last executing test programs: 7.04449379s ago: executing program 0 (id=4143): mount(0x0, 0x0, &(0x7f0000000300)='configfs\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000300)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) r6 = socket(0x10, 0x3, 0x9) sendmsg$BATADV_CMD_GET_ORIGINATORS(r6, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x3fb, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f0000000580)={0x14, 0x0, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x24008010) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f0000000180)={0x23, 0x1, 0x13, 0x1, 0x0, 0x2, 0x0}) close_range(r1, 0xffffffffffffffff, 0x0) 6.969614592s ago: executing program 3 (id=4146): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000400)={'wlan0\x00', &(0x7f00000005c0)=@ethtool_cmd={0x38, 0x5, 0x70c, 0x0, 0x4, 0x7, 0x3, 0x6, 0x8, 0x6, 0xf, 0x1, 0x1, 0x23, 0xfe, 0xfffffffc, [0x8, 0xffffffff]}}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0) r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCINITREPORT(r4, 0x4805, 0x0) ioctl$HIDIOCINITREPORT(r4, 0x4805, 0x0) ioctl$SNDCTL_DSP_GETOPTR(0xffffffffffffffff, 0x800c5012, &(0x7f0000000300)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) write$P9_RLOPEN(r5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x28, &(0x7f0000000280)=0x2) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 6.639616393s ago: executing program 0 (id=4147): socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000300), 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x8c1) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r2, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), r2) sendfile(r3, r2, 0x0, 0x578410eb) process_vm_readv(0x0, &(0x7f0000008400), 0x0, &(0x7f0000008640), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socket$kcm(0x29, 0x5, 0x0) pipe(&(0x7f0000000040)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, &(0x7f0000000380)="c75f16175bb69c4013d0479f629c0ba46ff8ac8dc98098b878545ed70bb5bc1bacf36b28b91a23b1365fa8e67059f7c1fc1ade5eb855207f7066f96bdafb14234e8d9afeee1f3fd22e4b4fe5a61f4afde21805ae5206b87bb22d882df14583a3"}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r4 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) 5.170500231s ago: executing program 0 (id=4151): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x10, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x7e}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x42280, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0) r7 = io_uring_setup(0x1d48, &(0x7f0000000340)={0x0, 0xb143, 0x1000, 0x2, 0x196}) r8 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r8, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r8, 0x4) recvmmsg(r8, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}}], 0x1, 0x40000100, 0x0) close_range(r7, r8, 0x0) socket(0x2b, 0x80801, 0x1) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000480)=ANY=[@ANYBLOB="28000000120001"], 0x28}}, 0x0) close(r6) r10 = socket$unix(0x1, 0x1, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r12, {0x0, 0x4}, {0xffe6, 0xb}, {0xfff2, 0x3}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c961}, 0x4008080) ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 4.900446272s ago: executing program 2 (id=4153): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) pipe2$watch_queue(&(0x7f00000001c0), 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x5d) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000cd833000000000000000"], 0x0, 0x1a, 0x0, 0x1, 0x2, 0x10000}, 0x28) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0xc801) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x4, 0x100008b}, 0x0) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x1000000000000, 0x2, 0x0, &(0x7f0000ffa000/0x4000)=nil) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(0xffffffffffffffff, &(0x7f0000000180), 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f360068090890e0878f0e1ac6e7049b3343959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07480936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) r1 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) sendfile(r1, r1, 0x0, 0x24002de8) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f00000003c0)={0x0, {}, 0x0, {}, 0x2, 0x9, 0x14, 0x8, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bfff923bdb6fe6ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x3, 0x9]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 4.899604284s ago: executing program 0 (id=4154): socket(0x10, 0x80002, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52", 0xc) socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x80108907, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x40c}, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408048000001700638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000008000000850000006900000095"], &(0x7f0000005d80)='syzkaller\x00', 0xc}, 0x94) r6 = socket$kcm(0x10, 0x2, 0x0) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000400)=r5, 0x4) sendmsg$kcm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="d80000001a0081044e81f782db4cb904021d0800fe0055a1150015000200142603600e12080005007a010401a8001600200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457fffffffffffff0001bace8017cbec4c2ee5a7cef4090000001fb79164d322fe7c9f8775d3f2d5d0683f5aeb4edbb57a5025ccca9e00360db785262f3d40fad95667e006dcdf61951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a94100000000000000000000000000d4da15", 0xd8}], 0x1}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=""/36, 0x24) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0xf4, 0x0, 0x0, 0x2) r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r7, 0xc0045627, &(0x7f0000000100)=0x3) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0) write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) 3.297080082s ago: executing program 2 (id=4156): close(0xffffffffffffffff) socket$nl_crypto(0x10, 0x3, 0x15) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) close(r0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000300), &(0x7f0000000040)=0x68) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0) r2 = eventfd(0x0) mount$9p_fd(0x0, &(0x7f00000006c0)='./bus\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x2, 0x0, {0x0, 0x2710}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '#\x00'}, 0x0, 0x2, {0x0}}) ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x100004, 0x0, {0x77359400}, {0x7, 0xc, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000033c0)=@base={0x6, 0x4, 0xfff, 0x46}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000004000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd85000000730000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r5}, 0x10) 3.139696096s ago: executing program 1 (id=4159): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x34, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ZONE={0x6}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae535af2f0a70ddeb37f"}]}, {0x4}, {0xffffffffffffff48}, {0xc}}}]}]}, 0x78}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0xb400}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$MEDIA_IOC_SETUP_LINK(0xffffffffffffffff, 0xc0347c03, &(0x7f00000001c0)={{0x80000000, 0x0, 0x1, [0x0, 0xf7df]}, {0x80000000, 0x0, 0x4, [0x6]}, 0x1, [0x8, 0x3df]}) r5 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r5, 0xc0287c02, &(0x7f0000000100)={0x80000000, 0x0, &(0x7f0000000200)=[{{}, {0x80000000, 0x0}}, {{}, {0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r5, 0xc0347c03, &(0x7f00000001c0)={{r7, r6, 0x1, [0x0, 0xf7df]}, {r7, r8, 0x4, [0x6]}, 0x1, [0x8, 0x3df]}) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000600)={0x80000000, &(0x7f0000000100), &(0x7f00000003c0)=[{{0x80000000}}]}) ioctl$MEDIA_IOC_SETUP_LINK(0xffffffffffffffff, 0xc0347c03, &(0x7f0000000680)={{0x80000000, r6, 0x2, [0x1ff, 0xa7]}, {r9, 0x0, 0x4, [0x8, 0x8]}, 0x10000000, [0x7, 0x602d]}) r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r10, &(0x7f000001aa40)=""/102400, 0x19000) ioctl$SIOCAX25DELUID(0xffffffffffffffff, 0x89e2, 0x0) 2.430172315s ago: executing program 2 (id=4160): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000003", @ANYRES16=r0, @ANYBLOB="0100000010651fbe347b2c2b00000c000180080001"], 0x20}}, 0x0) 2.380324154s ago: executing program 2 (id=4161): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000004000000000000000000008500000011000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000006d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000080)={0x0, 0x300}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.322619769s ago: executing program 2 (id=4162): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) syz_usbip_server_init(0x3) pselect6(0x40, &(0x7f00000001c0)={0x1000000, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10000008ebc, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0) 2.066737222s ago: executing program 3 (id=4163): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000100)={&(0x7f0000000180)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe5d, 0x0}) ioctl$EXT4_IOC_GETSTATE(r1, 0x40046629, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff11080003400000000c140000001000010000000000000000000084000aff165cce848a58c8ad1a7044dd9a6d4026e5"], 0x74}}, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0x9, 0x7, 0x0, 0x0, 0x5, 0x3, 0xfffffffffffffffc, 0x800000]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x19c, 0x65, 0x20, 0x70bd27, 0x9bd, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xe}, {0x0, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x16c, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x160, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x138, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x118, 0x2, 0x0, 0x0, {{0x100, 0x9, 0x319}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x1}, @TCA_EM_IPT_MATCH_DATA={0xd9, 0x5, "404ed3d434fb1f48a30cc0474d3c5260844ef8d653aa690f08733679c0f9bd6e29e13b09adea5ceb607c74a62934f395f716bdc5b2d344210a255c16f0fddd15bf1303af3d0414041b90743b0add6ab90d0ba1b39a9b13161873fb2acea362d73c88e899ccfc750491142a1922eb492fc626348d86473ea9e39f4faacf8bb869c6a124325737b32502d3a21fc90b0b54b97bd41ac70a2a68a7262bee65d25822852d63465a22a320cdb82bc9707038d69fee5710d419574700b52c157c1ecb20712de3168b38d238726620651097d32ee27acc86c0"}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0xfc}]}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x2, 0x2, 0x4}, {0xc, 0x2, 0x1, "f8fb"}}}, @TCF_EM_CONTAINER={0xc, 0x3, 0x0, 0x0, {{0x3, 0x0, 0x7}}}]}]}]}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000080) r6 = socket(0x10, 0x803, 0x0) sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=0x0) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000640)={0xffffffffffffffff}, 0x1, 0x0, 0x0, 0x40040c5}, 0x40015) sendmsg$NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)={0x2c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x21}, 0x40000) sendmsg$NFC_CMD_ACTIVATE_TARGET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYRES32, @ANYRES32=r7, @ANYBLOB="625322c7b45a0eefc906a8a2b98baa574e5eb048f93ae1"], 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x80) sendmsg$NFC_CMD_DEV_DOWN(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x2c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x8001) ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, &(0x7f0000000100)={0x1, @capture={0x0, 0x1, {0x62f9, 0x6}, 0xfffffff8, 0x40}}) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r8, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x1, 0xd, 0x200, &(0x7f0000000180)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413fcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949e496f2e2a3c175858575713be5ee3fff4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff4175b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b188cd35df2cd7963e43b7f9c03bebfb889c02f484f63520cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc589457c924abfc4d5afd22462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 2.066168045s ago: executing program 1 (id=4164): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x10, 0x3, 0x0) close_range(r1, 0xffffffffffffffff, 0x2) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) r3 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0x211a, 0x0, 0x4, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x1, r2, 0x0}) io_uring_enter(r3, 0x3516, 0xc2de, 0x8, 0x0, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) r6 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000e40)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4880}, 0x1) sendmmsg$inet6(r6, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)="b5d8bb89", 0x4}], 0x1}}], 0x1, 0x40000800) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/176, 0xb0, 0x1, 0x0}, &(0x7f0000000180)=0x40) 1.905568328s ago: executing program 1 (id=4165): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 32) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (rerun: 32) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async, rerun: 32) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, 0x0}) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000e80)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x3c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_KEY_END={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xac}}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x2000000000000, 0xfffffdfffffffffe, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0x1}}, 0x20) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) (async) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) (async) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000055aca5318446172b81c0689d000000000018549eb69dc8ab41f9aab16c0000000000000000"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000004000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r4}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 1.747731183s ago: executing program 0 (id=4166): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_mptcp(0x2, 0x1, 0x106) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) accept4$rose(r1, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) unshare(0x6a040000) mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = gettid() syz_open_dev$evdev(0x0, 0x0, 0x2002) pselect6(0x0, 0x0, &(0x7f0000002680)={0x5, 0x3, 0x349, 0x1b, 0x0, 0x3, 0x8, 0x98e}, &(0x7f00000026c0)={0x9, 0x89, 0xc3a, 0x5, 0x8, 0x7fff0000, 0x400, 0x4}, 0x0, 0x0) openat$apparmor_thread_current(0xffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$nl_route(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r2, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r4], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) (fail_nth: 8) 1.746995073s ago: executing program 3 (id=4167): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x200000000) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900)) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x13) ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f00000000c0)={0xfffffff8, 0x0, 0xfffbfffd, 0x3, 0x4f, "0c41920887e8d2b791f19dd026d76d7fcb366b", 0x4, 0x200}) write(r2, &(0x7f0000000200)='G', 0x1) ioctl$TCXONC(r2, 0x540a, 0x3) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0x8) read(r1, &(0x7f00000002c0)=""/237, 0xed) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x1) preadv2(r1, &(0x7f0000000f80)=[{&(0x7f0000000dc0)=""/147, 0x93}], 0x1, 0x2, 0x4, 0x14) close_range(r0, 0xffffffffffffffff, 0x0) 1.464317474s ago: executing program 1 (id=4168): close(0xffffffffffffffff) socket$nl_crypto(0x10, 0x3, 0x15) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) close(r0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000300), &(0x7f0000000040)=0x68) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0) r2 = eventfd(0x0) mount$9p_fd(0x0, &(0x7f00000006c0)='./bus\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x2, 0x0, {0x0, 0x2710}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '#\x00'}, 0x0, 0x2, {0x0}}) ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x100004, 0x0, {0x77359400}, {0x7, 0xc, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000033c0)=@base={0x6, 0x4, 0xfff, 0x46}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000004000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd85000000730000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r5}, 0x10) 1.463999014s ago: executing program 3 (id=4169): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="06000000040000000800000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c01250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (fail_nth: 1) 1.257590859s ago: executing program 3 (id=4170): r0 = fanotify_init(0x20, 0x80000) dup(r0) syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0), &(0x7f0000000140)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x8, @remote}, 0x9) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x10, 0x1a, 0x0, 0x1, [@AF_INET6={0xc, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x3}]}]}]}, 0x38}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=@bridge_getlink={0x34, 0x12, 0x1, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg0\x00'}]}, 0x34}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r6, 0x6, 0x16, &(0x7f00000003c0)=[@mss={0x2, 0x8}, @window={0x3, 0xe, 0x9}, @timestamp, @sack_perm, @mss={0x2, 0x6}, @sack_perm, @sack_perm, @window={0x3, 0xfff, 0x4}, @sack_perm], 0x9) 940.162493ms ago: executing program 2 (id=4171): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000006480)={0x1c, 0x27, 0x1, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x23, 0x0, 0x0, @pid}]}]}, 0x1c}], 0x1}, 0x0) r1 = socket(0x1e, 0x4, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRES8=r1, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xb9, &(0x7f0000000140)=""/185, 0x0, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2037}, 0x94) syz_init_net_socket$ax25(0x3, 0x5, 0xc4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setregid(0xffffffffffffffff, 0x0) setuid(0xee01) syz_init_net_socket$ax25(0x3, 0x7, 0xcc) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f00000000c0)='./file0\x00') sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000000308010200000000000000000000000005000300060000000c000480080003400000000083e9"], 0x28}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x66801, 0x19d) write$P9_RREADLINK(r5, &(0x7f0000000180)={0x10, 0x17, 0xbffd, {0x7, './file0'}}, 0x10) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000280)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) recvmmsg$unix(r1, &(0x7f0000003100), 0x0, 0x0, 0x0) 708.837047ms ago: executing program 0 (id=4172): ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x84, 0x467b, 0xffff, {0x1d, 0x1}, {0x51, 0x2}, @ramp={0x0, 0xffee, {0xe8, 0x405, 0x3ff, 0x57c2}}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0x5, 0x20000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8) 570.492278ms ago: executing program 1 (id=4173): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) r4 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x10) writev(r4, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000040)="aa1d484e2400a0000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x38, r3, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x38}}, 0x20000000) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0) 95.61516ms ago: executing program 3 (id=4174): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_clone(0x21000011, 0x0, 0x0, 0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (fail_nth: 10) 0s ago: executing program 1 (id=4175): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc9b}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xfffffffc, 0xff, 0x80000000}, 0x1c) bind$packet(r1, &(0x7f0000000080)={0x11, 0x802, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) syz_emit_ethernet(0x32, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb0000000000000802"], 0x0) r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000b80)={&(0x7f0000000b40)=[0x0, 0x0], 0x2, 0x80800, 0x0, 0xffffffffffffffff}) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000c00)=[@textreal={0x8, &(0x7f0000000bc0)="ba4000ed0f230e640f70e1ae660f71d1b30f019bef8ce20066b9f202000066b8b85d000066ba000000000f30f3ab0f01c40f20d86635080000000f22d8", 0x3d}], 0x1, 0x10, &(0x7f0000000c40)=[@cstype0={0x4, 0xf}, @vmwrite={0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7fff}], 0x2) syz_usb_control_io$hid(r3, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="002210000000540b455018213b21e271a97584839e3ce04b"], 0x0}, 0x0) r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000c80)={0x2, 0x0, &(0x7f0000ff4000/0x2000)=nil}) r7 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x18d1, 0x503d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0xd0, 0x4, [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x3, 0x1, 0x1, 0x2, {0x9, 0x21, 0x8, 0x1, 0x1, {0x22, 0xc87}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x9, 0xf2, 0x2}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x3, 0x5, 0x81}}]}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x5, 0x1d, 0x0, 0x10, 0x2}, 0xdc, &(0x7f0000000140)={0x5, 0xf, 0xdc, 0x2, [@generic={0xd4, 0x10, 0x1, "93a823f1fbe82d1557e8c16392c097f1a4cd27bae3a520a58a132ff1b3ecdcc02a51887c3001ed073f6a49168346260348d2ef5e23b7b6e067d89b053bc9f5df3440a49f535aa36639b5805079ad2fabb3f180ed5dd54df6d28543769f5ff7a7ba316cc8bf30042ad3881784e9769ebec79ec562d881057b1dff81912228d0b9763e7fc07046b3782b809d6e92f5d18e2b596d6926423cb169671ccbdc2102839ac9ed3241fb2d6fab81ffa7fd48c4ca36a097e73fa49d4d221053580a443c8d124be24d0a13b9c3da5d7de631bd32e566"}, @ptm_cap={0x3}]}, 0x1, [{0x80, &(0x7f0000000240)=@string={0x80, 0x3, "3a2c9ead8fbce8520e0dae098839c74746540f191f049aa77266f6fd8662372582bb70125b6a4aa091de7b04365e393ed1fd959c95e3fa51d088cd52653037bd18e05393e8fc800d0fd9d525e569635806bb12fa4ab23659fdd89a6587d763a3d1cf93a8ade58a0761edc5f9a66bffb5295f34d89d84ab950704eea60768"}}]}) syz_usb_control_io(r7, &(0x7f00000005c0)={0x18, &(0x7f00000003c0)={0x0, 0x22, 0x41, {0x41, 0x9, "f66fb144acdc83d8185f55dea28e7b085f9c787bcb7b6c98802f715d6c257d5be3e62c4b08afd610b041b817606a9e2406720a9b4c4b57b28c04bfa88a7284"}}, &(0x7f0000000440)={0x0, 0x3, 0xaf, @string={0xaf, 0x3, "1c9b9bcfc14b05ced81b581c0599272d769c0ac2ebefc84edf3bc85fb00f272c4f790b903d3dbd3a652aa6cd26fe601d627db5e37d68464b8880bc82ef6f8813d57a6d6ce369b28da63f151f18258bfce787ca1f4e6b19a48e7ebe440929313f73e6c98606701048e779f24f5bee786239954def9ade8608af5489994e0864e4042b85dfb63abda7bf341a796eac1882be53d8dd8b9183f4fc3975e30101712e1e3f0ce23108f51eac96530828"}}, &(0x7f0000000340)=ANY=[@ANYBLOB="000f39000019050f39000220100ae22500000000000800cf000000c0c0ff0030c000000000ff00c080fe0014100406055dbbf25a14fa7b02657e84ac0660bf"], &(0x7f0000000500)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x0, 0x2, 0x5, "ac17ed3b", "b52b2660"}}, &(0x7f0000000580)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x2, 0xc, 0x7, 0x5, 0x8001, 0x8}}}, &(0x7f0000000ac0)={0x44, &(0x7f0000000680)=ANY=[@ANYBLOB="001888000000cea16c85ca9a2532f9304c9555ef0301e3321b0c671a7c8a4ab822569851525e53fa33b529b96c5e93f6c8325676e62d905e78c4c6edb5f3a1ec7e94ed644445e1877b60cd7dc5388758fa4a44828f0a56345ef89e7113cd9968df9ec1ac0d2c7ce6d52505be541a27e862757ff7018d0fd9025e3adc2a40e803e900"/142], &(0x7f0000000600)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000740)={0x0, 0x8, 0x1, 0x24}, &(0x7f0000000780)={0x20, 0x0, 0x4, {0x2}}, &(0x7f00000007c0)={0x20, 0x0, 0x8, {0x1e0, 0x20, [0xf000]}}, &(0x7f0000000800)={0x40, 0x7, 0x2, 0xa}, &(0x7f0000000840)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000880)={0x40, 0xb, 0x2, 'rc'}, &(0x7f00000008c0)={0x40, 0xf, 0x2, 0x7}, &(0x7f0000000900)={0x40, 0x13, 0x6}, &(0x7f0000000940)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000980)={0x40, 0x19, 0x2, '[\\'}, &(0x7f00000009c0)={0x40, 0x1a, 0x2, 0xfb}, &(0x7f0000000a00)={0x40, 0x1c, 0x1, 0xfb}, &(0x7f0000000a40)={0x40, 0x1e, 0x1, 0x2}, &(0x7f0000000a80)={0x40, 0x21, 0x1, 0x6}}) ioctl$KVM_CAP_X86_DISABLE_EXITS(r4, 0x4068aea3, &(0x7f0000000cc0)={0x8f, 0x0, 0x9}) creat(&(0x7f0000000640)='./file0\x00', 0x0) rmdir(&(0x7f0000000380)='./file0\x00') ioctl$HIDIOCSFLAG(r6, 0x4004480f, &(0x7f0000000040)=0x4) kernel console output (not intermixed with test programs): 8.514384][T19066] ? __pfx_generic_map_update_batch+0x10/0x10 [ 668.514403][T19066] ? __pfx_generic_map_update_batch+0x10/0x10 [ 668.514420][T19066] bpf_map_do_batch+0x5b4/0x680 [ 668.514445][T19066] __sys_bpf+0x4cf9/0x4de0 [ 668.514466][T19066] ? __pfx___sys_bpf+0x10/0x10 [ 668.514482][T19066] ? ksys_write+0x190/0x250 [ 668.514498][T19066] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 668.514523][T19066] ? fput+0x9b/0xd0 [ 668.514539][T19066] ? ksys_write+0x1ac/0x250 [ 668.514551][T19066] ? __pfx_ksys_write+0x10/0x10 [ 668.514566][T19066] __ia32_sys_bpf+0x76/0xe0 [ 668.514576][T19066] __do_fast_syscall_32+0x7c/0x3a0 [ 668.514588][T19066] do_fast_syscall_32+0x32/0x80 [ 668.514598][T19066] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 668.514612][T19066] RIP: 0023:0xf702e579 [ 668.514621][T19066] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 668.514632][T19066] RSP: 002b:00000000f53dc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 668.514643][T19066] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000080000200 [ 668.514650][T19066] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 668.514656][T19066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 668.514663][T19066] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 668.514669][T19066] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 668.514682][T19066] [ 669.493419][ T840] kernel write not supported for file [eventfd] (pid: 840 comm: kworker/3:2) [ 670.607544][ T1335] usb 8-1: new high-speed USB device number 40 using dummy_hcd [ 670.776460][ T1335] usb 8-1: Using ep0 maxpacket: 8 [ 670.780488][ T1335] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 670.784837][ T1335] usb 8-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 670.790598][ T1335] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 670.794363][ T1335] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.802006][ T1335] usbtmc 8-1:16.0: bulk endpoints not found [ 670.946220][ T840] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 671.048735][T19097] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 671.096289][ T840] usb 6-1: Using ep0 maxpacket: 8 [ 671.100107][ T840] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 671.103208][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 671.107782][ T840] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 671.112745][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 671.116533][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 671.120946][ T840] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 671.123428][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 671.127202][ T840] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 671.130786][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 671.134223][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 671.138564][ T840] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 671.140870][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 671.144397][ T840] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 671.148169][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 671.151512][ T840] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 671.156736][ T840] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 671.159560][ T840] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.162067][ T840] usb 6-1: Product: syz [ 671.163422][ T840] usb 6-1: Manufacturer: syz [ 671.164918][ T840] usb 6-1: SerialNumber: syz [ 671.362972][T19103] netlink: 'syz.3.3604': attribute type 10 has an invalid length. [ 671.366067][T19103] rdma_rxe: rxe_newlink: failed to add syz_tun [ 671.379077][ T840] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 671.382810][ T840] usb 6-1: USB disconnect, device number 43 [ 671.579513][T19095] sg_write: data in/out 489/14 bytes for SCSI command 0xb-- guessing data in; [ 671.579513][T19095] program syz.1.3605 not setting count and/or reply_len properly [ 671.593703][T19095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3605'. [ 671.599364][T19095] input input41: cannot allocate more than FF_MAX_EFFECTS effects [ 672.356347][ T1335] kernel write not supported for file [eventfd] (pid: 1335 comm: kworker/2:2) [ 673.105316][T19122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3613'. [ 673.250591][T19126] tipc: Enabled bearer , priority 0 [ 673.307127][T19130] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3615'. [ 673.314282][T19130] tipc: Resetting bearer [ 673.364566][T19125] tipc: Disabling bearer [ 673.466019][ T1335] usb 8-1: USB disconnect, device number 40 [ 673.976983][ T1335] kernel write not supported for file [eventfd] (pid: 1335 comm: kworker/2:2) [ 674.007941][T19150] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3620'. [ 674.893824][T19163] tipc: Enabled bearer , priority 0 [ 674.980815][T19172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3625'. [ 675.013488][T19172] tipc: Resetting bearer [ 675.090395][T19162] tipc: Disabling bearer [ 675.133377][T19177] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 676.382511][ T1335] kernel write not supported for file [eventfd] (pid: 1335 comm: kworker/2:2) [ 676.572648][T19201] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3636'. [ 676.583765][T19201] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3636'. [ 676.800382][T19210] FAULT_INJECTION: forcing a failure. [ 676.800382][T19210] name failslab, interval 1, probability 0, space 0, times 0 [ 676.805464][T19210] CPU: 3 UID: 0 PID: 19210 Comm: syz.1.3638 Not tainted syzkaller #0 PREEMPT(full) [ 676.805491][T19210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 676.805499][T19210] Call Trace: [ 676.805503][T19210] [ 676.805508][T19210] dump_stack_lvl+0x16c/0x1f0 [ 676.805529][T19210] should_fail_ex+0x512/0x640 [ 676.805540][T19210] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 676.805556][T19210] should_failslab+0xc2/0x120 [ 676.805572][T19210] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 676.805589][T19210] ? __lock_acquire+0xb97/0x1ce0 [ 676.805610][T19210] ? kstrdup_const+0x63/0x80 [ 676.805633][T19210] kstrdup+0x53/0x100 [ 676.805657][T19210] kstrdup_const+0x63/0x80 [ 676.805678][T19210] kvasprintf_const+0x164/0x1a0 [ 676.805703][T19210] kobject_set_name_vargs+0x5a/0x140 [ 676.805724][T19210] dev_set_name+0xc7/0x100 [ 676.805750][T19210] ? __pfx_dev_set_name+0x10/0x10 [ 676.805773][T19210] ? down_write+0x14d/0x200 [ 676.805793][T19210] ? __pfx_down_write+0x10/0x10 [ 676.805809][T19210] ? xa_load+0x153/0x2c0 [ 676.805831][T19210] ib_register_device+0x7df/0xe00 [ 676.805854][T19210] ? mark_held_locks+0x49/0x80 [ 676.805874][T19210] ? __pfx_ib_register_device+0x10/0x10 [ 676.805885][T19210] ? lockdep_hardirqs_on+0x7c/0x110 [ 676.805902][T19210] ? ib_device_set_netdev+0x7e/0x860 [ 676.805919][T19210] ? lockdep_init_map_type+0x5c/0x280 [ 676.805937][T19210] siw_newlink+0xb67/0xd70 [ 676.805952][T19210] nldev_newlink+0x3a6/0x680 [ 676.805969][T19210] ? __pfx_nldev_newlink+0x10/0x10 [ 676.805986][T19210] ? __lock_acquire+0x62e/0x1ce0 [ 676.806041][T19210] ? rcu_is_watching+0x12/0xc0 [ 676.806058][T19210] ? security_capable+0x7e/0x260 [ 676.806071][T19210] ? ns_capable+0xd7/0x110 [ 676.806082][T19210] ? __pfx_nldev_newlink+0x10/0x10 [ 676.806112][T19210] rdma_nl_rcv_msg+0x38a/0x6e0 [ 676.806131][T19210] ? __pfx_rdma_nl_rcv_msg+0x10/0x10 [ 676.806150][T19210] ? __lock_acquire+0x62e/0x1ce0 [ 676.806168][T19210] rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430 [ 676.806188][T19210] ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10 [ 676.806231][T19210] ? netlink_deliver_tap+0x1ae/0xd30 [ 676.806253][T19210] ? is_vmalloc_addr+0x86/0xa0 [ 676.806268][T19210] netlink_unicast+0x5a7/0x870 [ 676.806287][T19210] ? __pfx_netlink_unicast+0x10/0x10 [ 676.806305][T19210] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 676.806326][T19210] netlink_sendmsg+0x8d1/0xdd0 [ 676.806346][T19210] ? __pfx_netlink_sendmsg+0x10/0x10 [ 676.806365][T19210] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 676.806381][T19210] ____sys_sendmsg+0xa95/0xc70 [ 676.806395][T19210] ? __pfx_____sys_sendmsg+0x10/0x10 [ 676.806407][T19210] ? get_compat_msghdr+0x11a/0x170 [ 676.806430][T19210] ___sys_sendmsg+0x134/0x1d0 [ 676.806447][T19210] ? __pfx____sys_sendmsg+0x10/0x10 [ 676.806471][T19210] ? find_held_lock+0x2b/0x80 [ 676.806492][T19210] __sys_sendmsg+0x16d/0x220 [ 676.806509][T19210] ? __pfx___sys_sendmsg+0x10/0x10 [ 676.806532][T19210] ? rcu_is_watching+0x12/0xc0 [ 676.806545][T19210] __do_fast_syscall_32+0x7c/0x3a0 [ 676.806557][T19210] do_fast_syscall_32+0x32/0x80 [ 676.806567][T19210] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 676.806582][T19210] RIP: 0023:0xf702e579 [ 676.806591][T19210] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 676.806602][T19210] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 676.806613][T19210] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000800000c0 [ 676.806620][T19210] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 676.806627][T19210] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 676.806633][T19210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 676.806640][T19210] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 676.806654][T19210] [ 676.928904][T19210] siw: device registration error -12 [ 677.015628][T19212] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3639'. [ 677.217330][T19212] tipc: Cannot configure node identity twice [ 677.757500][T19228] 9pnet_fd: Insufficient options for proto=fd [ 677.881689][T19241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3645'. [ 677.885533][T19241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3645'. [ 677.916758][T19241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3645'. [ 677.919715][T19241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3645'. [ 678.119655][T19241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3645'. [ 678.123382][T19241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3645'. [ 678.400701][T19249] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 678.402830][T19249] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 678.641562][T19249] vhci_hcd vhci_hcd.0: Device attached [ 678.653773][T19254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3647'. [ 678.658699][T19254] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3647'. [ 678.877879][ T6126] usb 37-1: new low-speed USB device number 13 using vhci_hcd [ 678.886259][ T1470] kernel write not supported for file [eventfd] (pid: 1470 comm: kworker/1:2) [ 678.994093][T19251] vhci_hcd: connection reset by peer [ 679.008786][T12383] vhci_hcd: stop threads [ 679.010339][T12383] vhci_hcd: release socket [ 679.011877][T12383] vhci_hcd: disconnect device [ 679.831015][T19278] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3658'. [ 681.036507][T19312] FAULT_INJECTION: forcing a failure. [ 681.036507][T19312] name failslab, interval 1, probability 0, space 0, times 0 [ 681.040647][T19312] CPU: 1 UID: 0 PID: 19312 Comm: syz.0.3665 Not tainted syzkaller #0 PREEMPT(full) [ 681.040663][T19312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 681.040671][T19312] Call Trace: [ 681.040675][T19312] [ 681.040680][T19312] dump_stack_lvl+0x16c/0x1f0 [ 681.040701][T19312] should_fail_ex+0x512/0x640 [ 681.040711][T19312] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 681.040727][T19312] should_failslab+0xc2/0x120 [ 681.040755][T19312] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 681.040768][T19312] ? stack_trace_save+0x8e/0xc0 [ 681.040781][T19312] ? __alloc_skb+0x2b2/0x380 [ 681.040799][T19312] __alloc_skb+0x2b2/0x380 [ 681.040814][T19312] ? __pfx___alloc_skb+0x10/0x10 [ 681.040839][T19312] netlink_ack+0x15d/0xb80 [ 681.040860][T19312] netlink_rcv_skb+0x332/0x420 [ 681.040871][T19312] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 681.040888][T19312] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 681.040912][T19312] ? ns_capable+0xd7/0x110 [ 681.040926][T19312] nfnetlink_rcv+0x1b3/0x430 [ 681.040939][T19312] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 681.040952][T19312] ? netlink_deliver_tap+0x1ae/0xd30 [ 681.040973][T19312] ? is_vmalloc_addr+0x86/0xa0 [ 681.040994][T19312] netlink_unicast+0x5a7/0x870 [ 681.041020][T19312] ? __pfx_netlink_unicast+0x10/0x10 [ 681.041044][T19312] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 681.041073][T19312] netlink_sendmsg+0x8d1/0xdd0 [ 681.041100][T19312] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.041128][T19312] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 681.041148][T19312] ____sys_sendmsg+0xa95/0xc70 [ 681.041168][T19312] ? __pfx_____sys_sendmsg+0x10/0x10 [ 681.041185][T19312] ? get_compat_msghdr+0x11a/0x170 [ 681.041215][T19312] ___sys_sendmsg+0x134/0x1d0 [ 681.041239][T19312] ? __pfx____sys_sendmsg+0x10/0x10 [ 681.041270][T19312] ? find_held_lock+0x2b/0x80 [ 681.041290][T19312] __sys_sendmsg+0x16d/0x220 [ 681.041308][T19312] ? __pfx___sys_sendmsg+0x10/0x10 [ 681.041330][T19312] ? rcu_is_watching+0x12/0xc0 [ 681.041344][T19312] __do_fast_syscall_32+0x7c/0x3a0 [ 681.041356][T19312] do_fast_syscall_32+0x32/0x80 [ 681.041370][T19312] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 681.041390][T19312] RIP: 0023:0xf709e579 [ 681.041403][T19312] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 681.041419][T19312] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 681.041436][T19312] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 681.041447][T19312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 681.041453][T19312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 681.041460][T19312] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 681.041466][T19312] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 681.041480][T19312] [ 681.132946][ C1] vkms_vblank_simulate: vblank timer overrun [ 681.270015][T19321] block nbd0: Send control failed (result -22) [ 681.355132][T19321] block nbd0: Request send failed, requeueing [ 681.364119][T12455] block nbd0: Dead connection, failed to find a fallback [ 681.366795][T12455] block nbd0: shutting down sockets [ 681.368163][T19330] fuse: Unknown parameter 'fdi4ícr!• æJ' [ 681.368714][T12455] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 681.878288][ T40] audit: type=1326 audit(1757568531.847:2339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 681.981031][T19341] debugfs: '!' already exists in 'ieee80211' [ 681.986232][ T40] audit: type=1326 audit(1757568531.857:2340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 681.992781][ T40] audit: type=1326 audit(1757568531.957:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 682.008833][ T40] audit: type=1326 audit(1757568531.957:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 682.026551][ T40] audit: type=1326 audit(1757568531.957:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 682.058317][ T40] audit: type=1326 audit(1757568531.957:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 682.078590][ T40] audit: type=1326 audit(1757568531.957:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 682.088501][ T40] audit: type=1326 audit(1757568531.957:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 682.150345][ T40] audit: type=1326 audit(1757568531.957:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 682.157072][ T40] audit: type=1326 audit(1757568532.027:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19338 comm="syz.1.3672" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 683.237445][T19356] fuse: Unknown parameter '†' [ 683.691126][T19370] __nla_validate_parse: 4 callbacks suppressed [ 683.691137][T19370] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3679'. [ 683.916220][ T840] usb 8-1: new high-speed USB device number 41 using dummy_hcd [ 683.998740][ T6126] vhci_hcd: vhci_device speed not set [ 684.066224][ T840] usb 8-1: Using ep0 maxpacket: 32 [ 684.069735][ T840] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 684.074017][ T840] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 684.077561][ T840] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 684.082128][ T840] usb 8-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 684.085339][ T840] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.090485][ T840] usb 8-1: config 0 descriptor?? [ 684.703447][ T840] usbhid 8-1:0.0: can't add hid device: -71 [ 684.716070][ T840] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 684.723430][ T840] usb 8-1: USB disconnect, device number 41 [ 685.289128][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.563382][T19393] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3688'. [ 687.026322][T19415] nbd3: detected capacity change from 0 to 63 [ 687.029705][ T5991] block nbd3: Receive control failed (result -32) [ 687.273551][T19429] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 687.277819][T19429] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 687.339984][T19434] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3701'. [ 687.343530][T19434] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3701'. [ 687.346510][T19434] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3701'. [ 687.386584][ T6035] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 687.566211][ T6035] usb 7-1: Using ep0 maxpacket: 8 [ 687.572530][ T6035] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 687.576063][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 687.580458][ T6035] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 687.585260][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 687.589730][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 687.745072][ T6035] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 687.757715][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 687.776578][ T6035] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 687.780352][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 687.783844][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 687.789523][ T6035] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 687.792159][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 687.795734][ T6035] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 687.799539][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 687.803158][ T6035] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 687.816247][ T6035] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 687.819485][ T6035] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.822312][ T6035] usb 7-1: Product: syz [ 687.823702][ T6035] usb 7-1: Manufacturer: syz [ 687.825266][ T6035] usb 7-1: SerialNumber: syz [ 688.102928][ T5991] Bluetooth: hci4: hcon ffff888012d4c000 sent 0 < count 65535 [ 688.239042][ T6035] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 688.268338][ T6035] usb 7-1: USB disconnect, device number 44 [ 688.337535][T19425] sg_write: data in/out 489/14 bytes for SCSI command 0xb-- guessing data in; [ 688.337535][T19425] program syz.2.3698 not setting count and/or reply_len properly [ 688.347414][T19425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3698'. [ 688.352188][T19425] input input43: cannot allocate more than FF_MAX_EFFECTS effects [ 688.385090][T19449] tipc: Enabled bearer , priority 0 [ 688.388724][T19449] syzkaller0: entered promiscuous mode [ 688.390946][T19449] syzkaller0: entered allmulticast mode [ 688.451009][T19452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3705'. [ 688.467642][T19452] tipc: Resetting bearer [ 688.520030][T19448] tipc: Resetting bearer [ 688.537092][T19448] tipc: Disabling bearer [ 688.626293][T19457] tipc: Enabled bearer , priority 0 [ 688.629597][T19457] syzkaller0: entered promiscuous mode [ 688.631689][T19457] syzkaller0: entered allmulticast mode [ 688.698070][T19462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3707'. [ 688.719261][T19462] tipc: Resetting bearer [ 688.760668][T19456] tipc: Resetting bearer [ 688.771676][T19456] tipc: Disabling bearer [ 689.146237][ T1335] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 689.296212][ T1335] usb 7-1: Using ep0 maxpacket: 8 [ 689.302741][ T1335] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 689.309900][ T1335] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 689.315400][ T1335] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 689.320791][ T1335] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.328758][ T1335] usbtmc 7-1:16.0: bulk endpoints not found [ 689.673785][T19474] IPVS: sh: FWM 3 0x00000003 - no destination available [ 689.816225][T19476] nbd0: detected capacity change from 0 to 63 [ 689.820659][ T5991] block nbd0: Receive control failed (result -32) [ 689.889120][T19483] netlink: 'syz.2.3710': attribute type 10 has an invalid length. [ 689.892256][T19483] rdma_rxe: rxe_newlink: failed to add syz_tun [ 690.040296][T19485] wg1 speed is unknown, defaulting to 1000 [ 690.094154][T19489] fuse: Unknown parameter '0x0000000000000003' [ 690.340972][T19485] lo speed is unknown, defaulting to 1000 [ 691.348447][T19511] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3721'. [ 691.351369][T19511] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3721'. [ 691.354334][T19511] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3721'. [ 692.246976][ T840] usb 7-1: USB disconnect, device number 45 [ 692.436508][T19517] nbd2: detected capacity change from 0 to 63 [ 692.443323][ T5991] block nbd2: Receive control failed (result -32) [ 692.726812][ T1335] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 692.806613][T19531] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 692.806613][T19531] program syz.3.3726 not setting count and/or reply_len properly [ 693.066232][ T1335] usb 7-1: Using ep0 maxpacket: 8 [ 693.071036][ T1335] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 693.075741][ T1335] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 693.081585][ T1335] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 693.085543][ T1335] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.094252][ T1335] usbtmc 7-1:16.0: bulk endpoints not found [ 693.692992][T19542] netlink: 'syz.2.3725': attribute type 10 has an invalid length. [ 693.709269][T19542] rdma_rxe: rxe_newlink: failed to add syz_tun [ 694.651342][T19565] wg1 speed is unknown, defaulting to 1000 [ 694.833400][T19565] lo speed is unknown, defaulting to 1000 [ 695.950888][ T1335] usb 7-1: USB disconnect, device number 46 [ 696.015225][T19578] smc: ib device syz1 ibport 1 applied user defined pnetid SYZ0 [ 696.022318][T19578] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3740'. [ 696.387092][ T1335] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 696.718492][ T1335] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 696.721259][ T1335] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 696.725389][ T1335] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 696.728579][ T1335] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 696.731109][ T1335] usb 7-1: Manufacturer: syz [ 696.733887][ T1335] usb 7-1: config 0 descriptor?? [ 696.796580][ T1335] rc_core: IR keymap rc-hauppauge not found [ 696.798681][ T1335] Registered IR keymap rc-empty [ 696.800631][ T1335] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 696.804778][ T1335] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input44 [ 696.944530][ T1335] usb 7-1: USB disconnect, device number 47 [ 697.885635][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 697.885652][ T40] audit: type=1326 audit(1757568547.857:2353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 697.907829][ T40] audit: type=1326 audit(1757568547.877:2354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 697.947878][ T40] audit: type=1326 audit(1757568547.877:2355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 697.956327][ T40] audit: type=1326 audit(1757568547.877:2356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 697.970453][ T40] audit: type=1326 audit(1757568547.877:2357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 697.980503][ T40] audit: type=1326 audit(1757568547.877:2358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 697.991371][ T40] audit: type=1326 audit(1757568547.877:2359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 697.998772][ T40] audit: type=1326 audit(1757568547.877:2360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 698.010539][ T40] audit: type=1326 audit(1757568547.877:2361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 698.020925][ T40] audit: type=1326 audit(1757568547.887:2362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19605 comm="syz.2.3748" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 698.206629][ T1470] usb 8-1: new high-speed USB device number 42 using dummy_hcd [ 698.376933][ T1470] usb 8-1: Using ep0 maxpacket: 8 [ 698.381037][ T1470] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 698.384334][ T1470] usb 8-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 698.388953][ T1470] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 698.391835][ T1470] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.398730][ T1470] usbtmc 8-1:16.0: bulk endpoints not found [ 698.993020][T19619] netlink: 'syz.3.3749': attribute type 10 has an invalid length. [ 698.999632][T19619] rdma_rxe: rxe_newlink: failed to add syz_tun [ 699.417430][T19621] Bluetooth: MGMT ver 1.23 [ 699.687298][T19634] netlink: 'syz.1.3758': attribute type 10 has an invalid length. [ 701.019827][ T1335] usb 8-1: USB disconnect, device number 42 [ 701.093140][T19655] netlink: 'syz.1.3765': attribute type 4 has an invalid length. [ 701.356301][ T1335] usb 8-1: new high-speed USB device number 43 using dummy_hcd [ 701.526301][ T1335] usb 8-1: Using ep0 maxpacket: 8 [ 701.529472][ T1335] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 701.532106][ T1335] usb 8-1: config 0 has no interface number 0 [ 701.534135][ T1335] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 701.537627][ T1335] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 701.541161][ T1335] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 701.544557][ T1335] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 701.548698][ T1335] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 701.551490][ T1335] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.555306][ T1335] usb 8-1: config 0 descriptor?? [ 701.559203][ T1335] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 701.666375][ T9] usb 7-1: new high-speed USB device number 48 using dummy_hcd [ 701.764715][ T6126] usb 8-1: USB disconnect, device number 43 [ 701.770432][ T6126] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 701.826502][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 701.834527][ T9] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 701.837903][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 701.842611][ T9] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 701.853087][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 701.865657][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 701.871226][ T9] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 701.874640][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 701.879005][ T9] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 701.883983][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 701.888687][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 701.896266][ T9] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 701.899904][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 702.054038][ T9] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 702.064774][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 702.085042][ T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 702.273537][ T9] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 702.302049][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.462074][ T9] usb 7-1: Product: syz [ 702.559041][ T9] usb 7-1: Manufacturer: syz [ 702.575176][ T9] usb 7-1: SerialNumber: syz [ 702.988295][ T5991] Bluetooth: hci4: hcon ffff888012d4c000 sent 0 < count 65535 [ 703.015374][ T9] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 703.023070][ T9] usb 7-1: USB disconnect, device number 48 [ 703.204905][T19661] sg_write: data in/out 489/14 bytes for SCSI command 0xb-- guessing data in; [ 703.204905][T19661] program syz.2.3768 not setting count and/or reply_len properly [ 703.217549][T19661] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3768'. [ 703.222429][T19661] input input45: cannot allocate more than FF_MAX_EFFECTS effects [ 703.293730][T19691] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3778'. [ 703.298130][T19691] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3778'. [ 703.301674][T19691] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3778'. [ 703.884027][T19706] tipc: Enabled bearer , priority 0 [ 703.889607][T19706] syzkaller0: entered promiscuous mode [ 703.891976][T19706] syzkaller0: entered allmulticast mode [ 703.923467][T19706] syzkaller0: mtu greater than device maximum [ 703.969146][T19705] tipc: Resetting bearer [ 704.033345][T19705] tipc: Disabling bearer [ 704.606241][ T1335] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 704.766686][ T1335] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 704.777548][ T1335] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 704.780629][ T1335] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 704.788904][ T1335] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.795683][ T1335] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 704.802818][ T1335] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 704.812920][ T1335] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.822052][ T1335] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 704.829913][ T1335] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 704.839229][ T1335] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.846731][ T1335] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 704.854478][ T1335] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 704.862499][ T1335] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.867930][ T1335] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 704.875014][ T1335] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 704.882887][ T1335] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.886247][ T1335] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 704.889582][ T1335] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 704.893114][ T1335] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.896173][ T1335] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 704.899286][ T1335] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 704.902713][ T1335] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.905690][ T1335] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 704.908842][ T1335] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 704.912230][ T1335] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.916676][ T1335] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 704.919581][ T1335] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 704.922333][ T1335] usb 6-1: Product: syz [ 704.923681][ T1335] usb 6-1: Manufacturer: syz [ 704.925201][ T1335] usb 6-1: SerialNumber: syz [ 704.929931][ T1335] usb 6-1: config 0 descriptor?? [ 704.936696][ T1335] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 705.404441][T19726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3786'. [ 705.410359][T19727] nbd: nbd3 already in use [ 705.412091][T19727] block nbd3: NBD_DISCONNECT [ 705.413713][T19727] block nbd3: Send disconnect failed -32 [ 705.415551][T19727] block nbd3: shutting down sockets [ 705.434726][ T40] kauditd_printk_skb: 28 callbacks suppressed [ 705.434736][ T40] audit: type=1326 audit(1757568555.407:2391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 705.446087][ T40] audit: type=1326 audit(1757568555.417:2392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.453288][ T40] audit: type=1326 audit(1757568555.417:2393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.460336][ T40] audit: type=1326 audit(1757568555.417:2394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.468005][ T40] audit: type=1326 audit(1757568555.417:2395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.475734][ T40] audit: type=1326 audit(1757568555.417:2396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.483463][ T40] audit: type=1326 audit(1757568555.417:2397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.491123][ T40] audit: type=1326 audit(1757568555.417:2398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.501363][ T40] audit: type=1326 audit(1757568555.417:2399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.508848][ T40] audit: type=1326 audit(1757568555.417:2400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19724 comm="syz.2.3786" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 705.665335][T19731] ufs: You didn't specify the type of your ufs filesystem [ 705.665335][T19731] [ 705.665335][T19731] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 705.665335][T19731] [ 705.665335][T19731] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 705.676985][T19731] ufs: ufstype=old is supported read-only [ 705.683642][T19731] ufs: ufs_fill_super(): bad magic number [ 705.789039][T19738] tipc: Enabled bearer , priority 0 [ 705.794493][T19738] syzkaller0: entered promiscuous mode [ 705.797263][T19738] syzkaller0: entered allmulticast mode [ 705.841879][T19738] tipc: Resetting bearer [ 705.846456][T19737] tipc: Resetting bearer [ 705.863995][T19737] tipc: Disabling bearer [ 706.644348][T19755] FAULT_INJECTION: forcing a failure. [ 706.644348][T19755] name failslab, interval 1, probability 0, space 0, times 0 [ 706.648709][T19755] CPU: 2 UID: 0 PID: 19755 Comm: syz.0.3795 Not tainted syzkaller #0 PREEMPT(full) [ 706.648725][T19755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 706.648733][T19755] Call Trace: [ 706.648738][T19755] [ 706.648742][T19755] dump_stack_lvl+0x16c/0x1f0 [ 706.648780][T19755] should_fail_ex+0x512/0x640 [ 706.648797][T19755] ? fs_reclaim_acquire+0xae/0x150 [ 706.648826][T19755] ? tomoyo_encode2+0x100/0x3e0 [ 706.648843][T19755] should_failslab+0xc2/0x120 [ 706.648858][T19755] __kmalloc_noprof+0xd2/0x510 [ 706.648875][T19755] tomoyo_encode2+0x100/0x3e0 [ 706.648896][T19755] tomoyo_encode+0x29/0x50 [ 706.648911][T19755] tomoyo_realpath_from_path+0x18f/0x6e0 [ 706.648929][T19755] ? tomoyo_profile+0x47/0x60 [ 706.648941][T19755] tomoyo_path_number_perm+0x245/0x580 [ 706.648955][T19755] ? tomoyo_path_number_perm+0x237/0x580 [ 706.648970][T19755] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 706.648999][T19755] ? find_held_lock+0x2b/0x80 [ 706.649011][T19755] ? hook_file_ioctl_common+0x145/0x410 [ 706.649030][T19755] ? __fget_files+0x20e/0x3c0 [ 706.649045][T19755] security_file_ioctl_compat+0x9b/0x240 [ 706.649061][T19755] __ia32_compat_sys_ioctl+0xc3/0x370 [ 706.649082][T19755] __do_fast_syscall_32+0x7c/0x3a0 [ 706.649093][T19755] do_fast_syscall_32+0x32/0x80 [ 706.649104][T19755] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 706.649118][T19755] RIP: 0023:0xf709e579 [ 706.649127][T19755] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 706.649138][T19755] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 706.649149][T19755] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c028aa03 [ 706.649156][T19755] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 706.649163][T19755] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 706.649169][T19755] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 706.649175][T19755] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 706.649189][T19755] [ 706.649233][T19755] ERROR: Out of memory at tomoyo_realpath_from_path. [ 707.281761][T16312] usb 6-1: USB disconnect, device number 44 [ 707.287826][T16312] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 707.447478][T19765] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 707.450252][T19765] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 707.453365][T19769] tipc: Enabled bearer , priority 0 [ 707.455100][T19765] vhci_hcd vhci_hcd.0: Device attached [ 707.456649][T19769] syzkaller0: entered promiscuous mode [ 707.460040][T19769] syzkaller0: entered allmulticast mode [ 707.474901][T19766] tipc: Resetting bearer [ 707.487135][T19766] tipc: Disabling bearer [ 707.580437][T19767] vhci_hcd: connection closed [ 707.580789][ T12] vhci_hcd: stop threads [ 707.584600][ T12] vhci_hcd: release socket [ 707.586746][ T12] vhci_hcd: disconnect device [ 707.657174][T19773] tipc: Enabling of bearer rejected, failed to enable media [ 707.776378][T19778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3801'. [ 708.781444][T19795] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3805'. [ 709.409384][T19824] Unsupported ieee802154 address type: 0 [ 711.486431][ T9] usb 8-1: new high-speed USB device number 44 using dummy_hcd [ 711.636791][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 711.658467][ T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 711.669663][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 711.674756][ T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 711.685559][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 711.692468][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 711.705391][ T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 711.712412][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 711.721370][ T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 711.728995][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 711.752320][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 711.779200][ T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 711.785761][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 711.805316][ T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 711.827031][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 711.839468][ T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 711.912370][ T9] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 711.927364][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.936258][ T9] usb 8-1: Product: syz [ 711.938393][ T9] usb 8-1: Manufacturer: syz [ 711.940723][ T9] usb 8-1: SerialNumber: syz [ 712.194742][ T5991] Bluetooth: hci3: hcon ffff88805173c000 sent 4 < count 54380 [ 712.225111][ T5991] Bluetooth: hci3: hcon ffff88805173c000 sent 0 < count 65399 [ 712.261157][ T5991] Bluetooth: hci3: hcon ffff88805173c000 sent 0 < count 4095 [ 712.265640][ T5991] Bluetooth: hci3: hcon ffff888012d48000 sent 0 < count 65535 [ 712.305528][ T5991] Bluetooth: hci3: link tx timeout [ 712.326590][ T9] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 712.337454][ T9] usb 8-1: USB disconnect, device number 44 [ 712.524890][T19872] sg_write: data in/out 489/14 bytes for SCSI command 0xb-- guessing data in; [ 712.524890][T19872] program syz.3.3824 not setting count and/or reply_len properly [ 712.551952][T19872] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3824'. [ 712.569144][T19872] input input46: cannot allocate more than FF_MAX_EFFECTS effects [ 712.588747][T19899] tmpfs: Unknown parameter 'hash' [ 714.537108][ T1335] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 714.686859][ T1335] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 714.690940][ T1335] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 714.695317][ T1335] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 714.699480][ T1335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 714.702976][ T1335] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 714.716229][ T1335] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 714.722264][ T1335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 714.748687][ T1335] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 714.751732][ T1335] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 714.796310][ T1335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 714.799533][ T1335] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 714.802646][ T1335] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 714.813602][ T1335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 714.817767][ T1335] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 714.820639][ T1335] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 714.823939][ T1335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 714.840042][ T1335] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 714.843339][ T1335] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 714.856532][ T1335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 714.859671][ T1335] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 714.862513][ T1335] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 714.866028][ T1335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 714.915499][ T1335] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 714.919785][ T1335] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 714.926422][ T1335] usb 7-1: config 0 interface 0 has no altsetting 0 [ 714.930387][ T1335] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 714.933928][ T1335] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 714.937056][ T1335] usb 7-1: Product: syz [ 714.938792][ T1335] usb 7-1: Manufacturer: syz [ 714.940713][ T1335] usb 7-1: SerialNumber: syz [ 714.946646][ T1335] usb 7-1: config 0 descriptor?? [ 714.956828][ T1335] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 715.210614][ T1335] usb 7-1: USB disconnect, device number 49 [ 715.214221][ T1335] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 716.588086][T19973] binder: BINDER_SET_CONTEXT_MGR already set [ 716.603210][T19973] binder: 19969:19973 ioctl 4018620d 80004a80 returned -16 [ 716.855985][T19979] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3850'. [ 716.964279][T19979] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3850'. [ 717.258528][T19970] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 717.416699][T19989] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3854'. [ 719.007954][T20012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3860'. [ 719.028689][T20012] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3860'. [ 719.130568][ T5991] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 719.133872][ T5991] CPU: 1 UID: 0 PID: 5991 Comm: kworker/u33:8 Not tainted syzkaller #0 PREEMPT(full) [ 719.133892][ T5991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 719.133901][ T5991] Workqueue: hci3 hci_rx_work [ 719.133922][ T5991] Call Trace: [ 719.133926][ T5991] [ 719.133931][ T5991] dump_stack_lvl+0x16c/0x1f0 [ 719.133951][ T5991] sysfs_warn_dup+0x7f/0xa0 [ 719.133966][ T5991] sysfs_create_dir_ns+0x24b/0x2b0 [ 719.133981][ T5991] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 719.133995][ T5991] ? find_held_lock+0x2b/0x80 [ 719.134010][ T5991] ? do_raw_spin_unlock+0x172/0x230 [ 719.134029][ T5991] kobject_add_internal+0x2c4/0x9b0 [ 719.134044][ T5991] kobject_add+0x16e/0x240 [ 719.134056][ T5991] ? __pfx_kobject_add+0x10/0x10 [ 719.134068][ T5991] ? do_raw_spin_unlock+0x172/0x230 [ 719.134085][ T5991] ? kobject_put+0xab/0x5a0 [ 719.134100][ T5991] device_add+0x288/0x1aa0 [ 719.134113][ T5991] ? __pfx_dev_set_name+0x10/0x10 [ 719.134127][ T5991] ? __pfx_device_add+0x10/0x10 [ 719.134142][ T5991] ? mgmt_send_event_skb+0x2fb/0x460 [ 719.134171][ T5991] hci_conn_add_sysfs+0x17e/0x230 [ 719.134191][ T5991] le_conn_complete_evt+0x1075/0x1d70 [ 719.134205][ T5991] ? preempt_count_sub+0x130/0x160 [ 719.134217][ T5991] ? rcu_is_watching+0x12/0xc0 [ 719.134230][ T5991] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 719.134244][ T5991] ? hci_event_packet+0x459/0x11c0 [ 719.134262][ T5991] hci_le_conn_complete_evt+0x23c/0x370 [ 719.134280][ T5991] hci_le_meta_evt+0x357/0x5e0 [ 719.134295][ T5991] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 719.134316][ T5991] hci_event_packet+0x685/0x11c0 [ 719.134331][ T5991] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 719.134348][ T5991] ? __pfx_hci_event_packet+0x10/0x10 [ 719.134364][ T5991] ? kcov_remote_start+0x3c9/0x6d0 [ 719.134382][ T5991] ? lockdep_hardirqs_on+0x7c/0x110 [ 719.134411][ T5991] hci_rx_work+0x2c5/0x16b0 [ 719.134428][ T5991] ? rcu_is_watching+0x12/0xc0 [ 719.134442][ T5991] process_one_work+0x9cf/0x1b70 [ 719.134467][ T5991] ? __pfx_process_one_work+0x10/0x10 [ 719.134490][ T5991] ? assign_work+0x1a0/0x250 [ 719.134509][ T5991] worker_thread+0x6c8/0xf10 [ 719.134527][ T5991] ? __pfx_worker_thread+0x10/0x10 [ 719.134537][ T5991] kthread+0x3c5/0x780 [ 719.134556][ T5991] ? __pfx_kthread+0x10/0x10 [ 719.134573][ T5991] ? rcu_is_watching+0x12/0xc0 [ 719.134584][ T5991] ? __pfx_kthread+0x10/0x10 [ 719.134601][ T5991] ret_from_fork+0x5d7/0x6f0 [ 719.134617][ T5991] ? __pfx_kthread+0x10/0x10 [ 719.134633][ T5991] ret_from_fork_asm+0x1a/0x30 [ 719.134654][ T5991] [ 719.134670][ T5991] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 719.219149][ T5991] Bluetooth: hci3: failed to register connection device [ 721.296263][ T5991] Bluetooth: hci3: command tx timeout [ 721.777182][T20050] tipc: Enabled bearer , priority 0 [ 721.808646][T20054] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3871'. [ 721.833742][T20056] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3872'. [ 721.842197][T20056] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3872'. [ 724.050933][T20099] genirq: Flags mismatch irq 12. 00200000 (pcl812) vs. 00200080 (i8042) [ 726.068592][T20118] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3891'. [ 726.071445][T20118] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3891'. [ 726.074220][T20118] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3891'. [ 728.304727][T20129] tap0: tun_chr_ioctl cmd 1074025675 [ 728.306856][T20129] tap0: persist enabled [ 728.309161][T20129] tap0: tun_chr_ioctl cmd 1074025675 [ 728.311622][T20129] tap0: persist enabled [ 728.369233][ T1335] hid_parser_main: 43 callbacks suppressed [ 728.369247][ T1335] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 728.375717][ T1335] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 728.656225][ T840] usb 8-1: new high-speed USB device number 45 using dummy_hcd [ 728.810777][T20141] nbd: nbd0 already in use [ 728.814032][T20141] block nbd0: NBD_DISCONNECT [ 728.815689][T20141] block nbd0: Send disconnect failed -32 [ 728.817868][T20141] block nbd0: shutting down sockets [ 728.826342][ T840] usb 8-1: Using ep0 maxpacket: 8 [ 728.840332][ T840] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 728.846622][ T840] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 728.856226][ T840] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 728.865201][ T840] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 728.881180][ T840] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 728.886268][ T840] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.900858][T20143] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3898'. [ 728.903748][T20143] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3898'. [ 728.906785][T20143] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3898'. [ 729.127142][T20149] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3899'. [ 729.130073][T20149] openvswitch: netlink: Flow key attr not present in new flow. [ 729.261893][ T840] usb 8-1: GET_CAPABILITIES returned 0 [ 729.263822][ T840] usbtmc 8-1:16.0: can't read capabilities [ 730.927238][ T840] usb 8-1: USB disconnect, device number 45 [ 731.412937][T20185] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 731.415603][T20185] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 731.419272][T20185] vhci_hcd vhci_hcd.0: Device attached [ 731.686301][ T9] usb 44-1: SetAddress Request (27) to port 0 [ 731.689024][ T9] usb 44-1: new SuperSpeed USB device number 27 using vhci_hcd [ 732.024252][T20195] FAULT_INJECTION: forcing a failure. [ 732.024252][T20195] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 732.055703][T20195] CPU: 1 UID: 0 PID: 20195 Comm: syz.0.3905 Not tainted syzkaller #0 PREEMPT(full) [ 732.055721][T20195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 732.055729][T20195] Call Trace: [ 732.055733][T20195] [ 732.055738][T20195] dump_stack_lvl+0x16c/0x1f0 [ 732.055760][T20195] should_fail_ex+0x512/0x640 [ 732.055773][T20195] _copy_from_user+0x2e/0xd0 [ 732.055786][T20195] get_compat_msghdr+0xa7/0x170 [ 732.055802][T20195] ? __pfx_get_compat_msghdr+0x10/0x10 [ 732.055823][T20195] ___sys_sendmsg+0x1ae/0x1d0 [ 732.055841][T20195] ? __pfx____sys_sendmsg+0x10/0x10 [ 732.055864][T20195] ? find_held_lock+0x2b/0x80 [ 732.055885][T20195] __sys_sendmsg+0x16d/0x220 [ 732.055902][T20195] ? __pfx___sys_sendmsg+0x10/0x10 [ 732.055924][T20195] ? rcu_is_watching+0x12/0xc0 [ 732.055938][T20195] __do_fast_syscall_32+0x7c/0x3a0 [ 732.055950][T20195] do_fast_syscall_32+0x32/0x80 [ 732.055960][T20195] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 732.055974][T20195] RIP: 0023:0xf709e579 [ 732.055983][T20195] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 732.055994][T20195] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 732.056005][T20195] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 732.056012][T20195] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 732.056018][T20195] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 732.056024][T20195] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 732.056031][T20195] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 732.056044][T20195] [ 732.185762][T20186] vhci_hcd: connection reset by peer [ 732.191512][ T73] vhci_hcd: stop threads [ 732.201777][ T73] vhci_hcd: release socket [ 732.211120][ T73] vhci_hcd: disconnect device [ 733.431063][T20216] FAULT_INJECTION: forcing a failure. [ 733.431063][T20216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 733.435998][T20216] CPU: 3 UID: 0 PID: 20216 Comm: syz.1.3911 Not tainted syzkaller #0 PREEMPT(full) [ 733.436023][T20216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 733.436034][T20216] Call Trace: [ 733.436042][T20216] [ 733.436050][T20216] dump_stack_lvl+0x16c/0x1f0 [ 733.436082][T20216] should_fail_ex+0x512/0x640 [ 733.436124][T20216] _copy_to_user+0x32/0xd0 [ 733.436147][T20216] simple_read_from_buffer+0xcb/0x170 [ 733.436169][T20216] proc_fail_nth_read+0x197/0x240 [ 733.436190][T20216] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 733.436212][T20216] ? rw_verify_area+0xcf/0x6c0 [ 733.436231][T20216] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 733.436251][T20216] vfs_read+0x1e4/0xcf0 [ 733.436277][T20216] ? __pfx_vfs_read+0x10/0x10 [ 733.436294][T20216] ? find_held_lock+0x2b/0x80 [ 733.436320][T20216] ? __fget_files+0x20e/0x3c0 [ 733.436350][T20216] ksys_read+0x12a/0x250 [ 733.436371][T20216] ? __pfx_ksys_read+0x10/0x10 [ 733.436392][T20216] ? rcu_is_watching+0x12/0xc0 [ 733.436411][T20216] __do_fast_syscall_32+0x7c/0x3a0 [ 733.436427][T20216] do_fast_syscall_32+0x32/0x80 [ 733.436437][T20216] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 733.436452][T20216] RIP: 0023:0xf702e579 [ 733.436461][T20216] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 733.436471][T20216] RSP: 002b:00000000f541e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 733.436482][T20216] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f541e620 [ 733.436488][T20216] RDX: 000000000000000f RSI: 00000000f73b4ff4 RDI: 0000000000000000 [ 733.436495][T20216] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 733.436501][T20216] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 733.436507][T20216] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 733.436521][T20216] [ 736.348742][T20260] netlink: 822 bytes leftover after parsing attributes in process `syz.2.3923'. [ 736.489580][ T10] kernel write not supported for file [eventfd] (pid: 10 comm: kworker/0:1) [ 736.550428][T20269] tap0: tun_chr_ioctl cmd 1074025675 [ 736.552337][T20269] tap0: persist enabled [ 736.554233][T20269] tap0: tun_chr_ioctl cmd 1074025675 [ 736.556329][T20269] tap0: persist disabled [ 736.947432][T20277] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3923'. [ 737.210546][ T9] usb 44-1: device descriptor read/8, error -110 [ 737.595821][T20284] FAULT_INJECTION: forcing a failure. [ 737.595821][T20284] name failslab, interval 1, probability 0, space 0, times 0 [ 737.600954][T20284] CPU: 3 UID: 0 PID: 20284 Comm: syz.1.3930 Not tainted syzkaller #0 PREEMPT(full) [ 737.600971][T20284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 737.600978][T20284] Call Trace: [ 737.600982][T20284] [ 737.600987][T20284] dump_stack_lvl+0x16c/0x1f0 [ 737.601008][T20284] should_fail_ex+0x512/0x640 [ 737.601043][T20284] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 737.601058][T20284] should_failslab+0xc2/0x120 [ 737.601073][T20284] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 737.601085][T20284] ? __kvm_mmu_topup_memory_cache+0x450/0x600 [ 737.601106][T20284] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 737.601125][T20284] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 737.601145][T20284] mmu_topup_memory_caches+0x25/0x170 [ 737.601158][T20284] kvm_mmu_load+0xd6/0x23c0 [ 737.601169][T20284] ? vmx_vcpu_load_vmcs+0x222/0x770 [ 737.601187][T20284] ? __pfx_kvm_mmu_load+0x10/0x10 [ 737.601202][T20284] kvm_arch_vcpu_pre_fault_memory+0x4d9/0x5f0 [ 737.601214][T20284] ? __pfx_kvm_arch_vcpu_pre_fault_memory+0x10/0x10 [ 737.601242][T20284] kvm_vcpu_ioctl+0xcc7/0x1690 [ 737.601260][T20284] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 737.601275][T20284] ? tomoyo_path_number_perm+0x18d/0x580 [ 737.601291][T20284] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 737.601310][T20284] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 737.601328][T20284] ? do_vfs_ioctl+0x128/0x14f0 [ 737.601346][T20284] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 737.601369][T20284] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 737.601384][T20284] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 737.601399][T20284] ? __fget_files+0x20e/0x3c0 [ 737.601414][T20284] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 737.601429][T20284] __ia32_compat_sys_ioctl+0x23f/0x370 [ 737.601449][T20284] __do_fast_syscall_32+0x7c/0x3a0 [ 737.601460][T20284] do_fast_syscall_32+0x32/0x80 [ 737.601470][T20284] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 737.601485][T20284] RIP: 0023:0xf702e579 [ 737.601494][T20284] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 737.601505][T20284] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 737.601517][T20284] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c040aed5 [ 737.601524][T20284] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 737.601531][T20284] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 737.601537][T20284] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 737.601544][T20284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 737.601558][T20284] [ 737.667138][ T9] usb usb44-port1: attempt power cycle [ 738.132520][T20311] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3935'. [ 738.134861][T16312] libceph: connect (1)[c::]:6789 error -101 [ 738.139200][T16312] libceph: mon0 (1)[c::]:6789 connect error [ 738.145185][T16312] libceph: connect (1)[c::]:6789 error -101 [ 738.154620][T16312] libceph: mon0 (1)[c::]:6789 connect error [ 738.200196][ T10] kernel write not supported for file [eventfd] (pid: 10 comm: kworker/0:1) [ 738.212329][T20314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3936'. [ 738.291673][ T9] usb usb44-port1: unable to enumerate USB device [ 738.398668][T20302] ceph: No mds server is up or the cluster is laggy [ 738.416794][T16312] libceph: connect (1)[c::]:6789 error -101 [ 738.418766][T16312] libceph: mon0 (1)[c::]:6789 connect error [ 739.747304][T20344] lo: MTU too low for tipc bearer [ 739.749100][T20344] tipc: Enabling of bearer rejected, failed to enable media [ 739.883156][T20350] FAULT_INJECTION: forcing a failure. [ 739.883156][T20350] name failslab, interval 1, probability 0, space 0, times 0 [ 739.888715][T20350] CPU: 0 UID: 0 PID: 20350 Comm: syz.1.3946 Not tainted syzkaller #0 PREEMPT(full) [ 739.888754][T20350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 739.888765][T20350] Call Trace: [ 739.888772][T20350] [ 739.888780][T20350] dump_stack_lvl+0x16c/0x1f0 [ 739.888811][T20350] should_fail_ex+0x512/0x640 [ 739.888828][T20350] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 739.888853][T20350] should_failslab+0xc2/0x120 [ 739.888877][T20350] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 739.888898][T20350] ? kvm_mmu_notifier_invalidate_range_end+0x2b1/0x500 [ 739.888927][T20350] ? ptlock_alloc+0x1f/0x70 [ 739.888950][T20350] ptlock_alloc+0x1f/0x70 [ 739.888967][T20350] pte_alloc_one+0x82/0x3a0 [ 739.888988][T20350] __pte_alloc+0x6d/0x3c0 [ 739.889011][T20350] ? __pfx___pte_alloc+0x10/0x10 [ 739.889034][T20350] ? __pfx___might_resched+0x10/0x10 [ 739.889053][T20350] ? __mmu_notifier_invalidate_range_end+0x35b/0x430 [ 739.889076][T20350] ? mm_alloc_pmd+0x2c2/0x470 [ 739.889102][T20350] move_pages+0x14af/0x5a40 [ 739.889145][T20350] ? __pfx_move_pages+0x10/0x10 [ 739.889175][T20350] ? find_held_lock+0x2b/0x80 [ 739.889192][T20350] ? __might_fault+0xe3/0x190 [ 739.889211][T20350] ? __might_fault+0xe3/0x190 [ 739.889242][T20350] userfaultfd_ioctl+0x607/0x3930 [ 739.889266][T20350] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 739.889293][T20350] ? do_vfs_ioctl+0x128/0x14f0 [ 739.889321][T20350] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 739.889356][T20350] ? find_held_lock+0x2b/0x80 [ 739.889372][T20350] ? hook_file_ioctl_common+0x145/0x410 [ 739.889403][T20350] ? __fget_files+0x20e/0x3c0 [ 739.889424][T20350] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 739.889453][T20350] ? compat_ptr_ioctl+0x6b/0xa0 [ 739.889477][T20350] compat_ptr_ioctl+0x6b/0xa0 [ 739.889502][T20350] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 739.889528][T20350] __ia32_compat_sys_ioctl+0x23f/0x370 [ 739.889560][T20350] __do_fast_syscall_32+0x7c/0x3a0 [ 739.889580][T20350] do_fast_syscall_32+0x32/0x80 [ 739.889596][T20350] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 739.889617][T20350] RIP: 0023:0xf702e579 [ 739.889653][T20350] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 739.889670][T20350] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 739.889688][T20350] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000c028aa05 [ 739.889699][T20350] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 739.889710][T20350] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 739.889720][T20350] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 739.889730][T20350] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 739.889755][T20350] [ 740.128513][T20358] wg1 speed is unknown, defaulting to 1000 [ 740.218176][T20358] lo speed is unknown, defaulting to 1000 [ 743.425463][T20401] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.795430][T20401] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.001506][T20401] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.082663][T20401] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.284313][T19840] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 744.591875][T20422] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 744.593304][T19832] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 744.596788][T20422] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 744.605282][T19832] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 744.608277][T19832] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 745.032598][T20428] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3968'. [ 745.096989][T20430] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3969'. [ 745.139120][T20430] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3969'. [ 745.487326][T20437] nbd3: detected capacity change from 0 to 63 [ 745.490534][T20438] block nbd3: NBD_DISCONNECT [ 745.494655][T20438] block nbd3: Disconnected due to user request. [ 745.497087][T20438] block nbd3: shutting down sockets [ 746.753432][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.932455][T20462] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 746.936796][T20462] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 746.957018][T20462] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 746.959020][T20462] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 746.963275][T20462] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 746.966027][T20462] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 747.003679][T20462] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 747.031754][T20462] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 747.333113][T20473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3979'. [ 747.363705][T20473] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3979'. [ 747.695616][T20488] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3984'. [ 747.698839][T20479] nbd0: detected capacity change from 0 to 63 [ 747.702032][T20483] block nbd0: NBD_DISCONNECT [ 747.704044][T20483] block nbd0: Disconnected due to user request. [ 747.706059][T20483] block nbd0: shutting down sockets [ 748.325902][T20509] FAULT_INJECTION: forcing a failure. [ 748.325902][T20509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 748.333020][T20509] CPU: 3 UID: 0 PID: 20509 Comm: syz.1.3988 Not tainted syzkaller #0 PREEMPT(full) [ 748.333057][T20509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 748.333069][T20509] Call Trace: [ 748.333106][T20509] [ 748.333116][T20509] dump_stack_lvl+0x16c/0x1f0 [ 748.333149][T20509] should_fail_ex+0x512/0x640 [ 748.333172][T20509] _copy_to_user+0x32/0xd0 [ 748.333195][T20509] simple_read_from_buffer+0xcb/0x170 [ 748.333217][T20509] proc_fail_nth_read+0x197/0x240 [ 748.333237][T20509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 748.333257][T20509] ? rw_verify_area+0xcf/0x6c0 [ 748.333276][T20509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 748.333294][T20509] vfs_read+0x1e4/0xcf0 [ 748.333318][T20509] ? __pfx_vfs_read+0x10/0x10 [ 748.333336][T20509] ? find_held_lock+0x2b/0x80 [ 748.333362][T20509] ? __fget_files+0x20e/0x3c0 [ 748.333388][T20509] ksys_read+0x12a/0x250 [ 748.333408][T20509] ? __pfx_ksys_read+0x10/0x10 [ 748.333430][T20509] ? rcu_is_watching+0x12/0xc0 [ 748.333452][T20509] __do_fast_syscall_32+0x7c/0x3a0 [ 748.333473][T20509] do_fast_syscall_32+0x32/0x80 [ 748.333488][T20509] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 748.333508][T20509] RIP: 0023:0xf702e579 [ 748.333525][T20509] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 748.333566][T20509] RSP: 002b:00000000f541e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 748.333586][T20509] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f541e620 [ 748.333598][T20509] RDX: 000000000000000f RSI: 00000000f73b4ff4 RDI: 0000000000000000 [ 748.333609][T20509] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 748.333619][T20509] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 748.333630][T20509] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 748.333655][T20509] [ 748.415936][ C3] vkms_vblank_simulate: vblank timer overrun [ 748.660646][T20521] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3993'. [ 748.692767][T20521] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3993'. [ 748.806433][ T5991] Bluetooth: hci4: command 0x0406 tx timeout [ 748.966206][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout [ 748.970511][ T5991] Bluetooth: hci2: command 0x0c1a tx timeout [ 749.857815][ T6044] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 750.808171][T20571] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4002'. [ 750.867718][T20571] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4002'. [ 750.886635][ T5987] Bluetooth: hci4: command 0x0406 tx timeout [ 751.046313][ T5987] Bluetooth: hci2: command 0x0c1a tx timeout [ 751.048250][ T5987] Bluetooth: hci3: command 0x0c1a tx timeout [ 753.126368][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout [ 755.206557][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout [ 760.131274][T20597] input: syz1 as /devices/virtual/input/input48 [ 760.139489][T20600] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4004'. [ 760.139795][T20598] fuse: Unknown parameter 'g‰wcIa~øËàÌþ`C)O ®20x0000000000000008' [ 760.143093][T20600] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4004'. [ 760.149966][T20600] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4004'. [ 760.213188][T20608] ieee802154 phy1 wpan1: encryption failed: -22 [ 761.609774][T20635] sp0: Synchronizing with TNC [ 761.620127][T20635] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4013'. [ 764.181973][T20649] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4019'. [ 764.186309][T20649] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4019'. [ 765.346368][T20669] tipc: Enabled bearer , priority 0 [ 765.349481][T20669] syzkaller0: entered promiscuous mode [ 765.351848][T20669] syzkaller0: entered allmulticast mode [ 765.416273][T20671] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4025'. [ 765.438353][T20671] tipc: Resetting bearer [ 765.482409][T20668] tipc: Resetting bearer [ 765.501415][T20668] tipc: Disabling bearer [ 768.406393][T20696] nbd0: detected capacity change from 0 to 63 [ 768.408746][T20699] block nbd0: NBD_DISCONNECT [ 768.411608][T20699] block nbd0: Disconnected due to user request. [ 768.413721][T20699] block nbd0: shutting down sockets [ 768.462425][T20705] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4033'. [ 768.552174][T20705] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 768.556551][T20705] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 768.563473][T20705] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 768.588308][T20705] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 768.592146][T20705] batadv_slave_0: left promiscuous mode [ 768.595330][T20705] bond0 (unregistering): Released all slaves [ 768.669884][T20700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4032'. [ 768.792898][T20716] tipc: Enabled bearer , priority 0 [ 768.795925][T20716] syzkaller0: entered promiscuous mode [ 768.801417][T20716] syzkaller0: entered allmulticast mode [ 768.862589][T20723] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4035'. [ 768.875380][T20723] tipc: Resetting bearer [ 768.899793][T20715] tipc: Resetting bearer [ 768.912859][T20715] tipc: Disabling bearer [ 769.669545][T20724] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.4036' sets config #0 [ 772.098919][T20756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4045'. [ 772.147060][T20757] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4044'. [ 772.195772][T20759] tipc: Enabled bearer , priority 0 [ 772.199234][T20759] syzkaller0: entered promiscuous mode [ 772.201452][T20759] syzkaller0: entered allmulticast mode [ 772.260291][T20762] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4046'. [ 772.274325][T20762] tipc: Resetting bearer [ 772.310286][T20758] tipc: Resetting bearer [ 772.321203][T20758] tipc: Disabling bearer [ 773.649089][T20780] tipc: Enabled bearer , priority 0 [ 773.651917][T20780] syzkaller0: entered promiscuous mode [ 773.654166][T20780] syzkaller0: entered allmulticast mode [ 773.713617][T20784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4052'. [ 773.727861][T20784] tipc: Resetting bearer [ 773.755005][T20779] tipc: Resetting bearer [ 773.767063][T20779] tipc: Disabling bearer [ 774.003972][T20792] tipc: Enabled bearer , priority 0 [ 774.014324][T20792] syzkaller0: entered promiscuous mode [ 774.023879][T20792] syzkaller0: entered allmulticast mode [ 774.095140][T20796] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4055'. [ 774.151778][T20796] tipc: Resetting bearer [ 774.162984][T20791] tipc: Resetting bearer [ 774.203775][T20791] tipc: Disabling bearer [ 774.291234][T20800] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4056'. [ 774.321528][T20800] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4056'. [ 774.528061][T20802] FAULT_INJECTION: forcing a failure. [ 774.528061][T20802] name failslab, interval 1, probability 0, space 0, times 0 [ 774.532205][T20802] CPU: 3 UID: 0 PID: 20802 Comm: syz.0.4057 Not tainted syzkaller #0 PREEMPT(full) [ 774.532221][T20802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 774.532228][T20802] Call Trace: [ 774.532232][T20802] [ 774.532237][T20802] dump_stack_lvl+0x16c/0x1f0 [ 774.532257][T20802] should_fail_ex+0x512/0x640 [ 774.532268][T20802] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 774.532283][T20802] should_failslab+0xc2/0x120 [ 774.532298][T20802] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 774.532311][T20802] ? sk_prot_alloc+0x60/0x2a0 [ 774.532326][T20802] sk_prot_alloc+0x60/0x2a0 [ 774.532338][T20802] sk_alloc+0x36/0xc20 [ 774.532355][T20802] inet6_create+0x381/0x12b0 [ 774.532370][T20802] ? inet6_create+0x7f/0x12b0 [ 774.532384][T20802] __sock_create+0x335/0x8d0 [ 774.532399][T20802] l2tp_tunnel_sock_create+0x4a0/0xaa0 [ 774.532418][T20802] ? __pfx_l2tp_tunnel_sock_create+0x10/0x10 [ 774.532433][T20802] ? node_tag_clear+0x105/0x290 [ 774.532456][T20802] ? __local_bh_enable_ip+0xa4/0x120 [ 774.532472][T20802] l2tp_tunnel_register+0x49a/0xbe0 [ 774.532484][T20802] ? __pfx___debug_object_init+0x10/0x10 [ 774.532498][T20802] ? sprintf+0xcc/0x100 [ 774.532513][T20802] ? __pfx_l2tp_tunnel_register+0x10/0x10 [ 774.532527][T20802] ? lockdep_init_map_type+0x5c/0x280 [ 774.532544][T20802] ? lockdep_init_map_type+0x5c/0x280 [ 774.532559][T20802] ? l2tp_tunnel_create+0x2cf/0x460 [ 774.532574][T20802] ? l2tp_tunnel_create+0x37d/0x460 [ 774.532592][T20802] l2tp_nl_cmd_tunnel_create+0x44e/0x990 [ 774.532625][T20802] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 774.532646][T20802] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 774.532660][T20802] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 774.532676][T20802] genl_family_rcv_msg_doit+0x209/0x2f0 [ 774.532689][T20802] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 774.532706][T20802] ? bpf_lsm_capable+0x9/0x10 [ 774.532717][T20802] ? security_capable+0x7e/0x260 [ 774.532730][T20802] ? ns_capable+0xd7/0x110 [ 774.532743][T20802] genl_rcv_msg+0x55c/0x800 [ 774.532757][T20802] ? __pfx_genl_rcv_msg+0x10/0x10 [ 774.532770][T20802] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 774.532786][T20802] ? __lock_acquire+0x62e/0x1ce0 [ 774.532813][T20802] netlink_rcv_skb+0x158/0x420 [ 774.532823][T20802] ? __pfx_genl_rcv_msg+0x10/0x10 [ 774.532836][T20802] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 774.532859][T20802] ? netlink_deliver_tap+0x1ae/0xd30 [ 774.532875][T20802] ? is_vmalloc_addr+0x86/0xa0 [ 774.532890][T20802] genl_rcv+0x28/0x40 [ 774.532900][T20802] netlink_unicast+0x5a7/0x870 [ 774.532919][T20802] ? __pfx_netlink_unicast+0x10/0x10 [ 774.532936][T20802] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 774.532958][T20802] netlink_sendmsg+0x8d1/0xdd0 [ 774.532978][T20802] ? __pfx_netlink_sendmsg+0x10/0x10 [ 774.532997][T20802] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 774.533012][T20802] ____sys_sendmsg+0xa95/0xc70 [ 774.533027][T20802] ? __pfx_____sys_sendmsg+0x10/0x10 [ 774.533038][T20802] ? get_compat_msghdr+0x11a/0x170 [ 774.533060][T20802] ___sys_sendmsg+0x134/0x1d0 [ 774.533078][T20802] ? __pfx____sys_sendmsg+0x10/0x10 [ 774.533101][T20802] ? find_held_lock+0x2b/0x80 [ 774.533121][T20802] __sys_sendmsg+0x16d/0x220 [ 774.533138][T20802] ? __pfx___sys_sendmsg+0x10/0x10 [ 774.533162][T20802] ? rcu_is_watching+0x12/0xc0 [ 774.533175][T20802] __do_fast_syscall_32+0x7c/0x3a0 [ 774.533187][T20802] do_fast_syscall_32+0x32/0x80 [ 774.533197][T20802] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 774.533211][T20802] RIP: 0023:0xf709e579 [ 774.533220][T20802] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 774.533231][T20802] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 774.533243][T20802] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000240 [ 774.533250][T20802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 774.533256][T20802] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 774.533262][T20802] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 774.533269][T20802] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 774.533283][T20802] [ 774.666339][ C3] vkms_vblank_simulate: vblank timer overrun [ 775.620818][T20810] wg1 speed is unknown, defaulting to 1000 [ 775.706030][T20810] lo speed is unknown, defaulting to 1000 [ 775.830982][T20818] 9pnet_fd: Insufficient options for proto=fd [ 775.976418][ T40] kauditd_printk_skb: 237 callbacks suppressed [ 775.976500][ T40] audit: type=1326 audit(1757568625.887:2638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 775.986745][ T40] audit: type=1326 audit(1757568625.897:2639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 775.995089][T20820] tipc: Enabled bearer , priority 0 [ 776.011791][T20820] syzkaller0: entered promiscuous mode [ 776.016429][ T40] audit: type=1326 audit(1757568625.897:2640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 776.017679][T20820] syzkaller0: entered allmulticast mode [ 776.037313][ T40] audit: type=1326 audit(1757568625.897:2641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 776.044063][ T40] audit: type=1326 audit(1757568625.897:2642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 776.173404][ T40] audit: type=1326 audit(1757568625.897:2643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 776.194514][ T40] audit: type=1326 audit(1757568625.897:2644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 776.225767][ T40] audit: type=1326 audit(1757568625.897:2645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 776.230664][T20825] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4064'. [ 776.233361][ T40] audit: type=1326 audit(1757568625.897:2646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 776.265006][ T40] audit: type=1326 audit(1757568625.897:2647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.4062" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 776.350731][T20825] tipc: Resetting bearer [ 776.698202][T20819] tipc: Resetting bearer [ 776.732541][T20819] tipc: Disabling bearer [ 776.772780][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4066'. [ 776.804832][T20830] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4066'. [ 778.199989][T20844] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4070'. [ 778.203888][T20844] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4070'. [ 778.207815][T20844] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4070'. [ 778.304030][T20846] dvmrp8: entered allmulticast mode [ 778.798669][T20862] tipc: Enabled bearer , priority 0 [ 778.802337][T20862] syzkaller0: entered promiscuous mode [ 778.804447][T20862] syzkaller0: entered allmulticast mode [ 778.877549][T20864] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4076'. [ 778.893247][T20864] tipc: Resetting bearer [ 778.961576][T20861] tipc: Resetting bearer [ 778.983563][T20861] tipc: Disabling bearer [ 779.247017][T20874] bridge_slave_0 (unregistering): left allmulticast mode [ 779.249309][T20874] bridge0: port 1(bridge_slave_0) entered disabled state [ 779.763058][ T6044] kernel write not supported for file [eventfd] (pid: 6044 comm: kworker/2:4) [ 780.113686][T16312] kernel write not supported for file [eventfd] (pid: 16312 comm: kworker/3:5) [ 780.144965][T20884] random: crng reseeded on system resumption [ 780.199637][T20887] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 780.215126][T20888] loop6: detected capacity change from 0 to 524287999 [ 780.488675][T20895] tipc: Enabled bearer , priority 0 [ 780.491901][T20895] syzkaller0: entered promiscuous mode [ 780.493749][T20895] syzkaller0: entered allmulticast mode [ 780.550580][T20897] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4085'. [ 780.564140][T20897] tipc: Resetting bearer [ 780.609470][T20894] tipc: Resetting bearer [ 780.620649][T20894] tipc: Disabling bearer [ 781.018379][T20911] wg1 speed is unknown, defaulting to 1000 [ 781.054976][T20914] FAULT_INJECTION: forcing a failure. [ 781.054976][T20914] name failslab, interval 1, probability 0, space 0, times 0 [ 781.055302][T20912] netlink: 'syz.1.4089': attribute type 4 has an invalid length. [ 781.061514][T20914] CPU: 1 UID: 0 PID: 20914 Comm: syz.2.4090 Not tainted syzkaller #0 PREEMPT(full) [ 781.061530][T20914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 781.061537][T20914] Call Trace: [ 781.061541][T20914] [ 781.061545][T20914] dump_stack_lvl+0x16c/0x1f0 [ 781.061566][T20914] should_fail_ex+0x512/0x640 [ 781.061577][T20914] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 781.061591][T20914] should_failslab+0xc2/0x120 [ 781.061605][T20914] __kmalloc_cache_noprof+0x6a/0x3e0 [ 781.061616][T20914] ? apply_wqattrs_prepare+0x130/0xbd0 [ 781.061631][T20914] apply_wqattrs_prepare+0x130/0xbd0 [ 781.061649][T20914] apply_workqueue_attrs_locked+0x64/0xe0 [ 781.061662][T20914] __alloc_workqueue+0x1007/0x1810 [ 781.061682][T20914] alloc_workqueue_noprof+0xd2/0x200 [ 781.061696][T20914] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 781.061719][T20914] loop_configure+0xf5f/0x15c0 [ 781.061756][T20914] ? __lock_acquire+0xb97/0x1ce0 [ 781.061772][T20914] ? __pfx_loop_configure+0x10/0x10 [ 781.061800][T20914] lo_ioctl+0x265/0x1cc0 [ 781.061816][T20914] ? __pfx_lo_ioctl+0x10/0x10 [ 781.061835][T20914] ? kasan_quarantine_put+0x10a/0x240 [ 781.061847][T20914] ? lockdep_hardirqs_on+0x7c/0x110 [ 781.061865][T20914] ? blk_get_meta_cap+0x482/0x700 [ 781.061880][T20914] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 781.061920][T20914] lo_compat_ioctl+0xb9/0x170 [ 781.061936][T20914] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 781.061950][T20914] compat_blkdev_ioctl+0x2eb/0x7a0 [ 781.061966][T20914] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 781.061982][T20914] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 781.061998][T20914] __ia32_compat_sys_ioctl+0x23f/0x370 [ 781.062018][T20914] __do_fast_syscall_32+0x7c/0x3a0 [ 781.062030][T20914] do_fast_syscall_32+0x32/0x80 [ 781.062040][T20914] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 781.062054][T20914] RIP: 0023:0xf7f77579 [ 781.062063][T20914] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 781.062074][T20914] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 781.062085][T20914] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004c0a [ 781.062092][T20914] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 781.062098][T20914] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 781.062105][T20914] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 781.062111][T20914] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 781.062125][T20914] [ 781.166223][T20912] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4089'. [ 781.242805][T20911] lo speed is unknown, defaulting to 1000 [ 781.404034][ T9] kernel write not supported for file [eventfd] (pid: 9 comm: kworker/0:0) [ 781.539522][ T6044] kernel write not supported for file [eventfd] (pid: 6044 comm: kworker/2:4) [ 781.565768][T20933] tipc: Enabled bearer , priority 0 [ 781.571952][T20933] syzkaller0: entered promiscuous mode [ 781.574147][T20933] syzkaller0: entered allmulticast mode [ 781.632645][T20936] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4096'. [ 781.646943][T20936] tipc: Resetting bearer [ 781.689009][T20932] tipc: Resetting bearer [ 781.699002][T20932] tipc: Disabling bearer [ 782.071145][T20944] netlink: 'syz.2.4098': attribute type 16 has an invalid length. [ 782.074479][T20944] netlink: 'syz.2.4098': attribute type 17 has an invalid length. [ 782.085043][T20944] bridge0: port 1(syz_tun) entered blocking state [ 782.087450][T20944] bridge0: port 1(syz_tun) entered forwarding state [ 782.094504][T20944] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 782.138873][T20946] FAULT_INJECTION: forcing a failure. [ 782.138873][T20946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 782.143042][T20946] CPU: 0 UID: 0 PID: 20946 Comm: syz.2.4099 Not tainted syzkaller #0 PREEMPT(full) [ 782.143057][T20946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 782.143065][T20946] Call Trace: [ 782.143069][T20946] [ 782.143086][T20946] dump_stack_lvl+0x16c/0x1f0 [ 782.143107][T20946] should_fail_ex+0x512/0x640 [ 782.143121][T20946] _copy_from_user+0x2e/0xd0 [ 782.143134][T20946] vt_do_kdsk_ioctl+0x92/0xa90 [ 782.143145][T20946] ? aa_get_newest_label+0xd2/0x250 [ 782.143159][T20946] ? __pfx_vt_do_kdsk_ioctl+0x10/0x10 [ 782.143172][T20946] ? bpf_lsm_capable+0x9/0x10 [ 782.143183][T20946] ? security_capable+0x7e/0x260 [ 782.143196][T20946] vt_ioctl+0xbb9/0x30a0 [ 782.143212][T20946] ? __pfx_vt_ioctl+0x10/0x10 [ 782.143224][T20946] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 782.143242][T20946] ? rcu_is_watching+0x12/0xc0 [ 782.143255][T20946] ? aa_get_newest_label+0xd2/0x250 [ 782.143268][T20946] ? apparmor_capable+0x114/0x1d0 [ 782.143281][T20946] ? bpf_lsm_capable+0x9/0x10 [ 782.143290][T20946] ? security_capable+0x7e/0x260 [ 782.143303][T20946] vt_compat_ioctl+0x1c2/0x4e0 [ 782.143318][T20946] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 782.143331][T20946] ? hook_file_ioctl_common+0x145/0x410 [ 782.143349][T20946] ? __fget_files+0x20e/0x3c0 [ 782.143363][T20946] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 782.143377][T20946] tty_compat_ioctl+0x2f1/0x4d0 [ 782.143395][T20946] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 782.143412][T20946] __ia32_compat_sys_ioctl+0x23f/0x370 [ 782.143432][T20946] __do_fast_syscall_32+0x7c/0x3a0 [ 782.143443][T20946] do_fast_syscall_32+0x32/0x80 [ 782.143454][T20946] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 782.143468][T20946] RIP: 0023:0xf7f77579 [ 782.143477][T20946] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 782.143488][T20946] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 782.143499][T20946] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b47 [ 782.143506][T20946] RDX: 0000000080001140 RSI: 0000000000000000 RDI: 0000000000000000 [ 782.143513][T20946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 782.143519][T20946] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 782.143526][T20946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 782.143539][T20946] [ 782.365785][T20953] nbd: nbd2 already in use [ 782.368485][T20953] block nbd2: NBD_DISCONNECT [ 782.370552][T20953] block nbd2: Send disconnect failed -32 [ 782.372887][T20953] block nbd2: shutting down sockets [ 782.442275][T20957] FAULT_INJECTION: forcing a failure. [ 782.442275][T20957] name failslab, interval 1, probability 0, space 0, times 0 [ 782.447479][T20957] CPU: 3 UID: 0 PID: 20957 Comm: syz.0.4104 Not tainted syzkaller #0 PREEMPT(full) [ 782.447503][T20957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 782.447514][T20957] Call Trace: [ 782.447521][T20957] [ 782.447529][T20957] dump_stack_lvl+0x16c/0x1f0 [ 782.447560][T20957] should_fail_ex+0x512/0x640 [ 782.447577][T20957] ? fs_reclaim_acquire+0xae/0x150 [ 782.447605][T20957] ? tomoyo_encode2+0x100/0x3e0 [ 782.447628][T20957] should_failslab+0xc2/0x120 [ 782.447650][T20957] __kmalloc_noprof+0xd2/0x510 [ 782.447672][T20957] tomoyo_encode2+0x100/0x3e0 [ 782.447697][T20957] tomoyo_encode+0x29/0x50 [ 782.447717][T20957] tomoyo_mount_acl+0x314/0x850 [ 782.447737][T20957] ? bpf_ksym_find+0x124/0x1c0 [ 782.447754][T20957] ? is_bpf_text_address+0x94/0x1a0 [ 782.447774][T20957] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 782.447792][T20957] ? __kernel_text_address+0xd/0x40 [ 782.447806][T20957] ? unwind_get_return_address+0x59/0xa0 [ 782.447823][T20957] ? arch_stack_walk+0xa6/0x100 [ 782.447860][T20957] ? tomoyo_domain+0xbb/0x150 [ 782.447880][T20957] ? tomoyo_profile+0x47/0x60 [ 782.447897][T20957] tomoyo_mount_permission+0x16d/0x420 [ 782.447916][T20957] ? tomoyo_mount_permission+0x14f/0x420 [ 782.447938][T20957] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 782.447972][T20957] security_sb_mount+0x9b/0x260 [ 782.447991][T20957] path_mount+0x15f/0x2000 [ 782.448015][T20957] ? __pfx_path_mount+0x10/0x10 [ 782.448035][T20957] ? kmem_cache_free+0x2d1/0x4d0 [ 782.448054][T20957] ? putname+0x154/0x1a0 [ 782.448075][T20957] ? getname_flags.part.0+0x1c5/0x550 [ 782.448107][T20957] ? __ia32_sys_mount+0x28b/0x310 [ 782.448125][T20957] __ia32_sys_mount+0x28b/0x310 [ 782.448145][T20957] ? __pfx___ia32_sys_mount+0x10/0x10 [ 782.448166][T20957] ? rcu_is_watching+0x12/0xc0 [ 782.448185][T20957] __do_fast_syscall_32+0x7c/0x3a0 [ 782.448201][T20957] do_fast_syscall_32+0x32/0x80 [ 782.448214][T20957] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 782.448233][T20957] RIP: 0023:0xf709e579 [ 782.448245][T20957] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 782.448260][T20957] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 782.448275][T20957] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800000c0 [ 782.448284][T20957] RDX: 0000000080000480 RSI: 0000000001000000 RDI: 0000000080000400 [ 782.448293][T20957] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 782.448302][T20957] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 782.448310][T20957] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 782.448330][T20957] [ 783.347675][T20971] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4109'. [ 783.350537][T20971] netlink: zone id is out of range [ 783.352146][T20971] netlink: zone id is out of range [ 783.353959][T20971] netlink: zone id is out of range [ 783.356928][T20971] netlink: zone id is out of range [ 783.359061][T20971] netlink: zone id is out of range [ 783.361054][T20971] netlink: zone id is out of range [ 783.362685][T20971] netlink: zone id is out of range [ 783.364160][T20971] netlink: zone id is out of range [ 783.614306][T20979] FAULT_INJECTION: forcing a failure. [ 783.614306][T20979] name failslab, interval 1, probability 0, space 0, times 0 [ 783.620778][T20979] CPU: 0 UID: 0 PID: 20979 Comm: syz.0.4111 Not tainted syzkaller #0 PREEMPT(full) [ 783.620795][T20979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 783.620802][T20979] Call Trace: [ 783.620806][T20979] [ 783.620821][T20979] dump_stack_lvl+0x16c/0x1f0 [ 783.620845][T20979] should_fail_ex+0x512/0x640 [ 783.620856][T20979] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 783.620872][T20979] should_failslab+0xc2/0x120 [ 783.620887][T20979] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 783.620900][T20979] ? alloc_inode+0xc3/0x240 [ 783.620917][T20979] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 783.620936][T20979] alloc_inode+0xc3/0x240 [ 783.620952][T20979] create_pipe_files+0x4c/0x9a0 [ 783.620968][T20979] do_pipe2+0xaf/0x1c0 [ 783.620982][T20979] ? __pfx_do_pipe2+0x10/0x10 [ 783.620996][T20979] ? __pfx_ksys_write+0x10/0x10 [ 783.621011][T20979] ? rcu_is_watching+0x12/0xc0 [ 783.621025][T20979] __ia32_sys_pipe+0x32/0x50 [ 783.621039][T20979] __do_fast_syscall_32+0x7c/0x3a0 [ 783.621051][T20979] do_fast_syscall_32+0x32/0x80 [ 783.621061][T20979] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 783.621075][T20979] RIP: 0023:0xf709e579 [ 783.621084][T20979] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 783.621095][T20979] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 000000000000002a [ 783.621106][T20979] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000000000 [ 783.621113][T20979] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 783.621119][T20979] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 783.621125][T20979] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 783.621132][T20979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 783.621146][T20979] [ 783.816579][T13014] usb 7-1: new high-speed USB device number 50 using dummy_hcd [ 783.996258][T13014] usb 7-1: Using ep0 maxpacket: 8 [ 784.000296][T13014] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 784.003620][T13014] usb 7-1: config 0 has no interface number 0 [ 784.006309][T13014] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 784.010618][T13014] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 784.015271][T13014] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 784.025265][T13014] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 784.046228][T13014] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 784.049974][T13014] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.055153][T13014] usb 7-1: config 0 descriptor?? [ 784.069913][T13014] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 784.298373][T13014] usb 7-1: USB disconnect, device number 50 [ 784.350802][T13014] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 784.487439][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout [ 785.252306][T21006] wg1 speed is unknown, defaulting to 1000 [ 785.399913][T21006] lo speed is unknown, defaulting to 1000 [ 785.771406][T21014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4119'. [ 785.848809][ T40] kauditd_printk_skb: 196 callbacks suppressed [ 785.848826][ T40] audit: type=1804 audit(1757568635.827:2844): pid=21016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4119" name="/newroot/391/file1" dev="tmpfs" ino=2092 res=1 errno=0 [ 785.849751][ T40] audit: type=1800 audit(1757568635.827:2845): pid=21016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4119" name="file1" dev="tmpfs" ino=2092 res=0 errno=0 [ 786.439448][ T40] audit: type=1326 audit(1757568636.397:2846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21020 comm="syz.1.4121" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 786.448761][ T40] audit: type=1326 audit(1757568636.397:2847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21020 comm="syz.1.4121" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 786.460053][ T40] audit: type=1326 audit(1757568636.407:2848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21020 comm="syz.1.4121" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 786.684310][ T40] audit: type=1326 audit(1757568636.657:2849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21020 comm="syz.1.4121" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 786.691415][ T40] audit: type=1326 audit(1757568636.657:2850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21020 comm="syz.1.4121" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 787.016405][T21027] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 788.364177][T21058] sg_write: data in/out 489/14 bytes for SCSI command 0xb-- guessing data in; [ 788.364177][T21058] program syz.3.4131 not setting count and/or reply_len properly [ 788.410027][T21058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4131'. [ 788.424819][T21058] input input49: cannot allocate more than FF_MAX_EFFECTS effects [ 789.540881][T21088] tipc: Enabled bearer , priority 0 [ 789.543843][T21088] syzkaller0: entered promiscuous mode [ 789.545600][T21088] syzkaller0: entered allmulticast mode [ 789.567889][T21090] tipc: Enabled bearer , priority 0 [ 789.570911][T21090] syzkaller0: entered promiscuous mode [ 789.572797][T21090] syzkaller0: entered allmulticast mode [ 789.606045][T21093] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4138'. [ 789.634811][T21095] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4140'. [ 789.651986][T21096] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4139'. [ 789.656868][T21088] tipc: Resetting bearer [ 789.671731][T21095] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4140'. [ 789.678219][T21096] tipc: Resetting bearer [ 789.681583][T21087] tipc: Resetting bearer [ 789.691962][T21087] tipc: Disabling bearer [ 789.699074][T21089] tipc: Resetting bearer [ 789.714336][T21089] tipc: Disabling bearer [ 789.985359][T21101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4142'. [ 790.026002][ T6030] kernel write not supported for file [eventfd] (pid: 6030 comm: kworker/2:3) [ 790.256262][ T6044] usb 8-1: new high-speed USB device number 46 using dummy_hcd [ 790.408356][ T6044] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 790.411938][ T6044] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 790.415457][ T6044] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 790.419155][ T6044] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 790.424554][ T6044] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 790.430672][ T6044] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.437143][ T6044] usb 8-1: config 0 descriptor?? [ 790.848321][ T6044] plantronics 0003:047F:FFFF.0009: ignoring exceeding usage max [ 790.956342][ T6044] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 791.016527][T21122] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4149'. [ 791.042329][T21122] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4149'. [ 791.840272][T21131] tipc: Enabled bearer , priority 0 [ 791.846827][T21131] syzkaller0: entered promiscuous mode [ 791.852302][T21131] syzkaller0: entered allmulticast mode [ 791.926418][T21134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4151'. [ 791.942450][T21134] tipc: Resetting bearer [ 791.973647][T21130] tipc: Resetting bearer [ 791.994290][T21130] tipc: Disabling bearer [ 792.252665][T21149] netlink: 188 bytes leftover after parsing attributes in process `syz.0.4154'. [ 792.264469][T21143] syz.2.4153 (21143): attempted to duplicate a private mapping with mremap. This is not supported. [ 792.326089][ T6044] usb 8-1: reset high-speed USB device number 46 using dummy_hcd [ 792.483272][T21153] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 792.485508][T21153] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 792.486330][ T6044] usb 8-1: device descriptor read/64, error -32 [ 792.489037][T21153] vhci_hcd vhci_hcd.0: Device attached [ 792.726248][ T6044] usb 8-1: reset high-speed USB device number 46 using dummy_hcd [ 792.856245][ T6044] usb 8-1: device descriptor read/64, error -32 [ 793.096218][ T6044] usb 8-1: reset high-speed USB device number 46 using dummy_hcd [ 793.114758][T21155] vhci_hcd: connection closed [ 793.115083][ T1140] vhci_hcd: stop threads [ 793.118200][ T1140] vhci_hcd: release socket [ 793.119865][ T1140] vhci_hcd: disconnect device [ 793.146267][ T1470] usb 40-1: enqueue for inactive port 0 [ 793.236502][ T6044] usb 8-1: device descriptor read/8, error -32 [ 793.488383][ T6044] usb 8-1: reset high-speed USB device number 46 using dummy_hcd [ 793.510219][ T6044] usb 8-1: device descriptor read/8, error -32 [ 793.620746][ T6044] raw-gadget.0 gadget.3: failed to queue suspend event [ 793.626764][ T6030] usb 8-1: USB disconnect, device number 46 [ 793.637025][ T6030] raw-gadget.0 gadget.3: failed to queue reset event [ 793.638431][ T1470] usb usb40-port1: attempt power cycle [ 793.680778][T13014] kernel write not supported for file [eventfd] (pid: 13014 comm: kworker/3:4) [ 793.706364][ T6030] raw-gadget.0 gadget.3: failed to queue resume event [ 793.766204][ T6030] usb 8-1: new high-speed USB device number 47 using dummy_hcd [ 793.766411][ C2] raw-gadget.0 gadget.3: ignoring, device is not running [ 793.772172][ T6030] raw-gadget.0 gadget.3: failed to queue reset event [ 793.839327][ T6030] raw-gadget.0 gadget.3: failed to queue resume event [ 793.842844][T21165] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4159'. [ 793.846817][T21165] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4159'. [ 793.850654][T21165] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4159'. [ 793.896226][ T6030] usb 8-1: device descriptor read/64, error -32 [ 794.006442][ T6030] raw-gadget.0 gadget.3: failed to queue suspend event [ 794.009713][ T6030] raw-gadget.0 gadget.3: failed to queue reset event [ 794.076249][ T6030] raw-gadget.0 gadget.3: failed to queue resume event [ 794.136203][ T6030] usb 8-1: new high-speed USB device number 48 using dummy_hcd [ 794.138925][ C2] raw-gadget.0 gadget.3: ignoring, device is not running [ 794.141306][ T6030] raw-gadget.0 gadget.3: failed to queue reset event [ 794.206265][ T6030] raw-gadget.0 gadget.3: failed to queue resume event [ 794.216731][T21129] raw-gadget.0 gadget.3: failed to queue suspend event [ 794.220224][T21129] raw-gadget.0 gadget.3: failed to queue disconnect event [ 794.266248][ T6030] usb 8-1: device descriptor read/64, error -32 [ 794.376523][ T6030] usb usb8-port1: attempt power cycle [ 794.554633][ T1470] usb usb40-port1: unable to enumerate USB device [ 794.888368][T21174] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 794.891254][T21174] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 794.894804][T21175] vhci_hcd: connection closed [ 794.894929][T21174] vhci_hcd vhci_hcd.0: Device attached [ 794.905203][ T1140] vhci_hcd: stop threads [ 794.907155][ T1140] vhci_hcd: release socket [ 794.919450][ T1140] vhci_hcd: disconnect device [ 795.389084][T21198] wg1 speed is unknown, defaulting to 1000 [ 795.536746][T21202] FAULT_INJECTION: forcing a failure. [ 795.536746][T21202] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 795.552156][T21202] CPU: 3 UID: 0 PID: 21202 Comm: syz.3.4169 Not tainted syzkaller #0 PREEMPT(full) [ 795.552185][T21202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 795.552192][T21202] Call Trace: [ 795.552197][T21202] [ 795.552201][T21202] dump_stack_lvl+0x16c/0x1f0 [ 795.552236][T21202] should_fail_ex+0x512/0x640 [ 795.552256][T21202] _copy_from_user+0x2e/0xd0 [ 795.552269][T21202] __sys_bpf+0x21d/0x4de0 [ 795.552289][T21202] ? __pfx___sys_bpf+0x10/0x10 [ 795.552306][T21202] ? ksys_write+0x190/0x250 [ 795.552321][T21202] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 795.552351][T21202] ? fput+0x9b/0xd0 [ 795.552367][T21202] ? ksys_write+0x1ac/0x250 [ 795.552380][T21202] ? __pfx_ksys_write+0x10/0x10 [ 795.552395][T21202] __ia32_sys_bpf+0x76/0xe0 [ 795.552405][T21202] __do_fast_syscall_32+0x7c/0x3a0 [ 795.552417][T21202] do_fast_syscall_32+0x32/0x80 [ 795.552427][T21202] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 795.552442][T21202] RIP: 0023:0xf705e579 [ 795.552451][T21202] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 795.552462][T21202] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 795.552477][T21202] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000080000040 [ 795.552484][T21202] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 795.552491][T21202] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 795.552497][T21202] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 795.552503][T21202] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 795.552522][T21202] [ 795.565588][T21198] lo speed is unknown, defaulting to 1000 [ 795.683325][ T9] kernel write not supported for file [eventfd] (pid: 9 comm: kworker/0:0) [ 795.764289][T21198] FAULT_INJECTION: forcing a failure. [ 795.764289][T21198] name failslab, interval 1, probability 0, space 0, times 0 [ 795.789763][T21198] CPU: 0 UID: 0 PID: 21198 Comm: syz.0.4166 Not tainted syzkaller #0 PREEMPT(full) [ 795.789802][T21198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 795.789815][T21198] Call Trace: [ 795.789822][T21198] [ 795.789830][T21198] dump_stack_lvl+0x16c/0x1f0 [ 795.789864][T21198] should_fail_ex+0x512/0x640 [ 795.789883][T21198] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 795.789907][T21198] should_failslab+0xc2/0x120 [ 795.789932][T21198] __kmalloc_cache_noprof+0x6a/0x3e0 [ 795.789951][T21198] ? netdevice_event+0x365/0x9d0 [ 795.789971][T21198] netdevice_event+0x365/0x9d0 [ 795.789990][T21198] ? __pfx_netdevice_event+0x10/0x10 [ 795.790005][T21198] ? __pfx_del_netdev_default_ips_join+0x10/0x10 [ 795.790026][T21198] ? __pfx_is_eth_port_inactive_slave_filter+0x10/0x10 [ 795.790048][T21198] ? __pfx_add_default_gids+0x10/0x10 [ 795.790066][T21198] ? __pfx_is_ndev_for_default_gid_filter+0x10/0x10 [ 795.790085][T21198] ? __pfx_add_netdev_ips+0x10/0x10 [ 795.790103][T21198] ? __pfx_is_eth_port_of_netdev_filter+0x10/0x10 [ 795.790125][T21198] ? wext_netdev_notifier_call+0xe/0x20 [ 795.790151][T21198] ? cfg802154_netdev_notifier_call+0x391/0xa00 [ 795.790179][T21198] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 795.790208][T21198] notifier_call_chain+0xb9/0x410 [ 795.790234][T21198] ? __pfx_netdevice_event+0x10/0x10 [ 795.790257][T21198] call_netdevice_notifiers_info+0xbe/0x140 [ 795.790281][T21198] __dev_notify_flags+0x12c/0x2e0 [ 795.790310][T21198] ? __pfx___dev_notify_flags+0x10/0x10 [ 795.790341][T21198] ? __pfx___dev_change_flags+0x10/0x10 [ 795.790366][T21198] ? validate_linkmsg+0x57c/0xb60 [ 795.790391][T21198] ? __lock_acquire+0xb97/0x1ce0 [ 795.790420][T21198] netif_change_flags+0x108/0x160 [ 795.790451][T21198] do_setlink.constprop.0+0xb53/0x4380 [ 795.790473][T21198] ? finish_task_switch.isra.0+0x21c/0xc10 [ 795.790496][T21198] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 795.790516][T21198] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 795.790540][T21198] ? __lock_acquire+0xb97/0x1ce0 [ 795.790577][T21198] ? __mutex_trylock_common+0xe9/0x250 [ 795.790602][T21198] ? __pfx___mutex_trylock_common+0x10/0x10 [ 795.790627][T21198] ? __pfx___might_resched+0x10/0x10 [ 795.790649][T21198] ? rcu_is_watching+0x12/0xc0 [ 795.790670][T21198] ? trace_contention_end+0xdd/0x130 [ 795.790694][T21198] ? __mutex_lock+0x1c5/0x1060 [ 795.790726][T21198] ? rcu_is_watching+0x12/0xc0 [ 795.790748][T21198] ? __pfx___mutex_lock+0x10/0x10 [ 795.790792][T21198] rtnl_newlink+0x1446/0x2000 [ 795.790817][T21198] ? __pfx_rtnl_newlink+0x10/0x10 [ 795.790835][T21198] ? __kernel_text_address+0xd/0x40 [ 795.790855][T21198] ? unwind_get_return_address+0x59/0xa0 [ 795.790876][T21198] ? arch_stack_walk+0xa6/0x100 [ 795.790908][T21198] ? __lock_acquire+0x62e/0x1ce0 [ 795.790935][T21198] ? rcu_is_watching+0x12/0xc0 [ 795.790965][T21198] ? find_held_lock+0x2b/0x80 [ 795.790981][T21198] ? __pfx_rtnl_newlink+0x10/0x10 [ 795.790996][T21198] ? __pfx_rtnl_newlink+0x10/0x10 [ 795.791012][T21198] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 795.791028][T21198] ? __pfx_rtnl_newlink+0x10/0x10 [ 795.791047][T21198] rtnetlink_rcv_msg+0x95e/0xe90 [ 795.791069][T21198] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 795.791093][T21198] ? __lock_acquire+0x62e/0x1ce0 [ 795.791122][T21198] netlink_rcv_skb+0x158/0x420 [ 795.791141][T21198] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 795.791161][T21198] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 795.791198][T21198] ? netlink_deliver_tap+0x1ae/0xd30 [ 795.791224][T21198] ? is_vmalloc_addr+0x86/0xa0 [ 795.791248][T21198] netlink_unicast+0x5a7/0x870 [ 795.791281][T21198] ? __pfx_netlink_unicast+0x10/0x10 [ 795.791312][T21198] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 795.791349][T21198] netlink_sendmsg+0x8d1/0xdd0 [ 795.791383][T21198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 795.791412][T21198] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 795.791437][T21198] ____sys_sendmsg+0xa95/0xc70 [ 795.791463][T21198] ? __pfx_____sys_sendmsg+0x10/0x10 [ 795.791484][T21198] ? get_compat_msghdr+0x11a/0x170 [ 795.791521][T21198] ___sys_sendmsg+0x134/0x1d0 [ 795.791553][T21198] ? __pfx____sys_sendmsg+0x10/0x10 [ 795.791598][T21198] ? find_held_lock+0x2b/0x80 [ 795.791632][T21198] __sys_sendmsg+0x16d/0x220 [ 795.791661][T21198] ? __pfx___sys_sendmsg+0x10/0x10 [ 795.791701][T21198] ? rcu_is_watching+0x12/0xc0 [ 795.791723][T21198] __do_fast_syscall_32+0x7c/0x3a0 [ 795.791744][T21198] do_fast_syscall_32+0x32/0x80 [ 795.791762][T21198] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 795.791785][T21198] RIP: 0023:0xf709e579 [ 795.791801][T21198] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 795.791818][T21198] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 795.791837][T21198] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080000340 [ 795.791847][T21198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 795.791872][T21198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 795.791885][T21198] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 795.791896][T21198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 795.791922][T21198] [ 796.898602][T21221] nbd1: detected capacity change from 0 to 63 [ 796.901761][T21223] block nbd1: NBD_DISCONNECT [ 796.905462][T21223] block nbd1: Disconnected due to user request. [ 796.913366][T21223] block nbd1: shutting down sockets [ 796.935378][T21225] FAULT_INJECTION: forcing a failure. [ 796.935378][T21225] name failslab, interval 1, probability 0, space 0, times 0 [ 796.942744][T21225] CPU: 0 UID: 0 PID: 21225 Comm: syz.3.4174 Not tainted syzkaller #0 PREEMPT(full) [ 796.942772][T21225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 796.942785][T21225] Call Trace: [ 796.942793][T21225] [ 796.942800][T21225] dump_stack_lvl+0x16c/0x1f0 [ 796.942834][T21225] should_fail_ex+0x512/0x640 [ 796.942853][T21225] ? lockdep_hardirqs_on+0x7c/0x110 [ 796.942884][T21225] should_failslab+0xc2/0x120 [ 796.942910][T21225] __kmalloc_cache_noprof+0x6a/0x3e0 [ 796.942931][T21225] ? do_raw_spin_lock+0x12c/0x2b0 [ 796.942959][T21225] ? find_held_lock+0x2b/0x80 [ 796.942976][T21225] ? async_schedule_node_domain+0x54/0x120 [ 796.943005][T21225] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 796.943034][T21225] async_schedule_node_domain+0x54/0x120 [ 796.943059][T21225] dev_cache_fw_image+0x38e/0x490 [ 796.943088][T21225] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 796.943118][T21225] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 796.943145][T21225] dpm_for_each_dev+0x5d/0xb0 [ 796.943170][T21225] fw_pm_notify+0x81/0x150 [ 796.943193][T21225] notifier_call_chain+0xb9/0x410 [ 796.943214][T21225] ? __pfx_fw_pm_notify+0x10/0x10 [ 796.943243][T21225] blocking_notifier_call_chain_robust+0xc8/0x160 [ 796.943269][T21225] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 796.943297][T21225] ? do_raw_spin_unlock+0x172/0x230 [ 796.943328][T21225] pm_notifier_call_chain_robust+0x27/0x60 [ 796.943354][T21225] snapshot_open+0x189/0x2b0 [ 796.943375][T21225] ? __pfx_snapshot_open+0x10/0x10 [ 796.943399][T21225] misc_open+0x35d/0x420 [ 796.943420][T21225] ? __pfx_misc_open+0x10/0x10 [ 796.943442][T21225] chrdev_open+0x231/0x6a0 [ 796.943466][T21225] ? __pfx_apparmor_file_open+0x10/0x10 [ 796.943494][T21225] ? __pfx_chrdev_open+0x10/0x10 [ 796.943519][T21225] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 796.943545][T21225] do_dentry_open+0x97f/0x1530 [ 796.943568][T21225] ? __pfx_chrdev_open+0x10/0x10 [ 796.943598][T21225] vfs_open+0x82/0x3f0 [ 796.943630][T21225] path_openat+0x1de4/0x2cb0 [ 796.943661][T21225] ? __pfx_path_openat+0x10/0x10 [ 796.943687][T21225] ? __lock_acquire+0xb97/0x1ce0 [ 796.943714][T21225] do_filp_open+0x20b/0x470 [ 796.943736][T21225] ? __pfx_do_filp_open+0x10/0x10 [ 796.943780][T21225] ? _raw_spin_unlock+0x28/0x50 [ 796.943805][T21225] ? alloc_fd+0x471/0x7d0 [ 796.943836][T21225] do_sys_openat2+0x11b/0x1d0 [ 796.943865][T21225] ? __pfx_do_sys_openat2+0x10/0x10 [ 796.943891][T21225] ? __fget_files+0x20e/0x3c0 [ 796.943910][T21225] ? handle_mm_fault+0x1f0/0xd10 [ 796.943953][T21225] __ia32_compat_sys_openat+0x16d/0x210 [ 796.943974][T21225] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 796.943991][T21225] ? ksys_write+0x1ac/0x250 [ 796.944017][T21225] ? rcu_is_watching+0x12/0xc0 [ 796.944037][T21225] __do_fast_syscall_32+0x7c/0x3a0 [ 796.944056][T21225] do_fast_syscall_32+0x32/0x80 [ 796.944074][T21225] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 796.944097][T21225] RIP: 0023:0xf705e579 [ 796.944112][T21225] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 796.944128][T21225] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 796.944146][T21225] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800000c0 [ 796.944157][T21225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 796.944169][T21225] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 796.944180][T21225] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 796.944190][T21225] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 796.944216][T21225] [ 797.081478][T21225] [ 797.082475][T21225] ============================================ [ 797.084874][T21225] WARNING: possible recursive locking detected [ 797.087393][T21225] syzkaller #0 Not tainted [ 797.090059][T21225] -------------------------------------------- [ 797.094027][T21225] syz.3.4174/21225 is trying to acquire lock: [ 797.096617][T21225] ffffffff8f51d5a8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640 [ 797.100081][T21225] [ 797.100081][T21225] but task is already holding lock: [ 797.103171][T21225] ffffffff8f51d5a8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 797.106562][T21225] [ 797.106562][T21225] other info that might help us debug this: [ 797.109778][T21225] Possible unsafe locking scenario: [ 797.109778][T21225] [ 797.112525][T21225] CPU0 [ 797.113619][T21225] ---- [ 797.114672][T21225] lock(fw_lock); [ 797.116115][T21225] lock(fw_lock); [ 797.117482][T21225] [ 797.117482][T21225] *** DEADLOCK *** [ 797.117482][T21225] [ 797.120483][T21225] May be due to missing lock nesting notation [ 797.120483][T21225] [ 797.123867][T21225] 5 locks held by syz.3.4174/21225: [ 797.126025][T21225] #0: ffffffff8f307b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 797.129535][T21225] #1: ffffffff8e484848 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 797.134024][T21225] #2: ffffffff8e4c4cb0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 797.138631][T21225] #3: ffffffff8f51d5a8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 797.142111][T21225] #4: ffffffff8f517fa8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 797.145853][T21225] [ 797.145853][T21225] stack backtrace: [ 797.147980][T21225] CPU: 0 UID: 0 PID: 21225 Comm: syz.3.4174 Not tainted syzkaller #0 PREEMPT(full) [ 797.148003][T21225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 797.148013][T21225] Call Trace: [ 797.148021][T21225] [ 797.148029][T21225] dump_stack_lvl+0x116/0x1f0 [ 797.148061][T21225] print_deadlock_bug+0x1e9/0x240 [ 797.148087][T21225] __lock_acquire+0x1133/0x1ce0 [ 797.148112][T21225] ? kasan_save_track+0x14/0x30 [ 797.148136][T21225] lock_acquire+0x179/0x350 [ 797.148159][T21225] ? assign_fw+0x4e/0x640 [ 797.148182][T21225] ? __pfx___might_resched+0x10/0x10 [ 797.148200][T21225] ? path_openat+0x1de4/0x2cb0 [ 797.148221][T21225] ? do_filp_open+0x20b/0x470 [ 797.148240][T21225] ? do_sys_openat2+0x11b/0x1d0 [ 797.148267][T21225] ? assign_fw+0x4e/0x640 [ 797.148288][T21225] __mutex_lock+0x193/0x1060 [ 797.148316][T21225] ? assign_fw+0x4e/0x640 [ 797.148342][T21225] ? __pfx___mutex_lock+0x10/0x10 [ 797.148373][T21225] ? kasan_quarantine_put+0x10a/0x240 [ 797.148393][T21225] ? lockdep_hardirqs_on+0x7c/0x110 [ 797.148419][T21225] ? assign_fw+0x4e/0x640 [ 797.148442][T21225] assign_fw+0x4e/0x640 [ 797.148463][T21225] ? _request_firmware+0x957/0x1470 [ 797.148489][T21225] _request_firmware+0x988/0x1470 [ 797.148517][T21225] ? __pfx__request_firmware+0x10/0x10 [ 797.148551][T21225] ? dump_stack_lvl+0x197/0x1f0 [ 797.148579][T21225] ? dump_stack_lvl+0x1a3/0x1f0 [ 797.148607][T21225] __async_dev_cache_fw_image+0xb1/0x340 [ 797.148633][T21225] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 797.148661][T21225] ? mark_held_locks+0x49/0x80 [ 797.148683][T21225] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 797.148705][T21225] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 797.148723][T21225] async_schedule_node_domain+0xd4/0x120 [ 797.148738][T21225] dev_cache_fw_image+0x38e/0x490 [ 797.148753][T21225] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 797.148768][T21225] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 797.148782][T21225] dpm_for_each_dev+0x5d/0xb0 [ 797.148797][T21225] fw_pm_notify+0x81/0x150 [ 797.148810][T21225] notifier_call_chain+0xb9/0x410 [ 797.148823][T21225] ? __pfx_fw_pm_notify+0x10/0x10 [ 797.148838][T21225] blocking_notifier_call_chain_robust+0xc8/0x160 [ 797.148853][T21225] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 797.148868][T21225] ? do_raw_spin_unlock+0x172/0x230 [ 797.148886][T21225] pm_notifier_call_chain_robust+0x27/0x60 [ 797.148901][T21225] snapshot_open+0x189/0x2b0 [ 797.148913][T21225] ? __pfx_snapshot_open+0x10/0x10 [ 797.148926][T21225] misc_open+0x35d/0x420 [ 797.148940][T21225] ? __pfx_misc_open+0x10/0x10 [ 797.148953][T21225] chrdev_open+0x231/0x6a0 [ 797.148967][T21225] ? __pfx_apparmor_file_open+0x10/0x10 [ 797.148980][T21225] ? __pfx_chrdev_open+0x10/0x10 [ 797.148994][T21225] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 797.149008][T21225] do_dentry_open+0x97f/0x1530 [ 797.149021][T21225] ? __pfx_chrdev_open+0x10/0x10 [ 797.149036][T21225] vfs_open+0x82/0x3f0 [ 797.149052][T21225] path_openat+0x1de4/0x2cb0 [ 797.149066][T21225] ? __pfx_path_openat+0x10/0x10 [ 797.149079][T21225] ? __lock_acquire+0xb97/0x1ce0 [ 797.149120][T21225] do_filp_open+0x20b/0x470 [ 797.149134][T21225] ? __pfx_do_filp_open+0x10/0x10 [ 797.149150][T21225] ? _raw_spin_unlock+0x28/0x50 [ 797.149164][T21225] ? alloc_fd+0x471/0x7d0 [ 797.149177][T21225] do_sys_openat2+0x11b/0x1d0 [ 797.149193][T21225] ? __pfx_do_sys_openat2+0x10/0x10 [ 797.149210][T21225] ? __fget_files+0x20e/0x3c0 [ 797.149220][T21225] ? handle_mm_fault+0x1f0/0xd10 [ 797.149232][T21225] __ia32_compat_sys_openat+0x16d/0x210 [ 797.149243][T21225] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 797.149253][T21225] ? ksys_write+0x1ac/0x250 [ 797.149265][T21225] ? rcu_is_watching+0x12/0xc0 [ 797.149277][T21225] __do_fast_syscall_32+0x7c/0x3a0 [ 797.149288][T21225] do_fast_syscall_32+0x32/0x80 [ 797.149297][T21225] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 797.149311][T21225] RIP: 0023:0xf705e579 [ 797.149321][T21225] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 797.149331][T21225] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 797.149342][T21225] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800000c0 [ 797.149349][T21225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 797.149356][T21225] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 797.149362][T21225] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 797.149368][T21225] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 797.149378][T21225] VM DIAGNOSIS: 05:30:47 Registers: info registers vcpu 0 CPU#0 RAX=000000000000000d RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff8561aff5 RDI=ffffffff9b0ff700 RBP=ffffffff9b0ff6c0 RSP=ffffc90006b66ce8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=656c6c616b7a7973 R12=0000000000000000 R13=000000000000000d R14=ffffffff9b0ff6c0 R15=ffffffff8561af90 RIP=ffffffff8561b01f RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880974bd000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50b3020 CR3=0000000069fcc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88802b33b680 RCX=ffffffff81af2be3 RDX=ffff88801dec4880 RSI=ffffffff81af2bbd RDI=0000000000000005 RBP=ffffc9000044fd08 RSP=ffffc9000044fbc0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1cb97ee R12=1ffff92000089f80 R13=0000000000000002 R14=0000000000000001 R15=ffffed10056676d1 RIP=ffffffff81af2bbf RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975bd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3150f0 CR3=0000000061ffe000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000080000 RBX=0000000000000000 RCX=ffffc900338bd000 RDX=0000000000080000 RSI=ffffffff896759ee RDI=ffff8880122ee8c0 RBP=ffff8880122ee8c0 RSP=ffffc90006b277e0 R8 =0000000000000006 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=ffffc90006b27d68 R14=0000000000000000 R15=ffff8880122ee8c0 RIP=ffffffff8b9440e0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880976bd000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002e223ffc CR3=0000000063cd9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000ccaf54 RBX=0000000000000003 RCX=ffffffff8b914bf9 RDX=ffffed10056a6656 RSI=ffffffff8c163100 RDI=ffffffff8190ca91 RBP=ffffed1003863000 RSP=ffffc9000048fdf8 R8 =0000000000000000 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801c318000 R14=ffffffff90aba490 R15=0000000000000000 RIP=ffffffff8b91375f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977bd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000584bd99c CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 70318d1424c3dfe9 214428d79a7cac10 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1051c7cfb857753e de7809e7b791f353 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2049883a83a6c4e5 8f8e9280b43dd34c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6427147c96281f01 186d33b87ded4b1c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000002c40 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b33edb9c01a55cf7 00000000000001e3 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0048ddf1b68bd002 000001e300800100 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b52f38ec000001e3 00000000000001e3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001e3b77f11c6 b74f66f800000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 34bda433a6d51c55 2a781eb70465ff54 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c78e8a1741e4ac5 8321e2c0fb66b63f ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000