: Insufficient options for proto=fd [ 81.158792][ T6257] FAULT_INJECTION: forcing a failure. [ 81.158792][ T6257] name failslab, interval 1, probability 0, space 0, times 0 [ 81.162135][ T6257] CPU: 1 UID: 0 PID: 6257 Comm: syz.2.261 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 81.164870][ T6257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.167667][ T6257] Call Trace: [ 81.168549][ T6257] [ 81.169372][ T6257] dump_stack_lvl+0x16c/0x1f0 [ 81.170679][ T6257] should_fail_ex+0x497/0x5b0 [ 81.171941][ T6257] ? fs_reclaim_acquire+0xae/0x160 [ 81.173306][ T6257] should_failslab+0xc2/0x120 [ 81.174552][ T6257] __kmalloc_noprof+0xcb/0x410 [ 81.175814][ T6257] ? __pfx_lock_acquire+0x10/0x10 [ 81.177157][ T6257] tomoyo_realpath_from_path+0xbf/0x710 [ 81.178613][ T6257] ? tomoyo_profile+0x47/0x60 [ 81.179860][ T6257] tomoyo_path_number_perm+0x245/0x5b0 [ 81.181301][ T6257] ? tomoyo_path_number_perm+0x232/0x5b0 [ 81.182774][ T6257] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 81.184351][ T6257] ? __pfx_lock_release+0x10/0x10 [ 81.185692][ T6257] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 81.187268][ T6257] ? __fget_files+0x256/0x400 [ 81.188498][ T6257] security_file_ioctl_compat+0x75/0xc0 [ 81.189963][ T6257] __do_compat_sys_ioctl+0x5d/0x330 [ 81.191322][ T6257] __do_fast_syscall_32+0x73/0x120 [ 81.192662][ T6257] do_fast_syscall_32+0x32/0x80 [ 81.193954][ T6257] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 81.195594][ T6257] RIP: 0023:0xf7f20579 [ 81.196659][ T6257] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 81.201621][ T6257] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 81.203779][ T6257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005310 [ 81.205832][ T6257] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.207870][ T6257] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 81.209932][ T6257] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 81.211991][ T6257] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 81.214064][ T6257] [ 81.216415][ T6257] ERROR: Out of memory at tomoyo_realpath_from_path. [ 81.520447][ T4781] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 81.522877][ T4781] Bluetooth: hci3: Injecting HCI hardware error event [ 81.525348][ T4781] Bluetooth: hci3: hardware error 0x00 [ 81.535270][ T6271] syz.2.264: attempt to access beyond end of device [ 81.535270][ T6271] loop2: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 81.538786][ T6271] EXT4-fs (loop2): unable to read superblock [ 81.546467][ T6271] usb 2-1: USB disconnect, device number 2 [ 81.598128][ T6272] hub 2-0:1.0: USB hub found [ 81.600776][ T6272] hub 2-0:1.0: 6 ports detected [ 81.799372][ T35] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 81.837820][ T6274] Lens B: ================= START STATUS ================= [ 81.839926][ T6274] Lens B: Focus, Absolute: 0 [ 81.842044][ T6274] Lens B: ================== END STATUS ================== [ 82.023470][ T35] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 82.025861][ T35] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 82.028019][ T35] usb 2-1: Product: QEMU USB Tablet [ 82.029496][ T35] usb 2-1: Manufacturer: QEMU [ 82.030768][ T35] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 82.060372][ T35] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0002/input/input7 [ 82.142695][ T35] hid-generic 0003:0627:0001.0002: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 82.189454][ T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 82.194473][ T6281] netlink: 'syz.1.268': attribute type 4 has an invalid length. [ 82.379170][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 82.390147][ T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 82.392733][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 82.395359][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 82.398008][ T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 82.402115][ T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 82.404732][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.628544][ T10] usb 8-1: GET_CAPABILITIES returned 0 [ 82.636173][ T10] usbtmc 8-1:16.0: can't read capabilities [ 82.812953][ T6302] random: crng reseeded on system resumption [ 82.823783][ T6302] Restarting kernel threads ... done. [ 82.832205][ T6302] 9pnet_fd: Insufficient options for proto=fd [ 82.839699][ T6302] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 82.921985][ T10] usb 8-1: USB disconnect, device number 5 [ 82.950541][ T6307] MTD: Couldn't look up '/dev/sg0': -15 [ 83.100793][ T6305] /dev/sr0: Can't open blockdev [ 83.226780][ T6317] netlink: 'syz.0.279': attribute type 4 has an invalid length. [ 83.599277][ T4781] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 84.589273][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 84.790270][ T10] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 84.795063][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.798176][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.801269][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 84.809929][ T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 84.812297][ T10] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 84.814866][ T10] usb 5-1: Manufacturer: syz [ 84.822952][ T10] usb 5-1: config 0 descriptor?? [ 85.235112][ T10] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 85.237421][ T10] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 85.247081][ T10] appleir 0003:05AC:8243.0003: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 85.536143][ T6384] FAULT_INJECTION: forcing a failure. [ 85.536143][ T6384] name failslab, interval 1, probability 0, space 0, times 0 [ 85.539821][ T6384] CPU: 2 UID: 0 PID: 6384 Comm: syz.2.299 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 85.542774][ T6384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.545679][ T6384] Call Trace: [ 85.546579][ T6384] [ 85.547375][ T6384] dump_stack_lvl+0x16c/0x1f0 [ 85.548703][ T6384] should_fail_ex+0x497/0x5b0 [ 85.549987][ T6384] ? fs_reclaim_acquire+0xae/0x160 [ 85.551344][ T6384] should_failslab+0xc2/0x120 [ 85.553035][ T6384] __kmalloc_noprof+0xcb/0x410 [ 85.554348][ T6384] ? __pfx_d_absolute_path+0x10/0x10 [ 85.555723][ T6384] tomoyo_encode2+0x100/0x3e0 [ 85.557273][ T6384] tomoyo_realpath_from_path+0x1a7/0x710 [ 85.558814][ T6384] tomoyo_path_number_perm+0x245/0x5b0 [ 85.560228][ T6384] ? tomoyo_path_number_perm+0x232/0x5b0 [ 85.561838][ T6384] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 85.563756][ T6384] ? __pfx_lock_release+0x10/0x10 [ 85.565080][ T6384] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 85.566626][ T6384] ? __fget_files+0x256/0x400 [ 85.567846][ T6384] security_file_ioctl_compat+0x75/0xc0 [ 85.569305][ T6384] __do_compat_sys_ioctl+0x5d/0x330 [ 85.570653][ T6384] __do_fast_syscall_32+0x73/0x120 [ 85.572028][ T6384] do_fast_syscall_32+0x32/0x80 [ 85.573575][ T6384] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.575839][ T6384] RIP: 0023:0xf7f20579 [ 85.577238][ T6384] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 85.582279][ T6384] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 85.584844][ T6384] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 85.587658][ T6384] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 85.590484][ T6384] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 85.593044][ T6384] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 85.595121][ T6384] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 85.597944][ T6384] [ 85.599184][ C2] vkms_vblank_simulate: vblank timer overrun [ 85.603771][ T6384] ERROR: Out of memory at tomoyo_realpath_from_path. [ 85.612357][ T62] usb 5-1: USB disconnect, device number 4 [ 85.949185][ T25] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 86.129265][ T25] usb 7-1: Using ep0 maxpacket: 16 [ 86.138854][ T25] usb 7-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 86.145352][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.147628][ T25] usb 7-1: Product: syz [ 86.157650][ T25] usb 7-1: Manufacturer: syz [ 86.158955][ T25] usb 7-1: SerialNumber: syz [ 86.174356][ T25] usb 7-1: config 0 descriptor?? [ 86.178630][ T25] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 86.428260][ T6390] input: syz0 as /devices/virtual/input/input8 [ 86.593532][ T6410] netlink: 20 bytes leftover after parsing attributes in process `syz.2.303'. [ 86.764666][ T6418] FAULT_INJECTION: forcing a failure. [ 86.764666][ T6418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 86.768114][ T6418] CPU: 0 UID: 0 PID: 6418 Comm: syz.1.309 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 86.770862][ T6418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.773623][ T6418] Call Trace: [ 86.774493][ T6418] [ 86.775269][ T6418] dump_stack_lvl+0x16c/0x1f0 [ 86.776557][ T6418] should_fail_ex+0x497/0x5b0 [ 86.777821][ T6418] _copy_from_user+0x30/0xf0 [ 86.779034][ T6418] ioctl_preallocate+0xb5/0x220 [ 86.780319][ T6418] ? __pfx_ioctl_preallocate+0x10/0x10 [ 86.781735][ T6418] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 86.783296][ T6418] do_vfs_ioctl+0x16bd/0x1a90 [ 86.784552][ T6418] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 86.785993][ T6418] ? __pfx_lock_release+0x10/0x10 [ 86.787346][ T6418] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 86.789010][ T6418] ? __fget_files+0x256/0x400 [ 86.790311][ T6418] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 86.791761][ T6418] __do_compat_sys_ioctl+0x149/0x330 [ 86.793179][ T6418] __do_fast_syscall_32+0x73/0x120 [ 86.794531][ T6418] do_fast_syscall_32+0x32/0x80 [ 86.795815][ T6418] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.797470][ T6418] RIP: 0023:0xf7f11579 [ 86.798547][ T6418] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 86.803562][ T6418] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 86.805740][ T6418] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000040305829 [ 86.807803][ T6418] RDX: 0000000020000240 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.809873][ T6418] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 86.811951][ T6418] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 86.814018][ T6418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 86.816081][ T6418] [ 87.055243][ T25] gp8psk: usb in 128 operation failed. [ 87.057505][ T25] gp8psk: usb in 137 operation failed. [ 87.058938][ T25] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 87.062243][ T25] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 87.064740][ T25] usb 7-1: media controller created [ 87.075651][ T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 87.085752][ T25] gp8psk_fe: Frontend revision 1 attached [ 87.087522][ T25] usb 7-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 87.090227][ T25] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 87.114834][ T25] gp8psk: usb in 138 operation failed. [ 87.116268][ T25] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 87.118838][ T25] gp8psk: found Genpix USB device pID = 201 (hex) [ 87.122846][ T25] usb 7-1: USB disconnect, device number 3 [ 87.181052][ T25] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 87.348889][ T6436] syz.1.313: attempt to access beyond end of device [ 87.348889][ T6436] loop1: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 87.359210][ T6436] EXT4-fs (loop1): unable to read superblock [ 87.381863][ T6436] usb 2-1: USB disconnect, device number 3 [ 87.437619][ T6436] hub 2-0:1.0: USB hub found [ 87.439215][ T6436] hub 2-0:1.0: 6 ports detected [ 87.637892][ T8] usb 2-1: new high-speed USB device number 4 using ehci-pci [ 87.877685][ T8] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 87.880163][ T8] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 87.882453][ T8] usb 2-1: Product: QEMU USB Tablet [ 87.884102][ T8] usb 2-1: Manufacturer: QEMU [ 87.885523][ T8] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 87.926655][ T8] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0004/input/input9 [ 87.940984][ T8] hid-generic 0003:0627:0001.0004: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 88.116188][ T6446] netlink: 20 bytes leftover after parsing attributes in process `syz.2.317'. [ 88.439834][ T6453] random: crng reseeded on system resumption [ 88.445316][ T6453] Restarting kernel threads ... done. [ 88.450236][ T6453] 9pnet_fd: Insufficient options for proto=fd [ 88.454845][ T6453] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 89.516655][ T6500] netlink: 'syz.0.330': attribute type 4 has an invalid length. [ 89.753781][ T6507] netlink: 48 bytes leftover after parsing attributes in process `syz.3.332'. [ 90.142547][ T6512] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 90.151263][ T6512] FAULT_INJECTION: forcing a failure. [ 90.151263][ T6512] name failslab, interval 1, probability 0, space 0, times 0 [ 90.154862][ T6512] CPU: 3 UID: 0 PID: 6512 Comm: syz.0.336 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 90.157651][ T6512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.160457][ T6512] Call Trace: [ 90.161368][ T6512] [ 90.162156][ T6512] dump_stack_lvl+0x16c/0x1f0 [ 90.163683][ T6512] should_fail_ex+0x497/0x5b0 [ 90.165443][ T6512] ? fs_reclaim_acquire+0xae/0x160 [ 90.167471][ T6512] should_failslab+0xc2/0x120 [ 90.169155][ T6512] kmem_cache_alloc_lru_noprof+0x72/0x2f0 [ 90.170704][ T6512] ? ovl_alloc_inode+0x25/0x190 [ 90.172006][ T6512] ? __pfx_ovl_alloc_inode+0x10/0x10 [ 90.173533][ T6512] ovl_alloc_inode+0x25/0x190 [ 90.175068][ T6512] alloc_inode+0x5d/0x230 [ 90.176426][ T6512] new_inode+0x22/0x210 [ 90.177749][ T6512] ovl_new_inode+0x1d/0x50 [ 90.178929][ T6512] ovl_create_object+0x17e/0x300 [ 90.180227][ T6512] ? __pfx_ovl_create_object+0x10/0x10 [ 90.181801][ T6512] ? security_inode_permission+0xe6/0x120 [ 90.183826][ T6512] ? inode_permission+0xdd/0x5f0 [ 90.185156][ T6512] ? bpf_lsm_inode_create+0x9/0x10 [ 90.186515][ T6512] ? __pfx_ovl_create+0x10/0x10 [ 90.187867][ T6512] lookup_open.isra.0+0x10a1/0x13c0 [ 90.189285][ T6512] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 90.190739][ T6512] ? __pfx_down_write+0x10/0x10 [ 90.192025][ T6512] ? mnt_get_write_access+0x20c/0x300 [ 90.193565][ T6512] path_openat+0xa3b/0x2d20 [ 90.194773][ T6512] ? __pfx_path_openat+0x10/0x10 [ 90.196099][ T6512] ? __pfx___lock_acquire+0x10/0x10 [ 90.197486][ T6512] ? find_held_lock+0x2d/0x110 [ 90.198766][ T6512] do_filp_open+0x1dc/0x430 [ 90.200190][ T6512] ? __pfx_do_filp_open+0x10/0x10 [ 90.201825][ T6512] ? find_held_lock+0x2d/0x110 [ 90.203395][ T6512] ? _raw_spin_unlock+0x28/0x50 [ 90.205032][ T6512] ? alloc_fd+0x2d7/0x6c0 [ 90.206461][ T6512] do_sys_openat2+0x17a/0x1e0 [ 90.207776][ T6512] ? __pfx_do_sys_openat2+0x10/0x10 [ 90.209176][ T6512] __ia32_compat_sys_openat+0x16e/0x210 [ 90.210620][ T6512] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 90.212208][ T6512] ? ksys_write+0x1ab/0x260 [ 90.213460][ T6512] __do_fast_syscall_32+0x73/0x120 [ 90.214802][ T6512] do_fast_syscall_32+0x32/0x80 [ 90.216082][ T6512] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 90.217855][ T6512] RIP: 0023:0xf7ff2579 [ 90.219158][ T6512] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 90.226020][ T6512] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 90.228527][ T6512] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 000000002000c380 [ 90.230614][ T6512] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 90.233022][ T6512] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 90.235097][ T6512] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 90.237179][ T6512] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 90.239674][ T6512] [ 90.240822][ C3] vkms_vblank_simulate: vblank timer overrun [ 90.401417][ T6528] netlink: 'syz.0.339': attribute type 4 has an invalid length. [ 90.632700][ T6540] random: crng reseeded on system resumption [ 90.637552][ T6540] Restarting kernel threads ... done. [ 90.656562][ T6540] 9pnet_fd: Insufficient options for proto=fd [ 90.663670][ T6540] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 90.772495][ T6542] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 91.022111][ T39] kauditd_printk_skb: 22 callbacks suppressed [ 91.022122][ T39] audit: type=1326 audit(1726400273.538:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6544 comm="syz.2.345" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x0 [ 91.292500][ T6554] netlink: 48 bytes leftover after parsing attributes in process `syz.0.346'. [ 91.499766][ T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 91.666874][ T6558] can0: slcan on ttyprintk. [ 91.851006][ T6557] can0 (unregistered): slcan off ttyprintk. [ 91.894511][ T6573] netlink: 'syz.0.349': attribute type 4 has an invalid length. [ 92.236127][ T6585] random: crng reseeded on system resumption [ 92.258038][ T6585] Restarting kernel threads ... done. [ 92.273692][ T6585] 9pnet_fd: Insufficient options for proto=fd [ 92.287114][ T6585] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 92.389662][ T6587] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.353'. [ 92.392618][ T6587] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8 [ 92.398901][ T6587] Bluetooth: MGMT ver 1.23 [ 92.400742][ T6587] FAULT_INJECTION: forcing a failure. [ 92.400742][ T6587] name failslab, interval 1, probability 0, space 0, times 0 [ 92.404977][ T6587] CPU: 3 UID: 0 PID: 6587 Comm: syz.0.353 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 92.407762][ T6587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.411154][ T6587] Call Trace: [ 92.412228][ T6587] [ 92.413203][ T6587] dump_stack_lvl+0x16c/0x1f0 [ 92.414798][ T6587] should_fail_ex+0x497/0x5b0 [ 92.416336][ T6587] ? fs_reclaim_acquire+0xae/0x160 [ 92.417963][ T6587] should_failslab+0xc2/0x120 [ 92.419484][ T6587] kmem_cache_alloc_node_noprof+0x71/0x310 [ 92.421358][ T6587] ? __alloc_skb+0x2b3/0x380 [ 92.422868][ T6587] __alloc_skb+0x2b3/0x380 [ 92.424313][ T6587] ? __pfx___alloc_skb+0x10/0x10 [ 92.425983][ T6587] ? hci_bdaddr_list_clear+0x1a/0x1f0 [ 92.427835][ T6587] ? hci_bdaddr_list_del+0x28b/0x350 [ 92.429635][ T6587] mgmt_send_event+0x44/0x180 [ 92.431265][ T6587] unblock_device+0xf6/0x250 [ 92.432897][ T6587] ? __pfx_mgmt_init_hdev+0x10/0x10 [ 92.434605][ T6587] hci_sock_sendmsg+0x1528/0x25e0 [ 92.436277][ T6587] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 92.437869][ T6587] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 92.439368][ T6587] sock_write_iter+0x50a/0x5c0 [ 92.440726][ T6587] ? __pfx_sock_write_iter+0x10/0x10 [ 92.442288][ T6587] ? bpf_lsm_file_permission+0x9/0x10 [ 92.443885][ T6587] ? security_file_permission+0x98/0xc0 [ 92.445543][ T6587] vfs_write+0x6b6/0x1140 [ 92.446866][ T6587] ? __pfx_sock_write_iter+0x10/0x10 [ 92.448421][ T6587] ? __pfx_vfs_write+0x10/0x10 [ 92.449972][ T6587] ? __fget_files+0x256/0x400 [ 92.451479][ T6587] ? __fget_light+0x173/0x210 [ 92.453006][ T6587] ksys_write+0x1f8/0x260 [ 92.454396][ T6587] ? __pfx_ksys_write+0x10/0x10 [ 92.456137][ T6587] __do_fast_syscall_32+0x73/0x120 [ 92.458013][ T6587] do_fast_syscall_32+0x32/0x80 [ 92.459798][ T6587] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 92.462058][ T6587] RIP: 0023:0xf7ff2579 [ 92.463485][ T6587] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 92.470425][ T6587] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 92.473237][ T6587] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000200 [ 92.475752][ T6587] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000 [ 92.478057][ T6587] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 92.480375][ T6587] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 92.482713][ T6587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 92.485234][ T6587] [ 92.545369][ T6590] netlink: 68 bytes leftover after parsing attributes in process `syz.0.355'. [ 92.822464][ T6597] netlink: 20 bytes leftover after parsing attributes in process `syz.0.356'. [ 93.230828][ T6604] netlink: 48 bytes leftover after parsing attributes in process `syz.1.357'. [ 93.399222][ T5394] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 93.609234][ T5394] usb 8-1: Using ep0 maxpacket: 8 [ 93.616410][ T5394] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 93.619038][ T5394] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 93.621867][ T5394] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 93.624567][ T5394] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 93.628338][ T5394] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 93.634000][ T5394] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.781298][ T6619] syz.0.361: attempt to access beyond end of device [ 93.781298][ T6619] loop0: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 93.785072][ T6619] EXT4-fs (loop0): unable to read superblock [ 93.818702][ T6619] usb 2-1: USB disconnect, device number 4 [ 93.866774][ T5394] usb 8-1: usb_control_msg returned -71 [ 93.888899][ T5394] usbtmc 8-1:16.0: can't read capabilities [ 93.909446][ T5394] usb 8-1: USB disconnect, device number 6 [ 93.928872][ T6622] hub 2-0:1.0: USB hub found [ 93.931615][ T6622] hub 2-0:1.0: 6 ports detected [ 93.981499][ T6628] netlink: 'syz.2.363': attribute type 27 has an invalid length. [ 94.069344][ T6628] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.072129][ T6628] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.129157][ T8] usb 2-1: new high-speed USB device number 5 using ehci-pci [ 94.329431][ T6628] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.355274][ T8] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 94.357972][ T6628] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.362017][ T8] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 94.365982][ T8] usb 2-1: Product: QEMU USB Tablet [ 94.373990][ T8] usb 2-1: Manufacturer: QEMU [ 94.375530][ T8] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 94.408214][ T8] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0005/input/input10 [ 94.494432][ T8] hid-generic 0003:0627:0001.0005: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 94.578067][ T6628] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.580496][ T6628] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.582883][ T6628] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.585200][ T6628] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.686805][ T6636] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 94.749141][ T35] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 94.888542][ T6638] tmpfs: Unknown parameter 'kfree' [ 94.949119][ T35] usb 8-1: Using ep0 maxpacket: 8 [ 94.960260][ T35] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 94.963185][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 94.965814][ T35] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 94.968379][ T35] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 94.979266][ T35] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 94.981639][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.217585][ T6634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.221391][ T6634] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.230086][ T35] usb 8-1: GET_CAPABILITIES returned 0 [ 95.231565][ T35] usbtmc 8-1:16.0: can't read capabilities [ 95.483178][ T6660] usb 8-1: usbtmc_ioctl_clear_out_halt returned -32 [ 95.504140][ T35] usb 8-1: USB disconnect, device number 7 [ 96.146016][ T6687] netlink: 20 bytes leftover after parsing attributes in process `syz.0.381'. [ 96.218244][ T6688] FAULT_INJECTION: forcing a failure. [ 96.218244][ T6688] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.221900][ T6688] CPU: 0 UID: 0 PID: 6688 Comm: syz.3.383 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 96.224734][ T6688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 96.227467][ T6688] Call Trace: [ 96.228329][ T6688] [ 96.229135][ T6688] dump_stack_lvl+0x16c/0x1f0 [ 96.230436][ T6688] should_fail_ex+0x497/0x5b0 [ 96.231687][ T6688] _copy_from_user+0x30/0xf0 [ 96.232930][ T6688] generic_map_delete_batch+0x43e/0x6f0 [ 96.234941][ T6688] ? __pfx_generic_map_delete_batch+0x10/0x10 [ 96.236772][ T6688] ? __pfx_generic_map_delete_batch+0x10/0x10 [ 96.238334][ T6688] bpf_map_do_batch+0x32a/0x6e0 [ 96.239596][ T6688] __sys_bpf+0x623/0x55e0 [ 96.240715][ T6688] ? __pfx___sys_bpf+0x10/0x10 [ 96.241967][ T6688] ? ksys_write+0x12f/0x260 [ 96.243235][ T6688] ? find_held_lock+0x2d/0x110 [ 96.244912][ T6688] ? ksys_write+0x21c/0x260 [ 96.246111][ T6688] ? __pfx_lock_release+0x10/0x10 [ 96.247527][ T6688] ? vfs_write+0x14d/0x1140 [ 96.248757][ T6688] ? __mutex_unlock_slowpath+0x164/0x650 [ 96.250281][ T6688] ? fput+0x32/0x390 [ 96.251332][ T6688] ? ksys_write+0x1ab/0x260 [ 96.252534][ T6688] ? __pfx_ksys_write+0x10/0x10 [ 96.254204][ T6688] __ia32_sys_bpf+0x76/0xe0 [ 96.255893][ T6688] __do_fast_syscall_32+0x73/0x120 [ 96.257264][ T6688] do_fast_syscall_32+0x32/0x80 [ 96.258623][ T6688] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 96.260276][ T6688] RIP: 0023:0xf7f31579 [ 96.261367][ T6688] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 96.266479][ T6688] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 96.268645][ T6688] RAX: ffffffffffffffda RBX: 000000000000001b RCX: 0000000020000040 [ 96.270715][ T6688] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 96.272923][ T6688] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 96.275795][ T6688] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 96.278092][ T6688] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 96.280141][ T6688] [ 96.658429][ T39] audit: type=1326 audit(1726400279.168:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6690 comm="syz.3.384" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x0 [ 96.709908][ T6698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.386'. [ 96.712488][ T6698] netlink: 152 bytes leftover after parsing attributes in process `syz.0.386'. [ 96.727421][ T6698] netlink: 152 bytes leftover after parsing attributes in process `syz.0.386'. [ 97.019707][ T6714] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.392'. [ 97.109181][ T10] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 97.200678][ T6721] syz.2.393 uses obsolete (PF_INET,SOCK_PACKET) [ 97.220340][ T6721] netlink: 24 bytes leftover after parsing attributes in process `syz.2.393'. [ 97.593942][ T6729] __nla_validate_parse: 2 callbacks suppressed [ 97.593953][ T6729] netlink: 20 bytes leftover after parsing attributes in process `syz.0.397'. [ 100.207742][ T6740] netlink: 'syz.0.400': attribute type 3 has an invalid length. [ 100.209930][ T6740] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.400'. [ 100.242822][ T5414] IPVS: starting estimator thread 0... [ 100.314908][ T6747] x_tables: duplicate underflow at hook 2 [ 100.318027][ T6747] netlink: 'syz.2.402': attribute type 12 has an invalid length. [ 100.321366][ T6747] netlink: 'syz.2.402': attribute type 11 has an invalid length. [ 100.323865][ T6747] netlink: 190580 bytes leftover after parsing attributes in process `syz.2.402'. [ 100.360262][ T6743] IPVS: using max 36 ests per chain, 86400 per kthread [ 100.418960][ T6752] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.403'. [ 100.617060][ T6767] netlink: 20 bytes leftover after parsing attributes in process `syz.2.409'. [ 101.533690][ T6795] netlink: 20 bytes leftover after parsing attributes in process `syz.1.418'. [ 101.549145][ T64] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 101.729119][ T64] usb 7-1: Using ep0 maxpacket: 8 [ 101.735770][ T64] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 101.739606][ T64] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 101.742607][ T64] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 101.746217][ T64] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 101.749693][ T64] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.753790][ T64] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 101.757265][ T64] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.909744][ T6799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.419'. [ 101.915770][ T6799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.419'. [ 101.981324][ T64] usb 7-1: usb_control_msg returned -32 [ 101.982879][ T64] usbtmc 7-1:16.0: can't read capabilities [ 102.057650][ T6811] FAULT_INJECTION: forcing a failure. [ 102.057650][ T6811] name failslab, interval 1, probability 0, space 0, times 0 [ 102.061807][ T6811] CPU: 0 UID: 0 PID: 6811 Comm: syz.1.430 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 102.064748][ T6811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.067646][ T6811] Call Trace: [ 102.068565][ T6811] [ 102.069372][ T6811] dump_stack_lvl+0x16c/0x1f0 [ 102.070678][ T6811] should_fail_ex+0x497/0x5b0 [ 102.071946][ T6811] ? fs_reclaim_acquire+0xae/0x160 [ 102.073320][ T6811] should_failslab+0xc2/0x120 [ 102.074576][ T6811] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 102.076003][ T6811] ? __kernfs_new_node+0xd3/0x890 [ 102.077358][ T6811] __kernfs_new_node+0xd3/0x890 [ 102.078655][ T6811] ? __pfx___kernfs_new_node+0x10/0x10 [ 102.080089][ T6811] ? __pfx_lock_release+0x10/0x10 [ 102.081418][ T6811] ? down_write+0x14e/0x200 [ 102.082663][ T6811] ? up_write+0x1b2/0x520 [ 102.083807][ T6811] kernfs_new_node+0x186/0x240 [ 102.085083][ T6811] __kernfs_create_file+0x53/0x350 [ 102.086428][ T6811] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 102.087832][ T6811] internal_create_group+0x565/0xe50 [ 102.089250][ T6811] ? __pfx_internal_create_group+0x10/0x10 [ 102.090853][ T6811] ? kernfs_create_link+0x1bd/0x240 [ 102.092220][ T6811] internal_create_groups+0x9d/0x150 [ 102.093617][ T6811] device_add+0x6d3/0x1a70 [ 102.094809][ T6811] ? __pfx_device_add+0x10/0x10 [ 102.096095][ T6811] ? __init_waitqueue_head+0xca/0x150 [ 102.097508][ T6811] netdev_register_kobject+0x187/0x3f0 [ 102.098938][ T6811] register_netdevice+0x1473/0x1e20 [ 102.100306][ T6811] ? __pfx_register_netdevice+0x10/0x10 [ 102.101765][ T6811] ? alloc_netdev_mqs+0xf22/0x1290 [ 102.103110][ T6811] vif_add+0xd92/0x1550 [ 102.104217][ T6811] ? __pfx___lock_acquire+0x10/0x10 [ 102.105599][ T6811] ? __pfx_vif_add+0x10/0x10 [ 102.106830][ T6811] ? find_held_lock+0x2d/0x110 [ 102.108099][ T6811] ? __pfx_lock_release+0x10/0x10 [ 102.109454][ T6811] ? __pfx___might_resched+0x10/0x10 [ 102.110843][ T6811] ? __might_fault+0xe3/0x190 [ 102.112095][ T6811] ip_mroute_setsockopt+0x12c3/0x15c0 [ 102.113513][ T6811] ? __pfx_ip_mroute_setsockopt+0x10/0x10 [ 102.115000][ T6811] ? __pfx_mark_lock+0x10/0x10 [ 102.116259][ T6811] ? __lock_acquire+0xbdd/0x3cb0 [ 102.117564][ T6811] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 102.118973][ T6811] do_ip_setsockopt+0x2e7/0x38c0 [ 102.120279][ T6811] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 102.121701][ T6811] ? __pfx___might_resched+0x10/0x10 [ 102.123097][ T6811] ? __pfx_lock_release+0x10/0x10 [ 102.124418][ T6811] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 102.125929][ T6811] ip_setsockopt+0x59/0xf0 [ 102.127113][ T6811] raw_setsockopt+0xb8/0x290 [ 102.128332][ T6811] ? __pfx_raw_setsockopt+0x10/0x10 [ 102.129720][ T6811] ? sock_common_setsockopt+0x2e/0xf0 [ 102.131120][ T6811] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 102.132563][ T6811] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 102.134147][ T6811] do_sock_setsockopt+0x222/0x480 [ 102.135494][ T6811] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 102.136953][ T6811] ? __fget_light+0x173/0x210 [ 102.138219][ T6811] __sys_setsockopt+0x1a4/0x270 [ 102.139521][ T6811] ? __pfx___sys_setsockopt+0x10/0x10 [ 102.140976][ T6811] ? fput+0x32/0x390 [ 102.142195][ T6811] ? ksys_write+0x1ab/0x260 [ 102.143488][ T6811] ? __pfx_ksys_write+0x10/0x10 [ 102.145396][ T6811] __ia32_sys_setsockopt+0xbc/0x160 [ 102.146805][ T6811] ? lockdep_hardirqs_on+0x7c/0x110 [ 102.148189][ T6811] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 102.149983][ T6811] __do_fast_syscall_32+0x73/0x120 [ 102.151348][ T6811] do_fast_syscall_32+0x32/0x80 [ 102.152649][ T6811] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 102.154357][ T6811] RIP: 0023:0xf7f11579 [ 102.155450][ T6811] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 102.160624][ T6811] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 102.162952][ T6811] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 102.165296][ T6811] RDX: 00000000000000ca RSI: 0000000020000340 RDI: 0000000000000010 [ 102.167637][ T6811] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.169791][ T6811] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 102.171867][ T6811] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.173966][ T6811] [ 102.465740][ T6825] netlink: 20 bytes leftover after parsing attributes in process `syz.0.427'. [ 102.536206][ T6827] netlink: 20 bytes leftover after parsing attributes in process `syz.1.426'. [ 103.234730][ T6840] FAULT_INJECTION: forcing a failure. [ 103.234730][ T6840] name failslab, interval 1, probability 0, space 0, times 0 [ 103.239377][ T6840] CPU: 2 UID: 0 PID: 6840 Comm: syz.3.431 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 103.243076][ T6840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.247249][ T6840] Call Trace: [ 103.248538][ T6840] [ 103.249548][ T6840] dump_stack_lvl+0x16c/0x1f0 [ 103.251130][ T6840] should_fail_ex+0x497/0x5b0 [ 103.252808][ T6840] ? fs_reclaim_acquire+0xae/0x160 [ 103.254582][ T6840] should_failslab+0xc2/0x120 [ 103.256283][ T6840] __kmalloc_node_noprof+0xd1/0x440 [ 103.258050][ T6840] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 103.259808][ T6840] __kvmalloc_node_noprof+0x9d/0x1a0 [ 103.261506][ T6840] check_cfg+0xb4/0x840 [ 103.263099][ T6840] bpf_check+0x5765/0xb3b0 [ 103.264643][ T6840] ? __pfx_bpf_check+0x10/0x10 [ 103.266251][ T6840] ? ktime_get_with_offset+0x13a/0x240 [ 103.267691][ T6840] ? __pfx_lock_release+0x10/0x10 [ 103.269039][ T6840] ? find_held_lock+0x2d/0x110 [ 103.270304][ T6840] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 103.271811][ T6840] ? lockdep_hardirqs_on+0x7c/0x110 [ 103.273238][ T6840] ? bpf_obj_name_cpy+0x156/0x1b0 [ 103.274572][ T6840] bpf_prog_load+0xe3f/0x2670 [ 103.275896][ T6840] ? __pfx_bpf_prog_load+0x10/0x10 [ 103.277639][ T6840] ? find_held_lock+0x2d/0x110 [ 103.279278][ T6840] ? security_bpf+0x8c/0xc0 [ 103.280844][ T6840] __sys_bpf+0x9e0/0x55e0 [ 103.282310][ T6840] ? __pfx___sys_bpf+0x10/0x10 [ 103.283943][ T6840] ? ksys_write+0x12f/0x260 [ 103.285514][ T6840] ? find_held_lock+0x2d/0x110 [ 103.287142][ T6840] ? ksys_write+0x21c/0x260 [ 103.288705][ T6840] ? __pfx_lock_release+0x10/0x10 [ 103.290437][ T6840] ? vfs_write+0x14d/0x1140 [ 103.292003][ T6840] ? __mutex_unlock_slowpath+0x164/0x650 [ 103.293925][ T6840] ? fput+0x32/0x390 [ 103.295257][ T6840] ? ksys_write+0x1ab/0x260 [ 103.296770][ T6840] ? __pfx_ksys_write+0x10/0x10 [ 103.298456][ T6840] __ia32_sys_bpf+0x76/0xe0 [ 103.300004][ T6840] __do_fast_syscall_32+0x73/0x120 [ 103.301743][ T6840] do_fast_syscall_32+0x32/0x80 [ 103.303384][ T6840] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 103.305580][ T6840] RIP: 0023:0xf7f31579 [ 103.306949][ T6840] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 103.313425][ T6840] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 103.316009][ T6840] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000440 [ 103.318441][ T6840] RDX: 0000000000000070 RSI: 0000000000000000 RDI: 0000000000000000 [ 103.321551][ T6840] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.324572][ T6840] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 103.327315][ T6840] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.330022][ T6840] [ 103.785713][ T6847] netlink: 4 bytes leftover after parsing attributes in process `syz.3.435'. [ 103.793154][ T6847] Illegal XDP return value 4294967274 on prog (id 123) dev syz_tun, expect packet loss! [ 103.819224][ T6849] FAULT_INJECTION: forcing a failure. [ 103.819224][ T6849] name failslab, interval 1, probability 0, space 0, times 0 [ 103.822558][ T6849] CPU: 0 UID: 0 PID: 6849 Comm: syz.1.436 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 103.825313][ T6849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 103.828099][ T6849] Call Trace: [ 103.829003][ T6849] [ 103.829790][ T6849] dump_stack_lvl+0x16c/0x1f0 [ 103.831046][ T6849] should_fail_ex+0x497/0x5b0 [ 103.832286][ T6849] should_failslab+0xc2/0x120 [ 103.833545][ T6849] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 103.834962][ T6849] ? skb_clone+0x190/0x3f0 [ 103.836153][ T6849] skb_clone+0x190/0x3f0 [ 103.837290][ T6849] netlink_deliver_tap+0xb26/0xcf0 [ 103.838641][ T6849] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 103.840053][ T6849] netlink_dump+0x64f/0xcc0 [ 103.841257][ T6849] ? __pfx_netlink_dump+0x10/0x10 [ 103.842590][ T6849] ? kfree_skbmem+0x1a4/0x1f0 [ 103.843829][ T6849] ? kfree_skbmem+0x1a4/0x1f0 [ 103.845078][ T6849] netlink_recvmsg+0xa0d/0xf30 [ 103.846342][ T6849] ? __pfx_netlink_recvmsg+0x10/0x10 [ 103.847739][ T6849] ? find_held_lock+0x2d/0x110 [ 103.849014][ T6849] ? __might_fault+0x13b/0x190 [ 103.850271][ T6849] ? __pfx_lock_release+0x10/0x10 [ 103.851594][ T6849] ____sys_recvmsg+0x5fe/0x6b0 [ 103.853117][ T6849] ? __pfx_____sys_recvmsg+0x10/0x10 [ 103.854525][ T6849] ? find_held_lock+0x2d/0x110 [ 103.855774][ T6849] ___sys_recvmsg+0x115/0x1a0 [ 103.857035][ T6849] ? __pfx____sys_recvmsg+0x10/0x10 [ 103.858409][ T6849] ? __pfx___might_resched+0x10/0x10 [ 103.859794][ T6849] ? ktime_get_ts64+0x1ad/0x2a0 [ 103.861081][ T6849] do_recvmmsg+0x51a/0x750 [ 103.862387][ T6849] ? __pfx_do_recvmmsg+0x10/0x10 [ 103.863688][ T6849] ? __pfx___might_resched+0x10/0x10 [ 103.865086][ T6849] ? vfs_write+0x14d/0x1140 [ 103.866223][ T6849] ? __might_fault+0xe3/0x190 [ 103.867409][ T6849] ? __pfx_get_old_timespec32+0x10/0x10 [ 103.868836][ T6849] __sys_recvmmsg+0x111/0x280 [ 103.870050][ T6849] ? __pfx___sys_recvmmsg+0x10/0x10 [ 103.871370][ T6849] ? __pfx_ksys_write+0x10/0x10 [ 103.872626][ T6849] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 103.874264][ T6849] ? lockdep_hardirqs_on+0x7c/0x110 [ 103.875623][ T6849] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 103.877328][ T6849] __do_fast_syscall_32+0x73/0x120 [ 103.878666][ T6849] do_fast_syscall_32+0x32/0x80 [ 103.879952][ T6849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 103.881611][ T6849] RIP: 0023:0xf7f11579 [ 103.882685][ T6849] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 103.887440][ T6849] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 103.889558][ T6849] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200037c0 [ 103.891455][ T6849] RDX: 00000000000003b4 RSI: 0000000000000000 RDI: 0000000020003700 [ 103.893406][ T6849] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.895363][ T6849] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 103.897352][ T6849] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.899329][ T6849] [ 103.908495][ T6853] netlink: 20 bytes leftover after parsing attributes in process `syz.3.438'. [ 103.936344][ T6855] netlink: 'syz.1.439': attribute type 3 has an invalid length. [ 103.938512][ T6855] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.439'. [ 103.965369][ T1300] IPVS: starting estimator thread 0... [ 104.055971][ T6856] IPVS: using max 34 ests per chain, 81600 per kthread [ 104.252380][ T35] usb 7-1: USB disconnect, device number 5 [ 104.767040][ T6885] netlink: 'syz.3.449': attribute type 3 has an invalid length. [ 104.769172][ T6885] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.449'. [ 104.802787][ T56] IPVS: starting estimator thread 0... [ 104.913137][ T6887] IPVS: using max 34 ests per chain, 81600 per kthread [ 105.370357][ T64] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 105.401393][ T39] audit: type=1800 audit(1726400288.033:38): pid=6903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.453" name="/" dev="fuse" ino=1 res=0 errno=0 [ 105.561050][ T64] usb 8-1: Using ep0 maxpacket: 16 [ 105.563705][ T64] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 105.566738][ T64] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 105.568865][ T64] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.572988][ T64] usb 8-1: config 0 descriptor?? [ 105.578692][ T64] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input11 [ 105.831576][ T4827] bcm5974 8-1:0.0: could not read from device [ 105.846867][ T4827] bcm5974 8-1:0.0: could not read from device [ 105.853874][ T4827] bcm5974 8-1:0.0: could not read from device [ 105.854930][ T64] usb 8-1: USB disconnect, device number 9 [ 105.861299][ T4827] bcm5974 8-1:0.0: could not read from device [ 105.864333][ T4827] bcm5974 8-1:0.0: could not read from device [ 106.237305][ T6914] netlink: 'syz.1.457': attribute type 4 has an invalid length. [ 106.542103][ T6929] 9pnet_fd: Insufficient options for proto=fd [ 106.627425][ T1429] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 106.686510][ T6931] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 106.809064][ T1429] usb 5-1: Using ep0 maxpacket: 16 [ 106.812744][ T1429] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 106.818931][ T1429] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 106.822600][ T1429] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.831426][ T1429] usb 5-1: config 0 descriptor?? [ 106.840513][ T1429] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input12 [ 107.118533][ T4827] bcm5974 5-1:0.0: could not read from device [ 107.120985][ T62] usb 5-1: USB disconnect, device number 5 [ 107.127040][ T5440] bcm5974 5-1:0.0: could not read from device [ 108.021681][ T6962] netlink: 20 bytes leftover after parsing attributes in process `syz.1.469'. [ 108.601536][ T6980] netlink: 4 bytes leftover after parsing attributes in process `syz.2.477'. [ 108.641280][ T6984] netlink: 'syz.2.479': attribute type 4 has an invalid length. [ 108.847389][ T56] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 109.019952][ T56] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 109.024762][ T56] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 109.028042][ T56] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 109.030491][ T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.030850][ T7001] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 109.038831][ T6976] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 109.053063][ T56] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 109.130221][ T7003] netlink: 20 bytes leftover after parsing attributes in process `syz.2.485'. [ 109.470278][ T6976] netlink: 'syz.3.475': attribute type 8 has an invalid length. [ 109.479510][ T6976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.475'. [ 109.586742][ T5414] usb 8-1: USB disconnect, device number 10 [ 109.738408][ T7010] binder: 7009:7010 ioctl c0306201 0 returned -14 [ 109.775166][ T7013] netlink: 'syz.0.488': attribute type 4 has an invalid length. [ 111.724174][ T56] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 111.859775][ T7073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.507'. [ 111.862307][ T7073] netlink: 20 bytes leftover after parsing attributes in process `syz.0.507'. [ 111.906253][ T56] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 111.909308][ T56] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 111.911853][ T56] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 111.914210][ T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.925099][ T7064] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 111.928951][ T56] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 112.032640][ T7078] netlink: 20 bytes leftover after parsing attributes in process `syz.0.509'. [ 112.345971][ T7064] netlink: 'syz.2.504': attribute type 8 has an invalid length. [ 112.348106][ T7064] netlink: 8 bytes leftover after parsing attributes in process `syz.2.504'. [ 112.429769][ T5414] usb 7-1: USB disconnect, device number 6 [ 112.849212][ T7096] netlink: 'syz.0.514': attribute type 4 has an invalid length. [ 112.947305][ T7098] netlink: 20 bytes leftover after parsing attributes in process `syz.0.515'. [ 113.347052][ T7107] netlink: 'syz.2.518': attribute type 3 has an invalid length. [ 113.349872][ T7107] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.518'. [ 114.084987][ T7120] netlink: 20 bytes leftover after parsing attributes in process `syz.1.521'. [ 114.113166][ T7122] netlink: 'syz.3.523': attribute type 4 has an invalid length. [ 115.425370][ T7151] netlink: 'syz.2.532': attribute type 4 has an invalid length. [ 115.439090][ T25] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 115.610565][ T25] usb 8-1: Using ep0 maxpacket: 8 [ 115.615599][ T25] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 115.617850][ T25] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 115.620652][ T25] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 115.624892][ T25] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 115.627469][ T25] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.631693][ T25] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 115.634100][ T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.867448][ T25] usb 8-1: usb_control_msg returned -32 [ 115.869008][ T25] usbtmc 8-1:16.0: can't read capabilities [ 116.333948][ T7170] netlink: 20 bytes leftover after parsing attributes in process `syz.2.538'. [ 116.701313][ T7173] libceph: resolve '40.' (ret=-3): failed [ 116.774529][ T7178] netlink: 'syz.2.541': attribute type 4 has an invalid length. [ 117.283017][ T7193] netlink: 20 bytes leftover after parsing attributes in process `syz.2.547'. [ 117.353657][ T25] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 117.543893][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 117.550733][ T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 117.554904][ T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 117.559073][ T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 117.564362][ T25] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 117.568578][ T25] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 117.575754][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.780083][ T7188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.783094][ T7188] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.786302][ T25] usb 6-1: GET_CAPABILITIES returned 0 [ 117.787786][ T25] usbtmc 6-1:16.0: can't read capabilities [ 117.954250][ T64] usb 8-1: USB disconnect, device number 11 [ 117.988156][ T7201] netlink: 'syz.3.550': attribute type 4 has an invalid length. [ 118.050501][ T25] usb 6-1: USB disconnect, device number 10 [ 118.777318][ T25] hid-generic 0000:0000:0000.0006: unknown main item tag 0x4 [ 118.779474][ T25] hid-generic 0000:0000:0000.0006: item fetching failed at offset 1/2 [ 118.782107][ T25] hid-generic 0000:0000:0000.0006: probe with driver hid-generic failed with error -22 [ 119.064964][ T7232] netlink: 'syz.3.557': attribute type 21 has an invalid length. [ 119.085219][ T7236] netlink: 'syz.0.559': attribute type 4 has an invalid length. [ 119.134830][ T7241] usb 2-1: USB disconnect, device number 5 [ 119.165461][ T7243] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 119.562328][ T7262] 9pnet_fd: Insufficient options for proto=fd [ 119.900627][ T39] audit: type=1326 audit(1726400303.255:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7263 comm="syz.2.569" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x0 [ 120.023468][ T7275] netlink: 'syz.3.571': attribute type 4 has an invalid length. [ 120.097026][ T7279] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 120.158904][ T7277] netlink: 'syz.0.579': attribute type 3 has an invalid length. [ 120.419924][ T39] audit: type=1800 audit(1726400303.801:40): pid=7292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.575" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 120.510242][ T7294] netlink: 20 bytes leftover after parsing attributes in process `syz.2.576'. [ 120.715849][ T64] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 120.906837][ T64] usb 8-1: Using ep0 maxpacket: 8 [ 120.946535][ T64] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 120.949155][ T64] usb 8-1: config 0 has no interface number 0 [ 120.951071][ T64] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 120.954984][ T64] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 120.958028][ T64] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.965197][ T64] usb 8-1: config 0 descriptor?? [ 120.967490][ T7297] netlink: 20 bytes leftover after parsing attributes in process `syz.2.577'. [ 120.974974][ T64] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 121.165063][ T64] usb 8-1: USB disconnect, device number 12 [ 121.167885][ T64] iowarrior 8-1:0.1: I/O-Warror #0 now disconnected [ 121.384882][ T7305] netlink: 'syz.0.581': attribute type 4 has an invalid length. [ 121.478057][ T4781] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 121.935246][ T1300] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 122.045844][ T7332] netlink: 'syz.2.590': attribute type 4 has an invalid length. [ 122.107146][ T1300] usb 5-1: Using ep0 maxpacket: 8 [ 122.109990][ T1300] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 122.113121][ T1300] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 122.118210][ T1300] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 122.121082][ T1300] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.122927][ T7341] netlink: 20 bytes leftover after parsing attributes in process `syz.1.592'. [ 122.126424][ T1300] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 122.132598][ T1300] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.331977][ T7324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.334557][ T7324] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.340443][ T1300] usb 5-1: GET_CAPABILITIES returned 0 [ 122.342047][ T1300] usbtmc 5-1:16.0: can't read capabilities [ 122.584739][ T7354] usb 5-1: usbtmc_ioctl_clear_out_halt returned -32 [ 122.604707][ T1300] usb 5-1: USB disconnect, device number 6 [ 122.919368][ T7365] netlink: 'syz.2.599': attribute type 4 has an invalid length. [ 122.952941][ T7369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.601'. [ 123.348630][ T7392] netlink: 20 bytes leftover after parsing attributes in process `syz.0.606'. [ 123.583403][ T7398] netlink: 'syz.2.609': attribute type 4 has an invalid length. [ 123.977766][ T39] audit: type=1326 audit(1726400307.538:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7405 comm="syz.2.612" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 123.983415][ T39] audit: type=1326 audit(1726400307.538:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7405 comm="syz.2.612" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 123.989405][ T39] audit: type=1326 audit(1726400307.538:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7405 comm="syz.2.612" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 123.996161][ T39] audit: type=1326 audit(1726400307.538:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7405 comm="syz.2.612" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 124.002046][ T39] audit: type=1326 audit(1726400307.538:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7405 comm="syz.2.612" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 124.014869][ T39] audit: type=1326 audit(1726400307.580:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7405 comm="syz.2.612" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 124.020507][ T39] audit: type=1326 audit(1726400307.580:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7405 comm="syz.2.612" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 124.426895][ T7425] netlink: 'syz.2.615': attribute type 21 has an invalid length. [ 125.035139][ T7450] FAULT_INJECTION: forcing a failure. [ 125.035139][ T7450] name failslab, interval 1, probability 0, space 0, times 0 [ 125.039398][ T7450] CPU: 3 UID: 0 PID: 7450 Comm: syz.1.627 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 125.042870][ T7450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 125.046478][ T7450] Call Trace: [ 125.047591][ T7450] [ 125.048612][ T7450] dump_stack_lvl+0x16c/0x1f0 [ 125.050280][ T7450] should_fail_ex+0x497/0x5b0 [ 125.051881][ T7450] ? fs_reclaim_acquire+0xae/0x160 [ 125.053621][ T7450] should_failslab+0xc2/0x120 [ 125.055212][ T7450] __kmalloc_noprof+0xcb/0x410 [ 125.056806][ T7450] ? __pfx_d_absolute_path+0x10/0x10 [ 125.058601][ T7450] tomoyo_encode2+0x100/0x3e0 [ 125.060193][ T7450] tomoyo_realpath_from_path+0x1a7/0x710 [ 125.062084][ T7450] tomoyo_check_open_permission+0x2a7/0x3b0 [ 125.064058][ T7450] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 125.066208][ T7450] ? __pfx___lock_acquire+0x10/0x10 [ 125.067951][ T7450] ? find_held_lock+0x2d/0x110 [ 125.069599][ T7450] ? __pfx_hook_file_open+0x10/0x10 [ 125.071351][ T7450] ? path_get+0x61/0x80 [ 125.072785][ T7450] tomoyo_file_open+0x71/0x90 [ 125.074353][ T7450] security_file_open+0x78/0x8b0 [ 125.076007][ T7450] do_dentry_open+0x5c7/0x15f0 [ 125.077620][ T7450] ? inode_permission+0xdd/0x5f0 [ 125.079279][ T7450] vfs_open+0x82/0x3f0 [ 125.080661][ T7450] ? may_open+0x1f2/0x400 [ 125.082116][ T7450] path_openat+0x2141/0x2d20 [ 125.083691][ T7450] ? __pfx_path_openat+0x10/0x10 [ 125.085360][ T7450] ? __pfx___lock_acquire+0x10/0x10 [ 125.087104][ T7450] ? find_held_lock+0x2d/0x110 [ 125.088753][ T7450] do_filp_open+0x1dc/0x430 [ 125.090287][ T7450] ? __pfx_do_filp_open+0x10/0x10 [ 125.091989][ T7450] ? _raw_spin_unlock+0x28/0x50 [ 125.093619][ T7450] ? alloc_fd+0x2d7/0x6c0 [ 125.095061][ T7450] do_sys_openat2+0x17a/0x1e0 [ 125.096651][ T7450] ? __pfx_do_sys_openat2+0x10/0x10 [ 125.098603][ T7450] __ia32_compat_sys_open+0x147/0x1e0 [ 125.100454][ T7450] ? __pfx___ia32_compat_sys_open+0x10/0x10 [ 125.102485][ T7450] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 125.104713][ T7450] __do_fast_syscall_32+0x73/0x120 [ 125.106461][ T7450] do_fast_syscall_32+0x32/0x80 [ 125.108071][ T7450] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 125.110207][ T7450] RIP: 0023:0xf7f11579 [ 125.111577][ T7450] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 125.116609][ T7450] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000005 [ 125.118778][ T7450] RAX: ffffffffffffffda RBX: 0000000020000380 RCX: 0000000000000000 [ 125.120825][ T7450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 125.122857][ T7450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 125.124959][ T7450] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 125.127260][ T7450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 125.129927][ T7450] [ 125.131284][ C3] vkms_vblank_simulate: vblank timer overrun [ 125.137466][ T7450] ERROR: Out of memory at tomoyo_realpath_from_path. [ 125.483586][ T39] audit: type=1326 audit(1726400309.123:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.491050][ T39] audit: type=1326 audit(1726400309.123:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.498352][ T39] audit: type=1326 audit(1726400309.123:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.505615][ T39] audit: type=1326 audit(1726400309.123:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.512841][ T39] audit: type=1326 audit(1726400309.123:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.520272][ T39] audit: type=1326 audit(1726400309.123:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.527568][ T39] audit: type=1326 audit(1726400309.123:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.535034][ T39] audit: type=1326 audit(1726400309.123:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.542310][ T39] audit: type=1326 audit(1726400309.123:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 125.549683][ T39] audit: type=1326 audit(1726400309.123:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.1.631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11579 code=0x7ffc0000 [ 126.198466][ T7476] sock: sock_timestamping_bind_phc: sock not bind to device [ 126.300795][ T7480] kAFS: unable to lookup cell '' [ 127.241175][ T7492] netlink: 20 bytes leftover after parsing attributes in process `syz.0.641'. [ 127.329387][ T7493] netlink: 68 bytes leftover after parsing attributes in process `syz.2.642'. [ 127.331958][ T7493] netlink: 68 bytes leftover after parsing attributes in process `syz.2.642'. [ 127.416459][ T7504] libceph: resolve '40.' (ret=-3): failed [ 127.787845][ T7513] netlink: 60 bytes leftover after parsing attributes in process `syz.1.649'. [ 127.800943][ T7513] Źü: entered promiscuous mode [ 128.610733][ T7539] netlink: 20 bytes leftover after parsing attributes in process `syz.1.656'. [ 129.112317][ T7544] netlink: 60 bytes leftover after parsing attributes in process `syz.2.658'. [ 129.121481][ T7544] Źü: entered promiscuous mode [ 129.208936][ T7548] netlink: 20 bytes leftover after parsing attributes in process `syz.2.660'. [ 129.429287][ T7554] netlink: 72 bytes leftover after parsing attributes in process `syz.1.662'. [ 129.431492][ T7552] overlayfs: metacopy with no lower data found - abort lookup (/bus) [ 129.434823][ T7552] overlayfs: failed to look up (bus) for ino (-5) [ 130.461020][ T7580] netlink: 20 bytes leftover after parsing attributes in process `syz.3.670'. [ 130.930848][ T1377] ieee802154 phy0 wpan0: encryption failed: -22 [ 130.933085][ T1377] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.093926][ T7584] libceph: resolve '40.' (ret=-3): failed [ 131.326902][ T7594] kAFS: unable to lookup cell '' [ 132.045495][ T39] kauditd_printk_skb: 80 callbacks suppressed [ 132.045507][ T39] audit: type=1326 audit(1726400316.010:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.053289][ T39] audit: type=1326 audit(1726400316.010:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.058872][ T39] audit: type=1326 audit(1726400316.010:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.065289][ T39] audit: type=1326 audit(1726400316.010:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.071561][ T39] audit: type=1326 audit(1726400316.010:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.077034][ T39] audit: type=1326 audit(1726400316.010:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.083087][ T39] audit: type=1326 audit(1726400316.020:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=133 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.088720][ T39] audit: type=1326 audit(1726400316.020:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.094714][ T39] audit: type=1326 audit(1726400316.020:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.100474][ T39] audit: type=1326 audit(1726400316.020:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7611 comm="syz.2.681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000 [ 132.707813][ T7630] FAULT_INJECTION: forcing a failure. [ 132.707813][ T7630] name failslab, interval 1, probability 0, space 0, times 0 [ 132.713158][ T7630] CPU: 3 UID: 0 PID: 7630 Comm: syz.2.686 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 132.715902][ T7630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.718683][ T7630] Call Trace: [ 132.719562][ T7630] [ 132.720346][ T7630] dump_stack_lvl+0x16c/0x1f0 [ 132.721676][ T7630] should_fail_ex+0x497/0x5b0 [ 132.722930][ T7630] ? fs_reclaim_acquire+0xae/0x160 [ 132.724273][ T7630] should_failslab+0xc2/0x120 [ 132.725568][ T7630] __kmalloc_noprof+0xcb/0x410 [ 132.726831][ T7630] ? __pfx_d_absolute_path+0x10/0x10 [ 132.728252][ T7630] tomoyo_encode2+0x100/0x3e0 [ 132.729534][ T7630] tomoyo_realpath_from_path+0x1a7/0x710 [ 132.731014][ T7630] tomoyo_path_number_perm+0x245/0x5b0 [ 132.732456][ T7630] ? tomoyo_path_number_perm+0x232/0x5b0 [ 132.733954][ T7630] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 132.735540][ T7630] ? __pfx_lock_release+0x10/0x10 [ 132.736888][ T7630] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 132.738458][ T7630] ? __fget_files+0x256/0x400 [ 132.739716][ T7630] security_file_ioctl_compat+0x75/0xc0 [ 132.741204][ T7630] __do_compat_sys_ioctl+0x5d/0x330 [ 132.742585][ T7630] __do_fast_syscall_32+0x73/0x120 [ 132.743943][ T7630] do_fast_syscall_32+0x32/0x80 [ 132.745259][ T7630] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.746915][ T7630] RIP: 0023:0xf7f20579 [ 132.747991][ T7630] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 132.753064][ T7630] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 132.755241][ T7630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005329 [ 132.757395][ T7630] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.759531][ T7630] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 132.761618][ T7630] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 132.763684][ T7630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 132.765773][ T7630] [ 132.767702][ T7630] ERROR: Out of memory at tomoyo_realpath_from_path. [ 132.834710][ T7637] netlink: 72 bytes leftover after parsing attributes in process `syz.2.688'. [ 133.186616][ T7644] FAULT_INJECTION: forcing a failure. [ 133.186616][ T7644] name failslab, interval 1, probability 0, space 0, times 0 [ 133.191138][ T7644] CPU: 2 UID: 0 PID: 7644 Comm: syz.2.691 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 133.194695][ T7644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.198318][ T7644] Call Trace: [ 133.199447][ T7644] [ 133.200456][ T7644] dump_stack_lvl+0x16c/0x1f0 [ 133.202112][ T7644] should_fail_ex+0x497/0x5b0 [ 133.203737][ T7644] ? fs_reclaim_acquire+0xae/0x160 [ 133.205489][ T7644] should_failslab+0xc2/0x120 [ 133.207103][ T7644] __kmalloc_noprof+0xcb/0x410 [ 133.208759][ T7644] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 133.211145][ T7644] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 133.212999][ T7644] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 133.215028][ T7644] ? security_capable+0x98/0xd0 [ 133.216686][ T7644] genl_rcv_msg+0x565/0x800 [ 133.218226][ T7644] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.219938][ T7644] ? __pfx_ila_xlat_nl_cmd_del_mapping+0x10/0x10 [ 133.222077][ T7644] ? __pfx___lock_acquire+0x10/0x10 [ 133.223836][ T7644] netlink_rcv_skb+0x165/0x410 [ 133.225478][ T7644] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.227195][ T7644] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.229052][ T7644] ? down_read+0xc9/0x330 [ 133.230514][ T7644] ? __pfx_down_read+0x10/0x10 [ 133.232156][ T7644] ? netlink_deliver_tap+0x1ae/0xcf0 [ 133.233968][ T7644] genl_rcv+0x28/0x40 [ 133.235315][ T7644] netlink_unicast+0x53c/0x7f0 [ 133.236963][ T7644] ? __pfx_netlink_unicast+0x10/0x10 [ 133.238762][ T7644] ? __phys_addr_symbol+0x30/0x80 [ 133.240482][ T7644] ? __check_object_size+0x497/0x720 [ 133.242280][ T7644] netlink_sendmsg+0x8b8/0xd70 [ 133.243916][ T7644] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.245729][ T7644] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 133.247521][ T7644] ____sys_sendmsg+0x9b4/0xb50 [ 133.249171][ T7644] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.250974][ T7644] ? get_compat_msghdr+0x11b/0x170 [ 133.252725][ T7644] ? __pfx___lock_acquire+0x10/0x10 [ 133.254500][ T7644] ___sys_sendmsg+0x135/0x1e0 [ 133.256121][ T7644] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.257930][ T7644] ? ksys_write+0x21c/0x260 [ 133.259499][ T7644] ? __fget_light+0x173/0x210 [ 133.261101][ T7644] __sys_sendmsg+0x117/0x1f0 [ 133.262662][ T7644] ? __pfx___sys_sendmsg+0x10/0x10 [ 133.264413][ T7644] __do_fast_syscall_32+0x73/0x120 [ 133.266176][ T7644] do_fast_syscall_32+0x32/0x80 [ 133.267848][ T7644] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 133.270002][ T7644] RIP: 0023:0xf7f20579 [ 133.271406][ T7644] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 133.277969][ T7644] RSP: 002b:00000000f568556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 133.280827][ T7644] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000020000040 [ 133.283561][ T7644] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.286242][ T7644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 133.288938][ T7644] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 133.291619][ T7644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.294649][ T7644] [ 133.396863][ T7644] netlink: 28 bytes leftover after parsing attributes in process `syz.2.691'. [ 133.531863][ T7649] overlayfs: metacopy with no lower data found - abort lookup (/bus) [ 133.534712][ T7649] overlayfs: failed to look up (bus) for ino (-5) [ 133.632981][ T7653] affs: No valid root block on device nbd2 [ 133.661072][ T7655] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.694'. [ 133.688514][ T7653] evm: overlay not supported [ 133.749003][ T7661] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 133.750754][ T7661] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 133.752947][ T7661] vhci_hcd vhci_hcd.0: Device attached [ 133.758078][ T7661] fuse: Unknown parameter '18446744073709551615' [ 133.762085][ T7664] vhci_hcd: connection closed [ 133.762261][ T1105] vhci_hcd: stop threads [ 133.766248][ T1105] vhci_hcd: release socket [ 133.767430][ T1105] vhci_hcd: disconnect device [ 133.879339][ T7672] tipc: Failed to obtain node identity [ 133.892471][ T7672] tipc: Enabling of bearer rejected, failed to enable media [ 134.364317][ T7687] netlink: 'syz.1.704': attribute type 4 has an invalid length. [ 134.485370][ T7691] mkiss: ax0: crc mode is auto. [ 134.959925][ T1429] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 135.025820][ T7718] kAFS: unparsable volume name [ 135.070980][ T7719] block device autoloading is deprecated and will be removed. [ 135.147567][ T1429] usb 6-1: Using ep0 maxpacket: 8 [ 135.150274][ T1429] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 135.153261][ T1429] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 135.156933][ T1429] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 135.160369][ T1429] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 135.164091][ T1429] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 135.166440][ T1429] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.347260][ T8] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 135.366833][ T7704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.369674][ T7704] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.373114][ T1429] usb 6-1: usb_control_msg returned -32 [ 135.375643][ T1429] usbtmc 6-1:16.0: can't read capabilities [ 135.443126][ T30] usb 6-1: USB disconnect, device number 11 [ 135.520987][ T7722] netlink: 20 bytes leftover after parsing attributes in process `syz.3.715'. [ 135.530796][ T8] usb 5-1: config 0 has no interfaces? [ 135.532754][ T8] usb 5-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 135.535167][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.538769][ T8] usb 5-1: config 0 descriptor?? [ 135.738273][ T5359] Bluetooth: hci2: command tx timeout [ 135.778304][ T7717] netlink: 'syz.0.714': attribute type 1 has an invalid length. [ 135.791246][ T8] usb 5-1: USB disconnect, device number 7 [ 135.975226][ T7728] FAULT_INJECTION: forcing a failure. [ 135.975226][ T7728] name failslab, interval 1, probability 0, space 0, times 0 [ 135.979940][ T7728] CPU: 0 UID: 0 PID: 7728 Comm: syz.3.717 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 135.983565][ T7728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.987257][ T7728] Call Trace: [ 135.988447][ T7728] [ 135.989504][ T7728] dump_stack_lvl+0x16c/0x1f0 [ 135.991237][ T7728] should_fail_ex+0x497/0x5b0 [ 135.992898][ T7728] ? fs_reclaim_acquire+0xae/0x160 [ 135.994699][ T7728] should_failslab+0xc2/0x120 [ 135.996369][ T7728] kmem_cache_alloc_node_noprof+0x71/0x310 [ 135.998395][ T7728] ? __alloc_skb+0x2b3/0x380 [ 136.000003][ T7728] __alloc_skb+0x2b3/0x380 [ 136.001533][ T7728] ? __pfx___alloc_skb+0x10/0x10 [ 136.003239][ T7728] ? kfree_skbmem+0x1a4/0x1f0 [ 136.004909][ T7728] ? aa_get_newest_label+0x376/0x680 [ 136.006725][ T7728] ? poison_slab_object+0xf7/0x160 [ 136.008514][ T7728] tipc_nl_compat_doit+0x1a1/0x670 [ 136.010322][ T7728] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 136.012272][ T7728] ? ns_capable+0xd7/0x110 [ 136.013832][ T7728] tipc_nl_compat_recv+0x91e/0xc00 [ 136.015651][ T7728] ? lock_acquire+0x1b1/0x560 [ 136.017331][ T7728] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 136.019270][ T7728] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 136.021356][ T7728] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 136.023579][ T7728] ? __mutex_trylock_common+0xea/0x250 [ 136.025286][ T7728] ? rcu_is_watching+0x12/0xc0 [ 136.026534][ T7728] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 136.028402][ T7728] genl_family_rcv_msg_doit+0x202/0x2f0 [ 136.029904][ T7728] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 136.031498][ T7728] ? __radix_tree_lookup+0x21f/0x2c0 [ 136.032919][ T7728] genl_rcv_msg+0x565/0x800 [ 136.034077][ T7728] ? __pfx_genl_rcv_msg+0x10/0x10 [ 136.035368][ T7728] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 136.036871][ T7728] netlink_rcv_skb+0x165/0x410 [ 136.038130][ T7728] ? __pfx_genl_rcv_msg+0x10/0x10 [ 136.039444][ T7728] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 136.040833][ T7728] ? down_read+0xc9/0x330 [ 136.041970][ T7728] ? __pfx_down_read+0x10/0x10 [ 136.043228][ T7728] ? netlink_deliver_tap+0x1ae/0xcf0 [ 136.044589][ T7728] genl_rcv+0x28/0x40 [ 136.045604][ T7728] netlink_unicast+0x53c/0x7f0 [ 136.046875][ T7728] ? __pfx_netlink_unicast+0x10/0x10 [ 136.048265][ T7728] ? __phys_addr_symbol+0x30/0x80 [ 136.049602][ T7728] ? __check_object_size+0x497/0x720 [ 136.050991][ T7728] netlink_sendmsg+0x8b8/0xd70 [ 136.052264][ T7728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 136.053661][ T7728] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 136.055032][ T7728] ____sys_sendmsg+0x9b4/0xb50 [ 136.056243][ T7728] ? __pfx_____sys_sendmsg+0x10/0x10 [ 136.057647][ T7728] ? get_compat_msghdr+0x11b/0x170 [ 136.059007][ T7728] ? __pfx___lock_acquire+0x10/0x10 [ 136.060384][ T7728] ___sys_sendmsg+0x135/0x1e0 [ 136.061647][ T7728] ? __pfx____sys_sendmsg+0x10/0x10 [ 136.063019][ T7728] ? ksys_write+0x21c/0x260 [ 136.064218][ T7728] ? __fget_light+0x173/0x210 [ 136.065488][ T7728] __sys_sendmsg+0x117/0x1f0 [ 136.066679][ T7728] ? __pfx___sys_sendmsg+0x10/0x10 [ 136.067958][ T7728] __do_fast_syscall_32+0x73/0x120 [ 136.069336][ T7728] do_fast_syscall_32+0x32/0x80 [ 136.070627][ T7728] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 136.072282][ T7728] RIP: 0023:0xf7f31579 [ 136.073368][ T7728] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 136.078375][ T7728] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 136.080602][ T7728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 136.082670][ T7728] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 136.084729][ T7728] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 136.086771][ T7728] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 136.088812][ T7728] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 136.090844][ T7728] [ 136.117346][ T7733] netlink: 40 bytes leftover after parsing attributes in process `syz.3.718'. [ 136.661549][ T7752] 9pnet_virtio: no channels available for device 127.0.0.1 [ 136.663762][ T7752] FAULT_INJECTION: forcing a failure. [ 136.663762][ T7752] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.667223][ T7752] CPU: 1 UID: 0 PID: 7752 Comm: syz.1.726 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 136.670133][ T7752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 136.672933][ T7752] Call Trace: [ 136.673813][ T7752] [ 136.674596][ T7752] dump_stack_lvl+0x16c/0x1f0 [ 136.675897][ T7752] should_fail_ex+0x497/0x5b0 [ 136.677165][ T7752] _copy_to_user+0x30/0xc0 [ 136.678349][ T7752] simple_read_from_buffer+0xd0/0x160 [ 136.679860][ T7752] proc_fail_nth_read+0x19e/0x280 [ 136.681193][ T7752] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 136.682655][ T7752] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 136.684105][ T7752] vfs_read+0x1d4/0xbd0 [ 136.685209][ T7752] ? __fdget_pos+0xeb/0x180 [ 136.686442][ T7752] ? __pfx_vfs_read+0x10/0x10 [ 136.687681][ T7752] ? __pfx___mutex_lock+0x10/0x10 [ 136.689166][ T7752] ? __fget_files+0x256/0x400 [ 136.690781][ T7752] ksys_read+0x12f/0x260 [ 136.691912][ T7752] ? __pfx_ksys_read+0x10/0x10 [ 136.693188][ T7752] __do_fast_syscall_32+0x73/0x120 [ 136.694535][ T7752] do_fast_syscall_32+0x32/0x80 [ 136.695820][ T7752] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 136.697499][ T7752] RIP: 0023:0xf7f11579 [ 136.698577][ T7752] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 136.703647][ T7752] RSP: 002b:00000000f56965a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 136.705859][ T7752] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5696620 [ 136.708022][ T7752] RDX: 000000000000000f RSI: 00000000f739bff4 RDI: 0000000000000000 [ 136.710192][ T7752] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 136.712208][ T7752] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 136.714099][ T7752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 136.715865][ T7752] [ 136.716652][ C1] vkms_vblank_simulate: vblank timer overrun [ 136.717907][ T7754] netlink: 'syz.2.725': attribute type 1 has an invalid length. [ 136.718678][ T7755] syzkaller1: entered allmulticast mode [ 136.722991][ T7754] netlink: 9396 bytes leftover after parsing attributes in process `syz.2.725'. [ 137.224333][ T7768] netlink: 392 bytes leftover after parsing attributes in process `syz.3.729'. [ 137.227868][ T7768] netlink: 28 bytes leftover after parsing attributes in process `syz.3.729'. [ 137.230258][ T7768] netlink: 28 bytes leftover after parsing attributes in process `syz.3.729'. [ 137.373493][ T7782] netlink: 92 bytes leftover after parsing attributes in process `syz.0.733'. [ 137.740201][ T7804] FAULT_INJECTION: forcing a failure. [ 137.740201][ T7804] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.744677][ T7804] CPU: 0 UID: 0 PID: 7804 Comm: syz.2.739 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 137.747835][ T7804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 137.750698][ T7804] Call Trace: [ 137.751600][ T7804] [ 137.752481][ T7804] dump_stack_lvl+0x16c/0x1f0 [ 137.753743][ T7804] should_fail_ex+0x497/0x5b0 [ 137.754992][ T7804] __fpu_restore_sig+0xf5/0x1430 [ 137.756625][ T7804] ? __pfx___fpu_restore_sig+0x10/0x10 [ 137.758279][ T7804] ? __might_fault+0xe3/0x190 [ 137.759623][ T7804] fpu__restore_sig+0x102/0x180 [ 137.761194][ T7804] ia32_restore_sigcontext+0x40f/0x5d0 [ 137.762667][ T7804] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 137.764221][ T7804] ? __pfx_lock_release+0x10/0x10 [ 137.765805][ T7804] ? _raw_spin_unlock_irq+0x23/0x50 [ 137.767676][ T7804] ? lockdep_hardirqs_on+0x7c/0x110 [ 137.769284][ T7804] __do_compat_sys_rt_sigreturn+0x116/0x1f0 [ 137.771344][ T7804] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 137.773347][ T7804] do_int80_emulation+0x104/0x200 [ 137.774879][ T7804] asm_int80_emulation+0x1a/0x20 [ 137.776495][ T7804] RIP: 0023:0xf7f20577 [ 137.777878][ T7804] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 137.784741][ T7804] RSP: 002b:00000000f56a656c EFLAGS: 00000296 [ 137.786587][ T7804] RAX: 0000000000000091 RBX: 0000000000000004 RCX: 0000000020000200 [ 137.788805][ T7804] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 137.790867][ T7804] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 137.792949][ T7804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.795027][ T7804] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 137.797690][ T7804] [ 138.173182][ T7816] netlink: 72 bytes leftover after parsing attributes in process `syz.1.743'. [ 138.385049][ T7819] netlink: 8 bytes leftover after parsing attributes in process `syz.0.733'. [ 138.520713][ T7825] 9pnet_virtio: no channels available for device 127.0.0.1 [ 138.750231][ T7836] netlink: 'syz.0.751': attribute type 27 has an invalid length. [ 138.885183][ T7836] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.887725][ T7836] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.075208][ T7836] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 139.089867][ T7836] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 139.172215][ T7836] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.174630][ T7836] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.177353][ T7836] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.179662][ T7836] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.253648][ T39] kauditd_printk_skb: 62 callbacks suppressed [ 139.253658][ T39] audit: type=1326 audit(1726400323.579:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.262045][ T39] audit: type=1326 audit(1726400323.579:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.268759][ T39] audit: type=1326 audit(1726400323.589:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.275168][ T39] audit: type=1326 audit(1726400323.589:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.280860][ T39] audit: type=1326 audit(1726400323.589:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.288285][ T39] audit: type=1326 audit(1726400323.589:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.300844][ T39] audit: type=1326 audit(1726400323.631:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.306585][ T39] audit: type=1326 audit(1726400323.631:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.311863][ T7853] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 139.313121][ T39] audit: type=1326 audit(1726400323.642:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.322483][ T39] audit: type=1326 audit(1726400323.642:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.0.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000 [ 139.577157][ T7882] netlink: set zone limit has 4 unknown bytes [ 139.853651][ T7895] FAULT_INJECTION: forcing a failure. [ 139.853651][ T7895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.857124][ T7895] CPU: 1 UID: 0 PID: 7895 Comm: syz.2.767 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 139.859867][ T7895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 139.862729][ T7895] Call Trace: [ 139.863636][ T7895] [ 139.864450][ T7895] dump_stack_lvl+0x16c/0x1f0 [ 139.866170][ T7895] should_fail_ex+0x497/0x5b0 [ 139.867529][ T7895] _copy_to_user+0x30/0xc0 [ 139.868934][ T7895] vmci_host_unlocked_ioctl+0x984/0x1fb0 [ 139.870540][ T7895] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 139.872581][ T7895] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 139.874090][ T7895] ? __pfx_lock_release+0x10/0x10 [ 139.875601][ T7895] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 139.877336][ T7895] ? __fget_files+0x256/0x400 [ 139.878642][ T7895] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 139.880641][ T7895] compat_ptr_ioctl+0x71/0xb0 [ 139.882534][ T7895] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 139.884762][ T7895] __do_compat_sys_ioctl+0x2c3/0x330 [ 139.886733][ T7895] __do_fast_syscall_32+0x73/0x120 [ 139.888613][ T7895] do_fast_syscall_32+0x32/0x80 [ 139.890175][ T7895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 139.891902][ T7895] RIP: 0023:0xf7f20579 [ 139.892994][ T7895] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 139.897909][ T7895] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 139.900101][ T7895] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000007a5 [ 139.902360][ T7895] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 139.904905][ T7895] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 139.907366][ T7895] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 139.909661][ T7895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 139.911986][ T7895] [ 140.073229][ T7913] netlink: 28 bytes leftover after parsing attributes in process `syz.2.770'. [ 140.076316][ T7913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.770'. [ 140.313185][ T7922] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.316261][ T7922] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.323386][ T7922] bridge0: entered allmulticast mode [ 140.396709][ T7922] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.398657][ T7922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.402092][ T7922] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.404103][ T7922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.409347][ T7922] bridge0: entered promiscuous mode [ 140.415720][ T7933] tmpfs: Unknown parameter 'siĆaze*8' [ 140.455846][ T7934] FAULT_INJECTION: forcing a failure. [ 140.455846][ T7934] name failslab, interval 1, probability 0, space 0, times 0 [ 140.459239][ T7934] CPU: 3 UID: 0 PID: 7934 Comm: syz.0.778 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 140.462209][ T7934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 140.465438][ T7934] Call Trace: [ 140.466424][ T7934] [ 140.467252][ T7934] dump_stack_lvl+0x16c/0x1f0 [ 140.468577][ T7934] should_fail_ex+0x497/0x5b0 [ 140.469867][ T7934] ? fs_reclaim_acquire+0xae/0x160 [ 140.471228][ T7934] should_failslab+0xc2/0x120 [ 140.472476][ T7934] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 140.473900][ T7934] ? getname_kernel+0x52/0x370 [ 140.475157][ T7934] getname_kernel+0x52/0x370 [ 140.476381][ T7934] kern_path+0x1d/0x50 [ 140.477488][ T7934] tomoyo_mount_acl+0x62d/0x880 [ 140.478769][ T7934] ? hlock_class+0x4e/0x130 [ 140.479966][ T7934] ? __lock_acquire+0x1620/0x3cb0 [ 140.481309][ T7934] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 140.482725][ T7934] ? __pfx___lock_acquire+0x10/0x10 [ 140.484116][ T7934] ? do_fast_syscall_32+0x32/0x80 [ 140.485474][ T7934] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 140.487160][ T7934] ? tomoyo_domain+0xbb/0x150 [ 140.488419][ T7934] ? tomoyo_profile+0x47/0x60 [ 140.489691][ T7934] tomoyo_mount_permission+0x16b/0x410 [ 140.491120][ T7934] ? tomoyo_mount_permission+0x146/0x410 [ 140.492602][ T7934] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 140.494175][ T7934] ? get_current_fs_domain+0x188/0x1f0 [ 140.495610][ T7934] security_sb_mount+0x8d/0xe0 [ 140.496909][ T7934] path_mount+0x129/0x1f10 [ 140.498092][ T7934] ? __pfx_path_mount+0x10/0x10 [ 140.499405][ T7934] ? putname+0x12e/0x170 [ 140.500562][ T7934] ? putname+0x12e/0x170 [ 140.501700][ T7934] __ia32_sys_mount+0x292/0x310 [ 140.502991][ T7934] ? __pfx___ia32_sys_mount+0x10/0x10 [ 140.504412][ T7934] __do_fast_syscall_32+0x73/0x120 [ 140.505769][ T7934] do_fast_syscall_32+0x32/0x80 [ 140.507061][ T7934] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 140.508754][ T7934] RIP: 0023:0xf7ff2579 [ 140.509831][ T7934] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 140.514880][ T7934] RSP: 002b:00000000f573456c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 140.517080][ T7934] RAX: ffffffffffffffda RBX: 00000000200000c0 RCX: 0000000020000180 [ 140.519183][ T7934] RDX: 0000000000000000 RSI: 0000000000001040 RDI: 0000000000000000 [ 140.521276][ T7934] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 140.523706][ T7934] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 140.525836][ T7934] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 140.528067][ T7934] [ 140.528953][ C3] vkms_vblank_simulate: vblank timer overrun [ 140.583488][ T7943] netlink: 'syz.3.783': attribute type 4 has an invalid length. [ 140.586022][ T7943] FAULT_INJECTION: forcing a failure. [ 140.586022][ T7943] name failslab, interval 1, probability 0, space 0, times 0 [ 140.589750][ T7943] CPU: 1 UID: 0 PID: 7943 Comm: syz.3.783 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 140.592542][ T7943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 140.595341][ T7943] Call Trace: [ 140.596229][ T7943] [ 140.597049][ T7943] dump_stack_lvl+0x16c/0x1f0 [ 140.598295][ T7943] should_fail_ex+0x497/0x5b0 [ 140.599541][ T7943] ? fs_reclaim_acquire+0xae/0x160 [ 140.600907][ T7943] should_failslab+0xc2/0x120 [ 140.602154][ T7943] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 140.603564][ T7943] ? skb_clone+0x190/0x3f0 [ 140.604763][ T7943] skb_clone+0x190/0x3f0 [ 140.605892][ T7943] netlink_trim+0x1b3/0x250 [ 140.607102][ T7943] netlink_broadcast_filtered+0xc7/0xef0 [ 140.608612][ T7943] ? __pfx_tcf_action_dump_1+0x10/0x10 [ 140.610054][ T7943] ? __kmalloc_node_track_caller_noprof+0x22d/0x440 [ 140.611793][ T7943] ? skb_put+0x138/0x1b0 [ 140.612931][ T7943] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 140.614589][ T7943] nlmsg_notify+0x9e/0x220 [ 140.615788][ T7943] tcf_action_add+0x364/0x5d0 [ 140.617065][ T7943] ? __pfx_tcf_action_add+0x10/0x10 [ 140.618475][ T7943] ? __nla_parse+0x40/0x60 [ 140.619668][ T7943] tc_ctl_action+0x35d/0x470 [ 140.620912][ T7943] ? __pfx_tc_ctl_action+0x10/0x10 [ 140.622564][ T7943] ? rtnetlink_rcv_msg+0x35a/0xea0 [ 140.623944][ T7943] ? __pfx_tc_ctl_action+0x10/0x10 [ 140.625328][ T7943] rtnetlink_rcv_msg+0x3c7/0xea0 [ 140.626652][ T7943] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 140.628099][ T7943] ? __pfx___dev_queue_xmit+0x10/0x10 [ 140.629548][ T7943] netlink_rcv_skb+0x165/0x410 [ 140.630843][ T7943] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 140.632303][ T7943] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 140.633728][ T7943] ? netlink_deliver_tap+0x1ae/0xcf0 [ 140.635155][ T7943] netlink_unicast+0x53c/0x7f0 [ 140.636463][ T7943] ? __pfx_netlink_unicast+0x10/0x10 [ 140.637834][ T7943] ? __phys_addr_symbol+0x30/0x80 [ 140.639164][ T7943] ? __check_object_size+0x497/0x720 [ 140.640579][ T7943] netlink_sendmsg+0x8b8/0xd70 [ 140.641865][ T7943] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.643256][ T7943] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 140.644678][ T7943] ____sys_sendmsg+0x9b4/0xb50 [ 140.645962][ T7943] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.647360][ T7943] ? get_compat_msghdr+0x11b/0x170 [ 140.648767][ T7943] ? __pfx___lock_acquire+0x10/0x10 [ 140.650148][ T7943] ___sys_sendmsg+0x135/0x1e0 [ 140.651422][ T7943] ? __pfx____sys_sendmsg+0x10/0x10 [ 140.652823][ T7943] ? ksys_write+0x21c/0x260 [ 140.654043][ T7943] ? __fget_light+0x173/0x210 [ 140.655291][ T7943] __sys_sendmsg+0x117/0x1f0 [ 140.656533][ T7943] ? __pfx___sys_sendmsg+0x10/0x10 [ 140.657897][ T7943] __do_fast_syscall_32+0x73/0x120 [ 140.659259][ T7943] do_fast_syscall_32+0x32/0x80 [ 140.660567][ T7943] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 140.662310][ T7943] RIP: 0023:0xf7f31579 [ 140.663444][ T7943] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 140.668582][ T7943] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 140.670775][ T7943] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 140.672864][ T7943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 140.674953][ T7943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 140.677051][ T7943] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 140.679114][ T7943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 140.681201][ T7943] [ 140.783436][ T7953] UBIFS error (pid: 7953): cannot open "./file0", error -22 [ 140.785904][ T7955] netlink: 12 bytes leftover after parsing attributes in process `syz.3.786'. [ 140.991662][ T7964] input: syz0 as /devices/virtual/input/input15 [ 141.110338][ T62] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 141.283782][ T62] usb 8-1: Using ep0 maxpacket: 32 [ 141.288357][ T62] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 141.296793][ T62] usb 8-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 141.299614][ T62] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.304323][ T62] usb 8-1: Product: syz [ 141.305448][ T62] usb 8-1: Manufacturer: syz [ 141.306652][ T62] usb 8-1: SerialNumber: syz [ 141.309620][ T62] usb 8-1: config 0 descriptor?? [ 141.312450][ T7958] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 141.315593][ T62] hub 8-1:0.0: bad descriptor, ignoring hub [ 141.317154][ T62] hub 8-1:0.0: probe with driver hub failed with error -5 [ 141.323581][ T62] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input16 [ 141.489685][ T35] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 141.521155][ T8] usb 8-1: USB disconnect, device number 13 [ 141.521237][ C2] usbtouchscreen 8-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 141.672587][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 141.676521][ T35] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 141.679391][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 141.688083][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 141.690706][ T35] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 141.700919][ T35] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 141.703306][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.866980][ T7979] FAULT_INJECTION: forcing a failure. [ 141.866980][ T7979] name failslab, interval 1, probability 0, space 0, times 0 [ 141.870695][ T7979] CPU: 1 UID: 0 PID: 7979 Comm: syz.0.793 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 141.874640][ T7979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 141.878237][ T7979] Call Trace: [ 141.879391][ T7979] [ 141.880482][ T7979] dump_stack_lvl+0x16c/0x1f0 [ 141.882313][ T7979] should_fail_ex+0x497/0x5b0 [ 141.884128][ T7979] ? fs_reclaim_acquire+0xae/0x160 [ 141.885949][ T7979] should_failslab+0xc2/0x120 [ 141.887568][ T7979] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 141.889418][ T7979] ? dup_fd+0x8c/0xf60 [ 141.890804][ T7979] dup_fd+0x8c/0xf60 [ 141.892458][ T7979] ? bpf_lsm_task_alloc+0x9/0x10 [ 141.894197][ T7979] ? security_task_alloc+0x1b6/0x280 [ 141.896002][ T7979] copy_process+0x226a/0x6f50 [ 141.897625][ T7979] ? __pfx_copy_process+0x10/0x10 [ 141.899323][ T7979] ? find_held_lock+0x2d/0x110 [ 141.900951][ T7979] kernel_clone+0xfd/0x960 [ 141.902471][ T7979] ? __pfx_kernel_clone+0x10/0x10 [ 141.904173][ T7979] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 141.906197][ T7979] __do_compat_sys_ia32_clone+0xb7/0x100 [ 141.908069][ T7979] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 141.910191][ T7979] __do_fast_syscall_32+0x73/0x120 [ 141.911913][ T7979] do_fast_syscall_32+0x32/0x80 [ 141.913579][ T7979] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 141.915690][ T7979] RIP: 0023:0xf7ff2579 [ 141.917072][ T7979] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 141.920351][ T35] usb 6-1: usb_control_msg returned -32 [ 141.923472][ T7979] RSP: 002b:00000000f577651c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 141.924988][ T35] usbtmc 6-1:16.0: can't read capabilities [ 141.927878][ T7979] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 141.932532][ T7979] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 141.935243][ T7979] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 141.937929][ T7979] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 141.940789][ T7979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 141.942898][ T7979] [ 142.093801][ T7986] netlink: 20 bytes leftover after parsing attributes in process `syz.3.796'. [ 142.598027][ T45] tipc: Subscription rejected, illegal request [ 143.339290][ T30] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 143.522551][ T30] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 143.525897][ T30] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 143.528938][ T30] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 143.532197][ T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.536498][ T8004] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 143.540360][ T30] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 144.009572][ T8012] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 144.092800][ T8] usb 6-1: USB disconnect, device number 12 [ 144.475004][ T8032] netlink: 4232 bytes leftover after parsing attributes in process `syz.1.810'. [ 144.520120][ T8033] 9pnet_fd: Insufficient options for proto=fd [ 145.033161][ T8042] ip6gretap0: entered promiscuous mode [ 145.035618][ T8042] batadv_slave_0: entered promiscuous mode [ 145.513821][ T8064] devtmpfs: Cannot change global quota limit on remount [ 145.944248][ T8] usb 7-1: USB disconnect, device number 7 [ 146.029886][ T8080] FAULT_INJECTION: forcing a failure. [ 146.029886][ T8080] name failslab, interval 1, probability 0, space 0, times 0 [ 146.033214][ T8080] CPU: 0 UID: 0 PID: 8080 Comm: syz.2.826 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 146.036012][ T8080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 146.038845][ T8080] Call Trace: [ 146.039745][ T8080] [ 146.040543][ T8080] dump_stack_lvl+0x16c/0x1f0 [ 146.041802][ T8080] should_fail_ex+0x497/0x5b0 [ 146.043054][ T8080] ? fs_reclaim_acquire+0xae/0x160 [ 146.044418][ T8080] should_failslab+0xc2/0x120 [ 146.045696][ T8080] __kmalloc_cache_noprof+0x6b/0x310 [ 146.047095][ T8080] ? rcu_is_watching+0x12/0xc0 [ 146.048386][ T8080] ? call_usermodehelper_setup+0x9a/0x340 [ 146.049898][ T8080] ? __pfx_free_modprobe_argv+0x10/0x10 [ 146.051361][ T8080] call_usermodehelper_setup+0x9a/0x340 [ 146.052835][ T8080] __request_module+0x3d6/0x6c0 [ 146.054151][ T8080] ? crypto_alg_mod_lookup+0x319/0x4c0 [ 146.055855][ T8080] ? __pfx___request_module+0x10/0x10 [ 146.057297][ T8080] ? rtnetlink_rcv_msg+0x3c7/0xea0 [ 146.058660][ T8080] ? __crypto_alg_lookup+0x29b/0x300 [ 146.060065][ T8080] ? crypto_alg_mod_lookup+0x110/0x4c0 [ 146.061521][ T8080] crypto_alg_mod_lookup+0x319/0x4c0 [ 146.062924][ T8080] crypto_alloc_tfm_node+0xd3/0x260 [ 146.064310][ T8080] cryptd_alloc_aead+0x117/0x200 [ 146.065638][ T8080] ? __pfx_cryptd_alloc_aead+0x10/0x10 [ 146.067019][ T8080] ? rcu_is_watching+0x12/0xc0 [ 146.068290][ T8080] ? trace_kmalloc+0x2d/0xe0 [ 146.069440][ T8080] ? __kmalloc_node_noprof+0x22f/0x440 [ 146.070886][ T8080] simd_aead_init+0x69/0x1d0 [ 146.072117][ T8080] ? __pfx_simd_aead_init+0x10/0x10 [ 146.073505][ T8080] crypto_aead_init_tfm+0x149/0x1b0 [ 146.074855][ T8080] crypto_create_tfm_node+0x100/0x320 [ 146.076242][ T8080] crypto_alloc_tfm_node+0x102/0x260 [ 146.077654][ T8080] ? __pfx_macsec_validate_attr+0x10/0x10 [ 146.079162][ T8080] macsec_alloc_tfm+0x24/0xc0 [ 146.079225][ T39] kauditd_printk_skb: 65 callbacks suppressed [ 146.079234][ T39] audit: type=1326 audit(1726400330.739:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8077 comm="syz.3.825" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x0 [ 146.080407][ T8080] macsec_validate_attr+0x609/0x800 [ 146.088978][ T8080] ? __pfx_macsec_validate_attr+0x10/0x10 [ 146.090503][ T8080] ? __nla_parse+0x40/0x60 [ 146.091697][ T8080] ? __pfx_macsec_validate_attr+0x10/0x10 [ 146.093208][ T8080] __rtnl_newlink+0x4d3/0x1920 [ 146.094491][ T8080] ? __pfx___rtnl_newlink+0x10/0x10 [ 146.095887][ T8080] rtnl_newlink+0x67/0xa0 [ 146.097046][ T8080] ? __pfx_rtnl_newlink+0x10/0x10 [ 146.098387][ T8080] rtnetlink_rcv_msg+0x3c7/0xea0 [ 146.099706][ T8080] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 146.101161][ T8080] ? __pfx___lock_acquire+0x10/0x10 [ 146.102547][ T8080] ? find_held_lock+0x2d/0x110 [ 146.103815][ T8080] netlink_rcv_skb+0x165/0x410 [ 146.105107][ T8080] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 146.106539][ T8080] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 146.107951][ T8080] ? netlink_deliver_tap+0x1ae/0xcf0 [ 146.109374][ T8080] netlink_unicast+0x53c/0x7f0 [ 146.110648][ T8080] ? __pfx_netlink_unicast+0x10/0x10 [ 146.112157][ T8080] ? __phys_addr_symbol+0x30/0x80 [ 146.113499][ T8080] ? __check_object_size+0x497/0x720 [ 146.114894][ T8080] netlink_sendmsg+0x8b8/0xd70 [ 146.116161][ T8080] ? __pfx_netlink_sendmsg+0x10/0x10 [ 146.117560][ T8080] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 146.118956][ T8080] ____sys_sendmsg+0x9b4/0xb50 [ 146.120232][ T8080] ? __pfx_____sys_sendmsg+0x10/0x10 [ 146.121650][ T8080] ? get_compat_msghdr+0x11b/0x170 [ 146.123018][ T8080] ? __pfx___lock_acquire+0x10/0x10 [ 146.124408][ T8080] ___sys_sendmsg+0x135/0x1e0 [ 146.125665][ T8080] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.127048][ T8080] ? ksys_write+0x21c/0x260 [ 146.128266][ T8080] ? __fget_light+0x173/0x210 [ 146.129519][ T8080] __sys_sendmsg+0x117/0x1f0 [ 146.130750][ T8080] ? __pfx___sys_sendmsg+0x10/0x10 [ 146.132125][ T8080] __do_fast_syscall_32+0x73/0x120 [ 146.133497][ T8080] do_fast_syscall_32+0x32/0x80 [ 146.134763][ T8080] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 146.136449][ T8080] RIP: 0023:0xf7f20579 [ 146.137535][ T8080] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 146.142601][ T8080] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 146.144793][ T8080] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000380 [ 146.146891][ T8080] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 146.148979][ T8080] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 146.151139][ T8080] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 146.153247][ T8080] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 146.155345][ T8080] [ 146.266291][ T8078] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 146.268937][ T8078] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 146.277696][ T8078] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 146.281944][ T8078] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 146.283723][ T8078] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 146.287219][ T8078] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 146.495615][ T8092] netlink: 16 bytes leftover after parsing attributes in process `syz.0.829'. [ 146.502692][ T8092] 9pnet_fd: Insufficient options for proto=fd [ 146.616078][ T8] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 146.768737][ T8] usb 8-1: device descriptor read/64, error -71 [ 147.035615][ T8] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 147.095777][ T8098] 9pnet_fd: Insufficient options for proto=fd [ 147.197330][ T8] usb 8-1: device descriptor read/64, error -71 [ 147.325249][ T8] usb usb8-port1: attempt power cycle [ 147.759353][ T8] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 147.797738][ T8] usb 8-1: device descriptor read/8, error -71 [ 148.073891][ T8] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 148.115897][ T8] usb 8-1: device descriptor read/8, error -71 [ 148.236080][ T5359] Bluetooth: hci2: command 0x0c1a tx timeout [ 148.239526][ T4781] Bluetooth: hci1: command 0x0c1a tx timeout [ 148.243812][ T8] usb usb8-port1: unable to enumerate USB device [ 148.272391][ T8110] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 149.645587][ T35] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 149.836081][ T35] usb 7-1: Using ep0 maxpacket: 32 [ 149.838788][ T35] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 149.840933][ T35] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 149.843892][ T35] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 149.848464][ T35] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 149.858234][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 149.861877][ T35] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 149.864550][ T35] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 149.866759][ T35] usb 7-1: Product: syz [ 149.867862][ T35] usb 7-1: Manufacturer: syz [ 149.872922][ T35] usb 7-1: SerialNumber: syz [ 149.880090][ T35] usb 7-1: config 0 descriptor?? [ 149.887619][ T35] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 149.895256][ T35] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 150.139269][ C2] ldusb 7-1:0.0: usb_submit_urb failed (-19) [ 150.141262][ T62] usb 7-1: USB disconnect, device number 8 [ 150.146039][ T62] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 150.209249][ T4781] Bluetooth: hci1: command 0x0c1a tx timeout [ 150.211267][ T5359] Bluetooth: hci2: command 0x0c1a tx timeout [ 150.271150][ T8140] syz.3.846[8140] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.271256][ T8140] syz.3.846[8140] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.769655][ T39] audit: type=1326 audit(1726400335.673:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8143 comm="syz.1.848" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f11579 code=0x0 [ 150.897895][ T8150] FAULT_INJECTION: forcing a failure. [ 150.897895][ T8150] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.897944][ T8150] [ 150.897947][ T8150] ====================================================== [ 150.897950][ T8150] WARNING: possible circular locking dependency detected [ 150.897953][ T8150] 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 Not tainted [ 150.897958][ T8150] ------------------------------------------------------ [ 150.897961][ T8150] syz.2.849/8150 is trying to acquire lock: [ 150.897965][ T8150] ffffffff8dda75d8 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0x12/0x70 [ 150.897992][ T8150] [ 150.897992][ T8150] but task is already holding lock: [ 150.897994][ T8150] ffff88802b63edd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 150.898015][ T8150] [ 150.898015][ T8150] which lock already depends on the new lock. [ 150.898015][ T8150] [ 150.898017][ T8150] [ 150.898017][ T8150] the existing dependency chain (in reverse order) is: [ 150.898020][ T8150] [ 150.898020][ T8150] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 150.898029][ T8150] _raw_spin_lock_nested+0x31/0x40 [ 150.898039][ T8150] raw_spin_rq_lock_nested+0x29/0x130 [ 150.898050][ T8150] task_fork_fair+0x73/0x250 [ 150.898059][ T8150] sched_cgroup_fork+0x3cf/0x510 [ 150.898068][ T8150] copy_process+0x4710/0x6f50 [ 150.898077][ T8150] kernel_clone+0xfd/0x960 [ 150.898085][ T8150] user_mode_thread+0xb4/0xf0 [ 150.898094][ T8150] rest_init+0x23/0x2b0 [ 150.898100][ T8150] start_kernel+0x3df/0x4c0 [ 150.898112][ T8150] x86_64_start_reservations+0x18/0x30 [ 150.898123][ T8150] x86_64_start_kernel+0xb2/0xc0 [ 150.898133][ T8150] common_startup_64+0x13e/0x148 [ 150.898143][ T8150] [ 150.898143][ T8150] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 150.898152][ T8150] _raw_spin_lock_irqsave+0x3a/0x60 [ 150.898162][ T8150] try_to_wake_up+0x9a/0x13e0 [ 150.898172][ T8150] up+0x79/0xb0 [ 150.898182][ T8150] console_unlock+0x23e/0x290 [ 150.898195][ T8150] vga_remove_vgacon+0x90/0xd0 [ 150.898205][ T8150] aperture_remove_conflicting_pci_devices+0x16a/0x1e0 [ 150.898218][ T8150] bochs_pci_probe+0x101/0x1150 [ 150.898230][ T8150] local_pci_probe+0xde/0x1b0 [ 150.898242][ T8150] pci_device_probe+0x29d/0x7b0 [ 150.898253][ T8150] really_probe+0x23e/0xa90 [ 150.898260][ T8150] __driver_probe_device+0x1de/0x440 [ 150.898267][ T8150] driver_probe_device+0x4c/0x1b0 [ 150.898274][ T8150] __driver_attach+0x283/0x580 [ 150.898281][ T8150] bus_for_each_dev+0x13c/0x1d0 [ 150.898291][ T8150] bus_add_driver+0x2e9/0x690 [ 150.898302][ T8150] driver_register+0x15c/0x4b0 [ 150.898309][ T8150] bochs_pci_driver_init+0x67/0x80 [ 150.898321][ T8150] do_one_initcall+0x128/0x630 [ 150.898332][ T8150] kernel_init_freeable+0x660/0xc50 [ 150.898343][ T8150] kernel_init+0x1c/0x2b0 [ 150.898349][ T8150] ret_from_fork+0x45/0x80 [ 150.898362][ T8150] ret_from_fork_asm+0x1a/0x30 [ 150.898373][ T8150] [ 150.898373][ T8150] -> #0 ((console_sem).lock){-...}-{2:2}: [ 150.898382][ T8150] __lock_acquire+0x24ed/0x3cb0 [ 150.898394][ T8150] lock_acquire+0x1b1/0x560 [ 150.898403][ T8150] _raw_spin_lock_irqsave+0x3a/0x60 [ 150.898413][ T8150] down_trylock+0x12/0x70 [ 150.898423][ T8150] __down_trylock_console_sem+0x40/0x140 [ 150.898434][ T8150] vprintk_emit+0x3d3/0x600 [ 150.898441][ T8150] vprintk+0x7f/0xa0 [ 150.898448][ T8150] _printk+0xc8/0x100 [ 150.898458][ T8150] should_fail_ex+0x46c/0x5b0 [ 150.898467][ T8150] copy_to_user_nofault+0x9f/0x1a0 [ 150.898477][ T8150] bpf_probe_write_user+0xaf/0xf0 [ 150.898489][ T8150] bpf_prog_6303d92f98284ad8+0x43/0x47 [ 150.898496][ T8150] bpf_trace_run4+0x245/0x5a0 [ 150.898505][ T8150] __traceiter_sched_switch+0x6c/0xc0 [ 150.898516][ T8150] __schedule+0x17cf/0x5490 [ 150.898525][ T8150] preempt_schedule_irq+0x51/0x90 [ 150.898536][ T8150] irqentry_exit+0x36/0x90 [ 150.898546][ T8150] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 150.898555][ T8150] tomoyo_check_acl+0xb4/0x410 [ 150.898566][ T8150] tomoyo_path_number_perm+0x34a/0x5b0 [ 150.898578][ T8150] security_file_ioctl_compat+0x75/0xc0 [ 150.898590][ T8150] __do_compat_sys_ioctl+0x5d/0x330 [ 150.898599][ T8150] __do_fast_syscall_32+0x73/0x120 [ 150.898611][ T8150] do_fast_syscall_32+0x32/0x80 [ 150.898622][ T8150] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 150.898631][ T8150] [ 150.898631][ T8150] other info that might help us debug this: [ 150.898631][ T8150] [ 150.898633][ T8150] Chain exists of: [ 150.898633][ T8150] (console_sem).lock --> &p->pi_lock --> &rq->__lock [ 150.898633][ T8150] [ 150.898644][ T8150] Possible unsafe locking scenario: [ 150.898644][ T8150] [ 150.898645][ T8150] CPU0 CPU1 [ 150.898647][ T8150] ---- ---- [ 150.898649][ T8150] lock(&rq->__lock); [ 150.898653][ T8150] lock(&p->pi_lock); [ 150.898658][ T8150] lock(&rq->__lock); [ 150.898663][ T8150] lock((console_sem).lock); [ 150.898667][ T8150] [ 150.898667][ T8150] *** DEADLOCK *** [ 150.898667][ T8150] [ 150.898669][ T8150] 3 locks held by syz.2.849/8150: [ 150.898673][ T8150] #0: ffffffff8e736e70 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_number_perm+0x232/0x5b0 [ 150.898706][ T8150] #1: ffff88802b63edd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 150.898727][ T8150] #2: ffffffff8ddb94a0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x1d6/0x5a0 [ 150.898746][ T8150] [ 150.898746][ T8150] stack backtrace: [ 150.898749][ T8150] CPU: 0 UID: 0 PID: 8150 Comm: syz.2.849 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 150.898759][ T8150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 150.898764][ T8150] Call Trace: [ 150.898769][ T8150] [ 150.898772][ T8150] dump_stack_lvl+0x116/0x1f0 [ 150.898783][ T8150] check_noncircular+0x31a/0x400 [ 150.898794][ T8150] ? __pfx_check_noncircular+0x10/0x10 [ 150.898805][ T8150] ? __pfx__prb_read_valid+0x10/0x10 [ 150.898814][ T8150] ? __pfx_format_decode+0x10/0x10 [ 150.898826][ T8150] ? lockdep_lock+0xc6/0x200 [ 150.898835][ T8150] ? __pfx_lockdep_lock+0x10/0x10 [ 150.898845][ T8150] __lock_acquire+0x24ed/0x3cb0 [ 150.898859][ T8150] ? __pfx___lock_acquire+0x10/0x10 [ 150.898871][ T8150] ? vprintk_store+0x222/0xbb0 [ 150.898884][ T8150] lock_acquire+0x1b1/0x560 [ 150.898895][ T8150] ? down_trylock+0x12/0x70 [ 150.898907][ T8150] ? __pfx_lock_acquire+0x10/0x10 [ 150.898919][ T8150] ? mark_lock+0xb5/0xc60 [ 150.898929][ T8150] ? __pfx___lock_acquire+0x10/0x10 [ 150.898941][ T8150] ? vprintk+0x7f/0xa0 [ 150.898949][ T8150] _raw_spin_lock_irqsave+0x3a/0x60 [ 150.898959][ T8150] ? down_trylock+0x12/0x70 [ 150.898971][ T8150] down_trylock+0x12/0x70 [ 150.898983][ T8150] __down_trylock_console_sem+0x40/0x140 [ 150.898996][ T8150] vprintk_emit+0x3d3/0x600 [ 150.899005][ T8150] vprintk+0x7f/0xa0 [ 150.899013][ T8150] _printk+0xc8/0x100 [ 150.899023][ T8150] ? __pfx__printk+0x10/0x10 [ 150.899035][ T8150] ? ___ratelimit+0x24c/0x580 [ 150.899043][ T8150] ? __pfx____ratelimit+0x10/0x10 [ 150.899052][ T8150] should_fail_ex+0x46c/0x5b0 [ 150.899062][ T8150] copy_to_user_nofault+0x9f/0x1a0 [ 150.899073][ T8150] bpf_probe_write_user+0xaf/0xf0 [ 150.899082][ T8150] bpf_prog_6303d92f98284ad8+0x43/0x47 [ 150.899089][ T8150] bpf_trace_run4+0x245/0x5a0 [ 150.899100][ T8150] ? __pfx_bpf_trace_run4+0x10/0x10 [ 150.899111][ T8150] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 150.899125][ T8150] __traceiter_sched_switch+0x6c/0xc0 [ 150.899137][ T8150] __schedule+0x17cf/0x5490 [ 150.899147][ T8150] ? hlock_class+0x4e/0x130 [ 150.899155][ T8150] ? mark_lock+0xb5/0xc60 [ 150.899166][ T8150] ? __pfx_mark_lock+0x10/0x10 [ 150.899178][ T8150] ? __pfx___schedule+0x10/0x10 [ 150.899188][ T8150] ? lockdep_hardirqs_on+0x7c/0x110 [ 150.899202][ T8150] preempt_schedule_irq+0x51/0x90 [ 150.899213][ T8150] irqentry_exit+0x36/0x90 [ 150.899224][ T8150] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 150.899233][ T8150] RIP: 0010:tomoyo_check_acl+0xb4/0x410 [ 150.899245][ T8150] Code: 03 00 00 49 8b 5d 00 49 39 dd 0f 84 fc 01 00 00 e8 01 8d 50 fd 48 8d 7b 18 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 0f b6 04 28 <38> d0 7f 08 84 c0 0f 85 cc 02 00 00 44 0f b6 7b 18 31 ff 44 89 fe [ 150.899254][ T8150] RSP: 0018:ffffc9000329fbc8 EFLAGS: 00000246 [ 150.899260][ T8150] RAX: 0000000000000000 RBX: ffff88802ae3b080 RCX: 0000000000000001 [ 150.899265][ T8150] RDX: 0000000000000000 RSI: ffffffff843a8d0f RDI: ffff88802ae3b098 [ 150.899271][ T8150] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 [ 150.899276][ T8150] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000329fc88 [ 150.899281][ T8150] R13: ffff888024231990 R14: 0000000000000002 R15: 0000000000000000 [ 150.899288][ T8150] ? tomoyo_check_acl+0x9f/0x410 [ 150.899300][ T8150] ? tomoyo_check_acl+0x9f/0x410 [ 150.899311][ T8150] ? __pfx_tomoyo_check_path_number_acl+0x10/0x10 [ 150.899325][ T8150] tomoyo_path_number_perm+0x34a/0x5b0 [ 150.899338][ T8150] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 150.899353][ T8150] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 150.899367][ T8150] ? bpf_send_signal_common+0x2b5/0x3a0 [ 150.899379][ T8150] ? __fget_files+0x256/0x400 [ 150.899390][ T8150] security_file_ioctl_compat+0x75/0xc0 [ 150.899404][ T8150] __do_compat_sys_ioctl+0x5d/0x330 [ 150.899415][ T8150] __do_fast_syscall_32+0x73/0x120 [ 150.899427][ T8150] do_fast_syscall_32+0x32/0x80 [ 150.899439][ T8150] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 150.899449][ T8150] RIP: 0023:0xf7f20579 [ 150.899455][ T8150] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 150.899463][ T8150] RSP: 002b:00000000f568556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 150.899470][ T8150] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c028aa03 [ 150.899476][ T8150] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 150.899481][ T8150] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 150.899489][ T8150] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 150.899494][ T8150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 150.899502][ T8150] [ 151.166318][ T8150] CPU: 0 UID: 0 PID: 8150 Comm: syz.2.849 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 151.169117][ T8150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 151.171917][ T8150] Call Trace: [ 151.173060][ T8150] [ 151.173925][ T8150] dump_stack_lvl+0x116/0x1f0 [ 151.175157][ T8150] should_fail_ex+0x497/0x5b0 [ 151.176411][ T8150] copy_to_user_nofault+0x9f/0x1a0 [ 151.177857][ T8150] bpf_probe_write_user+0xaf/0xf0 [ 151.179256][ T8150] bpf_prog_6303d92f98284ad8+0x43/0x47 [ 151.180766][ T8150] bpf_trace_run4+0x245/0x5a0 [ 151.182016][ T8150] ? __pfx_bpf_trace_run4+0x10/0x10 [ 151.183389][ T8150] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 151.185129][ T8150] __traceiter_sched_switch+0x6c/0xc0 [ 151.186533][ T8150] __schedule+0x17cf/0x5490 [ 151.187718][ T8150] ? hlock_class+0x4e/0x130 [ 151.188927][ T8150] ? mark_lock+0xb5/0xc60 [ 151.190057][ T8150] ? __pfx_mark_lock+0x10/0x10 [ 151.191315][ T8150] ? __pfx___schedule+0x10/0x10 [ 151.192599][ T8150] ? lockdep_hardirqs_on+0x7c/0x110 [ 151.193960][ T8150] preempt_schedule_irq+0x51/0x90 [ 151.195402][ T8150] irqentry_exit+0x36/0x90 [ 151.196665][ T8150] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 151.198181][ T8150] RIP: 0010:tomoyo_check_acl+0xb4/0x410 [ 151.199619][ T8150] Code: 03 00 00 49 8b 5d 00 49 39 dd 0f 84 fc 01 00 00 e8 01 8d 50 fd 48 8d 7b 18 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 0f b6 04 28 <38> d0 7f 08 84 c0 0f 85 cc 02 00 00 44 0f b6 7b 18 31 ff 44 89 fe [ 151.204817][ T8150] RSP: 0018:ffffc9000329fbc8 EFLAGS: 00000246 [ 151.206397][ T8150] RAX: 0000000000000000 RBX: ffff88802ae3b080 RCX: 0000000000000001 [ 151.208418][ T8150] RDX: 0000000000000000 RSI: ffffffff843a8d0f RDI: ffff88802ae3b098 [ 151.210375][ T8150] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 [ 151.212438][ T8150] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000329fc88 [ 151.214497][ T8150] R13: ffff888024231990 R14: 0000000000000002 R15: 0000000000000000 [ 151.216588][ T8150] ? tomoyo_check_acl+0x9f/0x410 [ 151.217888][ T8150] ? tomoyo_check_acl+0x9f/0x410 [ 151.219176][ T8150] ? __pfx_tomoyo_check_path_number_acl+0x10/0x10 [ 151.220784][ T8150] tomoyo_path_number_perm+0x34a/0x5b0 [ 151.222206][ T8150] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 151.223775][ T8150] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 151.225328][ T8150] ? bpf_send_signal_common+0x2b5/0x3a0 [ 151.226763][ T8150] ? __fget_files+0x256/0x400 [ 151.227991][ T8150] security_file_ioctl_compat+0x75/0xc0 [ 151.229460][ T8150] __do_compat_sys_ioctl+0x5d/0x330 [ 151.230840][ T8150] __do_fast_syscall_32+0x73/0x120 [ 151.232182][ T8150] do_fast_syscall_32+0x32/0x80 [ 151.233462][ T8150] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 151.235119][ T8150] RIP: 0023:0xf7f20579 [ 151.236186][ T8150] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 151.241162][ T8150] RSP: 002b:00000000f568556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 151.243529][ T8150] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c028aa03 [ 151.245604][ T8150] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 151.247663][ T8150] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 151.249736][ T8150] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 151.251784][ T8150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 151.253851][ T8150] [ 152.189039][ T4781] Bluetooth: hci1: command 0x0c1a tx timeout [ 152.189938][ T5359] Bluetooth: hci2: command 0x0c1a tx timeout VM DIAGNOSIS: 11:38:53 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fc2b75 RDI=ffffffff9a516680 RBP=ffffffff9a516640 RSP=ffffc9000329f350 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000035 R14=ffffffff84fc2b10 R15=0000000000000000 RIP=ffffffff84fc2b9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ffffffff CR3=0000000063dde000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff813be4ae RDX=ffff88801bb04880 RSI=ffffffff813be4cb RDI=0000000000000000 RBP=ffff88802b63edc0 RSP=ffffc90000477af0 R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000000 R12=0000000000000003 R13=0000000000000003 R14=ffff88802b73fc80 R15=ffffed10056c7db8 RIP=ffffffff813be4cc RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ffffffff CR3=0000000063dde000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000013c954 RBX=0000000000000002 RCX=ffffffff8b084079 RDX=ffffed1005706fda RSI=ffffffff8bb07fe0 RDI=ffffffff81634afc RBP=ffffed10037e1000 RSP=ffffc90000487e08 R8 =0000000000000000 R9 =ffffed1005706fd9 R10=ffff88802b837ecb R11=0000000000000001 R12=0000000000000002 R13=ffff88801bf08000 R14=ffffffff9011e7d8 R15=0000000000000000 RIP=ffffffff8b08546f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000ffffffff CR3=00000000257e4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73dbff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000004 RBX=ffff88801fc34880 RCX=ffffffff81694379 RDX=0000000000000000 RSI=ffffffff8bb07fe0 RDI=ffff88801fc34cc4 RBP=ffff88801fc34880 RSP=ffffc90000e7f688 R8 =0000000000000000 R9 =fffffbfff2023cfb R10=ffffffff9011e7df R11=0000000097916da7 R12=ffff88801fc34880 R13=ffff88801cece000 R14=0000000000000000 R15=ffffc90000e7f888 RIP=ffffffff81723ba9 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f746921c CR3=000000000db7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000200010 Opmask01=0000000000000010 Opmask02=0000000000040000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7903ae9d09e766e8 92d52178edc4e544 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f32c1e031cf06474 408e49cebfdc6869 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a9eafc61eb483c85 bd31e86ce5957b60 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 abb4474630a60804 61df513e21a2d207 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000007c0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005bfd00000001 c81efa00fd5c1200 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000005bff f4b8639b00005c01 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005bfd5a584600 6abfee00997bef00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2d316c0046d6d200 00005c006035f27a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01f7427c83cc2176 5e548dea3128d35e ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a90ad83ea876bb52 0afae358413fd62b ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6e3a6d5e007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4b1f485e005600 0b56000041000b56 000040494a564b4a 460a5340410a000a ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6572636e65202065 6361666465652069 2065686e20632067 662073000a206461 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000