last executing test programs: 1m25.676418289s ago: executing program 2 (id=3579): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) fcntl$getown(0xffffffffffffffff, 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(0xffffffffffffffff, 0x4068aea3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000040)=0xa, 0x4) sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r4, 0x7ff, 0x1) 1m24.567764239s ago: executing program 2 (id=3583): close(0xffffffffffffffff) r0 = gettid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@cred={{0x18, 0x1, 0x2, {r0}}}], 0x18, 0x24040000}, 0x880) 1m24.488987945s ago: executing program 2 (id=3584): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x8) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="2c0000002e0001002abd70000000000008000000", @ANYRES32, @ANYBLOB="0b00e880976b6408686030000500018099000000"], 0x2c}], 0x1}, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r4, &(0x7f0000000440), 0x10) listen(r4, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r5, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0) r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r6, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f00000000c0), 0x12) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r8 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0) syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r8}}, 0x58) 1m23.588988963s ago: executing program 2 (id=3587): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 1m23.583631551s ago: executing program 2 (id=3588): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000240)=@multiplanar_fd={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "19893bbb"}, 0x0, 0x4, {0x0}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="240000001a00010000000000000000000a0000000000000002000000080019"], 0x24}}, 0x0) socket$nl_generic(0x11, 0x3, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x309, 0x70bd27, 0x0, {}, [@RTA_OIF={0x8, 0x4, r8}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_FLAGS={0x6, 0x6, 0x8}}]}, 0x38}}, 0x1000c840) r10 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r10, &(0x7f0000000280)=[{&(0x7f0000000480)=""/66, 0x42}], 0x1, 0x0, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0) io_setup(0x1, &(0x7f00000004c0)) 1m23.310897414s ago: executing program 2 (id=3589): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180100001700000000000000a54b0000850000007500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000280)='svcrdma_qp_error\x00', r1, 0x0, 0x5}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9}, 0xfffffffffffffdf9) getpid() r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2, 0x0, 0x7}, 0xf) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x1c2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x67d2, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000340)) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = dup(0xffffffffffffffff) ioctl$PPPIOCSFLAGS1(r5, 0x4004743a, &(0x7f0000000300)=0x10100) write$binfmt_aout(r4, &(0x7f0000000100)=ANY=[], 0xfce1) ioctl$TCFLSH(r3, 0x80047456, 0x2) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r7, 0x4048aec9, &(0x7f0000000080)={0x6}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, 0x0, 0x80) write$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x9) socket$kcm(0x2b, 0x1, 0x0) r8 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) 1m23.267305843s ago: executing program 32 (id=3589): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180100001700000000000000a54b0000850000007500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000280)='svcrdma_qp_error\x00', r1, 0x0, 0x5}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9}, 0xfffffffffffffdf9) getpid() r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2, 0x0, 0x7}, 0xf) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x1c2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x67d2, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000340)) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = dup(0xffffffffffffffff) ioctl$PPPIOCSFLAGS1(r5, 0x4004743a, &(0x7f0000000300)=0x10100) write$binfmt_aout(r4, &(0x7f0000000100)=ANY=[], 0xfce1) ioctl$TCFLSH(r3, 0x80047456, 0x2) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r7, 0x4048aec9, &(0x7f0000000080)={0x6}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, 0x0, 0x80) write$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x9) socket$kcm(0x2b, 0x1, 0x0) r8 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) 3.628509197s ago: executing program 1 (id=4000): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000006c0)='tracefs\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') pread64(r0, &(0x7f0000004180)=""/4096, 0x1000, 0x0) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="8900eaffffff00"], 0x7) 3.61429436s ago: executing program 3 (id=4001): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x8) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) r3 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="2c0000002e0001002abd", @ANYRES32=r4, @ANYBLOB="0b00e880976b6408686030000500018099000000"], 0x2c}], 0x1}, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000440), 0x10) listen(r5, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r6, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0) r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r8, &(0x7f00000000c0), 0x12) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r9 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0) syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58) 3.529916661s ago: executing program 1 (id=4002): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x8) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) r3 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYRES32=r4, @ANYBLOB="0b00e880976b6408686030000500018099000000"], 0x2c}], 0x1}, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000440), 0x10) listen(r5, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r6, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0) r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r8, &(0x7f00000000c0), 0x12) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r9 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0) syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58) 2.70798465s ago: executing program 3 (id=4008): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r5 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f0000000680)=""/174, 0xae}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, &(0x7f0000000a40)=""/250, 0xfa}, 0x40000141) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r8, 0x0, r6, 0x0, 0x408cd, 0x0) write$cgroup_int(r9, &(0x7f0000000380)=0xfffffffffffff800, 0x12) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 2.633599955s ago: executing program 1 (id=4009): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r5 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f0000000680)=""/174, 0xae}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, &(0x7f0000000a40)=""/250, 0xfa}, 0x40000141) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r8, 0x0, r6, 0x0, 0x408cd, 0x0) write$cgroup_int(r9, &(0x7f0000000380)=0xfffffffffffff800, 0x12) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 2.378000779s ago: executing program 4 (id=4014): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/96, 0x60}], 0x1}, 0xc}], 0x1, 0x60002000, 0x0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 1.898635912s ago: executing program 3 (id=4017): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = io_uring_setup(0x4d5b, &(0x7f00000001c0)={0x0, 0xfdc9, 0x4000, 0xfffffffc, 0x103}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r3, &(0x7f0000000700)={0x2b4, 0x7d, 0x0, {{0x500, 0x173, 0x0, 0x0, {}, 0x200000, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x94, '\xcf\xc7\x00\x00\x00\x00\xe5]\x8d\xf8\xd5[\xbfL\xce,\xa4\xa7\x95\xd3O\b8D\xcad+s\xfc\xb8-\xcf\x8e\xf0\xcb^\xea\xfb\x1a1m\x19\xed\x02\xbd\x94\xf1\x1c\xab\xe8\xe5\x98R8(\x9dV\x91\x8f\xc7\xa6\xd91f\xa5\xed/OSS@ \x18\xac\xbdV\xc7!,\x11\xb8\xcd\x00\x00\ay{\xe0\n\xae\xba\'\x87\x0f\xa6s\xdb\x1c\x84\xc2T\x11\x1b\x946\xe8\x84\xdc\x83>B\xeeS\xbb5T\xf6\x860\x18\xb7J\xa0\x18\x82\xed\xad\x8c\xd2\x1cC\x1eD~\xfeZ=\x19cm(w\xbdP\xf7ZD+', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x2b4) r4 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3) write$binfmt_misc(r4, &(0x7f0000000740), 0xff67) sendfile(r2, r4, &(0x7f0000000000), 0xfffb) fcntl$addseals(r4, 0x409, 0x8) ftruncate(r4, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c0000000306010300000000000000000000000605000100070000000900020073797a30"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4000840) 1.867418223s ago: executing program 1 (id=4018): ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000fef000/0x1000)=nil}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_JOIN_IBSS(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r3, 0x200, 0x0, 0xfffffffc, {{}, {@void, @void}}, [@NL80211_ATTR_HIDDEN_SSID={0x0, 0x7e, @default_ibss_ssid}]}, 0xfffffffffffffe57}, 0x1, 0x0, 0x0, 0x50}, 0x4844) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) sendmsg$unix(r5, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=[@rights={{0x10}}], 0x10, 0x24040000}, 0x880) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004900), 0x0, 0x11) 1.678913571s ago: executing program 3 (id=4019): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x3, 0x0, 0x0, 0x0, 0x6}}) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0xc0f85403, &(0x7f0000000040)) bind$802154_raw(r0, &(0x7f0000000040)={0x24, @short={0x2, 0x2, 0xaaa3}}, 0x14) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r3 = getpid() mount$bpf(0x0, &(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340), 0x1000044, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1230023, 0x0) r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) syz_clone(0xfdba2180, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x200, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r7, {0xfff4, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) r8 = socket(0x10, 0x803, 0x0) r9 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newtfilter={0x24, 0x2c, 0xd2b, 0x0, 0x8000, {0x0, 0x0, 0x0, r10, {0x0, 0x7}, {0xf, 0xfff1}, {0x1, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x400c804}, 0x48854) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000240), 0x4) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r11 = syz_io_uring_setup(0x4ba5, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r12, r13, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@hci={0x1f, 0xffffffffffffffff}}) io_uring_enter(r11, 0x2def, 0x0, 0x0, 0x0, 0x0) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) 1.479110943s ago: executing program 4 (id=4020): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000003c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000280)={r2, r3, r4, 0x3ff00000, 0x16, 0x8, 0x8001, 0x0, 0x3, 0x9, 0x1, 0xfffffff8}) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x40) flock(r0, 0x4) (async) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000080)=@ethtool_rxfh={0x1}}) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) (async) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (async) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) (async) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) (async) preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000740)=ANY=[@ANYBLOB="05800078c40040000c00000186dd061000090180c200000bfc000000000000000000000000000001000000000000fc000000000000000000000000000023be05ff96b2c178d325d4d3284f940c20b55011eb377268a6e7fdc6e663e89268b20fa0bf3b0c2c5788248352bf880665d8264739a6d91ffed973aaff16af82a2d2ab9da2f6d85d2af7823549b970e0a62401e8a3ae881a2f415607bb8f2ecc3306e5a3464d376c6ee0a0326c48668499e5fe92329f859f46446dc52ff2ed596ed1b2e3b47bd37eec396b6acbeb6760b8db0e0cbc2a7495af121df312737f8c47a5cbcb5c4a66f49bb7f2bf10c5e15044321c4a08e464dc7f047791020a272d8dfdd5f8b893e27217b659ea13295c1d77fa5b4cc09df15275e94db0ae67412a5b09c80a63e706c9e6ce37b574db01d421d196546f39a6f1a2137fd7a64ad01886785b5b767987de315d561267f5d9356a50cd2e066aecc031aa593e2e4d20e8e32685c63c1636f15d8c3fd3661db72baa3069d5f370f5fb933ce4feaadc333e4d4d9179c9fb86900c8dd496c2acc688c97e4f8e4265b79639b673c7fd"], 0x3e) (async) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) (async) landlock_create_ruleset(&(0x7f0000000180)={0x482, 0x0, 0x1}, 0x18, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 1.139979687s ago: executing program 3 (id=4021): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x8) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) r3 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="2c0000002e0001002abd7000000000000800", @ANYRES32=r4, @ANYBLOB="0b00e880976b6408686030000500018099000000"], 0x2c}], 0x1}, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000440), 0x10) listen(r5, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r6, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0) r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r8, &(0x7f00000000c0), 0x12) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r9 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0) syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58) 1.000080522s ago: executing program 4 (id=4022): getrandom(0x0, 0x0, 0x82c1ecb149a4e48c) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x4, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)=@rc={0x1f, @none, 0x7f}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000500)="755812e1b4017723e5fec07f1e35387d9f804a698a66fc735cb904a1a23a70a854ef09ef8c3122d1a0df99616b557f41a3bf7523351d1754f0a70c15543d241825e706d5ffc70d2ff81b85fc6ca3326eb53dd85724dc7e70fff5901d1fa6672d354bef7d87be324985bb703b79cafc4d81d5a5acad8a11ada4b953e92db0b38197f32f6cb319691289fddc3bb0abff850a3bc82f0d6534d4f997d82dceaab3ee7598724f6392", 0xa6}], 0x1, &(0x7f0000001ac0)=ANY=[@ANYBLOB="d000000011000000030000007bfded44af84652192c82c054636880046c8dd4016f0e2b4c6af3d45e20445080922468c0f9673afb03414ebe59b268a3ed2ac24d709609f227118ee216faf1ac29d86579c674f8ec79d75c53d10cd21e46a7095d77707dacac430168da4fe1347f71e4944610262e7972bf790700a4d533d50e1374212cc505f5a8467baaadb42b88ae5c960a0f399e15697fb9edd9a249485ac5c69ee571d71ab30828eb39ef42ec2ff41580f7f9766fffcd6e80670aafc4af0e83457c2772e4197d30fb69ab6880000000100001201000000000000ae22f5a6d30adf7ad129788ad0f1546ee8e4848c40955a7c5f652d18634e47d2b51332d76bf7ca3594be20e32b32a1553a40ac311e4260f33bf3ba37a8aef3f4059282b74bb8b2358399103cf649108a475dad56281a5caf0416e71b1d958f3ccbfdd14bc2e297625dbf30db83fe913a614905470f09c818fd7fec8767b27b2695d5947deee678ce948791d57d76437708218de35498d207acd2ae3547310280e2a3b279a5cc9364babafd34562a8588661936b801e397a72f31477e883de624fd83d08d0095323087d3db06485e690cb94ec0ec9473932d95c4592c1eec39f57b985478800000d400000001000000010000000bc3f71c28394f9a2721fcb24e73bf4b0bae6bf2bceb4ee5356356966100d318e6f4e565aaea393f15628dd1efb8c366f4aa1c69d52a43f95c7fe8414612e9c8f892d37c44054c82364d05b525a4e50fd9ef60e8f27a6b963fda44ad29fb4432dd563acdb465bdefcada64036006282e25d06a1ab69bab71f7c81631a8a2cfa4ac68832bfb0d48647a4549c4c1b0437b48f713c2eb9ad184c606422e70ed884543529b1bcb06ef2c41abd59d82b7323df2b44e0392295da2f44d38e145a9f7e23794cd884ea0300bac0000000b01000008000000553aa6671ca6342d86cdafce1605839ac3c1e15b22799ca11daa520e23282d3ccfdb64eba7ba8a4cba2e81d4d0207329c483ce270ddfbac1312a36222766485fd6d3159152b107c612ef66582c614566909a857279ba0fb3ff4f58f08a912467f45d882e6dd861cf29fe375acdf4a6f252db9aeef5a76fd0769dd561f63a29a68cfa9f030bedb648f1bcafa6d94de10f0ae8203ea11e5415d7a1861524319c00000084000000ffffff7f1f8b7d6da21f2ee8731768c2feaaefc986fad74ebdbd6ca79618a7db3985b87ce7ec2a3beb18556d511d3c793bc5c881299171311131ef89c025d0bf642193cbc7bd845062a42bad850ca60b3554ffda3834ad3466194b313793682541ba16052630ae3fa69c4aaf3034a3b4190e3462493d9b582e40afc8d4f00e2433f228c8519b304ecab230fdbdae675cfb00000024000000130100000500000033e1c8ddef175bafbe89419d0060ba6abcc084f9864e0000d80000001901000003000000b6fa4c9615fb5db864aad85211fc68f0b6c432318dee16372dd665481f7325ab2ac77e95873a4801fa56505752e0dc94c62507a005bbb008bb54443f9efa59cd56a1f7b5b578075f13f6457d2bf4133599d7774972e1cf96500444bdd9917e8caacb02c2b82acd66ac915e2a9d8bc0db8a23de93c00490f7802664c10db407e7abfec696ac798bff34c2c528bcfaed8dee6a183fd71e7cd5bc3cddf6ce7ee59c306061279395b2d8b2e9026a59816e27c10291371c34f73ae6e389fbbda78c8f36736000000087010000040000005cdb8d9fb2fca03e40bd47ce689684fc218cff9d7d43bf5be4840da8a65edf7b44687c609fe94752a954655658261971142e899f695817f7e8241f86e6a179b3b6fda3237b02a23aecbc6fea084d4a8f0da200005400000011010000000000806d4c2d25f56ee7782ccdb3f42209351c9aabd03980cb4710b1aab4056e9b44fe2e708ccd961ae6dfc1e22043b486c107dc8c2952e460d77706217ae1923a88b9b65158fd62bc35003c000000030100000f000000c6b3ffa5af4b95fe064822d838adceb0ff88a9ffb055f92b534747775b300e9801b3ee863fd3672ca67cc956345a00"/1496, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRESDEC=0x0, @ANYRESHEX, @ANYRESHEX=0x0], 0x5d8}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) io_setup(0x104, &(0x7f0000000180)=0x0) io_submit(r3, 0x2, &(0x7f0000000480)=[&(0x7f00000000c0)={0x0, 0x0, 0x1f, 0x1, 0x0, r2, &(0x7f0000000000)="de", 0x1}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x8, 0x74, r1, &(0x7f0000000380)="e9af7bb1252a680814a4f56b69773ed46e19db53e48c8c0b7b1f19abe812deb471bbcbe68bf79102548e7b3bc6d52adaa395b589887395bcc1e7f33f5498fa", 0x3f, 0x10001, 0x0, 0x1}]) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) fsetxattr$security_capability(r4, &(0x7f0000000000), 0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000200)=0x14) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c4, 0x0, 0x18c, 0x203, 0x340, 0x19030000, 0x450, 0x2e0, 0x2e0, 0x450, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xc8, 0x110, 0x0, {}, [@common=@hl={{0x24}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x320) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x20000) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0x17a) socket$nl_route(0x10, 0x3, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) syz_open_dev$usbfs(&(0x7f0000001240), 0x6, 0x400140) 993.148498ms ago: executing program 0 (id=4023): unshare(0x22020400) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 848.591345ms ago: executing program 0 (id=4024): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TIOCVHANGUP(r0, 0x5437, 0x1916) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000440), 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x1f, 0x2, &(0x7f0000000580)=ANY=[@ANYRES64=r0], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x3, 0x80cf, 0x0, 'queue0\x00', 0x40000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x1, 0x0, {0x3, 0x0, 0x0, 0x2, 0x7ff}, 0xfffffffe}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) write$sndseq(r5, &(0x7f0000000640)=[{0x0, 0x11, 0x7, 0x9, @time={0x400, 0x2}, {0x0, 0x6}, {0x4, 0xff}, @connect={{0xb2, 0x9}, {0x3, 0xc}}}, {0x3, 0x4, 0x3, 0x4, @tick=0x9, {0xd, 0x6}, {0xd, 0x7}, @note={0x3, 0xc3, 0x4, 0xfe, 0x3}}, {0x63, 0x2, 0x7f, 0x7, @time={0x7, 0x7}, {0x4, 0x3}, {0x0, 0x19}, @connect={{0x6, 0x4f}, {0x7, 0x6}}}, {0xff, 0x40, 0x3, 0x3, @tick=0x1, {0x5}, {0x4}, @control={0x6, 0xffffffff}}, {0x80, 0x8, 0x6, 0xb9, @tick=0x7, {0x4, 0xf}, {0x7f}, @connect={{0x2, 0x1}, {0x7f}}}, {0x8, 0x0, 0x10, 0x7f, @time={0xffff, 0x4}, {0x80, 0x7}, {0x6, 0x2}, @raw8={"00000000000000009ec700"}}], 0xa8) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[], 0x66) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r6}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x7, r6}, 0x38) listen(r2, 0x2) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000000001c14006996b352e508551500ecff000000000000009da0d6a9a5a953db2424135b1b98139b996cb685096f6808156456"], 0x1c}}, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r8, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) sendto$packet(r8, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847fe7bf05ddc63ff512d4074687760a5fbd1fc97772c6f5027dcea15b6658d", 0x33, 0x0, 0x0, 0x0) openat$ttyS3(0xffffff9c, &(0x7f0000000000), 0x40300, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) write$UHID_CREATE(r1, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000040)=""/25, 0x19, 0x8, 0xf, 0x5, 0xc}}, 0x11c) r9 = syz_open_dev$hidraw(&(0x7f0000000080), 0x1, 0x200) write$sndseq(r4, &(0x7f0000000140)=[{0xc2, 0x0, 0x9, 0x3b, @time={0x87a, 0x3}, {0x9, 0x5}, {0x1, 0x37}, @raw32={[0x0, 0x10001, 0x6]}}, {0x7, 0x1, 0x99, 0x6, @time={0x0, 0x9}, {0x7, 0x7}, {0x8, 0x9}, @raw8={"f448b12e011ca19bad2f564c"}}], 0x38) ioctl$HIDIOCGFEATURE(r9, 0xc0404807, &(0x7f0000000200)={0xb, "8ed83ea4cde5486be2750fcd0bbed096f29c2087b4f1de5f62e177f96d6e7911e23e33f4939c0bf9f63fe583452c6e1787563d4b825ecae97d022b91636ade14"}) 699.739579ms ago: executing program 0 (id=4025): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r5 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f0000000680)=""/174, 0xae}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, &(0x7f0000000a40)=""/250, 0xfa}, 0x40000141) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r8, 0x0, r6, 0x0, 0x408cd, 0x0) write$cgroup_int(r9, &(0x7f0000000380)=0xfffffffffffff800, 0x12) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 560.561095ms ago: executing program 1 (id=4026): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e) mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040)='ntfs3\x00', 0x8080, &(0x7f00000001c0)='discard') r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0x40405515, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880) mkdirat(0xffffffffffffff9c, 0x0, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) bpf$MAP_CREATE(0x4000000000000, &(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026"], 0x80}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x0) sendmmsg(r2, &(0x7f0000000180), 0x400008a, 0x0) (fail_nth: 7) 560.089161ms ago: executing program 4 (id=4027): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$HIDIOCGFEATURE(0xffffffffffffffff, 0xc0404807, &(0x7f0000000380)={0x5, "11ae93bf1c7e03ff8061fc54e4a0010ff6c42445c0f1d64062d88c1cc314fc60e9c7a08d49d7f438e72233e3a12d403d62520ab70f5c019ad992704dcfdc500b"}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) socket$xdp(0x2c, 0x3, 0x0) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) r5 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000340), r3) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) r7 = socket(0x10, 0x803, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x4c, r8, 0x801, 0x70bd25, 0x3, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "5a080039084eeef16f162471f4"}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac02}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x228c755bd72ca5cf}, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x14}) write$eventfd(0xffffffffffffffff, &(0x7f0000000080)=0x1000430f, 0x8) ioctl$SOUND_MIXER_READ_RECMASK(r3, 0x80044dfd, &(0x7f0000000300)) syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x84000) 533.713582ms ago: executing program 1 (id=4028): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/96, 0x60}], 0x1}, 0xc}], 0x1, 0x60002000, 0x0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 230.037359ms ago: executing program 4 (id=4029): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty=0xb00, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x1000000}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x8e0, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x80000000}}}}}, 0x0) 229.62258ms ago: executing program 3 (id=4030): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x10}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000280)="0f22c23e66640f0666b9b400004066b8965a000066ba000000000f306766c7442400000000006766c7442402f33f00006766c744240600000000670f011c240f0d8e0090f2f02803642ed9fb6766c74424000c0000006766c74424020c0000006766c744240600000000670f0114240f326467cf", 0x74}], 0x1, 0x1b, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 229.49322ms ago: executing program 4 (id=4031): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000280)="0f22c23e66640f0666b9b400004066b8965a000066ba000000000f306766c7442400000000006766c7442402f33f00006766c744240600000000670f011c240f0d8e0090f2f02803642ed9fb6766c74424000c0000006766c74424020c0000006766c744240600000000670f0114240f326467cf", 0x74}], 0x1, 0x1b, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 229.074986ms ago: executing program 0 (id=4032): unshare(0x22020400) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 139.281055ms ago: executing program 0 (id=4033): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000480)={0xc9, 0x0, 0xc}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', &(0x7f00000004c0), 0x14, &(0x7f00000007c0)={'trans=virtio,', {[{@cache_mmap}]}}) openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0) 0s ago: executing program 0 (id=4034): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r3}, 0x8) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) mprotect(&(0x7f0000008000/0x11000)=nil, 0x11000, 0x100000c) r5 = syz_pidfd_open(0x0, 0x0) setns(r5, 0x2000000) ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000dc0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f00000001c0)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x80000) sendmmsg$alg(r7, &(0x7f000000ff40)=[{0x0, 0x0, &(0x7f00000097c0)=[{&(0x7f00000073c0)="a42e0ce53b4df4f33fbc2462110d33dd0b9a985cf6e6115f19c52ef367a9ddd16fb567397de0334585185e84461994d6486e4b8616e4075a9d71e958c46285de610cffa630ac926b2195009615f3d3ff7119ee0634", 0x55}, {&(0x7f0000007440)="1f902d825d174b0325afd7ce84f5f0e60eea0c6be8d3ec2a8369103dc58ecf2b10deefcfd59237dff48d28dc376276", 0x2f}, {&(0x7f0000007480)="3408cd1ef2013b0dde9aab32a3a343ed0c4e9eef973a843cd257b3fb5cc440f0193d1baa7566cdf94eb9361c6a0c395f7c0e182dd69f403d99fa8bb5c187ede78abfb514570350bfc62508f714b3708b4769f2f89aa31752097271c53d0be2053557a09ed89a692a4c74391dbdfd407ff83b", 0x72}, {&(0x7f0000007500)="6010ca1a9e696a7cf9ac7f83435794d2dfe7107862a9a7b12210713d7616047a55c85e6f500b2b496d7a702dd0c013985603b33b7fb3fca38d2de262f742584984729d78a34c3606e3877ef811e24b5b9059bfe7e5b5c30ef87e382f711123e704a2be818becb647615b4b40040ef0f6b89033a8847eb10cbee956637d4bb95fde5e30d549b1258d0decf24c3db64665e00d69d5cf3e887594f60c6fab59d6a5784272eae12404690c2fdf6656ef0f60b42dae8ef7f5a407ce22cc", 0xbb}, {&(0x7f00000075c0)="73836b8709d03876257080ed28b33b03a84ce16997a59efed73d74d4c906062eae838ec914b16cb57af3b69d1402da5c4e7a1ee5d49d2ba8877ddda460e3072893f500e1bdad4af38b4b7e0a8435c59d4af23a9053a3b74f63b9727170fac6fd4da528d20b9a9c6fdc7ae23c03604b39f8dd7325faa4daabd14c932129a0cf905d3917ad194a30ae5d7d6abb1010121003fcd7aad0ed1d219c68bae9b0e0c42e89a000be66a52333a9b64eb4a29b417e4400f39f3a1b7771fd156026893ea7adecc1656ef86d2564b1f792d747daa996e090a84ca9b6ec2eb8802b7fd54a10a03c25c7ed0c10067bd0f4962af6a3849f2cd6169130781e788d33889d5c61c36d3b128664057c12ede58b15b92e384be9339e06d5984696c64651815fddf789ce3a88406f9273dc0074554ae609d1d32421afbf9ca8ae5d9f591e37a4a962a0c9f388fe5bb82b5026044bbecebd9dffb19df9c2f92f77e3675e9884de86934df373ea3378294e2f6d10eba65afb2fafda5451f6e79831a393848fea6d846c5343d49bf4c52e6c169fe9dc2e985780416e69f8a341f98e834d6c5abee9b34ca624cb630da1c56e57879d9515396cf337580068881037c84ecae4ccc6bff119b145f99ac9510e8a26a3ba6b90d05459ffbb4642c518a9772022083e2575393f1d02df640246c54c0322359c07aa77e72d5bfccd7e86d4f2c5c98ac873ce5967b4a8863178d513bb64d5bfef8fd4de6170b463f4a2ba0c8afbc4f9a4746b1cab83054911fc37abe1f8bb54543e73ab1baecf341b96aa4461b16575094c5756b42aa9ca9af1328689d36108654d160bff51b029a8b6ace9b021f52ed36e8a31d3e473340981ccca68ee09d7df86ad91c296f63f5553ca1dc84c06aa85bf6f60025e5d5ee31a0a9905e71e873a2cff705ec9a1bef281c96259159d1dc7808f7c5ea9d56469da60ee44810f98ea64421f79eaf01706f461457cbeba401007853333f185fe283b94abd3372a44c709ca1f3c52a9226cbfc3f6e936f8ef4d8cb97124ea5df45eefde63da267ea072fa35854c4f20ffb70fd233e26d9f8bef86b78b3c16b6fcfc8be42cf7256f80d87d15699ae6f9a97ad0b3f08a2d62eb20161813850f5c76c8629b2732efadbb8c7bbb45c6426495f15ea5ee9710b03b80d314bdbbbbebf4fb08a2ba4add82590c3342fbdb535780e02c22aaa50261949103aa77ce6d8dc2b00dbc28fb9d0680438c9cc37cbc17113bde1912602f345b583e64a41b91d17f80c5e63efac9c15cf56cc9413326800c1e7fc2b9f6a4403dbedfd6611127bd2abc4e39f5b38019e9db953e2c7b1047cf26630ad8d2abe0a81dc9ebd66d6d5dda4a7e1eaf74e9cea5e76a03b5e30e46d6f510d3c54f67bcba2f348d37738026451632ee300c8920d41ee6e43ab2925355979fe96ce72792d85e5cad822c711a840c58d4408a6a0b35a028f2abc295161e840cc2ad7bc2093b47976e2e1bdfe09372cbdf3d172ee7cd7cf06a721241569e3be10c124755f7ece001b5fb62c822c8973723f1f1ba454d422a4bfbeb17b7b87382dc947f14674bcdda8daaaf83da88f8b63fdd0f7bc1502366e10ce883d081656a1a4724bf97aaf5aea948468105290d7289fb0a1c848899cbe97f53eac5ec152b0948ef5f3fcaa84cc27d6cddf11afe50054c8c57ada68bd5ead6b2c15166e16938e916a9aeec5766c71111ef455050f32d72c6db83bf2eca5bae6d63acb32e149be6fc7a93546557cb0513416d29f1ffaad9ac6eeef7e72ea5eb00153f19c7e0954845aaa6e755ad6243e388f7bd2ff88e2deef6c07d3da17b276c1d8821786d9e51fe45ab1b3c255c269c48933f5a18b896e5a507d04412b7ab81c5014d5236c2c8740f1e355a35618e5d6f35b48e1a44e739c6f56ae61587014a83c8d9d8696b055f904535d3fab68712a114b34357aed4baee9540c8e2442891a92d5559aba6ca0b7266e1663c79671b44fa99e400914d36d17a2326b1f46f8aab17f787b360210cbb57045cad89a53b3edfc0f4b8e5542572b94bfdeb479dd1c35ed14620fbab4eedec3fa9364db943408302739e9233871c2af279f42944ce2900802f6a058ea1fa36dbfe936f763f3fe32d78155396b0bdd789c02e98ff2c944e8ba9b4b8a07decabadd6be90b613bd40fb6801d648c95f93827d93dade532a571d2039d060d8cf9fde472977e894caf8d39f971d123bcdea92863fdb3f34e21f89502dde08fda1603605d1492a2ca80b187f4166cf5194e43c1b3e6f1421b0c5cd5478862b0ecc9e53c79398b3736508d531adaaf66f6ac6e55ec6a5781c29c098c006052996c32adcd837115f07713c9f2039e9bdf8f240e3d2d1af8ba872e3367af013d9a22ebd5b24dbac5738ac73ae2faaa552dc51099a2fa7a974bdf2f65242d14d65688dbd86258b95f721ac4c568786fe0b26103e0fa58a42353d14c1e96c8de5b6f31ec71fa1223c70c6d4520ef3b96510ab2583d0a7e713c261042cf858825d42f5ef877fd583ac04dd1dae4cdbaf0045f82b923782c194437765232164a0ebecf1784cebe844a5eccd987ba8114eac963c5b8fcea8a2d7e54c417d27e83b7d198dcf224fe95244ef80a10c1089fa078a76ec984865abbd49406bc1d2f9148aac79f87b39ea7d81539c186ef4c5e2a57522cf4adcf542ba04d0fc868142d0fea93c1a86020bbaec42c1b0681ab1799deacf9d946eee90e2922509be8fd6e3015dcd16289a18345f0cfbde267250bfd74d9f9799a371abddf6db00864c179bb004e22286dc95e52fbb16d1a63aaaf1a50754fdce86696ab326a04e01a6022e50097d8df1a54c1ef25e7938ada5e9feda1c876e41edd09591c71bddcbdac153db72cc032ae07d318d4e0040c421b13ed683b5ae3a856b1d217ec83beef56cd65a4f33e46a3c6dcf7bd883fb6796c0f6d472091b6ac5df12897415ce19aa1216dd4d9173378d61181817242f6ef63c3bd12dd76558e37e81517083ce2cb6c4419b847722996f06f661d10680672ad3cf5d530b0d7bf9cdc45bd57df4368e2e96437d44c1ad91066d2a4fcec8cf251860e33a7626ac0d42e6fa2125e039b9488f819a8b30d49a4037bb0f3b30223dd03db253f2b15343d9884881bdc0ab7bead7ebe6193eeb6037095f505ce3d5b8f9c2911f6fa908e4a23b5e4be4d66a6741af1b3ccb7edaa7bd7acabb98ddee22dfebec49fcbd70c476fbaa9ad05d6e2896fdd87d4a44c966c87dedca748f8bfa8466a5b7c3d59d598726a64a41f79307f2fea33f11723560100015422a1591767b6ae1805f71f410c7af04b9ec44e4d424a5acc790d03b0ce71c824f4868dc0c64782788731543df7574da791b5027c778997ec61d5ee42e662b862f8e311b0865c58793af0a591c309b39d9372aa2cbcabebc4fcb57f8643e72b0296ef89c47ddda2c80d9d48f5633de5276904befb861967a70099876965f87d67ac232f0c2b44f1af78623793a45fe81fb7bfc021c525be92b4c6eea3dc15bdbe5992bb5715e8f4d0db6631be1a2f10d2f4de2641888f86bcd3af5ac139f8f7d1ffc4df11be1de9aead960edc937a00defc4566cc405e149b960245889f8d608a679f7cfbfe86e4a7814e3e73b12a673c8cafadba395346b88d94ab2333fb6e2bd1be8313ef89806f73ddff89ecac327b6912cbb94a4cc745f0e5117402eb90d7ef19ae9ced2ffc13436d2bd0ba179e39e2c13429e603feaf48b9ef5c01102c3dbbae072d9054f1d337557e34f4b88a94e6a7c2787dec014ba771a47c7ebac73bcd49ec162c29e31c56b361dd876c7e6c6f787a3af5eba28bef31161f16e4bf577a6fe422bf332c451d6617cf518b1f85949efe8b5044fd4921a1f927f30a6d0877be227d6ebafaef539c767b8021d3159d9d0bae408a10d92cf63f4214ecd40dbf81d087c796b32e2f4e602eefa99b0a3ff360639ab6278251baefa2e00f2af481fe7943d01b7353b6bb36732114057c5672572b997d35563b600431e4471f7d0aca0b2d4652754da32e12f546e9d02c693855072ee14d4d1761786b619957ec0937f4e9b7f9115701d7e158d3cd954dedb60c380ccab7c0c78003986888f44572db80ec70506f6aec929f77de7b84c04d24de864d7a98e2ea5abb8f45061cbd464fcf3a2f2c041742c6b2a0e76f0666000b973e5086f66c296a64204f4f9162e2ed494072885429cd336f0d66649c511c8cdc6bac572f9e1afba8fe2209ee0868b65f74e7a8ce2839d743cc31b698007b21eaef195a7ff7a4c322ba52ab3469f52761897be3522e7665fb927ffa044d127e8d56a12f3dc3b7b6b7d6275d01472d5f0f9ba88c55afe4994e83f2d81ee2a452203e698ebe381aa56f1298eed26f1f01d96d049e4e10bc6d2e1e61051a144b310b93accd1f58ed0def5cee3ecbdfe1484a1315088ffad3164e0be56268443160044547cc94a769475070d64447fcdd5ab1fabee162390ef603b4b2cfc580e52095ca4fc718fd0f97c5c3733ca7568ec038ce1fddda1cb0e9e4a83b778175c001f90976f661f4fc543ac58c8846f58faea8846e5caa39c9554b2e47ed79843427172f447137ace3ac9f702d829247ff23aa6cb09e3a56f39930adb6bc9ed4a03b2ecd60e8f46599ee43b27708f2554a67380708fc66d6ab1690aa16c11793d27f5257651e7f315f8c8502773f418eacf6913c99cd644b29df76095136e2a5e62bea5fe0a5c58741edb1418e6fe096a0d6cf9ef9647e01d48110ef346bf46ffc2aa019e725676b06ebbf330b3512d9961bb8d32a5ffb3ea75d3ccf0689390bd341bbe4c93c9ad1a5c2c92e1b0066fa42bab3d460cb105b629fca8194ebc09e6f24764b77f437ada91337f7fbd23cc04af04ddc2cc504cc1b228d0cbd4369109ed3c767af5d1af17e3945463183638abdc4fbb102985d63ccddad1e8321c624ab8be6a54f161d61b9dceda3b74c22fc5fc503878fb3ec144f73246dfba252df6ccda9e7e7598114b1af1875b3d369d5146f655df964f0373c5c8f3b118d6ef260e1a5989dff6890310f46efe9b8340a711bcfd4efc9483c74ce89eb6703806e0b89624d93b96b8f46d2dd98034f3f4b5c35a0c208aece0f5e85a9f30826606bc88bb", 0xe2f}], 0x5, 0x0, 0x0, 0x8000}], 0x1, 0x80) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) mmap$KVM_VCPU(&(0x7f00000dc000/0x1000)=nil, 0x0, 0x2, 0x10, r4, 0x0) r9 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r8, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r9, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r10, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r11, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x4e23, 0x2, @empty, 0x3}, @ib={0x1b, 0xfffe, 0x8000000, {"7d900600080000000900"}, 0x0, 0x0, 0x6}}}, 0x118) syz_usb_connect(0x4, 0x57, &(0x7f00000003c0)={{0x12, 0x1, 0x200, 0xd5, 0x60, 0xa8, 0x0, 0x20a6, 0x1105, 0x81dd, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x45, 0x1, 0x80, 0x5, 0x80, 0x10, [{{0x9, 0x4, 0x21, 0x9, 0x0, 0x98, 0x1f, 0xf7, 0x5, [@uac_as={[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x4a, 0x3, 0x0, 0x7, "ea"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x0, 0x4, 0x3, 0xd, "e5cfc01c3881fee3"}, @as_header={0x7, 0x24, 0x1, 0x9, 0xdf, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7, 0x3, 0xf7, 0x1, "01b3d7"}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x7, 0x4, 0xa9}]}]}}]}}]}}, &(0x7f0000000700)={0x0, 0x0, 0x37, &(0x7f0000000140)={0x5, 0xf, 0x37, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x3d, "e44ae56a030cdc250af8c721229e4138"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0xe9, 0x4, 0x7f}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "d1fb22cd19ee5a789e54b268694a973d"}]}, 0x4, [{0x62, &(0x7f00000001c0)=@string={0x62, 0x3, "c666061396d1731545e41527f8f91379159f1666c36e100de50d9d891c41933bb6c1261c7adb32baa07ca6d03fa629b2c6781c33e9ed81774079c12596cfb825615543972a441de68b578cc3db89950b725088996891147512ad3e54034c9723"}}, {0xad, &(0x7f0000000600)=@string={0xad, 0x3, "829f2f524b83b05b9b48118811089be5a93e769da483a65e7b787ced40b0e7b17e73ec5ce78553780a9e0aa8f4b5272fe59d26438209b527dcea0bfee8afd4530a32c7021673b235ed689c0f6a6a6f66d383b58a599ce7ae300d2cc13c57662f6e400ee5c7d0868a49b368ba44e76c0d592ceb50b5db23566020ca9848261aed637cda663071b8a4fb9b7f4ec54f73dc4077cbe5d2bfe9bef46791d5f87ab7d316ac8a96653470dd03a6fd"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x423}}, {0x31, &(0x7f00000006c0)=@string={0x31, 0x3, "94ce673ce7414addf80a2fe4bc4411fb496d7dfc803a639796661d9356b3f2bcf72f59338afd48703fdcfd64b01cc6"}}]}) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x20) socket$pppl2tp(0x18, 0x1, 0x1) kernel console output (not intermixed with test programs): ? get_compat_msghdr+0x11b/0x170 [ 690.005067][T18221] ___sys_sendmsg+0x135/0x1e0 [ 690.005082][T18221] ? __pfx____sys_sendmsg+0x10/0x10 [ 690.005101][T18221] ? trace_lock_acquire+0x14e/0x1f0 [ 690.005121][T18221] __sys_sendmmsg+0x2fa/0x420 [ 690.005136][T18221] ? __pfx___sys_sendmmsg+0x10/0x10 [ 690.005154][T18221] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 690.005172][T18221] ? fput+0x67/0x440 [ 690.005182][T18221] ? ksys_write+0x1ba/0x250 [ 690.005195][T18221] ? __pfx_ksys_write+0x10/0x10 [ 690.005211][T18221] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 690.005223][T18221] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 690.005235][T18221] __do_fast_syscall_32+0x73/0x120 [ 690.005249][T18221] do_fast_syscall_32+0x32/0x80 [ 690.005261][T18221] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 690.005279][T18221] RIP: 0023:0xf7fd2579 [ 690.005288][T18221] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 690.005298][T18221] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 690.005308][T18221] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003e00 [ 690.005315][T18221] RDX: 0000000000000001 RSI: 0000000000008000 RDI: 0000000000000000 [ 690.005321][T18221] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 690.005326][T18221] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 690.005332][T18221] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 690.005343][T18221] [ 690.176645][T18226] FAULT_INJECTION: forcing a failure. [ 690.176645][T18226] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 690.183215][T18226] CPU: 1 UID: 0 PID: 18226 Comm: syz.2.3440 Not tainted 6.14.0-rc3-syzkaller #0 [ 690.183231][T18226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 690.183239][T18226] Call Trace: [ 690.183243][T18226] [ 690.183248][T18226] dump_stack_lvl+0x16c/0x1f0 [ 690.183268][T18226] should_fail_ex+0x50a/0x650 [ 690.183287][T18226] _copy_from_iter+0x2a1/0x1560 [ 690.183300][T18226] ? trace_lock_acquire+0x14e/0x1f0 [ 690.183313][T18226] ? __alloc_skb+0x1fe/0x380 [ 690.183328][T18226] ? __pfx__copy_from_iter+0x10/0x10 [ 690.183338][T18226] ? __virt_addr_valid+0x1a4/0x590 [ 690.183352][T18226] ? __virt_addr_valid+0x5e/0x590 [ 690.183363][T18226] ? __phys_addr_symbol+0x30/0x80 [ 690.183373][T18226] ? __check_object_size+0x488/0x710 [ 690.183387][T18226] netlink_sendmsg+0x813/0xd70 [ 690.183404][T18226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 690.183422][T18226] ____sys_sendmsg+0xaaf/0xc90 [ 690.183435][T18226] ? __pfx_____sys_sendmsg+0x10/0x10 [ 690.183446][T18226] ? get_compat_msghdr+0x11b/0x170 [ 690.183463][T18226] ___sys_sendmsg+0x135/0x1e0 [ 690.183479][T18226] ? __pfx____sys_sendmsg+0x10/0x10 [ 690.183499][T18226] ? __pfx_lock_release+0x10/0x10 [ 690.183514][T18226] ? trace_lock_acquire+0x14e/0x1f0 [ 690.183530][T18226] ? __fget_files+0x206/0x3a0 [ 690.183549][T18226] __sys_sendmsg+0x16e/0x220 [ 690.183564][T18226] ? __pfx___sys_sendmsg+0x10/0x10 [ 690.183587][T18226] __do_fast_syscall_32+0x73/0x120 [ 690.183602][T18226] do_fast_syscall_32+0x32/0x80 [ 690.183615][T18226] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 690.183633][T18226] RIP: 0023:0xf73be579 [ 690.183642][T18226] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 690.183653][T18226] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 690.183664][T18226] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 690.183671][T18226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 690.183677][T18226] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 690.183683][T18226] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 690.183689][T18226] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 690.183701][T18226] [ 690.358201][ T5956] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 690.358296][T15718] Bluetooth: hci3: command 0x1003 tx timeout [ 690.518690][T15718] Bluetooth: hci4: command 0x0406 tx timeout [ 690.598789][ T67] Bluetooth: hci2: command 0x0406 tx timeout [ 690.598785][T15718] Bluetooth: hci1: command 0x0406 tx timeout [ 690.600547][ T5956] Bluetooth: hci0: command 0x0406 tx timeout [ 690.964030][T14407] IPVS: starting estimator thread 0... [ 691.048256][T18250] IPVS: using max 24 ests per chain, 57600 per kthread [ 691.543904][T18257] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3446'. [ 692.135575][T18266] FAULT_INJECTION: forcing a failure. [ 692.135575][T18266] name failslab, interval 1, probability 0, space 0, times 0 [ 692.140170][T18266] CPU: 2 UID: 0 PID: 18266 Comm: syz.1.3449 Not tainted 6.14.0-rc3-syzkaller #0 [ 692.140188][T18266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 692.140198][T18266] Call Trace: [ 692.140203][T18266] [ 692.140209][T18266] dump_stack_lvl+0x16c/0x1f0 [ 692.140234][T18266] should_fail_ex+0x50a/0x650 [ 692.140260][T18266] should_failslab+0xc2/0x120 [ 692.140274][T18266] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 692.140297][T18266] ? skb_clone+0x190/0x3f0 [ 692.140321][T18266] skb_clone+0x190/0x3f0 [ 692.140341][T18266] netlink_deliver_tap+0xabd/0xd30 [ 692.140364][T18266] netlink_unicast+0x5e1/0x7f0 [ 692.140384][T18266] ? __pfx_netlink_unicast+0x10/0x10 [ 692.140402][T18266] ? __phys_addr_symbol+0x30/0x80 [ 692.140417][T18266] ? __check_object_size+0x488/0x710 [ 692.140434][T18266] netlink_sendmsg+0x8b8/0xd70 [ 692.140455][T18266] ? __pfx_netlink_sendmsg+0x10/0x10 [ 692.140481][T18266] ____sys_sendmsg+0xaaf/0xc90 [ 692.140497][T18266] ? __pfx_____sys_sendmsg+0x10/0x10 [ 692.140512][T18266] ? get_compat_msghdr+0x11b/0x170 [ 692.140537][T18266] ___sys_sendmsg+0x135/0x1e0 [ 692.140558][T18266] ? __pfx____sys_sendmsg+0x10/0x10 [ 692.140586][T18266] ? __pfx_lock_release+0x10/0x10 [ 692.140605][T18266] ? trace_lock_acquire+0x14e/0x1f0 [ 692.140628][T18266] ? __fget_files+0x206/0x3a0 [ 692.140653][T18266] __sys_sendmsg+0x16e/0x220 [ 692.140672][T18266] ? __pfx___sys_sendmsg+0x10/0x10 [ 692.140709][T18266] __do_fast_syscall_32+0x73/0x120 [ 692.140730][T18266] do_fast_syscall_32+0x32/0x80 [ 692.140747][T18266] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 692.140770][T18266] RIP: 0023:0xf7f96579 [ 692.140783][T18266] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 692.140797][T18266] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 692.140812][T18266] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001540 [ 692.140822][T18266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 692.140830][T18266] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 692.140838][T18266] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 692.140847][T18266] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 692.140866][T18266] [ 692.236314][ C2] vkms_vblank_simulate: vblank timer overrun [ 692.238705][ C2] hrtimer: interrupt took 90788243 ns [ 692.329541][ C2] vkms_vblank_simulate: vblank timer overrun [ 692.334838][T18281] random: crng reseeded on system resumption [ 693.282263][T18310] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3462'. [ 693.423034][T18312] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.533260][T18312] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.584975][T18312] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.663200][T18312] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.752533][T18312] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.762101][T18312] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.774491][T18312] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.785671][T18312] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.878432][T18323] IPVS: fo: SCTP 172.20.20.187:0 - no destination available [ 694.652966][T18330] FAULT_INJECTION: forcing a failure. [ 694.652966][T18330] name failslab, interval 1, probability 0, space 0, times 0 [ 694.656524][T18330] CPU: 3 UID: 0 PID: 18330 Comm: syz.3.3467 Not tainted 6.14.0-rc3-syzkaller #0 [ 694.656538][T18330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 694.656545][T18330] Call Trace: [ 694.656549][T18330] [ 694.656554][T18330] dump_stack_lvl+0x16c/0x1f0 [ 694.656572][T18330] should_fail_ex+0x50a/0x650 [ 694.656588][T18330] ? fs_reclaim_acquire+0xae/0x150 [ 694.656603][T18330] ? tomoyo_encode2+0x100/0x3e0 [ 694.656644][T18330] should_failslab+0xc2/0x120 [ 694.656655][T18330] __kmalloc_noprof+0xcb/0x510 [ 694.656673][T18330] ? rcu_is_watching+0x12/0xc0 [ 694.656686][T18330] tomoyo_encode2+0x100/0x3e0 [ 694.656701][T18330] tomoyo_encode+0x29/0x50 [ 694.656713][T18330] tomoyo_realpath_from_path+0x19d/0x720 [ 694.656728][T18330] ? tomoyo_path_number_perm+0x235/0x590 [ 694.656741][T18330] tomoyo_path_number_perm+0x248/0x590 [ 694.656752][T18330] ? tomoyo_path_number_perm+0x235/0x590 [ 694.656765][T18330] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 694.656781][T18330] ? find_held_lock+0x2d/0x110 [ 694.656799][T18330] ? __pfx_lock_release+0x10/0x10 [ 694.656813][T18330] ? trace_lock_acquire+0x14e/0x1f0 [ 694.656824][T18330] ? find_held_lock+0x2d/0x110 [ 694.656835][T18330] ? lock_acquire+0x2f/0xb0 [ 694.656847][T18330] ? __fget_files+0x40/0x3a0 [ 694.656864][T18330] ? __fget_files+0x206/0x3a0 [ 694.656880][T18330] security_file_ioctl_compat+0x9b/0x240 [ 694.656925][T18330] __do_compat_sys_ioctl+0x4e/0x2c0 [ 694.656939][T18330] __do_fast_syscall_32+0x73/0x120 [ 694.656953][T18330] do_fast_syscall_32+0x32/0x80 [ 694.656965][T18330] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 694.656982][T18330] RIP: 0023:0xf7fd2579 [ 694.656992][T18330] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 694.657001][T18330] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 694.657011][T18330] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000400442c9 [ 694.657017][T18330] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 694.657023][T18330] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 694.657028][T18330] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 694.657034][T18330] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 694.657046][T18330] [ 694.657056][T18330] ERROR: Out of memory at tomoyo_realpath_from_path. [ 694.986901][T18341] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3468'. [ 695.188365][T18345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3470'. [ 695.190936][T18345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3470'. [ 696.918305][ T56] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 696.995133][T18375] netlink: 'syz.1.3478': attribute type 12 has an invalid length. [ 697.093993][ T5984] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 697.108214][ T56] usb 5-1: Using ep0 maxpacket: 32 [ 697.114044][ T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 697.116998][ T56] usb 5-1: config 0 has no interface number 0 [ 697.122151][ T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 697.125554][ T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 697.128521][ T56] usb 5-1: Product: syz [ 697.130322][ T56] usb 5-1: Manufacturer: syz [ 697.132100][ T56] usb 5-1: SerialNumber: syz [ 697.135394][ T56] usb 5-1: config 0 descriptor?? [ 697.139452][ T56] smsc95xx v2.0.0 [ 697.141393][ T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 697.145220][ T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 697.147790][T18379] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.228143][T18379] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.268011][ T5984] usb 7-1: Using ep0 maxpacket: 32 [ 697.270923][ T5984] usb 7-1: config 0 has an invalid interface number: 67 but max is 0 [ 697.273298][ T5984] usb 7-1: config 0 has no interface number 0 [ 697.276909][ T5984] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 697.279643][ T5984] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 697.281925][ T5984] usb 7-1: Product: syz [ 697.283175][ T5984] usb 7-1: Manufacturer: syz [ 697.284527][ T5984] usb 7-1: SerialNumber: syz [ 697.287585][ T5984] usb 7-1: config 0 descriptor?? [ 697.290130][ T5984] smsc95xx v2.0.0 [ 697.291245][ T5984] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 697.294384][ T5984] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -22 [ 697.318216][T18379] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.371632][T18379] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.479019][T18379] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.486081][T18379] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.492665][T18379] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.498348][T18379] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.574428][ T39] audit: type=1326 audit(1739814086.682:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.580125][T18385] ip6gretap0: entered promiscuous mode [ 697.582798][ T39] audit: type=1326 audit(1739814086.682:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.593687][ T39] audit: type=1326 audit(1739814086.682:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=82 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.601796][ T39] audit: type=1326 audit(1739814086.682:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.609869][ T39] audit: type=1326 audit(1739814086.682:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.617897][ T39] audit: type=1326 audit(1739814086.682:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.625976][ T39] audit: type=1326 audit(1739814086.682:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.634105][ T39] audit: type=1326 audit(1739814086.682:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.642841][ T39] audit: type=1326 audit(1739814086.682:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.651775][ T39] audit: type=1326 audit(1739814086.682:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000 [ 697.880550][ T5956] Bluetooth: hci2: unexpected event for opcode 0x0c23 [ 698.303099][T18400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3487'. [ 698.327460][T18399] FAULT_INJECTION: forcing a failure. [ 698.327460][T18399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 698.331195][T18399] CPU: 0 UID: 0 PID: 18399 Comm: syz.1.3486 Not tainted 6.14.0-rc3-syzkaller #0 [ 698.331208][T18399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 698.331215][T18399] Call Trace: [ 698.331219][T18399] [ 698.331224][T18399] dump_stack_lvl+0x16c/0x1f0 [ 698.331241][T18399] should_fail_ex+0x50a/0x650 [ 698.331259][T18399] _copy_from_user+0x2e/0xd0 [ 698.331271][T18399] get_compat_msghdr+0xa8/0x170 [ 698.331283][T18399] ? __pfx_get_compat_msghdr+0x10/0x10 [ 698.331295][T18399] ? ___sys_sendmsg+0x142/0x1e0 [ 698.331311][T18399] ___sys_sendmsg+0x1b0/0x1e0 [ 698.331327][T18399] ? __pfx____sys_sendmsg+0x10/0x10 [ 698.331346][T18399] ? trace_lock_acquire+0x14e/0x1f0 [ 698.331363][T18399] ? __pfx___might_resched+0x10/0x10 [ 698.331382][T18399] __sys_sendmmsg+0x2fa/0x420 [ 698.331398][T18399] ? __pfx___sys_sendmmsg+0x10/0x10 [ 698.331416][T18399] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 698.331434][T18399] ? fput+0x67/0x440 [ 698.331445][T18399] ? ksys_write+0x1ba/0x250 [ 698.331459][T18399] ? __pfx_ksys_write+0x10/0x10 [ 698.331474][T18399] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 698.331486][T18399] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 698.331499][T18399] __do_fast_syscall_32+0x73/0x120 [ 698.331513][T18399] do_fast_syscall_32+0x32/0x80 [ 698.331526][T18399] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 698.331543][T18399] RIP: 0023:0xf7f96579 [ 698.331552][T18399] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 698.331561][T18399] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 698.331572][T18399] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080003cc0 [ 698.331578][T18399] RDX: 0000000000000172 RSI: 0000000000000000 RDI: 0000000000000000 [ 698.331584][T18399] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 698.331589][T18399] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 698.331595][T18399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 698.331607][T18399] [ 698.894340][ T5984] usb 5-1: USB disconnect, device number 25 [ 698.936229][T18405] netlink: 'syz.0.3489': attribute type 1 has an invalid length. [ 699.158062][ T6025] usb 7-1: USB disconnect, device number 20 [ 699.620480][T18420] ipvlan1: entered allmulticast mode [ 699.623392][T18420] veth0_vlan: entered allmulticast mode [ 700.688197][ T5984] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 700.838904][ T5984] usb 5-1: Using ep0 maxpacket: 32 [ 700.849931][ T5984] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 700.858029][ T5984] usb 5-1: config 0 has no interface number 0 [ 700.863049][ T5984] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 700.867866][ T5984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 700.872185][ T5984] usb 5-1: Product: syz [ 700.873878][ T5984] usb 5-1: Manufacturer: syz [ 700.875784][ T5984] usb 5-1: SerialNumber: syz [ 700.882343][ T5984] usb 5-1: config 0 descriptor?? [ 700.887565][ T5984] smsc95xx v2.0.0 [ 700.889563][ T5984] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 700.892852][ T5984] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 701.728165][T14407] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 701.888152][T14407] usb 6-1: Using ep0 maxpacket: 32 [ 701.893275][T14407] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 701.896345][T14407] usb 6-1: config 0 has no interface number 0 [ 701.900866][T14407] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 701.904503][T14407] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.907493][T14407] usb 6-1: Product: syz [ 701.909271][T14407] usb 6-1: Manufacturer: syz [ 701.911054][T14407] usb 6-1: SerialNumber: syz [ 701.915155][T14407] usb 6-1: config 0 descriptor?? [ 701.918600][T14407] smsc95xx v2.0.0 [ 701.920080][T14407] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 701.923932][T14407] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22 [ 702.535443][T18486] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0 [ 703.064196][T18499] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3515'. [ 703.218970][ T5984] usb 5-1: USB disconnect, device number 26 [ 704.149776][ T6040] usb 6-1: USB disconnect, device number 19 [ 704.538594][T18520] FAULT_INJECTION: forcing a failure. [ 704.538594][T18520] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 704.542479][T18520] CPU: 0 UID: 0 PID: 18520 Comm: syz.1.3520 Not tainted 6.14.0-rc3-syzkaller #0 [ 704.542493][T18520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 704.542500][T18520] Call Trace: [ 704.542513][T18520] [ 704.542519][T18520] dump_stack_lvl+0x16c/0x1f0 [ 704.542537][T18520] should_fail_ex+0x50a/0x650 [ 704.542556][T18520] _copy_from_user+0x2e/0xd0 [ 704.542568][T18520] move_addr_to_kernel+0x68/0x160 [ 704.542581][T18520] __get_compat_msghdr+0x3f1/0x4d0 [ 704.542595][T18520] get_compat_msghdr+0xd3/0x170 [ 704.542605][T18520] ? __pfx_get_compat_msghdr+0x10/0x10 [ 704.542620][T18520] ___sys_sendmsg+0x1b0/0x1e0 [ 704.542635][T18520] ? __pfx____sys_sendmsg+0x10/0x10 [ 704.542654][T18520] ? __pfx_lock_release+0x10/0x10 [ 704.542668][T18520] ? trace_lock_acquire+0x14e/0x1f0 [ 704.542684][T18520] ? __fget_files+0x206/0x3a0 [ 704.542703][T18520] __sys_sendmsg+0x16e/0x220 [ 704.542718][T18520] ? __pfx___sys_sendmsg+0x10/0x10 [ 704.542739][T18520] __do_fast_syscall_32+0x73/0x120 [ 704.542753][T18520] do_fast_syscall_32+0x32/0x80 [ 704.542766][T18520] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 704.542783][T18520] RIP: 0023:0xf7f96579 [ 704.542792][T18520] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 704.542802][T18520] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 704.542812][T18520] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800011c0 [ 704.542818][T18520] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 704.542824][T18520] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 704.542830][T18520] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 704.542836][T18520] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 704.542847][T18520] [ 704.620109][ T39] kauditd_printk_skb: 3 callbacks suppressed [ 704.620150][ T39] audit: type=1326 audit(1739814093.732:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18516 comm="syz.2.3521" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000 [ 704.669761][ T39] audit: type=1326 audit(1739814093.732:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18516 comm="syz.2.3521" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000 [ 705.252250][T18517] orangefs_mount: mount request failed with -4 [ 705.314119][T18529] fuse: root generation should be zero [ 705.533313][T18538] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3526'. [ 705.537778][T18538] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3526'. [ 706.207779][T18549] netlink: 'syz.2.3529': attribute type 10 has an invalid length. [ 706.281011][T18549] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 706.651574][T18565] netlink: 'syz.3.3533': attribute type 1 has an invalid length. [ 707.200082][T18584] lo speed is unknown, defaulting to 1000 [ 707.202486][T18584] lo speed is unknown, defaulting to 1000 [ 707.205861][T18584] lo speed is unknown, defaulting to 1000 [ 707.215143][T18584] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 707.284568][T18584] lo speed is unknown, defaulting to 1000 [ 707.286981][T18584] lo speed is unknown, defaulting to 1000 [ 707.299079][T18587] lo speed is unknown, defaulting to 1000 [ 707.317109][T18584] lo speed is unknown, defaulting to 1000 [ 707.324434][T18584] lo speed is unknown, defaulting to 1000 [ 707.533783][T18596] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3539'. [ 708.176047][T18607] openvswitch: netlink: IPv4 frag type 255 is out of range max 2 [ 708.181600][T18598] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3539'. [ 708.329453][T18609] lo speed is unknown, defaulting to 1000 [ 709.968784][T18662] 9pnet_fd: Insufficient options for proto=fd [ 710.262766][T18668] netlink: 'syz.2.3558': attribute type 1 has an invalid length. [ 710.265646][T18668] netlink: 'syz.2.3558': attribute type 1 has an invalid length. [ 710.628157][ T1327] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 711.001155][ T1327] usb 8-1: Using ep0 maxpacket: 32 [ 711.004480][ T1327] usb 8-1: config 0 has an invalid interface number: 67 but max is 0 [ 711.007387][ T1327] usb 8-1: config 0 has no interface number 0 [ 711.011697][ T1327] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 711.015078][ T1327] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.018141][ T1327] usb 8-1: Product: syz [ 711.019748][ T1327] usb 8-1: Manufacturer: syz [ 711.021548][ T1327] usb 8-1: SerialNumber: syz [ 711.025244][ T1327] usb 8-1: config 0 descriptor?? [ 711.028680][ T1327] smsc95xx v2.0.0 [ 711.030120][ T1327] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 711.033890][ T1327] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22 [ 711.717665][T18697] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3565'. [ 711.720262][T18697] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3565'. [ 711.732488][T18697] bridge0: port 3(vlan1) entered blocking state [ 711.734443][T18697] bridge0: port 3(vlan1) entered disabled state [ 711.736499][T18697] vlan1: entered allmulticast mode [ 711.748763][T18697] vlan1: left allmulticast mode [ 711.810703][T18696] FAULT_INJECTION: forcing a failure. [ 711.810703][T18696] name failslab, interval 1, probability 0, space 0, times 0 [ 711.814803][T18696] CPU: 3 UID: 0 PID: 18696 Comm: syz.1.3566 Not tainted 6.14.0-rc3-syzkaller #0 [ 711.814828][T18696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 711.814835][T18696] Call Trace: [ 711.814841][T18696] [ 711.814846][T18696] dump_stack_lvl+0x16c/0x1f0 [ 711.814865][T18696] should_fail_ex+0x50a/0x650 [ 711.814881][T18696] ? fs_reclaim_acquire+0xae/0x150 [ 711.814896][T18696] ? iter_file_splice_write+0x1cd/0x10b0 [ 711.814910][T18696] should_failslab+0xc2/0x120 [ 711.814920][T18696] __kmalloc_noprof+0xcb/0x510 [ 711.814939][T18696] iter_file_splice_write+0x1cd/0x10b0 [ 711.814957][T18696] ? rwsem_down_write_slowpath+0xa81/0x12a0 [ 711.814972][T18696] ? __pfx___lock_acquire+0x10/0x10 [ 711.814988][T18696] ? __pfx_iter_file_splice_write+0x10/0x10 [ 711.815002][T18696] ? find_held_lock+0x2d/0x110 [ 711.815017][T18696] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 711.815033][T18696] ? ovl_splice_write+0x38e/0x630 [ 711.815078][T18696] backing_file_splice_write+0x277/0x880 [ 711.815097][T18696] ovl_splice_write+0x38e/0x630 [ 711.815110][T18696] ? __pfx_ovl_splice_write+0x10/0x10 [ 711.815121][T18696] ? __pfx_ovl_file_end_write+0x10/0x10 [ 711.815137][T18696] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 711.815151][T18696] ? rcu_is_watching+0x12/0xc0 [ 711.815164][T18696] ? splice_direct_to_actor+0x346/0xa40 [ 711.815178][T18696] ? __pfx_ovl_splice_write+0x10/0x10 [ 711.815193][T18696] direct_splice_actor+0x18f/0x6c0 [ 711.815213][T18696] splice_direct_to_actor+0x346/0xa40 [ 711.815233][T18696] ? __pfx_direct_splice_actor+0x10/0x10 [ 711.815257][T18696] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 711.815277][T18696] ? __fget_files+0x1fc/0x3a0 [ 711.815301][T18696] do_splice_direct+0x178/0x250 [ 711.815326][T18696] ? __pfx_do_splice_direct+0x10/0x10 [ 711.815346][T18696] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 711.815368][T18696] ? rw_verify_area+0xcf/0x680 [ 711.815383][T18696] do_sendfile+0xafb/0xe40 [ 711.815399][T18696] ? __pfx_do_sendfile+0x10/0x10 [ 711.815412][T18696] ? __fget_files+0x206/0x3a0 [ 711.815429][T18696] __ia32_compat_sys_sendfile+0x1e7/0x230 [ 711.815440][T18696] ? ksys_write+0x1ba/0x250 [ 711.815453][T18696] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 711.815467][T18696] __do_fast_syscall_32+0x73/0x120 [ 711.815482][T18696] do_fast_syscall_32+0x32/0x80 [ 711.815494][T18696] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 711.815512][T18696] RIP: 0023:0xf7f96579 [ 711.815521][T18696] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 711.815531][T18696] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 711.815542][T18696] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000007 [ 711.815548][T18696] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 [ 711.815556][T18696] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 711.815561][T18696] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 711.815567][T18696] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 711.815579][T18696] [ 712.138702][T14407] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 712.311527][T14407] usb 6-1: config 0 has no interfaces? [ 712.318895][T14407] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 712.321410][T14407] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.323588][T14407] usb 6-1: Product: syz [ 712.324743][T14407] usb 6-1: Manufacturer: syz [ 712.326188][T14407] usb 6-1: SerialNumber: syz [ 712.360429][T14407] usb 6-1: config 0 descriptor?? [ 712.819369][ T5984] usb 8-1: USB disconnect, device number 20 [ 714.222123][T18733] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3577'. [ 714.616880][ T6436] usb 6-1: USB disconnect, device number 20 [ 714.708167][ T5984] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 714.714102][T18742] ieee802154 phy0 wpan0: encryption failed: -22 [ 714.858002][ T5984] usb 5-1: Using ep0 maxpacket: 32 [ 714.866159][ T5984] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 714.868758][ T5984] usb 5-1: config 0 has no interface number 0 [ 714.880048][ T5984] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 714.882683][ T5984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.884963][ T5984] usb 5-1: Product: syz [ 714.886232][ T5984] usb 5-1: Manufacturer: syz [ 714.895967][ T5984] usb 5-1: SerialNumber: syz [ 714.899558][ T5984] usb 5-1: config 0 descriptor?? [ 714.910565][ T5984] smsc95xx v2.0.0 [ 714.911725][ T5984] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 714.914650][ T5984] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 716.719223][T14264] syz_tun: left allmulticast mode [ 716.720763][T14264] syz_tun: left promiscuous mode [ 717.129314][ T5984] usb 5-1: USB disconnect, device number 27 [ 717.130151][T15718] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 717.140354][T15718] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 717.145185][T15718] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 717.154343][T15718] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 717.158954][T15718] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 717.161738][T15718] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 717.190339][T18775] lo speed is unknown, defaulting to 1000 [ 717.259759][T18775] chnl_net:caif_netlink_parms(): no params data found [ 717.479478][T18775] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.482241][T18775] bridge0: port 1(bridge_slave_0) entered disabled state [ 717.485181][T18775] bridge_slave_0: entered allmulticast mode [ 717.488683][T18775] bridge_slave_0: entered promiscuous mode [ 717.495621][T18775] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.501863][T18775] bridge0: port 2(bridge_slave_1) entered disabled state [ 717.504626][T18775] bridge_slave_1: entered allmulticast mode [ 717.508346][T18775] bridge_slave_1: entered promiscuous mode [ 717.542407][T18775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 717.547003][T18775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 717.573864][T18775] team0: Port device team_slave_0 added [ 717.577779][T18775] team0: Port device team_slave_1 added [ 717.601703][T18775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 717.604114][T18775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 717.613107][T18775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 717.617452][T18775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 717.621693][T18775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 717.629214][T18775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 717.661253][T18775] hsr_slave_0: entered promiscuous mode [ 717.663217][T18775] hsr_slave_1: entered promiscuous mode [ 718.037482][T18775] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 718.044042][T18775] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 718.048279][T18775] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 718.051615][T18775] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 718.088951][T18775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 718.097063][T18775] 8021q: adding VLAN 0 to HW filter on device team0 [ 718.102393][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.105210][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.112921][ T5004] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.115760][ T5004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.236918][T18775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 718.267903][T18811] xt_CT: You must specify a L4 protocol and not use inversions on it [ 718.280966][T18811] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 718.299484][ T6025] hid (null): invalid report_count 50829 [ 718.301469][ T6025] hid (null): invalid report_size 1628835084 [ 718.304754][ T6025] hid-generic 0001:E5F9:0002.0006: unknown main item tag 0x3 [ 718.306770][ T6025] hid-generic 0001:E5F9:0002.0006: collection stack underflow [ 718.309371][ T6025] hid-generic 0001:E5F9:0002.0006: item 0 2 0 12 parsing failed [ 718.311668][ T6025] hid-generic 0001:E5F9:0002.0006: probe with driver hid-generic failed with error -22 [ 718.387250][T18775] veth0_vlan: entered promiscuous mode [ 718.391521][T18775] veth1_vlan: entered promiscuous mode [ 718.408728][T18775] veth0_macvtap: entered promiscuous mode [ 718.411876][T18775] veth1_macvtap: entered promiscuous mode [ 718.417755][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 718.420765][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 718.423625][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 718.427847][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 718.431733][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 718.434634][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 718.438260][T18775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 718.443403][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 718.446368][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 718.449329][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 718.452233][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 718.456487][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 718.459775][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 718.463828][T18775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 718.469899][T18775] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.473201][T18775] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.476487][T18775] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.479992][T18775] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.526342][T18822] ieee802154 phy0 wpan0: encryption failed: -22 [ 718.529127][ T5004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 718.532663][ T5004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 718.551241][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 718.553527][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 718.641660][T18825] lo speed is unknown, defaulting to 1000 [ 718.884107][T18835] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3602'. [ 719.238218][ T5956] Bluetooth: hci1: command tx timeout [ 719.458411][T18844] 9pnet: Could not find request transport: rdmaÿÿ [ 719.803769][T18855] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 720.187665][T18861] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 720.220959][T18861] kvm: pic: non byte read [ 720.223789][T18861] kvm: pic: non byte read [ 720.392774][T18870] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3611'. [ 720.931908][T18885] Cannot find add_set index 3 as target [ 721.318131][ T5956] Bluetooth: hci1: command tx timeout [ 721.424780][T18889] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3617'. [ 721.470350][ T39] audit: type=1326 audit(1739814110.582:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.476197][ T39] audit: type=1326 audit(1739814110.582:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.486117][ T39] audit: type=1326 audit(1739814110.582:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=105 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.486143][ T39] audit: type=1326 audit(1739814110.582:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.486161][ T39] audit: type=1326 audit(1739814110.582:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.486180][ T39] audit: type=1326 audit(1739814110.582:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=241 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.486197][ T39] audit: type=1326 audit(1739814110.582:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.486215][ T39] audit: type=1326 audit(1739814110.582:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.486232][ T39] audit: type=1326 audit(1739814110.582:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 721.486249][ T39] audit: type=1326 audit(1739814110.582:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 722.098587][T18894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3619'. [ 722.272651][T18906] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3621'. [ 723.337072][T18959] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3631'. [ 723.398498][ T5956] Bluetooth: hci1: command tx timeout [ 723.683932][T18969] trusted_key: encrypted_key: key user:syz not found [ 724.754431][T18999] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 724.772041][T18999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3639'. [ 724.942516][T19001] lo speed is unknown, defaulting to 1000 [ 724.998060][ T56] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 725.168056][ T56] usb 5-1: Using ep0 maxpacket: 32 [ 725.232921][ T12] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.269143][ T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 725.271523][ T56] usb 5-1: config 0 has no interface number 0 [ 725.274921][ T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 725.277580][ T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.280052][ T56] usb 5-1: Product: syz [ 725.281324][ T56] usb 5-1: Manufacturer: syz [ 725.282661][ T56] usb 5-1: SerialNumber: syz [ 725.299018][ T56] usb 5-1: config 0 descriptor?? [ 725.301932][ T56] smsc95xx v2.0.0 [ 725.303038][ T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 725.305959][ T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 725.328427][ T12] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.414164][ T12] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.433720][T19020] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 725.435645][T19020] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 725.438077][T19020] vhci_hcd vhci_hcd.0: Device attached [ 725.478102][ T5956] Bluetooth: hci1: command tx timeout [ 725.484110][ T12] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.498071][ T3220] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 725.606361][T19021] vhci_hcd: connection closed [ 725.606685][ T5004] vhci_hcd: stop threads [ 725.609500][ T5004] vhci_hcd: release socket [ 725.611261][ T5004] vhci_hcd: disconnect device [ 725.613286][ T12] bridge_slave_1: left allmulticast mode [ 725.615290][ T12] bridge_slave_1: left promiscuous mode [ 725.617353][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.618313][ T6040] vhci_hcd: vhci_device speed not set [ 725.622836][ T12] bridge_slave_0: left allmulticast mode [ 725.624748][ T12] bridge_slave_0: left promiscuous mode [ 725.626759][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.658130][ T3220] usb 9-1: Using ep0 maxpacket: 32 [ 725.661327][ T3220] usb 9-1: config 0 has an invalid interface number: 67 but max is 0 [ 725.664035][ T3220] usb 9-1: config 0 has no interface number 0 [ 725.669106][ T3220] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 725.672145][ T3220] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.674815][ T3220] usb 9-1: Product: syz [ 725.676261][ T3220] usb 9-1: Manufacturer: syz [ 725.677840][ T3220] usb 9-1: SerialNumber: syz [ 725.681129][ T3220] usb 9-1: config 0 descriptor?? [ 725.684357][ T3220] smsc95xx v2.0.0 [ 725.689376][ T3220] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 725.692965][ T3220] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22 [ 726.042537][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 726.046563][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 726.051981][ T12] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 726.057210][ T12] bond0 (unregistering): Released all slaves [ 726.178785][ T12] IPVS: stopping master sync thread 18486 ... [ 726.436529][ T12] hsr_slave_0: left promiscuous mode [ 726.441922][ T12] hsr_slave_1: left promiscuous mode [ 726.443736][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 726.445834][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 726.448499][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 726.450581][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 726.474356][ T12] veth1_macvtap: left promiscuous mode [ 726.475969][ T12] veth0_macvtap: left promiscuous mode [ 726.477775][ T12] veth1_vlan: left promiscuous mode [ 726.481300][ T12] veth0_vlan: left promiscuous mode [ 727.382022][ T56] usb 5-1: USB disconnect, device number 28 [ 727.614792][ T12] team0 (unregistering): Port device team_slave_1 removed [ 727.707587][T19053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3646'. [ 727.709246][ T56] usb 9-1: USB disconnect, device number 2 [ 727.717429][T19053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3646'. [ 727.846714][ T12] team0 (unregistering): Port device team_slave_0 removed [ 727.978010][T19056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 729.678407][ T3220] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 729.848052][ T3220] usb 6-1: Using ep0 maxpacket: 32 [ 729.852160][ T3220] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 729.856734][ T3220] usb 6-1: config 0 has no interface number 0 [ 729.862864][ T3220] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 729.866628][ T3220] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 729.871206][ T3220] usb 6-1: Product: syz [ 729.873534][ T3220] usb 6-1: Manufacturer: syz [ 729.874934][ T3220] usb 6-1: SerialNumber: syz [ 729.881975][ T3220] usb 6-1: config 0 descriptor?? [ 729.888722][ T3220] smsc95xx v2.0.0 [ 729.891450][ T3220] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 729.901570][ T3220] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22 [ 730.112176][ T12] IPVS: stop unused estimator thread 0... [ 730.617999][ T3220] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 730.768033][ T3220] usb 9-1: Using ep0 maxpacket: 32 [ 730.771126][ T3220] usb 9-1: config 0 has an invalid interface number: 67 but max is 0 [ 730.773778][ T3220] usb 9-1: config 0 has no interface number 0 [ 730.784234][ T3220] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 730.789148][ T3220] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 730.792448][ T3220] usb 9-1: Product: syz [ 730.793989][ T3220] usb 9-1: Manufacturer: syz [ 730.797769][ T3220] usb 9-1: SerialNumber: syz [ 730.811647][T19127] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3659'. [ 730.814580][T19127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3659'. [ 730.927297][ T3220] usb 9-1: config 0 descriptor?? [ 730.931728][ T3220] smsc95xx v2.0.0 [ 730.932987][ T3220] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 730.936556][ T3220] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22 [ 731.349796][T19130] lo speed is unknown, defaulting to 1000 [ 731.373251][T19133] ata1.00: invalid command format 189 [ 732.078466][ T6040] usb 6-1: USB disconnect, device number 21 [ 732.909579][ T56] usb 9-1: USB disconnect, device number 3 [ 735.108981][ T5956] Bluetooth: unknown link type 108 [ 735.111962][ T5956] Bluetooth: hci2: connection err: -111 [ 735.498123][ T56] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 735.608103][ T64] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 735.678128][ T56] usb 5-1: Using ep0 maxpacket: 32 [ 735.680803][T19195] ISOFS: Unable to identify CD-ROM format. [ 735.681699][ T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 735.686132][ T56] usb 5-1: config 0 has no interface number 0 [ 735.689972][ T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 735.692594][ T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.695095][ T56] usb 5-1: Product: syz [ 735.696486][ T56] usb 5-1: Manufacturer: syz [ 735.698601][ T56] usb 5-1: SerialNumber: syz [ 735.702966][ T56] usb 5-1: config 0 descriptor?? [ 735.706404][ T56] smsc95xx v2.0.0 [ 735.707755][ T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 735.711391][ T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 735.760946][ T64] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 735.764220][ T64] usb 9-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 735.768798][ T64] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 735.772295][ T64] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 735.776458][ T64] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 735.782666][ T64] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 735.785995][ T64] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 735.789597][ T64] usb 9-1: Product: syz [ 735.791279][ T64] usb 9-1: Manufacturer: syz [ 735.795948][ T64] cdc_wdm 9-1:1.0: skipping garbage [ 735.798158][ T64] cdc_wdm 9-1:1.0: skipping garbage [ 735.801039][ T64] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 735.803513][ T64] cdc_wdm 9-1:1.0: Unknown control protocol [ 736.002633][ T6040] usb 9-1: USB disconnect, device number 4 [ 736.498117][ T6040] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 736.649482][ T6040] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 736.651965][ T6040] usb 9-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 736.655849][ T6040] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 736.659148][ T6040] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 736.662594][ T6040] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 736.667295][ T6040] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 736.670498][ T6040] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 736.672772][ T6040] usb 9-1: Product: syz [ 736.673995][ T6040] usb 9-1: Manufacturer: syz [ 736.677477][ T6040] cdc_wdm 9-1:1.0: skipping garbage [ 736.679378][ T6040] cdc_wdm 9-1:1.0: skipping garbage [ 736.681557][ T6040] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 736.683293][ T6040] cdc_wdm 9-1:1.0: Unknown control protocol [ 737.147830][ T56] usb 5-1: USB disconnect, device number 29 [ 737.504095][T19220] lo speed is unknown, defaulting to 1000 [ 737.508622][T19221] 9pnet_fd: Insufficient options for proto=fd [ 737.652379][T19224] netlink: 'syz.0.3682': attribute type 5 has an invalid length. [ 738.787486][ C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 738.787569][ T8] usb 9-1: USB disconnect, device number 5 [ 738.789581][ C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 738.793535][ C1] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 739.830052][T19260] netlink: 'syz.4.3693': attribute type 1 has an invalid length. [ 740.035132][T19263] CIFS mount error: No usable UNC path provided in device string! [ 740.035132][T19263] [ 740.038179][T19263] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 740.330711][T19269] kvm: MONITOR instruction emulated as NOP! [ 740.334151][T19269] FAULT_INJECTION: forcing a failure. [ 740.334151][T19269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 740.338417][T19269] CPU: 3 UID: 0 PID: 19269 Comm: syz.4.3697 Not tainted 6.14.0-rc3-syzkaller #0 [ 740.338433][T19269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 740.338439][T19269] Call Trace: [ 740.338472][T19269] [ 740.338478][T19269] dump_stack_lvl+0x16c/0x1f0 [ 740.338543][T19269] should_fail_ex+0x50a/0x650 [ 740.338598][T19269] __kvm_read_guest_page+0x16b/0x210 [ 740.338631][T19269] kvm_fetch_guest_virt+0x128/0x1a0 [ 740.338672][T19269] __do_insn_fetch_bytes+0x420/0x6d0 [ 740.338690][T19269] ? __pfx___do_insn_fetch_bytes+0x10/0x10 [ 740.338708][T19269] ? vmx_vcpu_load_vmcs+0x26b/0x850 [ 740.338738][T19269] x86_decode_insn+0xb91/0x5530 [ 740.338755][T19269] ? vmx_segment_cache_test_set+0x14b/0x400 [ 740.338771][T19269] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 740.338813][T19269] ? __pfx_x86_decode_insn+0x10/0x10 [ 740.338825][T19269] ? vmx_cache_reg+0x333/0x5e0 [ 740.338838][T19269] ? kvm_register_read_raw+0xe9/0x240 [ 740.338853][T19269] ? init_decode_cache+0xd/0x210 [ 740.338865][T19269] ? init_emulate_ctxt+0x338/0x510 [ 740.338876][T19269] ? __pfx_init_emulate_ctxt+0x10/0x10 [ 740.338887][T19269] ? mark_lock+0xb5/0xc60 [ 740.338921][T19269] x86_emulate_instruction+0x9c1/0x1a90 [ 740.338937][T19269] handle_ud+0x104/0x280 [ 740.338947][T19269] ? __pfx_handle_ud+0x10/0x10 [ 740.338964][T19269] handle_exception_nmi+0x83e/0x1410 [ 740.338981][T19269] ? trace_lock_acquire+0x14e/0x1f0 [ 740.338992][T19269] ? __pfx_handle_exception_nmi+0x10/0x10 [ 740.339009][T19269] vmx_handle_exit+0x6a4/0x1a30 [ 740.339027][T19269] vcpu_run+0x3032/0x4f50 [ 740.339044][T19269] ? __pfx_vcpu_run+0x10/0x10 [ 740.339054][T19269] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 740.339068][T19269] ? rcu_is_watching+0x12/0xc0 [ 740.339080][T19269] ? trace_lock_acquire+0x14e/0x1f0 [ 740.339091][T19269] ? __local_bh_enable_ip+0xa4/0x120 [ 740.339127][T19269] ? lockdep_hardirqs_on+0x7c/0x110 [ 740.339155][T19269] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 740.339167][T19269] ? lock_acquire+0x2f/0xb0 [ 740.339183][T19269] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 740.339194][T19269] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 740.339209][T19269] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 740.339223][T19269] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 740.339235][T19269] ? tomoyo_path_number_perm+0x190/0x590 [ 740.339266][T19269] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 740.339278][T19269] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 740.339294][T19269] ? do_vfs_ioctl+0x513/0x1990 [ 740.339323][T19269] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 740.339342][T19269] ? __pfx_lock_release+0x10/0x10 [ 740.339355][T19269] ? trace_lock_acquire+0x14e/0x1f0 [ 740.339368][T19269] kvm_vcpu_compat_ioctl+0x210/0x3d0 [ 740.339381][T19269] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 740.339394][T19269] ? __fget_files+0x206/0x3a0 [ 740.339432][T19269] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 740.339457][T19269] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 740.339471][T19269] __do_fast_syscall_32+0x73/0x120 [ 740.339485][T19269] do_fast_syscall_32+0x32/0x80 [ 740.339497][T19269] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 740.339515][T19269] RIP: 0023:0xf749e579 [ 740.339524][T19269] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 740.339534][T19269] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 740.339561][T19269] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 740.339568][T19269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 740.339574][T19269] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 740.339579][T19269] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 740.339585][T19269] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 740.339598][T19269] [ 740.995142][T19285] netlink: 'syz.4.3702': attribute type 1 has an invalid length. [ 741.791360][T19304] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 741.795813][T19304] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 741.799512][T19304] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 742.711926][T19317] netlink: 'syz.0.3711': attribute type 1 has an invalid length. [ 742.738133][ T56] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 742.918108][ T56] usb 8-1: Using ep0 maxpacket: 32 [ 742.925430][ T56] usb 8-1: config 0 has an invalid interface number: 67 but max is 0 [ 742.927681][ T56] usb 8-1: config 0 has no interface number 0 [ 742.933544][ T56] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 742.936129][ T56] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 742.938457][ T56] usb 8-1: Product: syz [ 742.939666][ T56] usb 8-1: Manufacturer: syz [ 742.940964][ T56] usb 8-1: SerialNumber: syz [ 742.947496][ T56] usb 8-1: config 0 descriptor?? [ 742.970906][ T56] smsc95xx v2.0.0 [ 742.972133][ T56] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 742.975441][ T56] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22 [ 743.608720][ T3220] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 743.938015][ T3220] usb 9-1: Using ep0 maxpacket: 32 [ 743.940856][ T3220] usb 9-1: config 0 has an invalid interface number: 67 but max is 0 [ 743.943219][ T3220] usb 9-1: config 0 has no interface number 0 [ 743.946709][ T3220] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 743.949444][ T3220] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 743.951791][ T3220] usb 9-1: Product: syz [ 743.953098][ T3220] usb 9-1: Manufacturer: syz [ 743.955733][ T3220] usb 9-1: SerialNumber: syz [ 743.960321][ T3220] usb 9-1: config 0 descriptor?? [ 743.963956][ T3220] smsc95xx v2.0.0 [ 743.966228][ T3220] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 743.971950][ T3220] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22 [ 744.173964][ T56] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 744.338015][ T56] usb 5-1: Using ep0 maxpacket: 32 [ 744.341567][ T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 744.344757][ T56] usb 5-1: config 0 has no interface number 0 [ 744.350072][ T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 744.354048][ T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 744.357382][ T56] usb 5-1: Product: syz [ 744.365642][ T56] usb 5-1: Manufacturer: syz [ 744.367649][ T56] usb 5-1: SerialNumber: syz [ 744.371116][ T56] usb 5-1: config 0 descriptor?? [ 744.374532][ T56] smsc95xx v2.0.0 [ 744.375811][ T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 744.379016][ T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 745.212370][ T56] usb 8-1: USB disconnect, device number 21 [ 745.803987][ T56] usb 9-1: USB disconnect, device number 6 [ 745.900429][ T3220] usb 5-1: USB disconnect, device number 30 [ 746.405440][T19349] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3719'. [ 746.412152][T19349] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 746.840317][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.842826][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.116146][T19361] xt_TPROXY: Can be used only with -p tcp or -p udp [ 747.404574][T19374] netlink: 'syz.4.3727': attribute type 1 has an invalid length. [ 748.203846][T19391] veth1_macvtap: left promiscuous mode [ 748.394653][T19392] lo speed is unknown, defaulting to 1000 [ 749.142732][T19413] FAULT_INJECTION: forcing a failure. [ 749.142732][T19413] name failslab, interval 1, probability 0, space 0, times 0 [ 749.146288][T19413] CPU: 0 UID: 0 PID: 19413 Comm: syz.4.3740 Not tainted 6.14.0-rc3-syzkaller #0 [ 749.146304][T19413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 749.146311][T19413] Call Trace: [ 749.146316][T19413] [ 749.146320][T19413] dump_stack_lvl+0x16c/0x1f0 [ 749.146338][T19413] should_fail_ex+0x50a/0x650 [ 749.146354][T19413] ? fs_reclaim_acquire+0xae/0x150 [ 749.146395][T19413] ? bpf_ctx_init+0xf8/0x1d0 [ 749.146430][T19413] should_failslab+0xc2/0x120 [ 749.146464][T19413] __kmalloc_noprof+0xcb/0x510 [ 749.146481][T19413] ? _copy_from_user+0x59/0xd0 [ 749.146516][T19413] bpf_ctx_init+0xf8/0x1d0 [ 749.146528][T19413] bpf_prog_test_run_nf+0x2a3/0xb10 [ 749.146542][T19413] ? __pfx_bpf_prog_test_run_nf+0x10/0x10 [ 749.146559][T19413] ? fput+0x67/0x440 [ 749.146571][T19413] ? __bpf_prog_get+0xa0/0x290 [ 749.146604][T19413] ? __pfx_bpf_prog_test_run_nf+0x10/0x10 [ 749.146617][T19413] __sys_bpf+0xfc6/0x49c0 [ 749.146632][T19413] ? __pfx_lock_release+0x10/0x10 [ 749.146650][T19413] ? __pfx___sys_bpf+0x10/0x10 [ 749.146664][T19413] ? vfs_write+0x306/0x1150 [ 749.146681][T19413] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 749.146702][T19413] ? fput+0x67/0x440 [ 749.146711][T19413] ? ksys_write+0x1ba/0x250 [ 749.146724][T19413] ? __pfx_ksys_write+0x10/0x10 [ 749.146740][T19413] __ia32_sys_bpf+0x76/0xe0 [ 749.146750][T19413] __do_fast_syscall_32+0x73/0x120 [ 749.146763][T19413] do_fast_syscall_32+0x32/0x80 [ 749.146776][T19413] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 749.146794][T19413] RIP: 0023:0xf749e579 [ 749.146804][T19413] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 749.146814][T19413] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 749.146824][T19413] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800002c0 [ 749.146831][T19413] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 749.146836][T19413] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 749.146842][T19413] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 749.146847][T19413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 749.146859][T19413] [ 749.210438][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.613712][T19433] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3744'. [ 750.118078][T15718] Bluetooth: hci1: command 0x0405 tx timeout [ 750.537541][T19449] netfs: Couldn't get user pages (rc=-14) [ 751.036206][T19448] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 751.042446][T19448] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 751.044593][T19448] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 751.046577][T19448] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 751.048800][T19448] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 751.058621][T19448] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 751.621055][T19472] ata3.00: invalid multi_count 1 ignored [ 752.518116][T15718] Bluetooth: hci4: command 0x0406 tx timeout [ 752.982635][T19472] lo speed is unknown, defaulting to 1000 [ 753.078138][T15718] Bluetooth: hci1: command 0x0405 tx timeout [ 753.078234][ T5956] Bluetooth: hci0: command 0x0406 tx timeout [ 753.080555][T15718] Bluetooth: hci2: command 0x0406 tx timeout [ 753.268065][ T3220] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 753.418014][ T3220] usb 9-1: Using ep0 maxpacket: 32 [ 753.426913][ T3220] usb 9-1: config 0 has an invalid interface number: 67 but max is 0 [ 753.431585][ T3220] usb 9-1: config 0 has no interface number 0 [ 753.439106][ T3220] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 753.446862][ T3220] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.452051][ T3220] usb 9-1: Product: syz [ 753.455813][ T3220] usb 9-1: Manufacturer: syz [ 753.458643][ T3220] usb 9-1: SerialNumber: syz [ 753.465461][ T3220] usb 9-1: config 0 descriptor?? [ 753.472033][ T3220] smsc95xx v2.0.0 [ 753.474465][ T3220] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 753.480977][ T3220] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22 [ 755.160773][ T3220] usb 9-1: USB disconnect, device number 7 [ 755.168140][T15718] Bluetooth: hci1: command 0x0405 tx timeout [ 755.914649][T19545] cgroup: name respecified [ 755.918139][ T6040] kernel write not supported for file /sequencer (pid: 6040 comm: kworker/2:4) [ 757.238019][T15718] Bluetooth: hci1: command 0x0405 tx timeout [ 757.328170][ T35] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 757.488209][ T35] usb 9-1: Using ep0 maxpacket: 32 [ 757.495124][ T35] usb 9-1: config 0 has an invalid interface number: 67 but max is 0 [ 757.498463][ T35] usb 9-1: config 0 has no interface number 0 [ 757.503768][ T35] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 757.507099][ T35] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 757.510052][ T35] usb 9-1: Product: syz [ 757.511251][ T35] usb 9-1: Manufacturer: syz [ 757.512635][ T35] usb 9-1: SerialNumber: syz [ 757.516952][ T35] usb 9-1: config 0 descriptor?? [ 757.521301][ T35] smsc95xx v2.0.0 [ 757.522773][ T35] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 757.526708][ T35] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22 [ 757.891108][T19581] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3782'. [ 757.895689][T19581] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 758.081365][T19586] ntfs3(nbd3): try to read out of volume at offset 0x0 [ 759.229500][T19616] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3791'. [ 759.609654][ T5984] usb 9-1: USB disconnect, device number 8 [ 759.713301][T19624] netlink: 'syz.4.3794': attribute type 1 has an invalid length. [ 759.836715][T19629] FAULT_INJECTION: forcing a failure. [ 759.836715][T19629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 759.850179][T19629] CPU: 0 UID: 0 PID: 19629 Comm: syz.0.3796 Not tainted 6.14.0-rc3-syzkaller #0 [ 759.850195][T19629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 759.850202][T19629] Call Trace: [ 759.850215][T19629] [ 759.850222][T19629] dump_stack_lvl+0x16c/0x1f0 [ 759.850240][T19629] should_fail_ex+0x50a/0x650 [ 759.850256][T19629] ? __pfx_device_write+0x10/0x10 [ 759.850300][T19629] ? __pfx_device_write+0x10/0x10 [ 759.850309][T19629] _copy_from_user+0x2e/0xd0 [ 759.850321][T19629] memdup_user_nul+0x72/0x110 [ 759.850358][T19629] device_write+0xc2/0x1e60 [ 759.850369][T19629] ? __pfx_device_write+0x10/0x10 [ 759.850379][T19629] ? apparmor_file_permission+0x251/0x400 [ 759.850392][T19629] ? bpf_lsm_file_permission+0x9/0x10 [ 759.850432][T19629] ? security_file_permission+0x71/0x210 [ 759.850474][T19629] ? rw_verify_area+0xcf/0x680 [ 759.850488][T19629] ? __pfx_device_write+0x10/0x10 [ 759.850497][T19629] vfs_write+0x24c/0x1150 [ 759.850512][T19629] ? __fget_files+0x1fc/0x3a0 [ 759.850528][T19629] ? __pfx_lock_release+0x10/0x10 [ 759.850543][T19629] ? __pfx_vfs_write+0x10/0x10 [ 759.850556][T19629] ? lock_acquire+0x2f/0xb0 [ 759.850577][T19629] ? __fget_files+0x40/0x3a0 [ 759.850595][T19629] ? __fget_files+0x206/0x3a0 [ 759.850612][T19629] ksys_write+0x12b/0x250 [ 759.850625][T19629] ? __pfx_ksys_write+0x10/0x10 [ 759.850642][T19629] __do_fast_syscall_32+0x73/0x120 [ 759.850657][T19629] do_fast_syscall_32+0x32/0x80 [ 759.850669][T19629] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 759.850686][T19629] RIP: 0023:0xf7fc6579 [ 759.850695][T19629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 759.850705][T19629] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 759.850715][T19629] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800005c0 [ 759.850721][T19629] RDX: 0000000000000070 RSI: 0000000000000000 RDI: 0000000000000000 [ 759.850727][T19629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 759.850733][T19629] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 759.850739][T19629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 759.850751][T19629] [ 760.139143][T19635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3797'. [ 760.908171][ T5984] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 760.966282][T19656] netlink: 'syz.4.3805': attribute type 1 has an invalid length. [ 761.073243][T19657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3803'. [ 761.159136][T19663] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0 [ 761.168688][T19664] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3804'. [ 761.228061][ T5984] usb 6-1: Using ep0 maxpacket: 32 [ 761.231890][ T5984] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 761.234488][ T5984] usb 6-1: config 0 has no interface number 0 [ 761.240769][ T5984] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 761.243587][ T5984] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.246096][ T5984] usb 6-1: Product: syz [ 761.247429][ T5984] usb 6-1: Manufacturer: syz [ 761.249103][ T5984] usb 6-1: SerialNumber: syz [ 761.256069][ T5984] usb 6-1: config 0 descriptor?? [ 761.261514][ T5984] smsc95xx v2.0.0 [ 761.262901][ T5984] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 761.270521][ T5984] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22 [ 761.872137][T19671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3807'. [ 762.028505][T19685] FAULT_INJECTION: forcing a failure. [ 762.028505][T19685] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 762.031842][T19685] CPU: 2 UID: 0 PID: 19685 Comm: syz.0.3813 Not tainted 6.14.0-rc3-syzkaller #0 [ 762.031856][T19685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 762.031863][T19685] Call Trace: [ 762.031868][T19685] [ 762.031874][T19685] dump_stack_lvl+0x16c/0x1f0 [ 762.031891][T19685] should_fail_ex+0x50a/0x650 [ 762.031909][T19685] _copy_to_user+0x32/0xd0 [ 762.031922][T19685] simple_read_from_buffer+0xd0/0x160 [ 762.031937][T19685] proc_fail_nth_read+0x198/0x270 [ 762.031979][T19685] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 762.031992][T19685] ? rw_verify_area+0xcf/0x680 [ 762.032005][T19685] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 762.032017][T19685] vfs_read+0x1df/0xbf0 [ 762.032031][T19685] ? __fget_files+0x1fc/0x3a0 [ 762.032048][T19685] ? __pfx___mutex_lock+0x10/0x10 [ 762.032061][T19685] ? __pfx_vfs_read+0x10/0x10 [ 762.032078][T19685] ? __fget_files+0x206/0x3a0 [ 762.032096][T19685] ksys_read+0x12b/0x250 [ 762.032109][T19685] ? __pfx_ksys_read+0x10/0x10 [ 762.032124][T19685] ? rcu_is_watching+0x12/0xc0 [ 762.032137][T19685] __do_fast_syscall_32+0x73/0x120 [ 762.032150][T19685] do_fast_syscall_32+0x32/0x80 [ 762.032163][T19685] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 762.032181][T19685] RIP: 0023:0xf7fc6579 [ 762.032189][T19685] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 762.032199][T19685] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 762.032209][T19685] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50e6620 [ 762.032216][T19685] RDX: 000000000000000f RSI: 00000000f744cff4 RDI: 0000000000000000 [ 762.032222][T19685] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 762.032227][T19685] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 762.032233][T19685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 762.032245][T19685] [ 762.083605][ C2] vkms_vblank_simulate: vblank timer overrun [ 762.179342][T19687] netlink: 'syz.0.3814': attribute type 1 has an invalid length. [ 762.449119][T19695] openvswitch: netlink: Actions may not be safe on all matching packets [ 762.670166][T19703] input: syz1 as /devices/virtual/input/input15 [ 762.817457][T19701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3820'. [ 763.370954][ T5984] usb 6-1: USB disconnect, device number 22 [ 764.469147][T19741] lo speed is unknown, defaulting to 1000 [ 764.680252][T19746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3832'. [ 764.993453][T19725] block nbd3: shutting down sockets [ 765.293121][T19752] FAULT_INJECTION: forcing a failure. [ 765.293121][T19752] name failslab, interval 1, probability 0, space 0, times 0 [ 765.296938][T19752] CPU: 2 UID: 0 PID: 19752 Comm: syz.4.3834 Not tainted 6.14.0-rc3-syzkaller #0 [ 765.296955][T19752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 765.296963][T19752] Call Trace: [ 765.296968][T19752] [ 765.296973][T19752] dump_stack_lvl+0x16c/0x1f0 [ 765.296993][T19752] should_fail_ex+0x50a/0x650 [ 765.297010][T19752] ? fs_reclaim_acquire+0xae/0x150 [ 765.297025][T19752] should_failslab+0xc2/0x120 [ 765.297037][T19752] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 765.297053][T19752] ? __pfx_mark_lock+0x10/0x10 [ 765.297068][T19752] ? __alloc_skb+0x2b1/0x380 [ 765.297110][T19752] __alloc_skb+0x2b1/0x380 [ 765.297126][T19752] ? __pfx___alloc_skb+0x10/0x10 [ 765.297140][T19752] ? hlock_class+0x4e/0x130 [ 765.297150][T19752] ? __lock_acquire+0xcc5/0x3c40 [ 765.297165][T19752] ? aa_label_sk_perm+0x19d/0x5a0 [ 765.297178][T19752] alloc_skb_with_frags+0xe4/0x850 [ 765.297195][T19752] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 765.297209][T19752] sock_alloc_send_pskb+0x7f1/0x980 [ 765.297228][T19752] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 765.297244][T19752] ? trace_lock_acquire+0x14e/0x1f0 [ 765.297256][T19752] ? __pfx___might_resched+0x10/0x10 [ 765.297297][T19752] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 765.297316][T19752] hci_sock_sendmsg+0x1c8/0x25e0 [ 765.297356][T19752] ? __pfx_aa_sk_perm+0x10/0x10 [ 765.297367][T19752] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 765.297386][T19752] sock_write_iter+0x4fe/0x5b0 [ 765.297398][T19752] ? __pfx_sock_write_iter+0x10/0x10 [ 765.297413][T19752] ? bpf_lsm_file_permission+0x9/0x10 [ 765.297430][T19752] ? security_file_permission+0x71/0x210 [ 765.297444][T19752] ? rw_verify_area+0xcf/0x680 [ 765.297458][T19752] vfs_write+0x5ae/0x1150 [ 765.297473][T19752] ? __pfx_sock_write_iter+0x10/0x10 [ 765.297485][T19752] ? __pfx_vfs_write+0x10/0x10 [ 765.297500][T19752] ? __fget_files+0x40/0x3a0 [ 765.297521][T19752] ksys_write+0x207/0x250 [ 765.297536][T19752] ? __pfx_ksys_write+0x10/0x10 [ 765.297553][T19752] __do_fast_syscall_32+0x73/0x120 [ 765.297568][T19752] do_fast_syscall_32+0x32/0x80 [ 765.297581][T19752] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 765.297599][T19752] RIP: 0023:0xf749e579 [ 765.297608][T19752] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 765.297618][T19752] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 765.297629][T19752] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 765.297635][T19752] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000 [ 765.297642][T19752] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 765.297648][T19752] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 765.297654][T19752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 765.297665][T19752] [ 765.381992][ C2] vkms_vblank_simulate: vblank timer overrun [ 765.530481][T19760] 9pnet_fd: p9_fd_create_unix (19760): address too long: ./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 765.599666][T19760] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.016573][T19760] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.135418][T19760] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.147375][T19770] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 766.149329][T19770] batman_adv: batadv0: Adding interface: gretap1 [ 766.149345][T19770] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.149368][T19770] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 766.237801][T19760] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.351402][T19760] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.357145][T19760] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.363427][T19760] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.371323][T19760] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.818128][T19795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3845'. [ 767.346114][T19800] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0 [ 767.432668][T19805] lo speed is unknown, defaulting to 1000 [ 767.591599][T19803] /dev/nullb0: Can't open blockdev [ 768.324536][T19829] nbd1: detected capacity change from 0 to 12 [ 768.343124][T16533] block nbd1: Send control failed (result -89) [ 768.345203][T16533] block nbd1: Request send failed, requeueing [ 768.351075][T15718] block nbd1: Receive control failed (result -32) [ 768.355185][ T71] block nbd1: Dead connection, failed to find a fallback [ 768.357199][ T71] block nbd1: shutting down sockets [ 768.359455][ T71] blk_print_req_error: 92 callbacks suppressed [ 768.359464][ T71] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.365644][ T71] buffer_io_error: 62 callbacks suppressed [ 768.365656][ T71] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.373943][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.378851][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.387157][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.398001][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.400962][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.403892][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.406159][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.410330][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.413017][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.416492][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.419211][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.422423][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.425206][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.428508][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.431335][T16533] ldm_validate_partition_table(): Disk read failed. [ 768.433701][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.436665][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.439776][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 768.442879][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read [ 768.445723][T16533] Dev nbd1: unable to read RDB block 0 [ 768.448044][T16533] nbd1: unable to read partition table [ 768.450225][T16533] nbd1: partition table beyond EOD, truncated [ 768.457107][T16533] ldm_validate_partition_table(): Disk read failed. [ 768.459916][T16533] Dev nbd1: unable to read RDB block 0 [ 768.462049][T16533] nbd1: unable to read partition table [ 768.464090][T16533] nbd1: partition table beyond EOD, truncated [ 768.489422][T19828] cgroup: none used incorrectly [ 769.504620][T19858] netlink: 'syz.4.3862': attribute type 1 has an invalid length. [ 770.183276][T19869] lo speed is unknown, defaulting to 1000 [ 770.211850][ T5984] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 770.388082][ T5984] usb 8-1: Using ep0 maxpacket: 32 [ 770.391752][ T5984] usb 8-1: config 0 has an invalid interface number: 67 but max is 0 [ 770.403123][ T5984] usb 8-1: config 0 has no interface number 0 [ 770.415992][ T5984] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 770.436356][ T5984] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.454829][ T5984] usb 8-1: Product: syz [ 770.460581][ T5984] usb 8-1: Manufacturer: syz [ 770.465118][ T5984] usb 8-1: SerialNumber: syz [ 770.490533][ T5984] usb 8-1: config 0 descriptor?? [ 770.503234][ T5984] smsc95xx v2.0.0 [ 770.507051][ T5984] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 770.527706][ T5984] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22 [ 771.048992][T15718] Bluetooth: unknown link type 108 [ 771.051314][T15718] Bluetooth: hci0: connection err: -111 [ 772.217691][ T5984] usb 8-1: USB disconnect, device number 22 [ 772.433177][T19909] overlayfs: missing 'lowerdir' [ 772.488988][T19909] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3877'. [ 772.518101][ T35] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 772.668075][ T35] usb 9-1: Using ep0 maxpacket: 8 [ 772.671122][ T35] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 772.673297][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 772.676398][ T35] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 772.680440][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 772.683565][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 772.687406][ T35] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 772.689942][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 772.693218][ T35] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 772.696442][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 772.700282][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 772.704336][ T35] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 772.706448][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 772.709926][ T35] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 772.713228][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 772.716392][ T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 772.999442][ T35] usb 9-1: string descriptor 0 read error: -22 [ 773.001320][ T35] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 773.003845][ T35] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.010809][ T35] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 773.217085][T19920] netlink: 'syz.0.3879': attribute type 1 has an invalid length. [ 773.348800][ T5984] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 773.507989][ T5984] usb 8-1: Using ep0 maxpacket: 32 [ 773.513191][ T5984] usb 8-1: config 0 has an invalid interface number: 67 but max is 0 [ 773.517491][ T5984] usb 8-1: config 0 has no interface number 0 [ 773.536525][ T5984] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 773.560350][ T5984] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.577389][ T5984] usb 8-1: Product: syz [ 773.589225][ T5984] usb 8-1: Manufacturer: syz [ 773.601436][ T5984] usb 8-1: SerialNumber: syz [ 773.632840][ T5984] usb 8-1: config 0 descriptor?? [ 773.638918][ T5984] smsc95xx v2.0.0 [ 773.643645][ T5984] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 773.649266][ T5984] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22 [ 773.678081][ T35] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 773.829780][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 773.834091][ T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 773.845614][ T35] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 773.859549][ T35] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 773.865769][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.879375][ T35] usb 6-1: config 0 descriptor?? [ 774.288543][ T35] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 774.291323][ T35] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 774.317719][ T35] plantronics 0003:047F:FFFF.0007: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 774.500747][ T6436] usb 6-1: USB disconnect, device number 23 [ 774.716636][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.720500][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.724098][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.727604][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.731286][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.734856][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.738488][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.741977][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.745515][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 774.749096][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 775.059602][T19945] netlink: 6 bytes leftover after parsing attributes in process `syz.1.3884'. [ 775.319021][ T35] usb 9-1: USB disconnect, device number 9 [ 775.604751][ T5984] usb 8-1: USB disconnect, device number 23 [ 776.104158][T19971] 9pnet_fd: Insufficient options for proto=fd [ 776.106728][T19971] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3888'. [ 777.752419][T20002] FAULT_INJECTION: forcing a failure. [ 777.752419][T20002] name failslab, interval 1, probability 0, space 0, times 0 [ 777.757821][T20002] CPU: 3 UID: 0 PID: 20002 Comm: syz.3.3900 Not tainted 6.14.0-rc3-syzkaller #0 [ 777.757837][T20002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 777.757844][T20002] Call Trace: [ 777.757874][T20002] [ 777.757879][T20002] dump_stack_lvl+0x16c/0x1f0 [ 777.757927][T20002] should_fail_ex+0x50a/0x650 [ 777.757967][T20002] ? fs_reclaim_acquire+0xae/0x150 [ 777.758017][T20002] should_failslab+0xc2/0x120 [ 777.758049][T20002] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 777.758067][T20002] ? alloc_empty_file+0x73/0x1e0 [ 777.758098][T20002] alloc_empty_file+0x73/0x1e0 [ 777.758110][T20002] path_openat+0xe1/0x2d80 [ 777.758125][T20002] ? hlock_class+0x4e/0x130 [ 777.758160][T20002] ? __lock_acquire+0x15a9/0x3c40 [ 777.758185][T20002] ? __pfx_path_openat+0x10/0x10 [ 777.758200][T20002] ? __pfx___lock_acquire+0x10/0x10 [ 777.758216][T20002] do_filp_open+0x20c/0x470 [ 777.758230][T20002] ? __pfx_do_filp_open+0x10/0x10 [ 777.758244][T20002] ? find_held_lock+0x2d/0x110 [ 777.758263][T20002] ? _raw_spin_unlock+0x28/0x50 [ 777.758291][T20002] ? alloc_fd+0x41f/0x760 [ 777.758330][T20002] io_openat2+0x207/0x850 [ 777.758375][T20002] ? __pfx_io_openat2+0x10/0x10 [ 777.758398][T20002] ? getname_flags.part.0+0x1c5/0x550 [ 777.758416][T20002] io_issue_sqe+0x4ed/0x1300 [ 777.758435][T20002] io_submit_sqes+0x95a/0x25c0 [ 777.758452][T20002] __do_sys_io_uring_enter+0xd60/0x1670 [ 777.758465][T20002] ? __fget_files+0x206/0x3a0 [ 777.758478][T20002] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 777.758490][T20002] ? fput+0x67/0x440 [ 777.758502][T20002] ? ksys_write+0x1ba/0x250 [ 777.758522][T20002] ? __pfx_ksys_write+0x10/0x10 [ 777.758549][T20002] __do_fast_syscall_32+0x73/0x120 [ 777.758569][T20002] do_fast_syscall_32+0x32/0x80 [ 777.758581][T20002] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 777.758599][T20002] RIP: 0023:0xf7fd2579 [ 777.758608][T20002] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 777.758618][T20002] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 777.758648][T20002] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000003516 [ 777.758654][T20002] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 777.758660][T20002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 777.758666][T20002] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 777.758671][T20002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 777.758683][T20002] [ 778.093365][T20011] lo speed is unknown, defaulting to 1000 [ 778.778075][ T56] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 779.168116][ T56] usb 6-1: Using ep0 maxpacket: 32 [ 779.171138][ T56] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 779.173432][ T56] usb 6-1: config 0 has no interface number 0 [ 779.176863][ T56] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 779.179513][ T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.181753][ T56] usb 6-1: Product: syz [ 779.182939][ T56] usb 6-1: Manufacturer: syz [ 779.184260][ T56] usb 6-1: SerialNumber: syz [ 779.194104][ T56] usb 6-1: config 0 descriptor?? [ 779.197858][ T56] smsc95xx v2.0.0 [ 779.199031][ T56] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 779.201965][ T56] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22 [ 779.258951][T20025] 9pnet_fd: Insufficient options for proto=fd [ 780.088122][T14407] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 780.238021][T14407] usb 5-1: Using ep0 maxpacket: 8 [ 780.242967][T14407] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 780.245456][T14407] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 780.248105][T14407] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 780.250697][T14407] usb 5-1: config 250 has no interface number 0 [ 780.252553][T14407] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 780.255887][T14407] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 780.259116][T14407] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 185 [ 780.263190][T14407] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 780.267739][T14407] usb 5-1: config 250 interface 228 has no altsetting 0 [ 780.271089][T14407] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 780.274524][T14407] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 780.277549][T14407] usb 5-1: Product: syz [ 780.279288][T14407] usb 5-1: SerialNumber: syz [ 780.284341][T14407] hub 5-1:250.228: bad descriptor, ignoring hub [ 780.286583][T14407] hub 5-1:250.228: probe with driver hub failed with error -5 [ 780.486933][T14407] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 31 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 780.782691][ C3] usblp0: nonzero read bulk status received: -71 [ 780.889917][ T3220] usb 6-1: USB disconnect, device number 24 [ 780.969933][ T35] usb 5-1: USB disconnect, device number 31 [ 780.976275][ T35] usblp0: removed [ 781.381658][T20070] fuse: Unknown parameter 'r½' [ 781.557652][T20079] netlink: 'syz.4.3922': attribute type 4 has an invalid length. [ 781.867302][T20086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3923'. [ 782.111987][T20090] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3924'. [ 782.293188][T20090] lo speed is unknown, defaulting to 1000 [ 782.888148][ T56] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 783.138320][ T56] usb 6-1: Using ep0 maxpacket: 32 [ 783.143819][ T56] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 783.150207][ T56] usb 6-1: config 0 has no interface number 0 [ 783.156807][ T56] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 783.165070][ T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.171646][ T56] usb 6-1: Product: syz [ 783.175513][ T56] usb 6-1: Manufacturer: syz [ 783.178411][ T56] usb 6-1: SerialNumber: syz [ 783.184434][ T56] usb 6-1: config 0 descriptor?? [ 783.191580][ T56] smsc95xx v2.0.0 [ 783.196381][ T56] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 783.203610][ T56] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22 [ 783.709710][T20123] netlink: 'syz.3.3931': attribute type 1 has an invalid length. [ 784.138078][ T3220] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 784.186631][T20139] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3935'. [ 784.318059][ T3220] usb 5-1: Using ep0 maxpacket: 32 [ 784.326755][ T3220] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 784.331041][ T3220] usb 5-1: config 0 has no interface number 0 [ 784.346901][ T3220] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 784.350211][ T3220] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 784.352677][ T3220] usb 5-1: Product: syz [ 784.354058][ T3220] usb 5-1: Manufacturer: syz [ 784.355558][ T3220] usb 5-1: SerialNumber: syz [ 784.369532][ T3220] usb 5-1: config 0 descriptor?? [ 784.378985][ T3220] smsc95xx v2.0.0 [ 784.380568][ T3220] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 784.388645][ T3220] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 785.335756][ T3220] usb 6-1: USB disconnect, device number 25 [ 785.604196][T20158] netlink: 'syz.1.3940': attribute type 1 has an invalid length. [ 785.800421][T20169] FAULT_INJECTION: forcing a failure. [ 785.800421][T20169] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 785.806391][T20169] CPU: 2 UID: 0 PID: 20169 Comm: syz.4.3945 Not tainted 6.14.0-rc3-syzkaller #0 [ 785.806410][T20169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 785.806420][T20169] Call Trace: [ 785.806426][T20169] [ 785.806448][T20169] dump_stack_lvl+0x16c/0x1f0 [ 785.806478][T20169] should_fail_ex+0x50a/0x650 [ 785.806501][T20169] ? __pfx___might_resched+0x10/0x10 [ 785.806561][T20169] should_fail_alloc_page+0xe7/0x130 [ 785.806578][T20169] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 785.806600][T20169] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 785.806625][T20169] ? __pfx_mark_lock+0x10/0x10 [ 785.806646][T20169] ? lock_acquire.part.0+0x11b/0x380 [ 785.806671][T20169] ? hlock_class+0x4e/0x130 [ 785.806687][T20169] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 785.806709][T20169] ? __pfx_mark_lock+0x10/0x10 [ 785.806740][T20169] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 785.806787][T20169] ? policy_nodemask+0xea/0x4e0 [ 785.806812][T20169] alloc_pages_mpol+0x1fc/0x540 [ 785.806837][T20169] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 785.806868][T20169] ? find_held_lock+0x2d/0x110 [ 785.806888][T20169] folio_alloc_mpol_noprof+0x36/0x2f0 [ 785.806907][T20169] shmem_alloc_folio+0x135/0x160 [ 785.806965][T20169] shmem_alloc_and_add_folio+0x48e/0xc10 [ 785.806987][T20169] ? shmem_huge_global_enabled+0x72/0x6b0 [ 785.807002][T20169] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 785.807022][T20169] ? shmem_allowable_huge_orders+0xd0/0x410 [ 785.807045][T20169] shmem_get_folio_gfp+0x689/0x1530 [ 785.807064][T20169] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 785.807087][T20169] shmem_fault+0x200/0xae0 [ 785.807104][T20169] ? hlock_class+0x4e/0x130 [ 785.807120][T20169] ? __pfx_shmem_fault+0x10/0x10 [ 785.807143][T20169] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 785.807165][T20169] ? rcu_is_watching+0x12/0xc0 [ 785.807180][T20169] ? __pfx_filemap_map_pages+0x10/0x10 [ 785.807226][T20169] __do_fault+0x10a/0x490 [ 785.807245][T20169] ? __pfx_filemap_map_pages+0x10/0x10 [ 785.807262][T20169] do_pte_missing+0x1a8/0x3e10 [ 785.807290][T20169] __handle_mm_fault+0x1166/0x2c60 [ 785.807318][T20169] ? __pfx___handle_mm_fault+0x10/0x10 [ 785.807338][T20169] ? follow_page_pte+0x3ac/0x1490 [ 785.807360][T20169] ? __pfx_lock_release+0x10/0x10 [ 785.807396][T20169] handle_mm_fault+0x3fa/0xaa0 [ 785.807420][T20169] __get_user_pages+0x773/0x36f0 [ 785.807449][T20169] ? __pfx___get_user_pages+0x10/0x10 [ 785.807469][T20169] ? __pfx_down_read_killable+0x10/0x10 [ 785.807492][T20169] ? rcu_is_watching+0x12/0xc0 [ 785.807507][T20169] __gup_longterm_locked+0x212/0x1870 [ 785.807536][T20169] ? __pfx___gup_longterm_locked+0x10/0x10 [ 785.807557][T20169] ? gup_fast_fallback+0x1218/0x2690 [ 785.807577][T20169] ? __pfx_lock_release+0x10/0x10 [ 785.807593][T20169] ? trace_lock_acquire+0x14e/0x1f0 [ 785.807609][T20169] ? kasan_save_stack+0x33/0x60 [ 785.807630][T20169] ? __kasan_kmalloc+0xaa/0xb0 [ 785.807651][T20169] ? sanity_check_pinned_pages+0x23/0x11e0 [ 785.807675][T20169] gup_fast_fallback+0x1802/0x2690 [ 785.807711][T20169] ? __pfx_gup_fast_fallback+0x10/0x10 [ 785.807743][T20169] pin_user_pages_fast+0xa8/0x100 [ 785.807761][T20169] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 785.807780][T20169] ? __kmalloc_noprof+0x23b/0x510 [ 785.807803][T20169] ? __might_fault+0x51/0x190 [ 785.807822][T20169] rds_info_getsockopt+0x39a/0x4f0 [ 785.807872][T20169] ? __might_fault+0x13b/0x190 [ 785.807888][T20169] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 785.807904][T20169] ? trace_lock_acquire+0x14e/0x1f0 [ 785.807924][T20169] ? lock_acquire+0x2f/0xb0 [ 785.807942][T20169] ? __might_fault+0xe3/0x190 [ 785.807953][T20169] ? __might_fault+0xe3/0x190 [ 785.807971][T20169] rds_getsockopt+0x173/0x2d0 [ 785.807994][T20169] ? __pfx_rds_getsockopt+0x10/0x10 [ 785.808017][T20169] do_sock_getsockopt+0x3fe/0x800 [ 785.808057][T20169] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 785.808072][T20169] ? lock_acquire+0x2f/0xb0 [ 785.808090][T20169] ? __fget_files+0x40/0x3a0 [ 785.808116][T20169] ? __fget_files+0x206/0x3a0 [ 785.808137][T20169] __sys_getsockopt+0x12f/0x260 [ 785.808163][T20169] __ia32_sys_getsockopt+0xbc/0x160 [ 785.808182][T20169] ? syscall_trace_enter+0xf0/0x260 [ 785.808231][T20169] __do_fast_syscall_32+0x73/0x120 [ 785.808250][T20169] do_fast_syscall_32+0x32/0x80 [ 785.808267][T20169] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 785.808291][T20169] RIP: 0023:0xf749e579 [ 785.808304][T20169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 785.808319][T20169] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 000000000000016d [ 785.808334][T20169] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000114 [ 785.808344][T20169] RDX: 0000000000002710 RSI: 0000000080c35fff RDI: 0000000080000000 [ 785.808351][T20169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 785.808357][T20169] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 785.808366][T20169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 785.808387][T20169] [ 786.104993][ T56] usb 5-1: USB disconnect, device number 32 [ 786.112567][T20172] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3946'. [ 786.668799][T20193] netlink: 'syz.4.3952': attribute type 1 has an invalid length. [ 786.738667][T20200] netlink: 'syz.0.3955': attribute type 10 has an invalid length. [ 786.745896][T20200] team0: Device ipvlan1 failed to register rx_handler [ 787.218997][T20214] lo speed is unknown, defaulting to 1000 [ 787.224344][T20214] lo speed is unknown, defaulting to 1000 [ 787.229108][T20214] lo speed is unknown, defaulting to 1000 [ 787.273975][T20214] infiniband sz1: set active [ 787.276867][ T6040] lo speed is unknown, defaulting to 1000 [ 787.279091][T20214] infiniband sz1: added lo [ 787.325802][T20214] RDS/IB: sz1: added [ 787.327176][T20214] smc: adding ib device sz1 with port count 1 [ 787.329743][T20214] smc: ib device sz1 port 1 has pnetid [ 787.331699][ T35] lo speed is unknown, defaulting to 1000 [ 787.346153][T20214] lo speed is unknown, defaulting to 1000 [ 787.406272][T20214] lo speed is unknown, defaulting to 1000 [ 787.408834][T20216] »»»»»»: renamed from lo (while UP) [ 787.491399][T20214] »»»»»» speed is unknown, defaulting to 1000 [ 787.597657][T20214] »»»»»» speed is unknown, defaulting to 1000 [ 787.675500][T20210] »»»»»» speed is unknown, defaulting to 1000 [ 787.678098][T20210] »»»»»» speed is unknown, defaulting to 1000 [ 787.680768][T20210] »»»»»» speed is unknown, defaulting to 1000 [ 787.687881][T20210] infiniband syú2: RDMA CMA: cma_listen_on_dev, error -98 [ 787.691029][ T56] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 787.698920][T20210] »»»»»» speed is unknown, defaulting to 1000 [ 787.702022][T20210] »»»»»» speed is unknown, defaulting to 1000 [ 787.705433][T20210] »»»»»» speed is unknown, defaulting to 1000 [ 787.708379][T20210] »»»»»» speed is unknown, defaulting to 1000 [ 787.828762][ T6436] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 787.878109][ T56] usb 5-1: Using ep0 maxpacket: 32 [ 787.881077][ T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 787.883322][ T56] usb 5-1: config 0 has no interface number 0 [ 787.886661][ T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 787.889907][ T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.892228][ T56] usb 5-1: Product: syz [ 787.893448][ T56] usb 5-1: Manufacturer: syz [ 787.894764][ T56] usb 5-1: SerialNumber: syz [ 787.900814][ T56] usb 5-1: config 0 descriptor?? [ 787.903353][ T56] smsc95xx v2.0.0 [ 787.904422][ T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 787.907256][ T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 787.928573][T20224] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.978066][ T6436] usb 6-1: Using ep0 maxpacket: 8 [ 787.979753][ T39] kauditd_printk_skb: 13 callbacks suppressed [ 787.979909][ T39] audit: type=1326 audit(1739814177.092:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 787.988633][ T6436] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 787.991652][ T6436] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 787.992240][ T39] audit: type=1326 audit(1739814177.092:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 787.994433][ T6436] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 788.000566][ T39] audit: type=1326 audit(1739814177.102:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=274 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 788.003274][ T6436] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 788.009518][ T39] audit: type=1326 audit(1739814177.102:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 788.013168][ T6436] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 788.019945][ T39] audit: type=1326 audit(1739814177.102:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=450 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 788.021372][ T6436] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 788.027484][ T39] audit: type=1326 audit(1739814177.102:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 788.036172][ T39] audit: type=1326 audit(1739814177.102:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=12 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 788.042290][ T39] audit: type=1326 audit(1739814177.102:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 788.048435][ T39] audit: type=1326 audit(1739814177.102:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 788.054399][ T39] audit: type=1326 audit(1739814177.102:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf749e579 code=0x7ffc0000 [ 788.240789][ T6436] usb 6-1: usb_control_msg returned -32 [ 788.242439][ T6436] usbtmc 6-1:16.0: can't read capabilities [ 788.606991][ T56] usb 6-1: USB disconnect, device number 26 [ 788.845766][T20237] netlink: 'syz.1.3966': attribute type 1 has an invalid length. [ 788.941221][T20241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3968'. [ 788.945783][T20241] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3968'. [ 788.972982][T20241] netlink: 'syz.1.3968': attribute type 1 has an invalid length. [ 790.408887][T20251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3971'. [ 790.418464][ T56] usb 5-1: USB disconnect, device number 33 [ 790.524241][T20260] fuse: Unknown parameter 'fdå' [ 790.715828][T15718] Bluetooth: hci4: unexpected cc 0x1001 length: 8 < 9 [ 790.725720][T15718] Bluetooth: hci4: unexpected event for opcode 0x1001 [ 791.494319][T20267] ceph: No mds server is up or the cluster is laggy [ 792.268038][ T6025] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 792.428218][ T6025] usb 8-1: Using ep0 maxpacket: 32 [ 792.436864][ T6025] usb 8-1: config 0 has an invalid interface number: 67 but max is 0 [ 792.446211][ T6025] usb 8-1: config 0 has no interface number 0 [ 792.452943][ T6025] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 792.455468][ T6025] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.460894][ T6025] usb 8-1: Product: syz [ 792.462792][ T6025] usb 8-1: Manufacturer: syz [ 792.468292][ T6025] usb 8-1: SerialNumber: syz [ 792.477676][ T6025] usb 8-1: config 0 descriptor?? [ 792.480483][ T6025] smsc95xx v2.0.0 [ 792.488093][ T6025] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 792.503778][ T6025] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22 [ 793.488096][ T56] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 793.668161][ T56] usb 5-1: Using ep0 maxpacket: 32 [ 793.676387][ T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 793.680569][ T56] usb 5-1: config 0 has no interface number 0 [ 793.684872][ T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 793.692124][ T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 793.695014][ T56] usb 5-1: Product: syz [ 793.696200][ T56] usb 5-1: Manufacturer: syz [ 793.697535][ T56] usb 5-1: SerialNumber: syz [ 793.700164][ T56] usb 5-1: config 0 descriptor?? [ 793.702831][ T56] smsc95xx v2.0.0 [ 793.704085][ T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 793.707103][ T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 793.882550][T20315] syz.1.3986: attempt to access beyond end of device [ 793.882550][T20315] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 793.889232][T20315] syz.1.3986: attempt to access beyond end of device [ 793.889232][T20315] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 793.893030][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 793.895790][T20315] syz.1.3986: attempt to access beyond end of device [ 793.895790][T20315] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 793.899809][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 793.902787][T20315] syz.1.3986: attempt to access beyond end of device [ 793.902787][T20315] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 793.906979][T20315] syz.1.3986: attempt to access beyond end of device [ 793.906979][T20315] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 793.910776][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 793.913526][T20315] syz.1.3986: attempt to access beyond end of device [ 793.913526][T20315] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 793.917193][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 793.920227][T20315] syz.1.3986: attempt to access beyond end of device [ 793.920227][T20315] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 793.923862][T20315] syz.1.3986: attempt to access beyond end of device [ 793.923862][T20315] nbd1: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 793.927508][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 793.930482][T20315] syz.1.3986: attempt to access beyond end of device [ 793.930482][T20315] nbd1: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 793.934409][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 793.937081][T20315] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 794.717894][ T5984] usb 8-1: USB disconnect, device number 24 [ 794.934059][T20330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3991'. [ 794.955532][T20334] lo speed is unknown, defaulting to 1000 [ 794.959977][T20334] »»»»»» speed is unknown, defaulting to 1000 [ 795.026420][T20334] »»»»»» speed is unknown, defaulting to 1000 [ 795.148591][T20344] FAULT_INJECTION: forcing a failure. [ 795.148591][T20344] name failslab, interval 1, probability 0, space 0, times 0 [ 795.153624][T20344] CPU: 0 UID: 0 PID: 20344 Comm: syz.1.3992 Not tainted 6.14.0-rc3-syzkaller #0 [ 795.153659][T20344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 795.153670][T20344] Call Trace: [ 795.153677][T20344] [ 795.153684][T20344] dump_stack_lvl+0x16c/0x1f0 [ 795.153711][T20344] should_fail_ex+0x50a/0x650 [ 795.153738][T20344] ? fs_reclaim_acquire+0xae/0x150 [ 795.153762][T20344] ? tomoyo_encode2+0x100/0x3e0 [ 795.153825][T20344] should_failslab+0xc2/0x120 [ 795.153843][T20344] __kmalloc_noprof+0xcb/0x510 [ 795.153871][T20344] ? rcu_is_watching+0x12/0xc0 [ 795.153892][T20344] tomoyo_encode2+0x100/0x3e0 [ 795.153918][T20344] tomoyo_encode+0x29/0x50 [ 795.153939][T20344] tomoyo_realpath_from_path+0x19d/0x720 [ 795.153965][T20344] ? tomoyo_path_number_perm+0x235/0x590 [ 795.153987][T20344] tomoyo_path_number_perm+0x248/0x590 [ 795.154005][T20344] ? tomoyo_path_number_perm+0x235/0x590 [ 795.154026][T20344] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 795.154068][T20344] ? __pfx_lock_release+0x10/0x10 [ 795.154092][T20344] ? trace_lock_acquire+0x14e/0x1f0 [ 795.154115][T20344] ? lock_acquire+0x2f/0xb0 [ 795.154136][T20344] ? __fget_files+0x40/0x3a0 [ 795.154163][T20344] ? __fget_files+0x206/0x3a0 [ 795.154190][T20344] security_file_ioctl_compat+0x9b/0x240 [ 795.154246][T20344] __do_compat_sys_ioctl+0x4e/0x2c0 [ 795.154271][T20344] __do_fast_syscall_32+0x73/0x120 [ 795.154294][T20344] do_fast_syscall_32+0x32/0x80 [ 795.154315][T20344] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 795.154343][T20344] RIP: 0023:0xf7f96579 [ 795.154356][T20344] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 795.154373][T20344] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 795.154391][T20344] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0285700 [ 795.154402][T20344] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 795.154412][T20344] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 795.154421][T20344] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 795.154432][T20344] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 795.154455][T20344] [ 795.154810][T20344] ERROR: Out of memory at tomoyo_realpath_from_path. [ 795.350118][T20344] 9pnet: Could not find request transport: fd00000000000000000000010 [ 795.653584][ T56] usb 5-1: USB disconnect, device number 34 [ 795.956108][T15718] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 796.499929][T20370] FAULT_INJECTION: forcing a failure. [ 796.499929][T20370] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 796.506112][T20370] CPU: 0 UID: 0 PID: 20370 Comm: syz.1.3998 Not tainted 6.14.0-rc3-syzkaller #0 [ 796.506125][T20370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 796.506132][T20370] Call Trace: [ 796.506138][T20370] [ 796.506143][T20370] dump_stack_lvl+0x16c/0x1f0 [ 796.506161][T20370] should_fail_ex+0x50a/0x650 [ 796.506179][T20370] _copy_from_user+0x2e/0xd0 [ 796.506218][T20370] input_event_from_user+0x22d/0x3b0 [ 796.506252][T20370] ? __pfx_input_event_from_user+0x10/0x10 [ 796.506265][T20370] ? input_inject_event+0x1a0/0x380 [ 796.506278][T20370] evdev_write+0x377/0x750 [ 796.506291][T20370] ? __pfx_evdev_write+0x10/0x10 [ 796.506303][T20370] ? bpf_lsm_file_permission+0x9/0x10 [ 796.506319][T20370] ? security_file_permission+0x71/0x210 [ 796.506334][T20370] ? rw_verify_area+0xcf/0x680 [ 796.506347][T20370] ? __pfx_evdev_write+0x10/0x10 [ 796.506357][T20370] vfs_write+0x24c/0x1150 [ 796.506372][T20370] ? __fget_files+0x1fc/0x3a0 [ 796.506387][T20370] ? __pfx_lock_release+0x10/0x10 [ 796.506402][T20370] ? __pfx_vfs_write+0x10/0x10 [ 796.506416][T20370] ? lock_acquire+0x2f/0xb0 [ 796.506430][T20370] ? __fget_files+0x40/0x3a0 [ 796.506445][T20370] ? __fget_files+0x206/0x3a0 [ 796.506463][T20370] ksys_write+0x207/0x250 [ 796.506476][T20370] ? __pfx_ksys_write+0x10/0x10 [ 796.506494][T20370] __do_fast_syscall_32+0x73/0x120 [ 796.506508][T20370] do_fast_syscall_32+0x32/0x80 [ 796.506521][T20370] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 796.506538][T20370] RIP: 0023:0xf7f96579 [ 796.506547][T20370] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 796.506562][T20370] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 796.506572][T20370] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 796.506578][T20370] RDX: 0000000000000918 RSI: 0000000000000000 RDI: 0000000000000000 [ 796.506584][T20370] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 796.506590][T20370] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 796.506596][T20370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 796.506608][T20370] [ 796.665496][T20377] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 796.670055][T20377] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 797.052138][T20384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4001'. [ 797.393816][T20399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4007'. [ 798.470490][T20438] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4017'. [ 798.712767][T20443] lo speed is unknown, defaulting to 1000 [ 798.726249][T20443] »»»»»» speed is unknown, defaulting to 1000 [ 798.830834][T20443] »»»»»» speed is unknown, defaulting to 1000 [ 799.332960][T20460] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4021'. [ 799.405096][T20464] sp0: Synchronizing with TNC [ 799.475169][ T8] hid-generic 0008:000F:0005.0008: unknown main item tag 0x0 [ 799.477344][ T8] hid-generic 0008:000F:0005.0008: item fetching failed at offset 4/25 [ 799.484629][ T8] hid-generic 0008:000F:0005.0008: probe with driver hid-generic failed with error -22 [ 799.490502][T20464] [U] è [ 799.605887][T20469] ntfs3(nbd1): try to read out of volume at offset 0x0 [ 799.622477][T20469] FAULT_INJECTION: forcing a failure. [ 799.622477][T20469] name failslab, interval 1, probability 0, space 0, times 0 [ 799.626062][T20469] CPU: 2 UID: 0 PID: 20469 Comm: syz.1.4026 Not tainted 6.14.0-rc3-syzkaller #0 [ 799.626076][T20469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 799.626084][T20469] Call Trace: [ 799.626088][T20469] [ 799.626093][T20469] dump_stack_lvl+0x16c/0x1f0 [ 799.626110][T20469] should_fail_ex+0x50a/0x650 [ 799.626127][T20469] ? fs_reclaim_acquire+0xae/0x150 [ 799.626141][T20469] ? pfkey_add+0x2653/0x2eb0 [ 799.626185][T20469] should_failslab+0xc2/0x120 [ 799.626197][T20469] __kmalloc_cache_noprof+0x68/0x410 [ 799.626212][T20469] ? __raw_spin_lock_init+0x3a/0x110 [ 799.626231][T20469] pfkey_add+0x2653/0x2eb0 [ 799.626249][T20469] ? __pfx_pfkey_add+0x10/0x10 [ 799.626263][T20469] ? kfree_skbmem+0x1a4/0x1f0 [ 799.626276][T20469] ? sk_skb_reason_drop+0x136/0x1a0 [ 799.626293][T20469] ? pfkey_broadcast+0x2ab/0x460 [ 799.626309][T20469] ? __pfx_pfkey_add+0x10/0x10 [ 799.626323][T20469] pfkey_process+0x6db/0x840 [ 799.626340][T20469] ? __pfx_pfkey_process+0x10/0x10 [ 799.626364][T20469] ? __virt_addr_valid+0x5e/0x590 [ 799.626399][T20469] ? __phys_addr_symbol+0x30/0x80 [ 799.626413][T20469] pfkey_sendmsg+0x43b/0x840 [ 799.626431][T20469] ____sys_sendmsg+0xaaf/0xc90 [ 799.626443][T20469] ? __pfx_____sys_sendmsg+0x10/0x10 [ 799.626453][T20469] ? get_compat_msghdr+0x11b/0x170 [ 799.626471][T20469] ___sys_sendmsg+0x135/0x1e0 [ 799.626486][T20469] ? __pfx____sys_sendmsg+0x10/0x10 [ 799.626506][T20469] ? trace_lock_acquire+0x14e/0x1f0 [ 799.626526][T20469] __sys_sendmmsg+0x2fa/0x420 [ 799.626542][T20469] ? __pfx___sys_sendmmsg+0x10/0x10 [ 799.626561][T20469] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 799.626579][T20469] ? fput+0x67/0x440 [ 799.626590][T20469] ? ksys_write+0x1ba/0x250 [ 799.626603][T20469] ? __pfx_ksys_write+0x10/0x10 [ 799.626619][T20469] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 799.626630][T20469] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 799.626644][T20469] __do_fast_syscall_32+0x73/0x120 [ 799.626657][T20469] do_fast_syscall_32+0x32/0x80 [ 799.626670][T20469] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.626687][T20469] RIP: 0023:0xf7f96579 [ 799.626696][T20469] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 799.626706][T20469] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 799.626716][T20469] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000180 [ 799.626722][T20469] RDX: 000000000400008a RSI: 0000000000000000 RDI: 0000000000000000 [ 799.626728][T20469] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 799.626734][T20469] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 799.626740][T20469] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 799.626752][T20469] [ 800.602573][ T43] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x2bd pfn:0x1223a [ 800.603501][ T79] slab kmalloc-96 [ 800.605165][ T43] flags: 0xfff00000010001(locked|reclaim|node=0|zone=1|lastcpupid=0x7ff) [ 800.605188][ T43] raw: 00fff00000010001 ffffc900006a75a8 ffffc900006a75a8 ffffffff8b7df642 [ 800.605198][ T43] raw: 00000000000002bd 0000000000000000 00000002ffffffff 0000000000000000 [ 800.605204][ T43] page dumped because: VM_BUG_ON_PAGE(!((__builtin_constant_p(PAGE_CLAIMED) && __builtin_constant_p((uintptr_t)(&page->private) != (uintptr_t)((void *)0)) && (uintptr_t)(&page->private) != (uintptr_t)((void *)0) && __builtin_constant_p(*(const unsigned long *)(&page->private))) ? const_test_bit(PAGE_CLAIMED, &page->private) : _test_bit(PAGE_CLAIMED, &page->private))) [ 800.605220][ T43] page_owner tracks the page as allocated [ 800.606952][ T79] start ffff8880228c5000 [ 800.618843][ T43] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12800(GFP_NOWAIT|__GFP_NORETRY), pid 109, tgid 109 (kswapd0), ts 800076006290, free_ts 800071054023 [ 800.624517][ T79] pointer offset 0 size 96 [ 800.627407][ T43] post_alloc_hook+0x181/0x1b0 [ 800.627884][ T79] [ 800.636246][ T79] list_add corruption. next->prev should be prev (ffffe8ffac439150), but was ffffffff848ad950. (next=ffff8880228c5000). [ 800.638155][ T43] get_page_from_freelist+0xfce/0x2f80 [ 800.640422][ T79] ------------[ cut here ]------------ [ 800.642382][ T43] __alloc_frozen_pages_noprof+0x221/0x2470 [ 800.643530][ T79] kernel BUG at lib/list_debug.c:29! [ 800.643583][ T79] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 800.648262][ T43] alloc_pages_mpol+0x1fc/0x540 [ 800.649409][ T79] CPU: 2 UID: 0 PID: 79 Comm: kworker/u32:4 Not tainted 6.14.0-rc3-syzkaller #0 [ 800.649425][ T79] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 800.649433][ T79] Workqueue: zswap1 compact_page_work [ 800.652010][ T43] alloc_pages_noprof+0x131/0x390 [ 800.654844][ T79] [ 800.654851][ T79] RIP: 0010:__list_add_valid_or_report+0xec/0x190 [ 800.654870][ T79] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 a5 00 00 00 48 8b 55 08 48 89 e9 48 c7 c7 c0 44 d3 8b e8 b5 ac d1 fc 90 <0f> 0b 48 89 f7 48 89 34 24 e8 b6 33 33 fd 48 8b 34 24 48 b8 00 00 [ 800.654880][ T79] RSP: 0018:ffffc9000101fb88 EFLAGS: 00010282 [ 800.654889][ T79] RAX: 0000000000000075 RBX: ffff88801223a000 RCX: ffffffff819943d9 [ 800.654895][ T79] RDX: 0000000000000000 RSI: ffffffff8199a74e RDI: 0000000000000005 [ 800.654902][ T79] RBP: ffff8880228c5000 R08: 0000000000000005 R09: 0000000000000000 [ 800.654908][ T79] R10: 0000000000000002 R11: 0000000000000007 R12: ffff88801223a000 [ 800.654914][ T79] R13: ffff8880228c5008 R14: ffffea0000488e80 R15: ffff88801223a008 [ 800.654920][ T79] FS: 0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000 [ 800.654940][ T79] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 800.654949][ T79] CR2: 00000000f3a51000 CR3: 000000004af2e000 CR4: 0000000000352ef0 [ 800.654956][ T79] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 800.654962][ T79] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 800.654968][ T79] Call Trace: [ 800.654972][ T79] [ 800.654977][ T79] ? die+0x31/0x80 [ 800.655025][ T79] ? do_trap+0x232/0x430 [ 800.655042][ T79] ? __list_add_valid_or_report+0xec/0x190 [ 800.669313][ T43] z3fold_zpool_malloc+0x853/0x14f0 [ 800.671645][ T79] ? __list_add_valid_or_report+0xec/0x190 [ 800.671670][ T79] ? do_error_trap+0xf4/0x230 [ 800.675089][ T43] zswap_store+0xfbc/0x26c0 [ 800.676290][ T79] ? __list_add_valid_or_report+0xec/0x190 [ 800.676309][ T79] ? handle_invalid_op+0x34/0x40 [ 800.676321][ T79] ? __list_add_valid_or_report+0xec/0x190 [ 800.717038][ T79] ? exc_invalid_op+0x2e/0x50 [ 800.718515][ T79] ? asm_exc_invalid_op+0x1a/0x20 [ 800.719978][ T79] ? __wake_up_klogd.part.0+0x99/0xf0 [ 800.721543][ T79] ? vprintk_emit+0x39e/0x6f0 [ 800.722892][ T79] ? __list_add_valid_or_report+0xec/0x190 [ 800.724809][ T79] ? __list_add_valid_or_report+0xeb/0x190 [ 800.726934][ T79] do_compact_page+0x10f2/0x27b0 [ 800.728654][ T79] ? lock_acquire+0x2f/0xb0 [ 800.730129][ T79] ? process_one_work+0x921/0x1ba0 [ 800.731799][ T79] process_one_work+0x9c5/0x1ba0 [ 800.733536][ T79] ? __pfx_compact_page_work+0x10/0x10 [ 800.735195][ T79] ? __pfx_process_one_work+0x10/0x10 [ 800.736765][ T79] ? assign_work+0x1a0/0x250 [ 800.738411][ T79] worker_thread+0x6c8/0xf00 [ 800.739771][ T79] ? __kthread_parkme+0x148/0x220 [ 800.741448][ T79] ? __pfx_worker_thread+0x10/0x10 [ 800.743380][ T79] kthread+0x3af/0x750 [ 800.744941][ T79] ? __pfx_kthread+0x10/0x10 [ 800.746685][ T79] ? lock_acquire+0x2f/0xb0 [ 800.748426][ T79] ? __pfx_kthread+0x10/0x10 [ 800.750190][ T79] ret_from_fork+0x45/0x80 [ 800.751942][ T79] ? __pfx_kthread+0x10/0x10 [ 800.753722][ T79] ret_from_fork_asm+0x1a/0x30 [ 800.755551][ T79] [ 800.756739][ T79] Modules linked in: [ 800.758826][ T79] ---[ end trace 0000000000000000 ]--- [ 800.760750][ T79] RIP: 0010:__list_add_valid_or_report+0xec/0x190 [ 800.763100][ T79] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 a5 00 00 00 48 8b 55 08 48 89 e9 48 c7 c7 c0 44 d3 8b e8 b5 ac d1 fc 90 <0f> 0b 48 89 f7 48 89 34 24 e8 b6 33 33 fd 48 8b 34 24 48 b8 00 00 [ 800.771324][ T79] RSP: 0018:ffffc9000101fb88 EFLAGS: 00010282 [ 800.773668][ T79] RAX: 0000000000000075 RBX: ffff88801223a000 RCX: ffffffff819943d9 [ 800.776633][ T79] RDX: 0000000000000000 RSI: ffffffff8199a74e RDI: 0000000000000005 [ 800.779786][ T79] RBP: ffff8880228c5000 R08: 0000000000000005 R09: 0000000000000000 [ 800.782860][ T79] R10: 0000000000000002 R11: 0000000000000007 R12: ffff88801223a000 [ 800.785807][ T79] R13: ffff8880228c5008 R14: ffffea0000488e80 R15: ffff88801223a008 [ 800.788951][ T79] FS: 0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000 [ 800.792256][ T79] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 800.794766][ T79] CR2: 00000000f3a51000 CR3: 000000004af2e000 CR4: 0000000000352ef0 [ 800.797776][ T79] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 800.800748][ T79] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 800.803623][ T79] Kernel panic - not syncing: Fatal exception [ 800.806741][ T79] Kernel Offset: disabled [ 800.808439][ T79] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:43:09 Registers: info registers vcpu 0 CPU#0 RAX=0000000001e34934 RBX=0000000000000000 RCX=ffffffff8b550469 RDX=ffffed1005686f86 RSI=ffffffff8bd342c0 RDI=ffffffff81907289 RBP=fffffbfff1bd2ee8 RSP=ffffffff8de07e20 R8 =0000000000000000 R9 =ffffed1005686f85 R10=ffff88802b437c2b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8de97740 R14=ffffffff90627010 R15=0000000000000000 RIP=ffffffff8b55184f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080800000 CR3=0000000025a08000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 EAX=00005a96 EBX=00000000 ECX=400000b4 EDX=00000000 ESI=00005a96 EDI=00000000 EBP=00000000 ESP=0000dcde EIP=0000029a EFL=00010086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 00000000 0000ffff 00009300 CS =0000 00000000 0000ffff 00009b00 SS =0000 00000000 0000ffff 00009300 DS =0000 00000000 0000ffff 00009300 FS =0000 00000000 0000ffff 00009300 GS =0000 00000000 0000ffff 00009300 LDT=0000 00000000 0000ffff 00008200 TR =0000 00000000 0000ffff 00008b00 GDT= 00000000 0000ffff IDT= 00000000 0000ffff CR0=00000030 CR2=00000000 CR3=00000000 CR4=00002040 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000000 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000023 RCX=ffffffff8199a97a RDX=ffff8880200e8000 RSI=ffffffff8199a966 RDI=0000000000000001 RBP=1ffff92000203ed7 RSP=ffffc9000101f6a8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=6e69203a73706f4f R12=0000000000000001 R13=0000000000000000 R14=ffff88801d304880 R15=ffffc9000101f770 RIP=ffffffff8199a968 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f3a51000 CR3=000000004af2e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73acff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=000000000000001f RCX=ffffffff8199a97a RDX=ffff88801d304880 RSI=ffffffff8199a966 RDI=0000000000000001 RBP=1ffff920000d4e38 RSP=ffffc900006a71b0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=705f636f6c6c6120 R12=0000000000000001 R13=0000000000000200 R14=ffff8880200e8000 R15=ffffc900006a7278 RIP=ffffffff8199a968 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000025a86000 CR4=00352ef0 DR0=0000000000000002 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000018800000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000