last executing test programs: 43.856983636s ago: executing program 2 (id=1860): mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) chdir(&(0x7f0000000140)='./file0\x00') r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000001300)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x28, 0x8, 0x0, 0x5, 0x0, 0x3e, 0xf, 0x20b, 0x40, 0x343, 0x2, 0x2, 0x38, 0x1, 0x1, 0x8, 0x2}, [{0x0, 0x5, 0xffffffffffffffff, 0x9, 0x1, 0xd329686, 0xfffffffffffffffa, 0x8}], "", ['\x00', '\x00', '\x00', '\x00']}, 0x478) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0xccffffffffffffff, 0x1f, 0x1}}, 0x3c) 43.770220483s ago: executing program 2 (id=1861): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x4000, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$snapshot(0xffffff9c, &(0x7f00000001c0), 0x8001, 0x0) unshare(0x68060200) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x14, 0x0, @val=@kprobe_multi=@syms={0x1, 0x8, &(0x7f0000000680)=[0x0, 0x0, &(0x7f0000000480)='\x00', &(0x7f0000000540)='\x00', 0x0, &(0x7f00000005c0)='.\x00', &(0x7f0000000600)='!+*\x00', &(0x7f0000000640)='\x00'], 0x0, 0x401}}, 0x30) getsockopt$EBT_SO_GET_ENTRIES(r3, 0x0, 0x81, &(0x7f0000000240)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f00000002c0)=0x78) r4 = syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0xfffffffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, r0, 0x2, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x5e9d252172e48d3a, @fd_index}) io_uring_enter(r4, 0xa3d, 0x0, 0x0, 0x0, 0xff39) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x3}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x8}}}}]}, 0x38}}, 0x0) msgctl$IPC_INFO(0x0, 0x3, 0x0) 42.874566261s ago: executing program 2 (id=1866): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) syz_emit_ethernet(0x42, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)) syz_usbip_server_init(0x4) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1700bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) unshare(0x20020680) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f000000dc40)={&(0x7f00000007c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_skbedit={0x48, 0x1, 0x0, 0x0, {{0xc}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0xfffffffc}}]}, {0x4}, {0xc, 0x9, {0x41}}, {0xc, 0x4, {0x2}}}}]}]}, 0x60}}, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40440, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) unshare(0x22020600) unshare(0x2a020480) 41.275796188s ago: executing program 2 (id=1881): r0 = openat$urandom(0xffffff9c, &(0x7f0000000000), 0x280440, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000000140)=0x9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000002500), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0x6805, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) removexattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=@random={'btrfs.', '[^\x00'}) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x34, r8, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x5, 0x24, [{0x60, 0x1}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="f7"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x34}}, 0x20000040) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x800000, 0x25dfdbff, {0x2, 0x18, 0x0, 0x0, r4}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0) 41.169980689s ago: executing program 2 (id=1882): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) syz_io_uring_setup(0x7934, 0x0, &(0x7f0000000080), 0x0) syz_io_uring_setup(0xa91, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0xf, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) mincore(&(0x7f00005ec000/0x1000)=nil, 0x1000, &(0x7f0000000300)=""/159) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000040)=0xfa2, 0x4) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, 0x0) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) 41.134522481s ago: executing program 2 (id=1883): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) socketpair$unix(0x1, 0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mincore(&(0x7f00005ec000/0x1000)=nil, 0x1000, &(0x7f0000000300)=""/159) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 41.044652551s ago: executing program 32 (id=1883): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) socketpair$unix(0x1, 0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mincore(&(0x7f00005ec000/0x1000)=nil, 0x1000, &(0x7f0000000300)=""/159) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 3.198646333s ago: executing program 3 (id=2186): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf25010000000c0004000200000000003f000c00060001000000000000000c00020007000000000000000c00080001000000000000001c0007"], 0x60}}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000f57000/0x1000)=nil, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x38, 0x7b}) r4 = dup(r2) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r4}, &(0x7f0000000180), &(0x7f00000001c0)) syz_open_procfs(0x0, &(0x7f0000000480)='net/ip_mr_cache\x00') r5 = socket(0x2b, 0x80801, 0x1) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) dup3(r7, r6, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r8, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f00000001c0)) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"}) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x98, 0x0, &(0x7f0000001540)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000300)={0x44, 0x0, &(0x7f0000000b80)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x0, 0x0, @empty, 0x1}, 0x1c) add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='R', 0x1, 0xfffffffffffffffd) add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)='e', 0x1, 0xfffffffffffffffe) 2.539492033s ago: executing program 1 (id=2196): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x2000}, 0x0) signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x7, 0x5]}, 0x8, 0x800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x4004010) prctl$PR_SCHED_CORE(0x3e, 0x80000000001, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680)) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000440)) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000400)) pread64(0xffffffffffffffff, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) syz_init_net_socket$rose(0xb, 0x5, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./bus\x00', 0x0, 0x2209000, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000030000,user_i', @ANYRESDEC=0x0, @ANYRESHEX=r2, @ANYRESDEC=0x0, @ANYRESDEC=0x0, @ANYBLOB="39001d0127095c8a367a65bf58b7f7954f2b7e934566c35fa92795cb1b58fae21df594177cfd36ae834c46b6795a780e0073cf52614b359aa477551b7151c04798ee14637350bbd85089e25750f8afc901edaa49d050d63406aa"]) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYRES8=r1, @ANYRES64], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) openat$zero(0xffffff9c, &(0x7f0000000240), 0x664d82, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) 2.191915175s ago: executing program 3 (id=2201): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x38}]}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x48, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x8, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd8}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000) 2.165819958s ago: executing program 4 (id=2203): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0xa4, 0x0, 0x1, 0x401, 0x0, 0x3a00, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'Q.931\x00'}}]}, 0xa4}}, 0x0) 2.099617292s ago: executing program 3 (id=2204): socket$nl_netfilter(0x10, 0x3, 0xc) socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x20, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_kthread_stop\x00'}, 0x10) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x40}}, 0x0) io_setup(0x2, &(0x7f0000000180)=0x0) r6 = socket(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_vlan={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x3f00}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PUSH_VLAN_ID={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x4, 0xf, 0x6, 0x5a73}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) io_submit(r5, 0x0, &(0x7f0000000240)) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) get_mempolicy(0x0, 0x0, 0xfffffffffffffefe, &(0x7f0000340000/0x3000)=nil, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) 2.099149153s ago: executing program 4 (id=2205): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000080000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x176) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r6, r7, 0x6, 0x0, @void}, 0x10) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') preadv(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/79, 0x4f}], 0x1, 0x3ffffe, 0x1) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x48}}, 0x20050800) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000001ac0), 0x6) ioctl$sock_bt_hci(r10, 0x800448d7, &(0x7f0000000000)) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r12, &(0x7f0000000000), 0xfffffecc) ioctl$KVM_GET_VCPU_EVENTS(r11, 0x4048aecb, &(0x7f0000000080)) 1.719700347s ago: executing program 0 (id=2209): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x13c, 0x30, 0x1, 0x0, 0x0, {}, [{0x128, 0x1, [@m_ct={0xf8, 0x2, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_MARK_MASK={0x8, 0x6, 0x1}]}, {0xc8, 0x6, "d7d120bffea51ec60de67a21f82271c126e37a28f6cd80114a5723acfafafb7fe4d25cecdea324661f1b050a20f36da7fbe13a873df4eda7f900d85d0cd3a4696eac59ef4b761c2e84b1fae6dbe48fbba1c055322d024022b37ecccec01db2948195d1505eac255c9a91e321fe41590e3fb6a9ea1d373b1c0fe65f601ef500547cba1925a220d0a99ed9079b9f978b6931a2df08a1b78e62becc6cc026c86f39b3797c4c5452008d8624b17c45d547b2c62c0e66d584959536dade4563b4852a73d178f2"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYRES32, @ANYRESHEX=r2, @ANYBLOB], 0x48) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x12, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808001e005a600000000000000000", @ANYRES32=r3, @ANYRESOCT, @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x40000) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0x0, 0x27f}) ioctl$sock_bt_hci(r5, 0x800448d3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r6, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) shutdown(r6, 0x1) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0xc006) quotactl$Q_SETINFO(0xffffffff80000602, &(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000380)={0x40, 0x1, 0x1, 0x2}) r8 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$CDROMREADTOCHDR(r8, 0x5305, &(0x7f0000000040)={0x8, 0x4}) 1.639162591s ago: executing program 1 (id=2210): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c00000010000104000000000000000000000600", @ANYRES32=r2, @ANYBLOB="047405000000000008001b0003000000140003006272696465655f736c6176655f30"], 0x3c}, 0x1, 0x0, 0x0, 0x408c5}, 0x0) 1.638920638s ago: executing program 1 (id=2211): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@func_proto, @func={0x4, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x36, 0x0, 0x1, 0x0, 0x20000000, @void, @value}, 0x28) 1.63852966s ago: executing program 1 (id=2212): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = dup2(r1, r1) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000000c0)) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = eventfd(0x0) r5 = getpid() r6 = getpid() r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00') kcmp$KCMP_EPOLL_TFD(r5, r6, 0x7, r4, &(0x7f0000000000)={r7, 0xffffffffffffffff, 0x5}) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r8 = getpid() process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRES16=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={0x0, r9}, 0x10) r10 = socket(0x21, 0x2, 0x10000000000002) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(r10, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r2, &(0x7f0000000000)="7800000018001f05b9409b0dffff000d0203be040205060506014007040012000f000000fac8388827a685a168d9a4c6040045653600648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902003a03004a32000400040012000a00000000000000000000080756ede4ccbe5880", 0x78, 0x0, 0x0, 0x0) r11 = socket$unix(0x1, 0x1, 0x0) r12 = syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0x0, 0x200, 0xfffffffd}, &(0x7f0000000100), &(0x7f0000000140)) sendmsg$unix(r11, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0f0000000000000001000004", @ANYRES32=r12], 0x10}, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040)) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e0700022008"], 0xa) socket$key(0xf, 0x3, 0x2) 1.419943223s ago: executing program 0 (id=2213): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'ip6gretap0\x00', 0x0}) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB(r2, 0xc01c64ae, 0x0) unshare(0x62040200) r3 = gettid() sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="280000001000010000000000000000feffffff00", @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0) 1.344357893s ago: executing program 1 (id=2214): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) syz_io_uring_setup(0x7934, 0x0, &(0x7f0000000080), 0x0) syz_io_uring_setup(0xa91, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0xf, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) mincore(&(0x7f00005ec000/0x1000)=nil, 0x1000, &(0x7f0000000300)=""/159) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000040)=0xfa2, 0x4) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.266304377s ago: executing program 0 (id=2215): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2}) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1, &(0x7f0000000180)=0x100, 0x4) (async) syz_emit_ethernet(0x2a, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @address_request={0x11, 0x0, 0x0, 0x112b1737}}}}}, 0x0) (async) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000b) mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2410, &(0x7f00000001c0)={[{}]}) (async) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000100)={@empty, 0x1, 0x0, 0x90, 0x0, [{@broadcast}, {@private}, {@multicast1}, {@empty}, {@loopback}, {@local}, {}, {@private}, {@private}]}}) syz_emit_ethernet(0x36, &(0x7f0000001800)={@multicast, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x66, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x4010001, 0x0, 0xfffffffc}}}}}, 0x0) 1.266044963s ago: executing program 0 (id=2216): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r1, &(0x7f0000000300)='1\x00', 0xffffff4a) 1.187017173s ago: executing program 0 (id=2217): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) syz_io_uring_setup(0x7934, 0x0, &(0x7f0000000080), 0x0) syz_io_uring_setup(0xa91, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0xf, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) mincore(&(0x7f00005ec000/0x1000)=nil, 0x1000, &(0x7f0000000300)=""/159) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000040)=0xfa2, 0x4) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 1.177014889s ago: executing program 3 (id=2218): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000500)={"a0453822", 0x0, 0x6, 0x2, 0x0, 0x0, "33793e77df2a87ba315ab8da00", "f9fe8002", "acc28000", "1eb15fbb", ["d8085781ae0cff21223446fe", "51f3d17dc9ed6f291acb3a10", "2ce50f8a285d9500c522afe1", '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00']}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f0000000480)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0x80, 0x103ba, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'geneve0\x00'}) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a00000005000100060000000500040000000a000900020073797a300000000014000300686173683a69702c706f72742c697000140007800800084000002f5408000640"], 0x60}}, 0x0) 1.099435885s ago: executing program 4 (id=2219): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000500)={"a0453822", 0x0, 0x6, 0x2, 0x0, 0x0, "33793e77df2a87ba315ab8da00", "f9fe8002", "acc28000", "1eb15fbb", ["d8085781ae0cff21223446fe", "51f3d17dc9ed6f291acb3a10", "2ce50f8a285d9500c522afe1", '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00']}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f0000000480)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0x80, 0x103ba, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000002000000000000000000818110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'geneve0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@delchain={0x24, 0x11, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r6, {0x10, 0xf}, {0xffff, 0x5}, {0x7, 0xfff2}}}, 0x24}}, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a69702c706f72742c697000140007800800084000002f5408000640"], 0x60}, 0x1, 0x1f}, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r9 = socket(0x28, 0x1, 0x0) connect$packet(r9, &(0x7f0000000000)={0x28, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r10 = accept4(r8, 0x0, 0x0, 0x0) recvmmsg$unix(r10, &(0x7f0000001540)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/44, 0x10b8c}], 0x1}}], 0x1, 0x2001, 0x0) 436.56286ms ago: executing program 1 (id=2220): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) syz_io_uring_setup(0x7934, 0x0, &(0x7f0000000080), 0x0) r1 = syz_io_uring_setup(0xa91, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x40844}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_GET_TAGGED_ADDR_CTRL(0x38) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x20010, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) mincore(&(0x7f00005ec000/0x1000)=nil, 0x1000, &(0x7f0000000300)=""/159) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000cc0)="0015c60fdf7c171fcebb8028fc529c5a64df0bd70a0fac716685afe69a49b487e59dc31990ee86762cf216643d32b7def29780593b2aa0a3f5e6a3937ae038f3ba36433caa8b844317b57c93b347fa808cc86ffc840ad759dea7d279487d2a2c73d8ac9349c3b99173d3454431d3c3efe6d9c217481fd85498f15a807b7725bec0f7fa2f19d65e2e05611280449b71f5ed5f10f1d90186077765e257d00498780bdcfbbdc052d07903d487a24b9bba0ef13c441d1995b23cdb2ea6f9dce5c0bf42af7545555806fb391e4eae16b0e8b12e64e16eb431844918616a0a7b724efdb705f831805256ec1cb86d4e57e526023a0d161a5e02d90965a5f1d46c419f16f1e1b6166bacc3e3f4ee4d923b1c6509e5462b7f193efd37091410838d1b0e9cc331e47164a1cf8eb53dd65cad72d2ee6216d9a821353099f8f4e997192a", 0x13e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r5, 0x29, 0x48, &(0x7f0000000040)=0xfa2, 0x4) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000240)=0xb0000) r7 = syz_io_uring_setup(0x49ca, &(0x7f0000000140)={0x0, 0x88e1, 0x100, 0x3, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r6, 0x7ac, &(0x7f0000000c80)={&(0x7f0000000840)={{@my=0x1, 0x2f}, {@my=0x1, 0xd3}, 0x400, "038176d00f6cefd8a51efc38753266400e5419ae78987e4d0374159b00500d3489858a40101c0c306339eb40fbd02ab4cc1d6ac9d66cf173e4b53b6dd5189f4435f6c7cdacb69c19fb5e6a27e28a558756d680e3e64e0c90b02070f92dc3f839aebfbb2d70236b1a1584a81417cb414c49d52b199a09f6fc5cd7f851f2b15b0b38aef45fe5acd7ca95844bfdef519d6cfdc0357da731636c6363fe27480113ab421df7d9e8633f2dc87d81c7ff215cf74bd6e8c219be04b821620517b4fcbadb18c3e5be93ef54cd0ae94c638de0b3f70d31211e28c254ecd652eb0bb9ec5c0a280f475a24918eadd8c84bf5262f8b7014aff501e04d49029fc968356d7936087d7896bdc5fcb01fb96ee482fbf3e7b1f2f3f4ffcf2e1746e759bb84862801ee4afcfba26b132f16efd29a6c55d1717e77d36805a66b51e9b725c17115d82f9fbe34378991323f2468c3e9081191d473991cd4ddbf99a99aa53a3ae16e4dc4b6b2550f24e14645933e6a4b62ed3ad112c861b4ff1744932f34144d7ec53d570cbbb4f2d7c716a06742f9edf3d70359d1690072f2b3943e5b33102016ddb386d6d986caa89bf594c30dd07009de381635251be029547027b6037f37e4b4445c1a4cb0878916b616be4d92962afa3fd38288e6f8b366fd14b17e6c99709d200abf5b58b4e5e4e75fbc2f8520a305e8c9a77f702c29a625a90361f40c326a47d2f705f67875670538f8f66c48c7ddba7675f7d9ec70dd80d0305cf16a07e801837d2463115f230dfd2006f418ed4cb104602f7c45c0a070e101a94ba0dd67a13478e17eb10b7fc2df3f643a6984562f2735f83545616a81f203993aa90fdec4ded8f410ece44aaf724eb9a272af13d48ed30acc0487bd5f94480854064bb2fb6e5a9753a1c51b2374f6691f55494feff1232a267dc943b88a851c7d67c20b76488ec731cd1ea84fad3ab99e3703a0333addad5969b0f6a78544e47eca9ecdd671c5f5e149504dc08a3c3bab944eb0f591a6f078c922930db3729645e388dc554b0b307c45dd603ec7a936c96a88c13b8d078090d65b164854c3202ead68a419940bc5764a158de6527281e2bb0b54c63f1dcdedb891346bbe5a5afc83fdc397968e38dd97805f314dda19a854f8e79bf890af4682392278fad372f2ffd1daa9bb2d7076d66a522e1dbaf2f441c70df3124927d67f9158c9c57e09cc6fd6fd8c37a5ae8ef30b5e1ba0ab727dbca502c576d0cbe910bb1262f559a87426f8d714c2d8cf066e6f9aec76831ba2c05b1d2479e62d005847306d0c2c1c2b906b227e8fb05761af0efc83ddf24806867854dfe9e2aa9c0f8cb851ea5374f47fa65165e9ed32bc7e4af73b3bc3af30e0b8d89fe93926a9e06095e0f0bf51892a598c07024d5ae24f90393474f56c8338ba8b3527b50ba36ef8719e9afab956e0483c481166"}, 0x418, 0x6}) io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000800)={&(0x7f0000001000)={[{&(0x7f00000003c0)="c427d2f6bb1f48441bee9460a5cf066422c29b430b0c0ff18ee3b12f51336ef5d502a9932c1a6ad597f5351f775b0b34b801ed410b98ffba163ae3dc60956e58ecc002f026540423204eff7fae1a5ed768bddf5acfec9220c2a1356cecce2f11234fb5a57bf2a9bdce59d90ac20c0696ba2fd20bdb09ef16a7c66614ed5458", 0x7f, 0x3}, {&(0x7f0000000440)="0c5ba117b5c239eed7fcc2581ace777ed83e5bbb2bcc11b393aa66fb7c27c72267a212effc90eed8d3fc9eb921585faceb053ab420d502759a247bea68dd998fa3841b986b6c6a2168eb56d74519570295277dd385aebb0453c82276675b05d4f9922ecde798f797a5521affdc65deb5c2feb354090b7531438508d593b555a1ea29f4c2f4a7114f3d75cc07fd73f0b0eabb4284a906b194408a00", 0x9b, 0x3}, {&(0x7f0000000100)="7e13985438b61eb3b0d7454910289f2b47140f016cbf73cde71417b5463694a6848dfa3421b694fc6bdc23254be50b10772fdac7b6db6f2f21ed", 0x3a, 0x1}, {&(0x7f0000000500)="ed002c009dd90701b00d3d50b2b5f1c28474ca2ef79b3faf5d6afd0a953fdb288fb8285b1e75493264fbb9fe1ca49291e5f1c494bf00b619b89dfc833a5f4471a5e36da90fc2", 0x46, 0x1}, {&(0x7f0000000580)="8f47ad21e93156feebb22170f999bb", 0xf, 0x3}, {&(0x7f00000005c0)="ec0ced68e1d45e18287b6bfc8d1bd8225bf476d24132f9798d4052fb5fb9c043f74d45f5d0bf1d19338e7f6905e7b8496b69d901ab46be76c2219e145adcdbee424dc0cf8c20b84249999d4153adf1f093510dd25d5e6954070e17d7b4e968a25f041e63e0be8c778161e64791b0de2f607026999b3e2c62d9d3b3d132246e9e", 0x80, 0x2}, {&(0x7f0000000640)="8291cc81f32cb008ceacbb3ae7d7a86a53e0503e9e9336b4114a369d118e1b84f6621f14341236690f2a92bd4df17d9baeae0a5730ae08492afffabb94e04cb00628dbcc8fa70accb89959ec9024b2a892fa01abcfe62bdcedb128b651ee2f733d46b3d2cf2ffaaa70b014cd11fea6ef7388fe1eab560fb49c884eb3cf8809eda788bc9b9697a2cf2656b9d121714249e37a665a34dd87c18785d4dd5f750a681a1ec75cd333f4de33cda3bcbbd355e6de16f1edf2fd8b3edc76466b3a602bfe38a3fe60f687adb92bf1f40c0e198eb2f443", 0xd2, 0x3}, {&(0x7f0000000740)="268bcb6e6a1cabad7b9670469d15fb8511a7765dc7c4fd53ae9284697b9ccbdfc435386c8809721d4d6360a16d0d0bb6ef15217ad9c2327b87c377d6b7b962ec453bbd5465b1a1549d58b994703324e38ad6c8acce35cda869255db162b0243a93290c644b82c3c5bf9d6742aeceb8fa2fdc4b74481ce24c001875b31b44e77420a36b94e1c9806525ebaef4cc7e5ea84dfc3eef5b73da1fbad47f3c38fb2265068f9673701d6a243ece08c00cbe31c8", 0xb0, 0x2}]}, 0x8, 0x3}, 0x1) io_uring_enter(r7, 0x47f6, 0x0, 0x0, 0x0, 0x0) 259.602147ms ago: executing program 0 (id=2221): ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x2f, 0x69, 0x1, 0xfffffffd, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @private1, 0x10, 0x80, 0x10001, 0x5}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtclass={0x5c, 0x28, 0x1, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r0, {0xd, 0xd}, {0x617c5e54c424abee, 0xc}, {0xfff3, 0x4}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x30}}, @TCA_RATE={0x6, 0x5, {0x7, 0x40}}, @TCA_RATE={0x6, 0x5, {0xf9, 0x4}}, @tclass_kind_options=@c_red={0x7}, @TCA_RATE={0x6, 0x5, {0x7, 0x3}}, @TCA_RATE={0x6, 0x5, {0x8, 0x9}}, @TCA_RATE={0x6, 0x5, {0x1, 0x9}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="7a0a00ff0000000071107200000000009500"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$igmp(0x2, 0x3, 0x2) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r4, 0x2) r5 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r5, 0x1) flock(r4, 0x1) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) shutdown(0xffffffffffffffff, 0x0) socket$l2tp6(0xa, 0x2, 0x73) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff) r7 = userfaultfd(0x1) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20280, 0x0) read(r8, &(0x7f0000000040)=""/148, 0xffffff96) 254.108795ms ago: executing program 3 (id=2222): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x1800}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_NAME={0xe, 0x1, 'conntrack\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x30, 0x0, 0x0, {0x2}}}, 0xd0}}, 0x0) 179.899337ms ago: executing program 3 (id=2223): socket(0x1e, 0x4, 0x0) r0 = socket(0x2b, 0x6, 0x9) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x4}}, './file0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) pidfd_getfd(r3, r3, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r5, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x300, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$SG_GET_REQUEST_TABLE(r7, 0x2275, &(0x7f00000018c0)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) listen(r0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000000000063010c000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0xdc}}, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r8, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r8, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "b1fe00", "9e8ecc7bb5352776725e1047711330ff2bb17b550800", "dc5d3f00", "46b0dc72b7b1d30e"}, 0x38) r9 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) 179.685513ms ago: executing program 4 (id=2224): r0 = socket$inet6(0xa, 0x6, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r1, 0x4b4c, &(0x7f0000000080)) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r2 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x5) sendmmsg(r2, &(0x7f0000008700)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002880)=[{0xc, 0x10d, 0x8}], 0xc}}], 0x2, 0x1) r3 = memfd_create(&(0x7f0000000100)='+\x88\xc7s\x00\x00\x942nodev\x00\x00\x8cZ_Pv\x03\xa7\xc1\b\xec\x90Q\x85\x83\xcd\x16\xdcw\'\x8a\xe5N\x8c\x17\xfd\xc5\xad\xd5y\x15\x1fx\x17\f\xbc\xd1.\x8cA\x17\x86\xb7-j!Y\x92\xd9\xc4\r8\xd0\xc9X\xa7\x11\xa3\xf0\x8a*\xbc\x87\xcd\x1fl\xfc\xf3]\xb8\xbd\x02\v<\fl\xa6]\xa5\xfb\x05\xcb\x9c\xe2\xc8\x05\xa5\xa5\xeb\xa9\xef\xe3\xf1b\x81\xec\xac\xb6\x80\xd5\xf5S\x85\x06O\x05\xb8\xa1\x15\xcc\x17\xe8s\x95\x95B\xee_\x98\x91)\xe7\xa8+\x8c\xee\x83@q\x16\xcf3\x0f\x81\xa8\xa9`i\x01m:\xcc\x1c\xed<\xcfA3n\xfd\n>\x03\xae\f \xdbH\'\x05\x82\xdbLE\x14\xcdq\x1abcf\xdb8\xe9a\xa8\x00'/201, 0x2) fcntl$addseals(r3, 0x409, 0x12) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e009d0800000000000000000b00000000000100", @ANYRES32=0x1], 0x50) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001540), 0x180, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x10) r7 = dup(r6) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000000000070000040"]) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0) 49.812997ms ago: executing program 4 (id=2225): r0 = syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r1, &(0x7f0000000300)='1\x00', 0xffffff4a) 0s ago: executing program 4 (id=2226): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) setns(r0, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x10, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0xcb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x3c, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x10f, 0x1, @scatter={0x0, 0x0, 0x0}, &(0x7f00000004c0)="851666ce20db96ab0c7d83e114e7ce1762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5b86752639bf37ab325c16dc2f3d4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc8075451bcd5c081a8db84ff509a2f874daf6b3ddff977834d87fc0de3220a4041526a", 0x0, 0x10, 0x5bb727690d5f0ff6, 0x0, 0x0}) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_subtree(r3, 0x0, 0x2, 0x0) write$cgroup_subtree(r4, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000881}, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r6 = socket(0x22, 0x2, 0x1) r7 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) recvmsg$kcm(r6, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): ] ? __phys_addr_symbol+0x30/0x80 [ 258.036982][T11963] ? __check_object_size+0x488/0x710 [ 258.038529][T11963] netlink_sendmsg+0x8b8/0xd70 [ 258.040349][T11963] ? __pfx_netlink_sendmsg+0x10/0x10 [ 258.042129][T11963] ____sys_sendmsg+0x9ae/0xb40 [ 258.043609][T11963] ? __pfx_____sys_sendmsg+0x10/0x10 [ 258.045132][T11963] ? get_compat_msghdr+0x11b/0x170 [ 258.046791][T11963] ___sys_sendmsg+0x135/0x1e0 [ 258.048331][T11963] ? __pfx____sys_sendmsg+0x10/0x10 [ 258.050438][T11963] ? __pfx_lock_release+0x10/0x10 [ 258.051925][T11963] ? trace_lock_acquire+0x14e/0x1f0 [ 258.053457][T11963] ? __fget_files+0x206/0x3a0 [ 258.054945][T11963] __sys_sendmsg+0x16e/0x220 [ 258.056552][T11963] ? __pfx___sys_sendmsg+0x10/0x10 [ 258.058362][T11963] __do_fast_syscall_32+0x73/0x120 [ 258.060318][T11963] do_fast_syscall_32+0x32/0x80 [ 258.061722][T11963] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 258.063560][T11963] RIP: 0023:0xf7f88579 [ 258.064747][T11963] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 258.071550][T11963] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 258.074721][T11963] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000340 [ 258.077710][T11963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 258.080158][T11963] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 258.082453][T11963] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 258.084728][T11963] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 258.087018][T11963] [ 258.677647][T11978] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1499'. [ 258.789235][T11983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1501'. [ 259.220984][T12009] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1503'. [ 259.782633][T12016] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1509'. [ 259.833855][T12023] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 260.110956][T12042] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1516'. [ 260.114463][T12042] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1516'. [ 260.785151][T12053] overlay: filesystem on ./file1 not supported [ 261.968067][T12095] FAULT_INJECTION: forcing a failure. [ 261.968067][T12095] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 261.972842][T12095] CPU: 0 UID: 0 PID: 12095 Comm: syz.0.1529 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 261.975963][T12095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 261.979028][T12095] Call Trace: [ 261.979943][T12095] [ 261.980778][T12095] dump_stack_lvl+0x16c/0x1f0 [ 261.982258][T12095] should_fail_ex+0x497/0x5b0 [ 261.983597][T12095] copy_fpstate_to_sigframe+0x894/0xb20 [ 261.985148][T12095] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 261.986892][T12095] ? lock_acquire+0x2f/0xb0 [ 261.988143][T12095] ? posixtimer_deliver_signal+0x1ad/0x650 [ 261.989799][T12095] ? posixtimer_deliver_signal+0x1ad/0x650 [ 261.991432][T12095] ? find_held_lock+0x2d/0x110 [ 261.993195][T12095] get_sigframe+0x4aa/0x9c0 [ 261.995102][T12095] ? __pfx_get_sigframe+0x10/0x10 [ 261.997004][T12095] ? _raw_spin_unlock_irq+0x23/0x50 [ 261.998576][T12095] ? siginfo_layout+0x177/0x290 [ 261.999934][T12095] ia32_setup_rt_frame+0xe4/0xb30 [ 262.001350][T12095] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 262.002936][T12095] arch_do_signal_or_restart+0x47b/0x7e0 [ 262.004482][T12095] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 262.006211][T12095] syscall_exit_to_user_mode+0x150/0x2a0 [ 262.007797][T12095] do_int80_emulation+0x111/0x200 [ 262.009180][T12095] asm_int80_emulation+0x1a/0x20 [ 262.010576][T12095] RIP: 0023:0xf7fa0577 [ 262.011726][T12095] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 262.017022][T12095] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000174 [ 262.019266][T12095] RAX: 0000000000000174 RBX: 0000000000000008 RCX: 0000000020000840 [ 262.021442][T12095] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 262.023722][T12095] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 262.026259][T12095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 262.029351][T12095] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 262.032395][T12095] [ 262.033827][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.468078][T12085] ceph: No mds server is up or the cluster is laggy [ 263.940513][T12135] 9pnet: Unknown protocol version 9p200 [ 264.325247][T12123] ceph: No mds server is up or the cluster is laggy [ 264.777211][T12159] netlink: 'syz.2.1542': attribute type 10 has an invalid length. [ 264.839123][T12161] netlink: 'syz.2.1542': attribute type 10 has an invalid length. [ 265.060027][T12142] ceph: No mds server is up or the cluster is laggy [ 265.126000][T12165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1544'. [ 267.004407][T12225] netlink: 'syz.1.1559': attribute type 10 has an invalid length. [ 267.025750][ T35] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 267.197928][ T35] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 267.201440][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.206679][ T35] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 267.210156][ T35] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 267.213496][ T35] usb 5-1: Manufacturer: syz [ 267.218638][ T35] usb 5-1: config 0 descriptor?? [ 267.295703][ T35] rc_core: IR keymap rc-hauppauge not found [ 267.297340][ T35] Registered IR keymap rc-empty [ 267.300245][ T35] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 267.303793][ T35] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input58 [ 267.334762][T12234] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 267.336635][T12234] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 267.340005][T12234] vhci_hcd vhci_hcd.0: Device attached [ 267.526272][ T8] vhci_hcd: vhci_device speed not set [ 267.586149][ T8] usb 41-1: new full-speed USB device number 4 using vhci_hcd [ 268.291771][T12251] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1562'. [ 268.344165][T12250] netlink: 'syz.1.1562': attribute type 4 has an invalid length. [ 268.346903][T12250] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1562'. [ 268.556064][T12239] vhci_hcd: connection reset by peer [ 268.559724][ T1141] vhci_hcd: stop threads [ 268.560992][ T1141] vhci_hcd: release socket [ 268.562330][ T1141] vhci_hcd: disconnect device [ 268.624395][T12256] FAULT_INJECTION: forcing a failure. [ 268.624395][T12256] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 268.628435][T12256] CPU: 0 UID: 0 PID: 12256 Comm: syz.2.1564 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 268.631487][T12256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 268.635023][T12256] Call Trace: [ 268.635987][T12256] [ 268.636855][T12256] dump_stack_lvl+0x16c/0x1f0 [ 268.638226][T12256] should_fail_ex+0x497/0x5b0 [ 268.639580][T12256] ? fs_reclaim_acquire+0xae/0x150 [ 268.641052][T12256] should_fail_alloc_page+0xe7/0x130 [ 268.642573][T12256] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 268.644383][T12256] __alloc_pages_noprof+0x190/0x25b0 [ 268.645906][T12256] ? hlock_class+0x4e/0x130 [ 268.647209][T12256] ? mark_lock+0xb5/0xc60 [ 268.648449][T12256] ? __lock_acquire+0xcc5/0x3c40 [ 268.649881][T12256] ? __pfx_mark_lock+0x10/0x10 [ 268.651283][T12256] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 268.652990][T12256] ? hlock_class+0x4e/0x130 [ 268.654455][T12256] ? mark_lock+0xb5/0xc60 [ 268.655699][T12256] ? __pfx_mark_lock+0x10/0x10 [ 268.657072][T12256] ? hlock_class+0x4e/0x130 [ 268.658385][T12256] ? __lock_acquire+0xcc5/0x3c40 [ 268.659801][T12256] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 268.661485][T12256] ? policy_nodemask+0xea/0x4e0 [ 268.662942][T12256] alloc_pages_mpol_noprof+0x2c8/0x620 [ 268.664513][T12256] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 268.666241][T12256] ? __lock_acquire+0xcc5/0x3c40 [ 268.667662][T12256] folio_alloc_mpol_noprof+0x36/0xd0 [ 268.669176][T12256] vma_alloc_folio_noprof+0xee/0x1b0 [ 268.670695][T12256] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 268.672389][T12256] ? find_held_lock+0x2d/0x110 [ 268.673850][T12256] do_pte_missing+0x2017/0x3e00 [ 268.675277][T12256] __handle_mm_fault+0x103c/0x2a40 [ 268.676758][T12256] ? __pfx___handle_mm_fault+0x10/0x10 [ 268.678330][T12256] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 268.679949][T12256] ? find_vma+0xc0/0x140 [ 268.681170][T12256] ? __pfx_find_vma+0x10/0x10 [ 268.682531][T12256] handle_mm_fault+0x3fa/0xaa0 [ 268.683966][T12256] do_user_addr_fault+0x7a3/0x13f0 [ 268.685433][T12256] exc_page_fault+0x5c/0xc0 [ 268.686750][T12256] asm_exc_page_fault+0x26/0x30 [ 268.688148][T12256] RIP: 0010:rep_stos_alternative+0x40/0x80 [ 268.689821][T12256] Code: ff c7 48 ff c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 66 2e 0f 1f 84 00 00 00 00 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 [ 268.695342][T12256] RSP: 0018:ffffc9000620fcc8 EFLAGS: 00050246 [ 268.697062][T12256] RAX: 0000000000000000 RBX: 000000007ffe8000 RCX: 0000000000000040 [ 268.699313][T12256] RDX: ffff888020a52440 RSI: ffffffff85183de6 RDI: 0000000020018000 [ 268.701550][T12256] RBP: 0000000000001000 R08: 0000000000000000 R09: fffffbfff2039efa [ 268.703860][T12256] R10: ffffffff901cf7d7 R11: 0000000000000000 R12: ffff888020a52440 [ 268.706114][T12256] R13: 00007ffffffff000 R14: ffffed100414a488 R15: 0000000020017040 [ 268.708351][T12256] ? read_zero+0xc6/0x250 [ 268.709606][T12256] read_zero+0xd6/0x250 [ 268.710809][T12256] ? __pfx_read_zero+0x10/0x10 [ 268.712192][T12256] vfs_read+0x1df/0xbe0 [ 268.713359][T12256] ? __fget_files+0x1fc/0x3a0 [ 268.714725][T12256] ? __pfx_lock_release+0x10/0x10 [ 268.716173][T12256] ? __pfx_vfs_read+0x10/0x10 [ 268.717527][T12256] ? lock_acquire+0x2f/0xb0 [ 268.718794][T12256] ? __fget_files+0x40/0x3a0 [ 268.720086][T12256] ? __fget_files+0x206/0x3a0 [ 268.721456][T12256] ksys_read+0x12b/0x250 [ 268.722685][T12256] ? __pfx_ksys_read+0x10/0x10 [ 268.724119][T12256] __do_fast_syscall_32+0x73/0x120 [ 268.725584][T12256] do_fast_syscall_32+0x32/0x80 [ 268.726997][T12256] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 268.728802][T12256] RIP: 0023:0xf7ff6579 [ 268.729969][T12256] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 268.735462][T12256] RSP: 002b:00000000f514655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 268.737811][T12256] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 268.740062][T12256] RDX: 00000000ffffff96 RSI: 0000000000000000 RDI: 0000000000000000 [ 268.742331][T12256] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 268.744578][T12256] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 268.746842][T12256] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 268.749090][T12256] [ 269.682116][T12279] netlink: 'syz.3.1570': attribute type 10 has an invalid length. [ 269.686674][T12279] netlink: 'syz.3.1570': attribute type 10 has an invalid length. [ 269.807417][ T69] usb 5-1: USB disconnect, device number 7 [ 270.118526][ T35] libceph: connect (1)[c::]:6789 error -101 [ 270.120965][ T35] libceph: mon0 (1)[c::]:6789 connect error [ 270.378214][ T35] libceph: connect (1)[c::]:6789 error -101 [ 270.380033][ T35] libceph: mon0 (1)[c::]:6789 connect error [ 270.391032][T12300] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1576'. [ 270.394447][T12300] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1576'. [ 270.423905][T12303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1577'. [ 270.763847][T12286] ceph: No mds server is up or the cluster is laggy [ 270.884695][T12317] input: syz1 as /devices/virtual/input/input60 [ 271.200044][T12328] wireguard0: entered promiscuous mode [ 271.353596][T12330] lo speed is unknown, defaulting to 1000 [ 271.357278][T12330] lo speed is unknown, defaulting to 1000 [ 271.392103][ T39] audit: type=1326 audit(1737151935.291:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12326 comm="syz.2.1584" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff6579 code=0x0 [ 271.734051][T12334] nvme_fabrics: missing parameter 'transport=%s' [ 271.736704][T12334] nvme_fabrics: missing parameter 'nqn=%s' [ 272.018018][ T65] Bluetooth: hci3: unexpected event 0x1c length: 6 > 5 [ 272.686344][ T8] vhci_hcd: vhci_device speed not set [ 272.698574][T12347] ceph: No mds server is up or the cluster is laggy [ 273.045739][ T69] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 273.136349][T12384] overlayfs: missing 'lowerdir' [ 273.217176][ T69] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 273.219983][ T69] usb 8-1: config 0 interface 0 has no altsetting 0 [ 273.221871][ T69] usb 8-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 273.224855][ T69] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.228469][ T69] usb 8-1: config 0 descriptor?? [ 273.545047][ T69] usbhid 8-1:0.0: can't add hid device: -71 [ 273.546942][ T69] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 273.575808][ T69] usb 8-1: USB disconnect, device number 11 [ 274.302036][T12400] sp0: Synchronizing with TNC [ 274.598358][T12411] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1607'. [ 274.603199][T12411] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1607'. [ 274.605971][T12411] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1607'. [ 274.609977][T12411] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1607'. [ 275.046054][T12424] netlink: 'syz.0.1610': attribute type 1 has an invalid length. [ 275.161484][T12432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1613'. [ 275.343846][ T35] hid-generic 0000:0003:0000.0006: unknown main item tag 0x0 [ 275.346429][ T35] hid-generic 0000:0003:0000.0006: unknown main item tag 0x0 [ 275.350176][ T35] hid-generic 0000:0003:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz1 [ 275.601482][T12441] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1614'. [ 276.331565][T12452] sp0: Synchronizing with TNC [ 276.355768][T12454] lo speed is unknown, defaulting to 1000 [ 276.359549][T12454] lo speed is unknown, defaulting to 1000 [ 276.459050][T12468] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 276.475416][T12470] 9pnet_virtio: no channels available for device syz [ 277.045550][T12482] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1627'. [ 277.875945][ T56] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 278.113602][ T56] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 278.116951][ T56] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 278.119716][ T56] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 278.122221][ T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.126100][T12505] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 278.131237][ T56] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 278.166962][T12520] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 278.199499][T12523] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1642'. [ 278.208219][T12520] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1641'. [ 278.211275][T12520] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1641'. [ 278.215109][T12520] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1641'. [ 278.351013][T12505] lo speed is unknown, defaulting to 1000 [ 278.353005][T12505] lo speed is unknown, defaulting to 1000 [ 278.454800][ T69] usb 7-1: USB disconnect, device number 6 [ 278.581443][ T35] hid (null): unknown global tag 0xe [ 278.583878][ T35] hid (null): unknown global tag 0xe [ 278.586532][ T35] hid (null): unknown global tag 0xc [ 278.588091][ T35] hid (null): unknown global tag 0xd [ 278.592722][ T35] hid-generic 0000:0004:00A9.0007: unknown main item tag 0x0 [ 278.594848][ T35] hid-generic 0000:0004:00A9.0007: unknown global tag 0xe [ 278.597873][ T35] hid-generic 0000:0004:00A9.0007: item 0 2 1 14 parsing failed [ 278.600953][ T35] hid-generic 0000:0004:00A9.0007: probe with driver hid-generic failed with error -22 [ 280.371342][T12579] 9pnet: Unknown protocol version 9p200 [ 280.611915][ T56] hid-generic 0000:0003:0000.0008: unknown main item tag 0x0 [ 280.615750][ T56] hid-generic 0000:0003:0000.0008: unknown main item tag 0x0 [ 280.621549][ T56] hid-generic 0000:0003:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz1 [ 280.700541][T12587] netlink: 'syz.2.1658': attribute type 4 has an invalid length. [ 281.588075][T12615] can0: slcan on ttyS3. [ 281.778067][T12629] netlink: 'syz.0.1669': attribute type 10 has an invalid length. [ 281.780370][T12629] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1669'. [ 281.783327][T12629] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 281.874811][T12632] FAULT_INJECTION: forcing a failure. [ 281.874811][T12632] name failslab, interval 1, probability 0, space 0, times 0 [ 281.878625][T12632] CPU: 0 UID: 0 PID: 12632 Comm: syz.0.1670 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 281.881416][T12632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 281.884241][T12632] Call Trace: [ 281.885120][T12632] [ 281.885940][T12632] dump_stack_lvl+0x16c/0x1f0 [ 281.887215][T12632] should_fail_ex+0x497/0x5b0 [ 281.888502][T12632] ? fs_reclaim_acquire+0xae/0x150 [ 281.889884][T12632] should_failslab+0xc2/0x120 [ 281.891105][T12632] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 281.892576][T12632] ? lock_acquire.part.0+0x11b/0x380 [ 281.894003][T12632] ? vm_area_dup+0x21/0x300 [ 281.895210][T12632] vm_area_dup+0x21/0x300 [ 281.896422][T12632] __split_vma+0x181/0x1210 [ 281.897659][T12632] ? vma_merge_existing_range+0x931/0x1fa0 [ 281.899221][T12632] ? __pfx___split_vma+0x10/0x10 [ 281.900559][T12632] ? __pfx_bpf_trace_run4+0x10/0x10 [ 281.901993][T12632] ? trace_lock_acquire+0x14e/0x1f0 [ 281.903397][T12632] ? ima_file_mprotect+0x1c5/0x6a0 [ 281.904808][T12632] vma_modify.constprop.0+0x2ed/0x3b0 [ 281.906355][T12632] vma_modify_flags+0x209/0x2a0 [ 281.907765][T12632] ? __pfx_vma_modify_flags+0x10/0x10 [ 281.909316][T12632] mprotect_fixup+0x2c2/0xbe0 [ 281.910700][T12632] ? __pfx_mprotect_fixup+0x10/0x10 [ 281.912239][T12632] do_mprotect_pkey+0x977/0xce0 [ 281.913662][T12632] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 281.915221][T12632] ? __fget_files+0x206/0x3a0 [ 281.916595][T12632] ? __pfx_ksys_write+0x10/0x10 [ 281.918006][T12632] __ia32_sys_mprotect+0x75/0xb0 [ 281.919431][T12632] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 281.921298][T12632] __do_fast_syscall_32+0x73/0x120 [ 281.922834][T12632] do_fast_syscall_32+0x32/0x80 [ 281.924232][T12632] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 281.926065][T12632] RIP: 0023:0xf7fa0579 [ 281.927246][T12632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 281.932725][T12632] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 000000000000007d [ 281.935091][T12632] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000800000 [ 281.937329][T12632] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 281.939577][T12632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 281.941816][T12632] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 281.944056][T12632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 281.946314][T12632] [ 282.151126][T12640] virtio-fs: tag <(null)> not found [ 282.285911][T12607] can0 (unregistered): slcan off ttyS3. [ 282.495542][T12655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1674'. [ 284.708697][T12692] sp0: Synchronizing with TNC [ 285.356953][T12702] netlink: 'syz.2.1683': attribute type 10 has an invalid length. [ 285.365870][T12702] netlink: 'syz.2.1683': attribute type 10 has an invalid length. [ 285.579198][ T39] audit: type=1326 audit(1737151949.481:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.585309][ T39] audit: type=1326 audit(1737151949.481:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.595687][ T39] audit: type=1326 audit(1737151949.491:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=377 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.601719][ T39] audit: type=1326 audit(1737151949.491:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.607814][ T39] audit: type=1326 audit(1737151949.491:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.613875][ T39] audit: type=1326 audit(1737151949.491:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.619999][ T39] audit: type=1326 audit(1737151949.491:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.626177][ T39] audit: type=1326 audit(1737151949.491:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.632161][ T39] audit: type=1326 audit(1737151949.501:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.638367][ T39] audit: type=1326 audit(1737151949.501:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz.0.1687" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa0579 code=0x7ffc0000 [ 285.948119][T12714] FAULT_INJECTION: forcing a failure. [ 285.948119][T12714] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 285.954517][T12714] CPU: 1 UID: 0 PID: 12714 Comm: syz.2.1688 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 285.957767][T12714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 285.960820][T12714] Call Trace: [ 285.961820][T12714] [ 285.962686][T12714] dump_stack_lvl+0x16c/0x1f0 [ 285.964082][T12714] should_fail_ex+0x497/0x5b0 [ 285.965442][T12714] _copy_to_user+0x32/0xd0 [ 285.966895][T12714] simple_read_from_buffer+0xd0/0x160 [ 285.968458][T12714] proc_fail_nth_read+0x198/0x270 [ 285.969934][T12714] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 285.971510][T12714] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 285.973140][T12714] vfs_read+0x1df/0xbe0 [ 285.974355][T12714] ? __fget_files+0x1fc/0x3a0 [ 285.975718][T12714] ? __pfx___mutex_lock+0x10/0x10 [ 285.977170][T12714] ? __pfx_vfs_read+0x10/0x10 [ 285.978560][T12714] ? __fget_files+0x206/0x3a0 [ 285.979995][T12714] ksys_read+0x12b/0x250 [ 285.981265][T12714] ? __pfx_ksys_read+0x10/0x10 [ 285.982711][T12714] __do_fast_syscall_32+0x73/0x120 [ 285.984194][T12714] do_fast_syscall_32+0x32/0x80 [ 285.985614][T12714] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 285.987464][T12714] RIP: 0023:0xf7ff6579 [ 285.988639][T12714] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 285.994278][T12714] RSP: 002b:00000000f5146590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 285.996702][T12714] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5146620 [ 285.999017][T12714] RDX: 000000000000000f RSI: 00000000f7483ff4 RDI: 0000000000000000 [ 286.001318][T12714] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 286.003627][T12714] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 286.005810][T12714] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 286.008049][T12714] [ 286.012495][T12707] ceph: No mds server is up or the cluster is laggy [ 286.113125][T12721] netlink: set zone limit has 4 unknown bytes [ 286.170328][T12723] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1691'. [ 286.176701][T12723] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 286.237464][T12727] FAULT_INJECTION: forcing a failure. [ 286.237464][T12727] name failslab, interval 1, probability 0, space 0, times 0 [ 286.241079][T12727] CPU: 1 UID: 0 PID: 12727 Comm: syz.1.1693 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 286.244135][T12727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 286.247209][T12727] Call Trace: [ 286.248176][T12727] [ 286.249037][T12727] dump_stack_lvl+0x16c/0x1f0 [ 286.250424][T12727] should_fail_ex+0x497/0x5b0 [ 286.251844][T12727] ? fs_reclaim_acquire+0xae/0x150 [ 286.253328][T12727] should_failslab+0xc2/0x120 [ 286.254708][T12727] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 286.256404][T12727] ? __alloc_skb+0x2b3/0x380 [ 286.257774][T12727] __alloc_skb+0x2b3/0x380 [ 286.259075][T12727] ? __pfx___alloc_skb+0x10/0x10 [ 286.260514][T12727] ? genl_rcv_msg+0x4bd/0x800 [ 286.261895][T12727] netlink_ack+0x164/0xb20 [ 286.263182][T12727] netlink_rcv_skb+0x327/0x410 [ 286.264562][T12727] ? __pfx_genl_rcv_msg+0x10/0x10 [ 286.266021][T12727] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 286.267554][T12727] ? down_read+0xc9/0x330 [ 286.268796][T12727] ? __pfx_down_read+0x10/0x10 [ 286.270222][T12727] ? netlink_deliver_tap+0x1ae/0xca0 [ 286.271783][T12727] genl_rcv+0x28/0x40 [ 286.272972][T12727] netlink_unicast+0x53c/0x7f0 [ 286.274358][T12727] ? __pfx_netlink_unicast+0x10/0x10 [ 286.275869][T12727] ? __phys_addr_symbol+0x30/0x80 [ 286.277333][T12727] ? __check_object_size+0x488/0x710 [ 286.278868][T12727] netlink_sendmsg+0x8b8/0xd70 [ 286.280256][T12727] ? __pfx_netlink_sendmsg+0x10/0x10 [ 286.281790][T12727] __sys_sendto+0x488/0x4f0 [ 286.283108][T12727] ? __pfx___sys_sendto+0x10/0x10 [ 286.284573][T12727] ? __might_fault+0x13b/0x190 [ 286.286101][T12727] __do_compat_sys_socketcall+0x5e2/0x700 [ 286.287795][T12727] ? __fget_files+0x206/0x3a0 [ 286.289173][T12727] ? __pfx___do_compat_sys_socketcall+0x10/0x10 [ 286.291019][T12727] ? fput+0x67/0x440 [ 286.292216][T12727] __do_fast_syscall_32+0x73/0x120 [ 286.294163][T12727] do_fast_syscall_32+0x32/0x80 [ 286.295631][T12727] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 286.297488][T12727] RIP: 0023:0xf7f92579 [ 286.298689][T12727] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 286.304204][T12727] RSP: 002b:00000000f50e5430 EFLAGS: 00000293 ORIG_RAX: 0000000000000066 [ 286.306603][T12727] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f50e5444 [ 286.308863][T12727] RDX: 0000000000000000 RSI: 00000000f50e5560 RDI: 00000000f7423ff4 [ 286.311404][T12727] RBP: 00000000f50e5560 R08: 0000000000000000 R09: 0000000000000000 [ 286.313677][T12727] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 286.315927][T12727] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 286.318204][T12727] [ 286.566897][T12754] netlink: 'syz.3.1701': attribute type 10 has an invalid length. [ 286.891660][ T5428] libceph: connect (1)[c::]:6789 error -101 [ 286.893863][ T5428] libceph: mon0 (1)[c::]:6789 connect error [ 287.166137][ T5428] libceph: connect (1)[c::]:6789 error -101 [ 287.168699][ T5428] libceph: mon0 (1)[c::]:6789 connect error [ 287.416691][T12759] ceph: No mds server is up or the cluster is laggy [ 287.571910][T12772] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1706'. [ 287.574462][T12772] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1706'. [ 288.025842][ T69] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 288.186889][ T69] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 288.196108][ T69] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 288.201865][ T69] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 288.205695][ T69] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 288.210988][ T69] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 288.219434][ T69] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 288.222056][ T69] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 288.224339][ T69] usb 7-1: Product: syz [ 288.228466][ T69] usb 7-1: Manufacturer: syz [ 288.235572][ T69] cdc_wdm 7-1:1.0: skipping garbage [ 288.237237][ T69] cdc_wdm 7-1:1.0: skipping garbage [ 288.239205][ T69] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 288.240896][ T69] cdc_wdm 7-1:1.0: Unknown control protocol [ 288.441849][T12783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1710'. [ 288.505312][ T5428] usb 7-1: USB disconnect, device number 7 [ 288.821918][T12808] netlink: 'syz.3.1716': attribute type 10 has an invalid length. [ 288.830755][T12808] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 288.833731][T12808] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 288.839084][T12808] team0: Port device netdevsim0 added [ 288.872671][T12810] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1717'. [ 288.877528][T12810] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1717'. [ 289.200331][T12827] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1721'. [ 289.261568][T12828] netlink: 'syz.2.1721': attribute type 4 has an invalid length. [ 289.263862][T12828] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1721'. [ 289.271382][T12828] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1721'. [ 289.331365][T12828] lo speed is unknown, defaulting to 1000 [ 289.333317][T12828] lo speed is unknown, defaulting to 1000 [ 289.778208][T12842] sp0: Synchronizing with TNC [ 291.054905][T12873] binder_alloc: 12872: binder_alloc_buf, no vma [ 291.246183][T12858] Process accounting resumed [ 291.307460][T12882] trusted_key: encrypted_key: insufficient parameters specified [ 291.559298][T12885] lo speed is unknown, defaulting to 1000 [ 291.562807][T12885] lo speed is unknown, defaulting to 1000 [ 291.597318][T12885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1734'. [ 291.600864][ T65] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 291.763601][T12892] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 291.780649][T12885] Cannot find set identified by id 0 to match [ 291.792609][T12894] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 291.942901][T12899] FAULT_INJECTION: forcing a failure. [ 291.942901][T12899] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 291.947701][T12899] CPU: 0 UID: 0 PID: 12899 Comm: syz.2.1738 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 291.950466][T12899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 291.953230][T12899] Call Trace: [ 291.954116][T12899] [ 291.954900][T12899] dump_stack_lvl+0x16c/0x1f0 [ 291.956132][T12899] should_fail_ex+0x497/0x5b0 [ 291.957362][T12899] __fpu_restore_sig+0xf5/0x1430 [ 291.958777][T12899] ? __schedule+0x3d67/0x5ad0 [ 291.960112][T12899] ? __pfx___fpu_restore_sig+0x10/0x10 [ 291.961526][T12899] ? lock_acquire+0x2f/0xb0 [ 291.962722][T12899] ? __might_fault+0xe3/0x190 [ 291.963946][T12899] fpu__restore_sig+0x113/0x190 [ 291.965384][T12899] ia32_restore_sigcontext+0x40f/0x5d0 [ 291.967134][T12899] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 291.969021][T12899] ? __pfx_lock_release+0x10/0x10 [ 291.970579][T12899] ? _raw_spin_unlock_irq+0x23/0x50 [ 291.971918][T12899] ? lockdep_hardirqs_on+0x7c/0x110 [ 291.973261][T12899] __do_compat_sys_rt_sigreturn+0x121/0x1f0 [ 291.974786][T12899] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 291.976419][T12899] do_int80_emulation+0x104/0x200 [ 291.977726][T12899] asm_int80_emulation+0x1a/0x20 [ 291.979183][T12899] RIP: 0023:0xf7ff6577 [ 291.980529][T12899] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 291.986548][T12899] RSP: 002b:00000000f512555c EFLAGS: 00000296 [ 291.988509][T12899] RAX: 0000000000000174 RBX: 0000000000000006 RCX: 0000000020000840 [ 291.991022][T12899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 291.993324][T12899] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 291.995584][T12899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 291.997840][T12899] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 292.000086][T12899] [ 293.401164][T12932] ptrace attach of "/syz-executor exec"[5953] was attempted by "/syz-executor exec"[12932] [ 293.678879][ T65] Bluetooth: hci0: unexpected event 0x1c length: 6 > 5 [ 293.838106][T12949] wireguard0: entered promiscuous mode [ 294.175987][ T56] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 294.326993][ T56] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 294.330001][ T56] usb 8-1: config 0 has no interfaces? [ 294.332124][ T56] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 294.334773][ T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.338829][ T56] usb 8-1: config 0 descriptor?? [ 295.326302][T12977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1757'. [ 295.692259][T12985] overlayfs: missing 'lowerdir' [ 296.338066][T13016] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1770'. [ 296.340824][T13016] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1770'. [ 296.392749][T13019] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1771'. [ 296.492013][T13022] bridee_slave_0: renamed from lo (while UP) [ 296.497578][ T69] bridee_slave_0 speed is unknown, defaulting to 1000 [ 296.835825][ T56] usb 8-1: USB disconnect, device number 12 [ 296.863570][T13035] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1777'. [ 296.867322][T13035] 0·X: renamed from hsr0 (while UP) [ 296.871237][T13035] 0·X: entered allmulticast mode [ 296.872734][T13035] hsr_slave_0: entered allmulticast mode [ 296.874502][T13035] hsr_slave_1: entered allmulticast mode [ 296.877154][T13035] A link change request failed with some changes committed already. Interface c0·X may have been left with an inconsistent configuration, please check. [ 296.974520][T13040] bridee_slave_0 speed is unknown, defaulting to 1000 [ 296.980523][T13040] lo speed is unknown, defaulting to 1000 [ 297.020942][T13047] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 297.022957][T13047] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 297.026100][T13047] vhci_hcd vhci_hcd.0: Device attached [ 297.206885][ T5428] vhci_hcd: vhci_device speed not set [ 297.271626][ T5428] usb 39-1: new full-speed USB device number 3 using vhci_hcd [ 297.904608][T13064] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 297.906485][T13064] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 297.909404][T13064] vhci_hcd vhci_hcd.0: Device attached [ 298.145402][ T8] vhci_hcd: vhci_device speed not set [ 298.205856][ T8] usb 37-1: new full-speed USB device number 3 using vhci_hcd [ 298.337237][T13049] vhci_hcd: connection reset by peer [ 298.340321][ T1141] vhci_hcd: stop threads [ 298.347665][ T1141] vhci_hcd: release socket [ 298.355675][ T1141] vhci_hcd: disconnect device [ 298.686134][ T35] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 298.832314][T13084] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1787'. [ 298.837007][ T35] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 298.840364][ T35] usb 6-1: config 0 has no interfaces? [ 298.842163][ T35] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 298.844863][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.849053][ T35] usb 6-1: config 0 descriptor?? [ 298.862401][T13086] input input63: cannot allocate more than FF_MAX_EFFECTS effects [ 298.928930][T13089] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1788'. [ 299.207496][T13067] vhci_hcd: connection reset by peer [ 299.218712][ T1219] vhci_hcd: stop threads [ 299.220649][ T1219] vhci_hcd: release socket [ 299.223086][ T1219] vhci_hcd: disconnect device [ 300.268266][T13120] netlink: 'syz.2.1797': attribute type 1 has an invalid length. [ 300.270352][T13120] netlink: 134728 bytes leftover after parsing attributes in process `syz.2.1797'. [ 300.437167][ T6004] libceph: connect (1)[c::]:6789 error -101 [ 300.438841][ T6004] libceph: mon0 (1)[c::]:6789 connect error [ 300.696783][ T6004] libceph: connect (1)[c::]:6789 error -101 [ 300.698496][ T6004] libceph: mon0 (1)[c::]:6789 connect error [ 300.725045][T13129] 9pnet_fd: Insufficient options for proto=fd [ 300.729240][T13129] netlink: 'syz.3.1798': attribute type 1 has an invalid length. [ 300.755333][T13129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.769006][T13129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.771832][T13129] bond0: (slave vcan1): The slave device specified does not support setting the MAC address [ 300.776845][T13129] bond0: (slave vcan1): Error -95 calling set_mac_address [ 301.087274][T13122] ceph: No mds server is up or the cluster is laggy [ 301.181965][T13137] netlink: 'syz.0.1807': attribute type 10 has an invalid length. [ 301.184205][T13137] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1807'. [ 301.187060][T13137] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 301.426474][ T56] usb 6-1: USB disconnect, device number 9 [ 301.487671][ T30] libceph: connect (1)[c::]:6789 error -101 [ 301.489404][ T30] libceph: mon0 (1)[c::]:6789 connect error [ 301.745960][ T56] libceph: connect (1)[c::]:6789 error -101 [ 301.747774][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 301.896815][T13154] sp0: Synchronizing with TNC [ 302.097211][T13148] ceph: No mds server is up or the cluster is laggy [ 302.292758][T13166] vlan1: entered promiscuous mode [ 302.375981][ T5428] vhci_hcd: vhci_device speed not set [ 302.407770][T13175] input input64: cannot allocate more than FF_MAX_EFFECTS effects [ 302.527647][T13177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1812'. [ 302.785204][T13178] sp0: Synchronizing with TNC [ 303.325710][ T8] vhci_hcd: vhci_device speed not set [ 303.840053][ T39] kauditd_printk_skb: 9 callbacks suppressed [ 303.840064][ T39] audit: type=1800 audit(1737151967.741:959): pid=13207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1819" name="bus" dev="overlay" ino=2399 res=0 errno=0 [ 303.931765][T13211] FAULT_INJECTION: forcing a failure. [ 303.931765][T13211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 303.939003][T13211] CPU: 3 UID: 0 PID: 13211 Comm: syz.3.1820 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 303.943188][T13211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 303.947365][T13211] Call Trace: [ 303.948749][T13211] [ 303.949935][T13211] dump_stack_lvl+0x16c/0x1f0 [ 303.951809][T13211] should_fail_ex+0x497/0x5b0 [ 303.953701][T13211] _copy_from_user+0x2e/0xd0 [ 303.955544][T13211] ia32_restore_sigcontext+0xc4/0x5d0 [ 303.957658][T13211] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 303.960020][T13211] ? __pfx_lock_release+0x10/0x10 [ 303.962087][T13211] ? _raw_spin_unlock_irq+0x23/0x50 [ 303.964117][T13211] ? lockdep_hardirqs_on+0x7c/0x110 [ 303.966205][T13211] __do_compat_sys_rt_sigreturn+0x121/0x1f0 [ 303.968577][T13211] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 303.971106][T13211] do_int80_emulation+0x104/0x200 [ 303.973122][T13211] asm_int80_emulation+0x1a/0x20 [ 303.975087][T13211] RIP: 0023:0xf7f885a7 [ 303.976719][T13211] Code: 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 90 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 90 55 89 e5 57 56 8d 3d 2c dc ff ff 53 e8 [ 303.984243][T13211] RSP: 002b:00000000f50b4940 EFLAGS: 00000286 ORIG_RAX: 00000000000000ad [ 303.987554][T13211] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f50b49cc [ 303.990686][T13211] RDX: 00000000f50b494c RSI: 0000000000000000 RDI: 0000000000000000 [ 303.993860][T13211] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 303.997004][T13211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 303.999671][T13211] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 304.001982][T13211] [ 304.605735][ T56] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 304.738112][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1822'. [ 304.755844][ T56] usb 7-1: Using ep0 maxpacket: 16 [ 304.759268][ T56] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.762942][ T56] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 304.766064][ T56] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 304.770673][ T56] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 304.773662][ T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.785695][ T56] usb 7-1: config 0 descriptor?? [ 305.240086][ T56] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 305.242325][ T56] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 305.244494][ T56] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 305.248755][ T56] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 305.251724][ T56] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 305.264956][ T56] input: HID 0955:7214 Haptics as /devices/virtual/input/input65 [ 305.294091][ T56] shield 0003:0955:7214.0009: Registered Thunderstrike controller [ 305.297216][ T56] shield 0003:0955:7214.0009: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 306.229081][T13238] sp0: Synchronizing with TNC [ 306.417440][ T1451] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 306.422525][ T1451] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 306.426076][ T1451] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 306.429610][ T1451] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 306.652095][ T56] usb 7-1: reset high-speed USB device number 8 using dummy_hcd [ 306.835767][ T56] usb 7-1: device descriptor read/64, error -32 [ 306.896508][T13252] netlink: 'syz.3.1831': attribute type 10 has an invalid length. [ 306.995018][T13256] random: crng reseeded on system resumption [ 307.028637][T13256] bridee_slave_0 speed is unknown, defaulting to 1000 [ 307.031042][T13256] lo speed is unknown, defaulting to 1000 [ 307.085760][ T56] usb 7-1: reset high-speed USB device number 8 using dummy_hcd [ 307.088266][T13263] ebtables: wrong size: *len 120, entries_size 48, replsz 48 [ 307.265100][T13267] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 307.267016][T13267] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 307.269331][T13267] vhci_hcd vhci_hcd.0: Device attached [ 307.455740][ T30] vhci_hcd: vhci_device speed not set [ 307.484670][T13277] sp0: Synchronizing with TNC [ 307.521296][ T30] usb 39-1: new full-speed USB device number 4 using vhci_hcd [ 307.918262][ T1451] usb 7-1: USB disconnect, device number 8 [ 307.920862][T13273] vhci_hcd: connection reset by peer [ 307.925479][ T11] vhci_hcd: stop threads [ 307.927472][ T11] vhci_hcd: release socket [ 307.929312][ T11] vhci_hcd: disconnect device [ 308.166287][T13300] tipc: Started in network mode [ 308.168219][T13300] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 308.171091][T13300] tipc: Enabled bearer , priority 10 [ 308.951201][T13313] random: crng reseeded on system resumption [ 308.959368][T13313] Unrecognized hibernate image header format! [ 308.962168][T13313] PM: hibernation: Image mismatch: architecture specific data [ 308.977688][T13315] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1850'. [ 309.271147][T13325] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 309.273176][T13325] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 309.275424][T13325] vhci_hcd vhci_hcd.0: Device attached [ 309.307558][ T8] tipc: Node number set to 11578026 [ 309.465735][ T69] vhci_hcd: vhci_device speed not set [ 309.535683][ T69] usb 43-1: new full-speed USB device number 5 using vhci_hcd [ 309.968861][T13324] Bluetooth: hci1: Opcode 0x0401 failed: -4 [ 310.067380][T13346] netlink: 'syz.2.1855': attribute type 10 has an invalid length. [ 310.081524][T13346] netlink: 'syz.2.1855': attribute type 10 has an invalid length. [ 310.130098][T13345] sp0: Synchronizing with TNC [ 310.383887][T13330] vhci_hcd: connection reset by peer [ 310.387369][ T45] vhci_hcd: stop threads [ 310.389172][ T45] vhci_hcd: release socket [ 310.391013][ T45] vhci_hcd: disconnect device [ 310.936371][T13360] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 311.090077][T13366] random: crng reseeded on system resumption [ 311.153399][T13366] bridee_slave_0 speed is unknown, defaulting to 1000 [ 311.162267][T13366] lo speed is unknown, defaulting to 1000 [ 311.175727][ T65] Bluetooth: hci1: command 0x0c1a tx timeout [ 311.205169][T13371] ebtables: wrong size: *len 120, entries_size 48, replsz 48 [ 311.288893][T13374] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 311.826964][T13378] nvme_fabrics: missing parameter 'transport=%s' [ 311.828850][T13378] nvme_fabrics: missing parameter 'nqn=%s' [ 312.021302][T13388] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 312.023198][T13388] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 312.027917][T13388] vhci_hcd vhci_hcd.0: Device attached [ 312.114055][T13406] hfs: unable to load iocharset "io#harset" [ 312.206716][ T8] vhci_hcd: vhci_device speed not set [ 312.266413][ T8] usb 41-1: new full-speed USB device number 5 using vhci_hcd [ 312.633943][ T30] vhci_hcd: vhci_device speed not set [ 312.699086][T13423] random: crng reseeded on system resumption [ 312.714054][T13423] bridee_slave_0 speed is unknown, defaulting to 1000 [ 312.718159][T13423] lo speed is unknown, defaulting to 1000 [ 313.135727][T13422] ebtables: wrong size: *len 120, entries_size 48, replsz 48 [ 313.364918][T13401] vhci_hcd: connection reset by peer [ 313.383793][ T1219] vhci_hcd: stop threads [ 313.384411][T13428] wireguard1: entered promiscuous mode [ 313.385392][ T1219] vhci_hcd: release socket [ 313.390144][ T1219] vhci_hcd: disconnect device [ 313.732395][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 313.738393][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 313.741548][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 313.744886][ T5946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 313.747595][ T5946] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 313.749810][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 313.765273][T13443] bridee_slave_0 speed is unknown, defaulting to 1000 [ 313.767628][T13443] lo speed is unknown, defaulting to 1000 [ 313.821842][T13443] chnl_net:caif_netlink_parms(): no params data found [ 313.890195][T13443] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.892812][T13443] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.895175][T13443] bridge_slave_0: entered allmulticast mode [ 313.897956][T13443] bridge_slave_0: entered promiscuous mode [ 313.901966][T13443] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.905026][T13443] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.907482][T13443] bridge_slave_1: entered allmulticast mode [ 313.909842][T13443] bridge_slave_1: entered promiscuous mode [ 313.997206][T13443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 314.004050][T13443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 314.067214][T13443] team0: Port device team_slave_0 added [ 314.070379][T13443] team0: Port device team_slave_1 added [ 314.089177][T13443] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.091388][T13443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.101967][T13443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 314.106496][T13443] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.109296][T13443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.120082][T13443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 314.154832][T13443] hsr_slave_0: entered promiscuous mode [ 314.157551][T13443] hsr_slave_1: entered promiscuous mode [ 314.162446][T13458] random: crng reseeded on system resumption [ 314.230352][T13458] bridee_slave_0 speed is unknown, defaulting to 1000 [ 314.234542][T13458] lo speed is unknown, defaulting to 1000 [ 314.285083][T13443] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 314.300833][T13443] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 314.316478][T13443] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 314.325881][T13443] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 314.355952][T13443] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.358005][T13443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.360253][T13443] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.362313][T13443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.386103][T13443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.394516][T13443] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.504089][T13443] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.619361][T13443] veth0_vlan: entered promiscuous mode [ 314.637110][T13443] veth1_vlan: entered promiscuous mode [ 314.650659][T13443] veth0_macvtap: entered promiscuous mode [ 314.663166][T13443] veth1_macvtap: entered promiscuous mode [ 314.677850][T13443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 314.680833][T13443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.684511][T13443] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 314.686603][ T69] vhci_hcd: vhci_device speed not set [ 314.693823][T13443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.697017][T13443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.700518][T13443] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 314.701713][T13479] netlink: 'syz.3.1889': attribute type 10 has an invalid length. [ 314.704151][T13443] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.707889][T13443] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.710464][T13443] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.712961][T13443] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.718503][T13479] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 314.725273][T13479] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 314.732396][T13479] team0: Port device netdevsim0 removed [ 314.750204][T13479] netlink: 'syz.3.1889': attribute type 10 has an invalid length. [ 314.770752][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.779025][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.787758][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.791224][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.140683][ T56] libceph: connect (1)[c::]:6789 error -101 [ 315.142987][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 315.148323][ T56] libceph: connect (1)[c::]:6789 error -101 [ 315.150518][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 315.164246][T13494] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1890'. [ 315.406532][ T56] libceph: connect (1)[c::]:6789 error -101 [ 315.408730][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 315.598377][T13500] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1893'. [ 315.614839][T13500] input: syz1 as /devices/virtual/input/input67 [ 315.782731][T13487] ceph: No mds server is up or the cluster is laggy [ 315.815905][ T5946] Bluetooth: hci1: command tx timeout [ 315.978194][T13513] bridee_slave_0 speed is unknown, defaulting to 1000 [ 315.980864][T13513] lo speed is unknown, defaulting to 1000 [ 316.619663][ T1411] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.622150][ T1411] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.415769][ T8] vhci_hcd: vhci_device speed not set [ 317.839352][T13556] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1909'. [ 317.895874][ T5946] Bluetooth: hci1: command tx timeout [ 318.491723][T13550] ceph: No mds server is up or the cluster is laggy [ 318.668533][T13573] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 318.670458][T13573] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 318.672786][T13573] vhci_hcd vhci_hcd.0: Device attached [ 318.926069][ T8] vhci_hcd: vhci_device speed not set [ 318.986112][ T8] usb 43-1: new full-speed USB device number 6 using vhci_hcd [ 319.381573][T13588] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1917'. [ 319.977958][T13576] vhci_hcd: connection reset by peer [ 320.038361][ T5946] Bluetooth: hci1: command tx timeout [ 320.053352][ T1219] vhci_hcd: stop threads [ 320.054707][ T1219] vhci_hcd: release socket [ 320.056795][ T1219] vhci_hcd: disconnect device [ 320.796741][ T5490] libceph: connect (1)[c::]:6789 error -101 [ 320.801331][ T5490] libceph: mon0 (1)[c::]:6789 connect error [ 320.932539][T13601] ceph: No mds server is up or the cluster is laggy [ 321.055982][ T56] libceph: connect (1)[c::]:6789 error -101 [ 321.057965][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 321.386520][T13621] ceph: No mds server is up or the cluster is laggy [ 321.605926][T13638] bridge0: port 1(hsr_slave_1) entered blocking state [ 321.608833][T13638] bridge0: port 1(hsr_slave_1) entered disabled state [ 321.611844][T13638] hsr_slave_1: entered allmulticast mode [ 321.616697][T13638] hsr_slave_1: left allmulticast mode [ 321.639896][ T39] audit: type=1326 audit(1737151985.541:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13641 comm="syz.1.1932" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x0 [ 321.866751][T13651] netlink: 'syz.3.1931': attribute type 2 has an invalid length. [ 322.056602][ T5946] Bluetooth: hci1: command tx timeout [ 322.647088][T13659] IPVS: persistence engine module ip_vs_pe_m not found [ 322.775712][T13673] FAULT_INJECTION: forcing a failure. [ 322.775712][T13673] name failslab, interval 1, probability 0, space 0, times 0 [ 322.779331][T13673] CPU: 0 UID: 0 PID: 13673 Comm: syz.3.1937 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 322.782347][T13673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 322.785394][T13673] Call Trace: [ 322.786370][T13673] [ 322.787229][T13673] dump_stack_lvl+0x16c/0x1f0 [ 322.788583][T13673] should_fail_ex+0x497/0x5b0 [ 322.789944][T13673] ? fs_reclaim_acquire+0xae/0x150 [ 322.791424][T13673] should_failslab+0xc2/0x120 [ 322.792799][T13673] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 322.794325][T13673] ? mas_alloc_nodes+0x18b/0x880 [ 322.795693][T13673] mas_alloc_nodes+0x18b/0x880 [ 322.797010][T13673] mas_node_count_gfp+0x105/0x130 [ 322.798479][T13673] mas_preallocate+0x53f/0xce0 [ 322.800003][T13673] ? __pfx_mas_preallocate+0x10/0x10 [ 322.801728][T13673] ? anon_vma_name+0x75/0x100 [ 322.803084][T13673] __split_vma+0x474/0x1210 [ 322.804528][T13673] ? __pfx___split_vma+0x10/0x10 [ 322.805963][T13673] ? __pfx_bpf_trace_run4+0x10/0x10 [ 322.807551][T13673] ? trace_lock_acquire+0x14e/0x1f0 [ 322.809456][T13673] ? ima_file_mprotect+0x1c5/0x6a0 [ 322.811362][T13673] vma_modify.constprop.0+0x2ed/0x3b0 [ 322.813374][T13673] vma_modify_flags+0x209/0x2a0 [ 322.815208][T13673] ? __pfx_vma_modify_flags+0x10/0x10 [ 322.816754][T13673] mprotect_fixup+0x2c2/0xbe0 [ 322.818125][T13673] ? __pfx_mprotect_fixup+0x10/0x10 [ 322.819605][T13673] do_mprotect_pkey+0x977/0xce0 [ 322.821272][T13673] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 322.823405][T13673] ? __pfx___schedule+0x10/0x10 [ 322.824806][T13673] ? __fget_files+0x206/0x3a0 [ 322.826180][T13673] ? rcu_is_watching+0x12/0xc0 [ 322.827566][T13673] __ia32_sys_mprotect+0x75/0xb0 [ 322.828993][T13673] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 322.830898][T13673] __do_fast_syscall_32+0x73/0x120 [ 322.832389][T13673] do_fast_syscall_32+0x32/0x80 [ 322.833800][T13673] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 322.835603][T13673] RIP: 0023:0xf7f88579 [ 322.836773][T13673] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 322.842428][T13673] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 000000000000007d [ 322.844768][T13673] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000800000 [ 322.847061][T13673] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 322.849316][T13673] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 322.851587][T13673] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 322.853857][T13673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 322.856115][T13673] [ 322.857130][ C0] vkms_vblank_simulate: vblank timer overrun [ 322.970665][ T5490] libceph: connect (1)[c::]:6789 error -101 [ 322.972521][ T5490] libceph: mon0 (1)[c::]:6789 connect error [ 323.225926][ T5490] libceph: connect (1)[c::]:6789 error -101 [ 323.227825][ T5490] libceph: mon0 (1)[c::]:6789 connect error [ 323.570407][T13676] ceph: No mds server is up or the cluster is laggy [ 323.720831][T13707] overlay: filesystem on ./bus not supported as upperdir [ 323.842358][T13716] bridee_slave_0 speed is unknown, defaulting to 1000 [ 323.844754][T13716] lo speed is unknown, defaulting to 1000 [ 323.867042][T13716] IPVS: Unknown mcast interface: macvlan0 [ 323.872773][T13715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1950'. [ 324.135737][ T8] vhci_hcd: vhci_device speed not set [ 324.275320][T13727] can0: slcan on ttyS3. [ 324.663639][T13742] FAULT_INJECTION: forcing a failure. [ 324.663639][T13742] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 324.667548][T13742] CPU: 1 UID: 0 PID: 13742 Comm: syz.0.1955 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 324.670585][T13742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 324.673661][T13742] Call Trace: [ 324.674621][T13742] [ 324.675482][T13742] dump_stack_lvl+0x16c/0x1f0 [ 324.676848][T13742] should_fail_ex+0x497/0x5b0 [ 324.678225][T13742] ? fs_reclaim_acquire+0xae/0x150 [ 324.679686][T13742] should_fail_alloc_page+0xe7/0x130 [ 324.681217][T13742] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 324.682994][T13742] ? __pfx_mark_lock+0x10/0x10 [ 324.684387][T13742] __alloc_pages_noprof+0x190/0x25b0 [ 324.685899][T13742] ? mark_lock+0xb5/0xc60 [ 324.687150][T13742] ? __pfx_mark_lock+0x10/0x10 [ 324.688529][T13742] ? hlock_class+0x4e/0x130 [ 324.689837][T13742] ? mark_lock+0xb5/0xc60 [ 324.691084][T13742] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 324.692743][T13742] ? __pfx_mark_lock+0x10/0x10 [ 324.694129][T13742] ? hlock_class+0x4e/0x130 [ 324.695437][T13742] ? mark_lock+0xb5/0xc60 [ 324.696664][T13742] ? hlock_class+0x4e/0x130 [ 324.698293][T13742] ? __lock_acquire+0xcc5/0x3c40 [ 324.699753][T13742] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 324.701626][T13742] ? policy_nodemask+0xea/0x4e0 [ 324.703033][T13742] alloc_pages_mpol_noprof+0x2c8/0x620 [ 324.704610][T13742] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 324.706339][T13742] ? find_held_lock+0x2d/0x110 [ 324.707717][T13742] folio_alloc_mpol_noprof+0x36/0xd0 [ 324.709231][T13742] shmem_alloc_folio+0x135/0x160 [ 324.710677][T13742] shmem_alloc_and_add_folio+0x48b/0xc00 [ 324.712321][T13742] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 324.714082][T13742] ? shmem_allowable_huge_orders+0xd0/0x410 [ 324.715772][T13742] shmem_get_folio_gfp+0x689/0x1530 [ 324.717262][T13742] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 324.718874][T13742] ? filemap_map_pages+0xf92/0x16b0 [ 324.720365][T13742] shmem_fault+0x200/0xae0 [ 324.721685][T13742] ? __pfx_shmem_fault+0x10/0x10 [ 324.723110][T13742] ? do_pte_missing+0xdd7/0x3e00 [ 324.724535][T13742] ? __pfx_lock_release+0x10/0x10 [ 324.726018][T13742] __do_fault+0x10a/0x490 [ 324.727267][T13742] do_pte_missing+0xebd/0x3e00 [ 324.728653][T13742] __handle_mm_fault+0x103c/0x2a40 [ 324.730135][T13742] ? find_held_lock+0x2d/0x110 [ 324.731518][T13742] ? __pfx___handle_mm_fault+0x10/0x10 [ 324.733094][T13742] ? follow_page_pte+0x3c3/0x1b20 [ 324.734596][T13742] ? __pfx_lock_release+0x10/0x10 [ 324.736047][T13742] ? follow_page_pte+0x3f7/0x1b20 [ 324.737513][T13742] handle_mm_fault+0x3fa/0xaa0 [ 324.738891][T13742] __get_user_pages+0x8d9/0x3b50 [ 324.740325][T13742] ? __pfx_mt_find+0x10/0x10 [ 324.741678][T13742] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 324.743299][T13742] ? __pfx___get_user_pages+0x10/0x10 [ 324.744844][T13742] ? __mm_populate+0x21d/0x380 [ 324.746250][T13742] populate_vma_page_range+0x27f/0x3a0 [ 324.747820][T13742] ? __pfx_populate_vma_page_range+0x10/0x10 [ 324.749558][T13742] ? __pfx_find_vma_intersection+0x10/0x10 [ 324.751403][T13742] ? vm_mmap_pgoff+0x25b/0x360 [ 324.752822][T13742] __mm_populate+0x1d6/0x380 [ 324.754168][T13742] ? __pfx___mm_populate+0x10/0x10 [ 324.755806][T13742] ? up_write+0x1b2/0x520 [ 324.757170][T13742] vm_mmap_pgoff+0x293/0x360 [ 324.758538][T13742] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 324.760031][T13742] ? __pfx_lock_release+0x10/0x10 [ 324.761542][T13742] ? ksys_write+0x1ba/0x250 [ 324.762872][T13742] ksys_mmap_pgoff+0x7d/0x5c0 [ 324.764245][T13742] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 324.765807][T13742] __do_fast_syscall_32+0x73/0x120 [ 324.767293][T13742] do_fast_syscall_32+0x32/0x80 [ 324.768824][T13742] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 324.770664][T13742] RIP: 0023:0xf7fa0579 [ 324.771888][T13742] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 324.777344][T13742] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 324.779712][T13742] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000b36000 [ 324.781928][T13742] RDX: 0000000006ebbeef RSI: 0000000000008031 RDI: 00000000ffffffff [ 324.784184][T13742] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 324.786447][T13742] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 324.788601][T13742] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 324.790876][T13742] [ 324.961735][T13760] tipc: Enabled bearer , priority 0 [ 324.966114][T13721] can0 (unregistered): slcan off ttyS3. [ 325.732241][T13779] Sensor A: ================= START STATUS ================= [ 325.735187][T13779] Sensor A: Test Pattern: 75% Colorbar [ 325.737855][T13779] Sensor A: Show Information: All [ 325.739840][T13779] Sensor A: Vertical Flip: false [ 325.741676][T13779] Sensor A: Horizontal Flip: false [ 325.743652][T13779] Sensor A: Brightness: 128 [ 325.745435][T13779] Sensor A: Contrast: 128 [ 325.747246][T13779] Sensor A: Hue: 0 [ 325.748711][T13779] Sensor A: Saturation: 128 [ 325.750481][T13779] Sensor A: ================== END STATUS ================== [ 325.940059][T13803] netlink: 'syz.3.1969': attribute type 10 has an invalid length. [ 325.943533][T13803] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 325.948084][T13803] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 325.951077][T13803] team0: Port device netdevsim0 added [ 325.984569][T13808] bridee_slave_0 speed is unknown, defaulting to 1000 [ 325.987802][T13808] lo speed is unknown, defaulting to 1000 [ 326.064573][T13809] FAULT_INJECTION: forcing a failure. [ 326.064573][T13809] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.069398][T13809] CPU: 0 UID: 0 PID: 13809 Comm: syz.0.1970 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 326.072628][T13809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 326.075746][T13809] Call Trace: [ 326.076719][T13809] [ 326.077595][T13809] dump_stack_lvl+0x16c/0x1f0 [ 326.078963][T13809] should_fail_ex+0x497/0x5b0 [ 326.080328][T13809] __fpu_restore_sig+0xf5/0x1430 [ 326.081794][T13809] ? __pfx___fpu_restore_sig+0x10/0x10 [ 326.083374][T13809] ? lock_acquire+0x2f/0xb0 [ 326.084730][T13809] ? __might_fault+0xe3/0x190 [ 326.086125][T13809] fpu__restore_sig+0x113/0x190 [ 326.087535][T13809] ia32_restore_sigcontext+0x40f/0x5d0 [ 326.089100][T13809] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 326.090832][T13809] ? __pfx_lock_release+0x10/0x10 [ 326.092304][T13809] ? _raw_spin_unlock_irq+0x23/0x50 [ 326.093810][T13809] ? lockdep_hardirqs_on+0x7c/0x110 [ 326.095304][T13809] __do_compat_sys_rt_sigreturn+0x121/0x1f0 [ 326.096994][T13809] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 326.098838][T13809] do_int80_emulation+0x104/0x200 [ 326.100290][T13809] asm_int80_emulation+0x1a/0x20 [ 326.101785][T13809] RIP: 0023:0xf7fa0577 [ 326.102965][T13809] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 326.108452][T13809] RSP: 002b:00000000f50d555c EFLAGS: 00000296 [ 326.110199][T13809] RAX: 0000000000000174 RBX: 0000000000000008 RCX: 0000000020000840 [ 326.112478][T13809] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 326.114740][T13809] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 326.116986][T13809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 326.119247][T13809] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 326.121704][T13809] [ 326.123090][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.355314][T13822] can0: slcan on ttyS3. [ 327.005905][T13816] can0 (unregistered): slcan off ttyS3. [ 327.066057][T13832] ceph: No mds server is up or the cluster is laggy [ 327.806919][T13855] Sensor A: ================= START STATUS ================= [ 327.809152][T13855] Sensor A: Test Pattern: 75% Colorbar [ 327.811174][T13855] Sensor A: Show Information: All [ 327.812693][T13855] Sensor A: Vertical Flip: false [ 327.814133][T13855] Sensor A: Horizontal Flip: false [ 327.815690][T13855] Sensor A: Brightness: 128 [ 327.817007][T13855] Sensor A: Contrast: 128 [ 327.818270][T13855] Sensor A: Hue: 0 [ 327.819355][T13855] Sensor A: Saturation: 128 [ 327.820661][T13855] Sensor A: ================== END STATUS ================== [ 327.884703][T13859] tmpfs: Bad value for 'mpol' [ 329.801521][T13915] FAULT_INJECTION: forcing a failure. [ 329.801521][T13915] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 329.805313][T13915] CPU: 1 UID: 0 PID: 13915 Comm: syz.3.2004 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 329.808416][T13915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 329.811527][T13915] Call Trace: [ 329.812494][T13915] [ 329.813373][T13915] dump_stack_lvl+0x16c/0x1f0 [ 329.814731][T13915] should_fail_ex+0x497/0x5b0 [ 329.816078][T13915] ? fs_reclaim_acquire+0xae/0x150 [ 329.817566][T13915] should_fail_alloc_page+0xe7/0x130 [ 329.819082][T13915] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 329.820841][T13915] __alloc_pages_noprof+0x190/0x25b0 [ 329.822393][T13915] ? hlock_class+0x4e/0x130 [ 329.823694][T13915] ? mark_lock+0xb5/0xc60 [ 329.824928][T13915] ? __lock_acquire+0xcc5/0x3c40 [ 329.826355][T13915] ? __pfx_mark_lock+0x10/0x10 [ 329.827725][T13915] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 329.829402][T13915] ? hlock_class+0x4e/0x130 [ 329.830705][T13915] ? mark_lock+0xb5/0xc60 [ 329.831962][T13915] ? __pfx_mark_lock+0x10/0x10 [ 329.833352][T13915] ? hlock_class+0x4e/0x130 [ 329.834652][T13915] ? __lock_acquire+0xcc5/0x3c40 [ 329.836056][T13915] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 329.837755][T13915] ? policy_nodemask+0xea/0x4e0 [ 329.839151][T13915] alloc_pages_mpol_noprof+0x2c8/0x620 [ 329.840689][T13915] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 329.842417][T13915] ? __lock_acquire+0xcc5/0x3c40 [ 329.843828][T13915] folio_alloc_mpol_noprof+0x36/0xd0 [ 329.845353][T13915] vma_alloc_folio_noprof+0xee/0x1b0 [ 329.846857][T13915] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 329.848554][T13915] ? find_held_lock+0x2d/0x110 [ 329.849953][T13915] do_pte_missing+0x2017/0x3e00 [ 329.851362][T13915] __handle_mm_fault+0x103c/0x2a40 [ 329.852835][T13915] ? __pfx___handle_mm_fault+0x10/0x10 [ 329.854427][T13915] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 329.856082][T13915] ? find_vma+0xc0/0x140 [ 329.857314][T13915] ? __pfx_find_vma+0x10/0x10 [ 329.858662][T13915] handle_mm_fault+0x3fa/0xaa0 [ 329.859991][T13915] do_user_addr_fault+0x7a3/0x13f0 [ 329.861443][T13915] exc_page_fault+0x5c/0xc0 [ 329.862688][T13915] asm_exc_page_fault+0x26/0x30 [ 329.864043][T13915] RIP: 0010:rep_stos_alternative+0x40/0x80 [ 329.865735][T13915] Code: ff c7 48 ff c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 66 2e 0f 1f 84 00 00 00 00 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 [ 329.871194][T13915] RSP: 0018:ffffc9000d22fcc8 EFLAGS: 00050246 [ 329.872926][T13915] RAX: 0000000000000000 RBX: 000000007ffe5000 RCX: 0000000000000040 [ 329.875167][T13915] RDX: ffff888021730000 RSI: ffffffff85183de6 RDI: 000000002001b000 [ 329.877432][T13915] RBP: 0000000000001000 R08: 0000000000000000 R09: fffffbfff2039efa [ 329.879656][T13915] R10: ffffffff901cf7d7 R11: 0000000000000000 R12: ffff888021730000 [ 329.881948][T13915] R13: 00007ffffffff000 R14: ffffed10042e6000 R15: 000000002001a040 [ 329.884183][T13915] ? read_zero+0xc6/0x250 [ 329.885447][T13915] read_zero+0xd6/0x250 [ 329.886642][T13915] ? __pfx_read_zero+0x10/0x10 [ 329.888007][T13915] vfs_read+0x1df/0xbe0 [ 329.889198][T13915] ? __fget_files+0x1fc/0x3a0 [ 329.890565][T13915] ? __pfx_lock_release+0x10/0x10 [ 329.892013][T13915] ? __pfx_vfs_read+0x10/0x10 [ 329.893381][T13915] ? lock_acquire+0x2f/0xb0 [ 329.894676][T13915] ? __fget_files+0x40/0x3a0 [ 329.895996][T13915] ? __fget_files+0x206/0x3a0 [ 329.897373][T13915] ksys_read+0x12b/0x250 [ 329.898594][T13915] ? __pfx_ksys_read+0x10/0x10 [ 329.899960][T13915] __do_fast_syscall_32+0x73/0x120 [ 329.901465][T13915] do_fast_syscall_32+0x32/0x80 [ 329.902857][T13915] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 329.904655][T13915] RIP: 0023:0xf7f88579 [ 329.905843][T13915] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 329.911268][T13915] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 329.913640][T13915] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 329.915862][T13915] RDX: 00000000ffffff96 RSI: 0000000000000000 RDI: 0000000000000000 [ 329.918114][T13915] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 329.920341][T13915] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 329.922585][T13915] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 329.924812][T13915] [ 330.350571][T13926] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1996'. [ 330.439726][T13926] hsr_slave_1 (unregistering): left promiscuous mode [ 331.392155][T13953] o2cb: This node has not been configured. [ 331.394615][T13953] o2cb: Cluster check failed. Fix errors before retrying. [ 331.396862][T13953] (syz.1.2003,13953,0):user_dlm_register:674 ERROR: status = -22 [ 331.399379][T13953] (syz.1.2003,13953,0):dlmfs_mkdir:436 ERROR: Error -22 could not register domain "bus" [ 331.945415][ T39] audit: type=1326 audit(1737151995.841:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 331.954853][ T39] audit: type=1326 audit(1737151995.851:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 331.965425][ T39] audit: type=1326 audit(1737151995.861:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=377 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 331.974218][ T39] audit: type=1326 audit(1737151995.861:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 331.981562][ T39] audit: type=1326 audit(1737151995.861:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 331.988214][ T39] audit: type=1326 audit(1737151995.861:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 331.994661][ T39] audit: type=1326 audit(1737151995.861:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 332.000848][ T39] audit: type=1326 audit(1737151995.861:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 332.007453][ T39] audit: type=1326 audit(1737151995.861:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 332.013597][ T39] audit: type=1326 audit(1737151995.861:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13963 comm="syz.1.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 332.098424][T13969] Invalid logical block size (3) [ 333.029223][T13990] overlayfs: missing 'lowerdir' [ 333.135211][T13997] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 333.258426][T14003] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 333.362101][T14007] tipc: Resetting bearer [ 333.366617][T14007] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 333.855765][T14026] Invalid logical block size (3) [ 334.013765][T14031] syz.3.2030 (14031): drop_caches: 2 [ 334.373743][T14035] nvme_fabrics: missing parameter 'transport=%s' [ 334.377955][T14035] nvme_fabrics: missing parameter 'nqn=%s' [ 334.647643][T14041] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2034'. [ 335.129139][T14057] FAULT_INJECTION: forcing a failure. [ 335.129139][T14057] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.129941][T14057] CPU: 1 UID: 0 PID: 14057 Comm: syz.4.2037 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 335.129966][T14057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 335.129973][T14057] Call Trace: [ 335.129977][T14057] [ 335.129981][T14057] dump_stack_lvl+0x16c/0x1f0 [ 335.130000][T14057] should_fail_ex+0x497/0x5b0 [ 335.130016][T14057] _copy_from_user+0x2e/0xd0 [ 335.130032][T14057] copy_from_buffer+0x86/0xb0 [ 335.130049][T14057] copy_uabi_to_xstate+0xb5/0x670 [ 335.130065][T14057] ? find_held_lock+0x2d/0x110 [ 335.130080][T14057] ? __pfx_copy_uabi_to_xstate+0x10/0x10 [ 335.130096][T14057] ? __pfx_lock_release+0x10/0x10 [ 335.130106][T14057] ? trace_lock_acquire+0x14e/0x1f0 [ 335.130123][T14057] ? __local_bh_enable_ip+0xa4/0x120 [ 335.130137][T14057] __fpu_restore_sig+0x1062/0x1430 [ 335.130154][T14057] ? __pfx___fpu_restore_sig+0x10/0x10 [ 335.130175][T14057] ? lock_acquire+0x2f/0xb0 [ 335.130184][T14057] ? __might_fault+0xe3/0x190 [ 335.130203][T14057] fpu__restore_sig+0x113/0x190 [ 335.130219][T14057] ia32_restore_sigcontext+0x40f/0x5d0 [ 335.130231][T14057] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 335.130241][T14057] ? __pfx_lock_release+0x10/0x10 [ 335.130254][T14057] ? _raw_spin_unlock_irq+0x23/0x50 [ 335.130266][T14057] ? lockdep_hardirqs_on+0x7c/0x110 [ 335.130281][T14057] __do_compat_sys_rt_sigreturn+0x121/0x1f0 [ 335.130293][T14057] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 335.130309][T14057] do_int80_emulation+0x104/0x200 [ 335.130324][T14057] asm_int80_emulation+0x1a/0x20 [ 335.130337][T14057] RIP: 0023:0xf7fb3577 [ 335.130346][T14057] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 335.130356][T14057] RSP: 002b:00000000f50c455c EFLAGS: 00000296 [ 335.130366][T14057] RAX: 0000000000000174 RBX: 0000000000000006 RCX: 0000000020000840 [ 335.130373][T14057] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 335.130379][T14057] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 335.130385][T14057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 335.130392][T14057] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 335.130404][T14057] [ 335.747544][T14072] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2044'. [ 336.014634][ T6007] libceph: connect (1)[c::]:6789 error -101 [ 336.017297][ T6007] libceph: mon0 (1)[c::]:6789 connect error [ 336.276149][ T6007] libceph: connect (1)[c::]:6789 error -101 [ 336.278375][ T6007] libceph: mon0 (1)[c::]:6789 connect error [ 336.642414][T14081] ceph: No mds server is up or the cluster is laggy [ 336.812428][T14088] ceph: No mds server is up or the cluster is laggy [ 336.876949][T14119] overlayfs: missing 'lowerdir' [ 337.597862][T14137] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 337.732169][T14128] ceph: No mds server is up or the cluster is laggy [ 337.887660][T14158] bridee_slave_0 speed is unknown, defaulting to 1000 [ 337.890334][T14158] lo speed is unknown, defaulting to 1000 [ 337.916240][ T39] kauditd_printk_skb: 4 callbacks suppressed [ 337.916249][ T39] audit: type=1800 audit(1737152001.811:975): pid=14154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2064" name="memory.events" dev="9p" ino=38928802 res=0 errno=0 [ 337.924128][ T39] audit: type=1804 audit(1737152001.821:976): pid=14154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2064" name="/newroot/515/file0/memory.events" dev="9p" ino=38928802 res=1 errno=0 [ 337.978768][T14164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2069'. [ 337.981874][T14164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2069'. [ 338.036794][T14162] tmpfs: Unknown parameter 'tmpfs' [ 338.038875][T14167] netlink: zone id is out of range [ 338.040566][T14167] netlink: zone id is out of range [ 338.042079][T14167] netlink: zone id is out of range [ 338.043476][T14167] netlink: zone id is out of range [ 338.044918][T14167] netlink: zone id is out of range [ 338.046726][T14167] netlink: zone id is out of range [ 338.048137][T14167] netlink: zone id is out of range [ 339.256041][ T6007] libceph: connect (1)[c::]:6789 error -101 [ 339.257700][ T6007] libceph: mon0 (1)[c::]:6789 connect error [ 339.565870][ T6007] libceph: connect (1)[c::]:6789 error -101 [ 339.567520][ T6007] libceph: mon0 (1)[c::]:6789 connect error [ 339.623947][T14203] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2078'. [ 339.887325][T14190] ceph: No mds server is up or the cluster is laggy [ 339.953538][T14213] FAULT_INJECTION: forcing a failure. [ 339.953538][T14213] name failslab, interval 1, probability 0, space 0, times 0 [ 339.959053][T14213] CPU: 3 UID: 0 PID: 14213 Comm: syz.0.2081 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 339.963176][T14213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 339.967371][T14213] Call Trace: [ 339.968690][T14213] [ 339.969873][T14213] dump_stack_lvl+0x16c/0x1f0 [ 339.971771][T14213] should_fail_ex+0x497/0x5b0 [ 339.973408][T14213] ? fs_reclaim_acquire+0xae/0x150 [ 339.974845][T14213] should_failslab+0xc2/0x120 [ 339.976326][T14213] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 339.978169][T14213] ? tcf_action_dump_terse+0x29c/0x650 [ 339.980086][T14213] ? skb_clone+0x190/0x3f0 [ 339.981358][T14213] skb_clone+0x190/0x3f0 [ 339.982523][T14213] netlink_trim+0x1b3/0x250 [ 339.983797][T14213] netlink_broadcast_filtered+0xc7/0xef0 [ 339.985360][T14213] ? __pfx_tcf_action_dump_1+0x10/0x10 [ 339.986868][T14213] ? rcu_watching_snap_stopped_since+0xf1/0x110 [ 339.988580][T14213] ? skb_put+0x138/0x1b0 [ 339.989795][T14213] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 339.992166][T14213] nlmsg_notify+0x9e/0x220 [ 339.993846][T14213] tcf_action_add+0x364/0x5d0 [ 339.995698][T14213] ? __pfx_tcf_action_add+0x10/0x10 [ 339.997948][T14213] ? __nla_parse+0x40/0x60 [ 339.999729][T14213] tc_ctl_action+0x35d/0x470 [ 340.001580][T14213] ? __pfx_tc_ctl_action+0x10/0x10 [ 340.003581][T14213] ? rtnetlink_rcv_msg+0x35a/0xea0 [ 340.005529][T14213] ? __pfx_tc_ctl_action+0x10/0x10 [ 340.007361][T14213] rtnetlink_rcv_msg+0x3c7/0xea0 [ 340.009249][T14213] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 340.011385][T14213] ? __pfx___dev_queue_xmit+0x10/0x10 [ 340.013525][T14213] netlink_rcv_skb+0x165/0x410 [ 340.015252][T14213] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 340.017300][T14213] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 340.019273][T14213] ? netlink_deliver_tap+0x1ae/0xca0 [ 340.020806][T14213] netlink_unicast+0x53c/0x7f0 [ 340.022115][T14213] ? __pfx_netlink_unicast+0x10/0x10 [ 340.023539][T14213] ? __phys_addr_symbol+0x30/0x80 [ 340.024927][T14213] ? __check_object_size+0x488/0x710 [ 340.026578][T14213] netlink_sendmsg+0x8b8/0xd70 [ 340.027910][T14213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 340.029368][T14213] ____sys_sendmsg+0x9ae/0xb40 [ 340.030834][T14213] ? __pfx_____sys_sendmsg+0x10/0x10 [ 340.032361][T14213] ? get_compat_msghdr+0x11b/0x170 [ 340.033918][T14213] ___sys_sendmsg+0x135/0x1e0 [ 340.035286][T14213] ? __pfx____sys_sendmsg+0x10/0x10 [ 340.036787][T14213] ? __pfx_lock_release+0x10/0x10 [ 340.038262][T14213] ? trace_lock_acquire+0x14e/0x1f0 [ 340.039785][T14213] ? __fget_files+0x206/0x3a0 [ 340.041227][T14213] __sys_sendmsg+0x16e/0x220 [ 340.042623][T14213] ? __pfx___sys_sendmsg+0x10/0x10 [ 340.044080][T14213] __do_fast_syscall_32+0x73/0x120 [ 340.045547][T14213] do_fast_syscall_32+0x32/0x80 [ 340.046970][T14213] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 340.048740][T14213] RIP: 0023:0xf7fa0579 [ 340.050096][T14213] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 340.057345][T14213] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 340.059783][T14213] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000340 [ 340.062877][T14213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 340.065494][T14213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 340.067693][T14213] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 340.069879][T14213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 340.072108][T14213] [ 340.102813][T14218] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2083'. [ 340.159708][T14228] ======================================================= [ 340.159708][T14228] WARNING: The mand mount option has been deprecated and [ 340.159708][T14228] and is ignored by this kernel. Remove the mand [ 340.159708][T14228] option from the mount to silence this warning. [ 340.159708][T14228] ======================================================= [ 340.172195][T14228] virtio-fs: tag not found [ 340.572467][ T6007] libceph: connect (1)[c::]:6789 error -101 [ 340.574283][ T6007] libceph: mon0 (1)[c::]:6789 connect error [ 340.789200][T14256] netlink: 'syz.3.2096': attribute type 1 has an invalid length. [ 340.792222][T14256] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2096'. [ 340.795541][T14256] NCSI netlink: No device for ifindex 0 [ 340.835951][ T6007] libceph: connect (1)[c::]:6789 error -101 [ 340.837668][ T6007] libceph: mon0 (1)[c::]:6789 connect error [ 340.884510][T14259] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 340.886398][T14259] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 340.890492][T14259] vhci_hcd vhci_hcd.0: Device attached [ 341.145833][ T8] vhci_hcd: vhci_device speed not set [ 341.215862][ T8] usb 37-1: new full-speed USB device number 4 using vhci_hcd [ 341.236040][T14242] ceph: No mds server is up or the cluster is laggy [ 342.307999][T14264] vhci_hcd: connection reset by peer [ 342.309675][ T12] vhci_hcd: stop threads [ 342.310943][ T12] vhci_hcd: release socket [ 342.312294][ T12] vhci_hcd: disconnect device [ 342.500767][ T5428] libceph: connect (1)[c::]:6789 error -101 [ 342.503556][ T5428] libceph: mon0 (1)[c::]:6789 connect error [ 342.713122][T14294] ceph: No mds server is up or the cluster is laggy [ 342.766079][ T5428] libceph: connect (1)[c::]:6789 error -101 [ 342.768738][ T5428] libceph: mon0 (1)[c::]:6789 connect error [ 342.991758][T14324] 9pnet: Unknown protocol version 9p200 [ 343.079351][T14306] ceph: No mds server is up or the cluster is laggy [ 343.423396][T14329] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 343.451155][T14316] ceph: No mds server is up or the cluster is laggy [ 343.688619][T14344] net_ratelimit: 241 callbacks suppressed [ 343.688629][T14344] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 344.376355][ T834] libceph: connect (1)[c::]:6789 error -101 [ 344.378090][ T834] libceph: mon0 (1)[c::]:6789 connect error [ 344.632751][T14353] ceph: No mds server is up or the cluster is laggy [ 344.636627][ T834] libceph: connect (1)[c::]:6789 error -101 [ 344.638370][ T834] libceph: mon0 (1)[c::]:6789 connect error [ 344.643255][ T834] libceph: connect (1)[c::]:6789 error -101 [ 344.645208][ T834] libceph: mon0 (1)[c::]:6789 connect error [ 344.659470][T14372] overlay: ./file0 is not a directory [ 344.725216][ T39] audit: type=1326 audit(1737152008.621:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14373 comm="syz.3.2126" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f88579 code=0x0 [ 344.887476][T14385] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2130'. [ 344.889840][T14385] netlink: 'syz.0.2130': attribute type 1 has an invalid length. [ 344.905898][ T834] libceph: connect (1)[c::]:6789 error -101 [ 344.907653][ T834] libceph: mon0 (1)[c::]:6789 connect error [ 344.944586][T14388] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 344.958019][T14388] evm: overlay not supported [ 345.327169][T14364] ceph: No mds server is up or the cluster is laggy [ 345.579897][T14395] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2133'. [ 345.583957][T14395] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2133'. [ 345.873749][T14414] FAULT_INJECTION: forcing a failure. [ 345.873749][T14414] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 345.880595][T14414] CPU: 3 UID: 0 PID: 14414 Comm: syz.4.2135 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 345.883637][T14414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 345.886698][T14414] Call Trace: [ 345.887657][T14414] [ 345.888505][T14414] dump_stack_lvl+0x16c/0x1f0 [ 345.889859][T14414] should_fail_ex+0x497/0x5b0 [ 345.891204][T14414] __fpu_restore_sig+0xa9c/0x1430 [ 345.892649][T14414] ? __pfx___fpu_restore_sig+0x10/0x10 [ 345.894219][T14414] ? lock_acquire+0x2f/0xb0 [ 345.895515][T14414] ? __might_fault+0xe3/0x190 [ 345.896873][T14414] fpu__restore_sig+0x113/0x190 [ 345.898282][T14414] ia32_restore_sigcontext+0x40f/0x5d0 [ 345.899848][T14414] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 345.901694][T14414] ? __pfx_lock_release+0x10/0x10 [ 345.903145][T14414] ? _raw_spin_unlock_irq+0x23/0x50 [ 345.904636][T14414] ? lockdep_hardirqs_on+0x7c/0x110 [ 345.906132][T14414] __do_compat_sys_rt_sigreturn+0x121/0x1f0 [ 345.907817][T14414] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 345.909649][T14414] do_int80_emulation+0x104/0x200 [ 345.911111][T14414] asm_int80_emulation+0x1a/0x20 [ 345.912538][T14414] RIP: 0023:0xf7fb3577 [ 345.913711][T14414] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 345.919145][T14414] RSP: 002b:00000000f50c455c EFLAGS: 00000296 [ 345.920772][T14414] RAX: 0000000000000174 RBX: 0000000000000008 RCX: 0000000020000840 [ 345.922890][T14414] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 345.925033][T14414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 345.927214][T14414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 345.929378][T14414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 345.931554][T14414] [ 346.055999][ T39] audit: type=1326 audit(1737152009.961:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.062237][ T39] audit: type=1326 audit(1737152009.961:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.068415][ T39] audit: type=1326 audit(1737152009.981:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=377 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.074613][ T39] audit: type=1326 audit(1737152009.981:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.080927][ T39] audit: type=1326 audit(1737152009.981:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.087973][ T39] audit: type=1326 audit(1737152009.981:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.095855][ T39] audit: type=1326 audit(1737152009.981:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.101835][ T39] audit: type=1326 audit(1737152009.981:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.108419][ T39] audit: type=1326 audit(1737152009.981:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14418 comm="syz.1.2136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 346.410441][ T8] vhci_hcd: vhci_device speed not set [ 346.659131][T14438] tipc: Enabling of bearer rejected, already enabled [ 346.939489][T14443] FAULT_INJECTION: forcing a failure. [ 346.939489][T14443] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 346.944899][T14443] CPU: 3 UID: 0 PID: 14443 Comm: syz.1.2145 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 346.948311][T14443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 346.952592][T14443] Call Trace: [ 346.953739][T14443] [ 346.954592][T14443] dump_stack_lvl+0x16c/0x1f0 [ 346.955949][T14443] should_fail_ex+0x497/0x5b0 [ 346.957290][T14443] ? fs_reclaim_acquire+0xae/0x150 [ 346.959005][T14443] should_fail_alloc_page+0xe7/0x130 [ 346.961040][T14443] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 346.963452][T14443] __alloc_pages_noprof+0x190/0x25b0 [ 346.965561][T14443] ? hlock_class+0x4e/0x130 [ 346.967341][T14443] ? mark_lock+0xb5/0xc60 [ 346.969146][T14443] ? __lock_acquire+0xcc5/0x3c40 [ 346.971120][T14443] ? __pfx_mark_lock+0x10/0x10 [ 346.972853][T14443] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 346.974688][T14443] ? hlock_class+0x4e/0x130 [ 346.975974][T14443] ? mark_lock+0xb5/0xc60 [ 346.977282][T14443] ? __pfx_mark_lock+0x10/0x10 [ 346.978742][T14443] ? hlock_class+0x4e/0x130 [ 346.980064][T14443] ? __lock_acquire+0xcc5/0x3c40 [ 346.981533][T14443] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 346.983242][T14443] ? policy_nodemask+0xea/0x4e0 [ 346.984658][T14443] alloc_pages_mpol_noprof+0x2c8/0x620 [ 346.986254][T14443] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 346.987977][T14443] ? __lock_acquire+0xcc5/0x3c40 [ 346.989417][T14443] folio_alloc_mpol_noprof+0x36/0xd0 [ 346.990948][T14443] vma_alloc_folio_noprof+0xee/0x1b0 [ 346.992503][T14443] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 346.994231][T14443] ? find_held_lock+0x2d/0x110 [ 346.995614][T14443] do_pte_missing+0x2017/0x3e00 [ 346.997040][T14443] __handle_mm_fault+0x103c/0x2a40 [ 346.998519][T14443] ? __pfx___handle_mm_fault+0x10/0x10 [ 347.000088][T14443] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 347.001711][T14443] ? find_vma+0xc0/0x140 [ 347.002957][T14443] ? __pfx_find_vma+0x10/0x10 [ 347.004308][T14443] handle_mm_fault+0x3fa/0xaa0 [ 347.005700][T14443] do_user_addr_fault+0x7a3/0x13f0 [ 347.007183][T14443] exc_page_fault+0x5c/0xc0 [ 347.008502][T14443] asm_exc_page_fault+0x26/0x30 [ 347.009923][T14443] RIP: 0010:rep_stos_alternative+0x40/0x80 [ 347.011624][T14443] Code: ff c7 48 ff c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 66 2e 0f 1f 84 00 00 00 00 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 [ 347.017100][T14443] RSP: 0018:ffffc9000699fcc8 EFLAGS: 00050246 [ 347.018860][T14443] RAX: 0000000000000000 RBX: 000000007ffe4000 RCX: 0000000000000040 [ 347.021137][T14443] RDX: ffff888021264880 RSI: ffffffff85183de6 RDI: 000000002001c000 [ 347.023400][T14443] RBP: 0000000000001000 R08: 0000000000000000 R09: fffffbfff2039efa [ 347.025656][T14443] R10: ffffffff901cf7d7 R11: 0000000000000000 R12: ffff888021264880 [ 347.027912][T14443] R13: 00007ffffffff000 R14: ffffed100424c910 R15: 000000002001b040 [ 347.030184][T14443] ? read_zero+0xc6/0x250 [ 347.031434][T14443] read_zero+0xd6/0x250 [ 347.032653][T14443] ? __pfx_read_zero+0x10/0x10 [ 347.034045][T14443] vfs_read+0x1df/0xbe0 [ 347.035244][T14443] ? __fget_files+0x1fc/0x3a0 [ 347.036614][T14443] ? __pfx_lock_release+0x10/0x10 [ 347.038065][T14443] ? __pfx_vfs_read+0x10/0x10 [ 347.039424][T14443] ? lock_acquire+0x2f/0xb0 [ 347.040753][T14443] ? __fget_files+0x40/0x3a0 [ 347.042124][T14443] ? __fget_files+0x206/0x3a0 [ 347.043487][T14443] ksys_read+0x12b/0x250 [ 347.044711][T14443] ? __pfx_ksys_read+0x10/0x10 [ 347.046113][T14443] __do_fast_syscall_32+0x73/0x120 [ 347.047609][T14443] do_fast_syscall_32+0x32/0x80 [ 347.049026][T14443] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.050857][T14443] RIP: 0023:0xf7f92579 [ 347.052050][T14443] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 347.057521][T14443] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 347.059884][T14443] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 347.062149][T14443] RDX: 00000000ffffff96 RSI: 0000000000000000 RDI: 0000000000000000 [ 347.064396][T14443] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 347.066651][T14443] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 347.068840][T14443] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.071064][T14443] [ 347.116674][T14447] FAULT_INJECTION: forcing a failure. [ 347.116674][T14447] name failslab, interval 1, probability 0, space 0, times 0 [ 347.122753][T14447] CPU: 0 UID: 0 PID: 14447 Comm: syz.1.2147 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 347.126101][T14447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 347.129166][T14447] Call Trace: [ 347.130130][T14447] [ 347.130985][T14447] dump_stack_lvl+0x16c/0x1f0 [ 347.132305][T14447] should_fail_ex+0x497/0x5b0 [ 347.133682][T14447] should_failslab+0xc2/0x120 [ 347.135058][T14447] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 347.136605][T14447] ? netlink_deliver_tap+0x6a1/0xca0 [ 347.138137][T14447] ? skb_clone+0x190/0x3f0 [ 347.139433][T14447] skb_clone+0x190/0x3f0 [ 347.140659][T14447] netlink_deliver_tap+0xafd/0xca0 [ 347.142049][T14447] netlink_unicast+0x6b4/0x7f0 [ 347.143401][T14447] ? __pfx_netlink_unicast+0x10/0x10 [ 347.144934][T14447] ? genl_rcv_msg+0x4bd/0x800 [ 347.146309][T14447] netlink_ack+0x6a5/0xb20 [ 347.147609][T14447] netlink_rcv_skb+0x327/0x410 [ 347.149002][T14447] ? __pfx_genl_rcv_msg+0x10/0x10 [ 347.150489][T14447] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 347.152027][T14447] ? down_read+0xc9/0x330 [ 347.153293][T14447] ? __pfx_down_read+0x10/0x10 [ 347.154676][T14447] ? netlink_deliver_tap+0x1ae/0xca0 [ 347.156183][T14447] genl_rcv+0x28/0x40 [ 347.157341][T14447] netlink_unicast+0x53c/0x7f0 [ 347.158669][T14447] ? __pfx_netlink_unicast+0x10/0x10 [ 347.160192][T14447] ? __phys_addr_symbol+0x30/0x80 [ 347.161663][T14447] ? __check_object_size+0x488/0x710 [ 347.163197][T14447] netlink_sendmsg+0x8b8/0xd70 [ 347.164583][T14447] ? __pfx_netlink_sendmsg+0x10/0x10 [ 347.166138][T14447] ____sys_sendmsg+0x9ae/0xb40 [ 347.167602][T14447] ? __pfx_____sys_sendmsg+0x10/0x10 [ 347.169105][T14447] ? get_compat_msghdr+0x11b/0x170 [ 347.170604][T14447] ___sys_sendmsg+0x135/0x1e0 [ 347.171979][T14447] ? __pfx____sys_sendmsg+0x10/0x10 [ 347.173494][T14447] ? __pfx_lock_release+0x10/0x10 [ 347.174947][T14447] ? trace_lock_acquire+0x14e/0x1f0 [ 347.176449][T14447] ? __fget_files+0x206/0x3a0 [ 347.177803][T14447] __sys_sendmsg+0x16e/0x220 [ 347.179135][T14447] ? __pfx___sys_sendmsg+0x10/0x10 [ 347.180614][T14447] __do_fast_syscall_32+0x73/0x120 [ 347.182093][T14447] do_fast_syscall_32+0x32/0x80 [ 347.183494][T14447] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.185309][T14447] RIP: 0023:0xf7f92579 [ 347.186494][T14447] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 347.191981][T14447] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 347.194358][T14447] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001b80 [ 347.196603][T14447] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 347.198875][T14447] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 347.201139][T14447] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 347.203388][T14447] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.205655][T14447] [ 347.246034][T14455] netlink: 'syz.1.2149': attribute type 10 has an invalid length. [ 347.251257][T14455] team0: Port device netdevsim0 added [ 347.545385][ T8] libceph: connect (1)[c::]:6789 error -101 [ 347.549727][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 347.647071][T14481] FAULT_INJECTION: forcing a failure. [ 347.647071][T14481] name failslab, interval 1, probability 0, space 0, times 0 [ 347.650852][T14481] CPU: 1 UID: 0 PID: 14481 Comm: syz.3.2157 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 347.654001][T14481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 347.657354][T14481] Call Trace: [ 347.658384][T14481] [ 347.659252][T14481] dump_stack_lvl+0x16c/0x1f0 [ 347.660599][T14481] should_fail_ex+0x497/0x5b0 [ 347.661968][T14481] ? fs_reclaim_acquire+0xae/0x150 [ 347.663427][T14481] should_failslab+0xc2/0x120 [ 347.664805][T14481] __kmalloc_cache_node_noprof+0x6f/0x3f0 [ 347.666459][T14481] ? __get_vm_area_node+0x101/0x2f0 [ 347.667980][T14481] __get_vm_area_node+0x101/0x2f0 [ 347.669452][T14481] __vmalloc_node_range_noprof+0x26a/0x1530 [ 347.671160][T14481] ? bpf_check+0x206/0xc870 [ 347.672498][T14481] ? __lruvec_stat_mod_folio+0xa0/0x360 [ 347.674106][T14481] ? lock_acquire+0x2f/0xb0 [ 347.675432][T14481] ? bpf_check+0x206/0xc870 [ 347.676757][T14481] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 347.678591][T14481] ? rcu_is_watching+0x12/0xc0 [ 347.679990][T14481] ? trace_kmalloc+0x2d/0xd0 [ 347.681353][T14481] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 347.682995][T14481] ? __kvmalloc_node_noprof+0x6f/0x1a0 [ 347.684571][T14481] ? ktime_get+0x206/0x300 [ 347.685917][T14481] ? bpf_check+0x206/0xc870 [ 347.687363][T14481] vzalloc_noprof+0x6b/0x90 [ 347.688675][T14481] ? bpf_check+0x206/0xc870 [ 347.690022][T14481] bpf_check+0x206/0xc870 [ 347.691306][T14481] ? hlock_class+0x4e/0x130 [ 347.692637][T14481] ? __lock_acquire+0x15a9/0x3c40 [ 347.694154][T14481] ? __pfx___lock_acquire+0x10/0x10 [ 347.695668][T14481] ? __pfx_bpf_check+0x10/0x10 [ 347.697067][T14481] ? find_held_lock+0x2d/0x110 [ 347.698474][T14481] ? bpf_prog_load+0xd45/0x2670 [ 347.699884][T14481] ? __pfx_lock_release+0x10/0x10 [ 347.701367][T14481] ? trace_lock_acquire+0x14e/0x1f0 [ 347.702872][T14481] ? bpf_prog_load+0xd45/0x2670 [ 347.704287][T14481] ? ktime_get_with_offset+0x273/0x3a0 [ 347.705868][T14481] ? lockdep_hardirqs_on+0x7c/0x110 [ 347.707376][T14481] ? read_tsc+0x9/0x20 [ 347.708570][T14481] ? ktime_get_with_offset+0x20f/0x3a0 [ 347.710207][T14481] ? bpf_obj_name_cpy+0x156/0x1b0 [ 347.711688][T14481] bpf_prog_load+0xe3f/0x2670 [ 347.713052][T14481] ? __pfx_bpf_prog_load+0x10/0x10 [ 347.714692][T14481] ? find_held_lock+0x2d/0x110 [ 347.716085][T14481] ? __might_fault+0x13b/0x190 [ 347.717499][T14481] ? __might_fault+0xe3/0x190 [ 347.718872][T14481] __sys_bpf+0x5677/0x57a0 [ 347.720170][T14481] ? __pfx_lock_release+0x10/0x10 [ 347.721670][T14481] ? __pfx___sys_bpf+0x10/0x10 [ 347.723061][T14481] ? vfs_write+0x306/0x1150 [ 347.724390][T14481] ? __mutex_unlock_slowpath+0x164/0x690 [ 347.726033][T14481] ? fput+0x67/0x440 [ 347.727178][T14481] ? ksys_write+0x1ba/0x250 [ 347.728498][T14481] ? __pfx_ksys_write+0x10/0x10 [ 347.729933][T14481] __ia32_sys_bpf+0x76/0xe0 [ 347.731259][T14481] __do_fast_syscall_32+0x73/0x120 [ 347.732754][T14481] do_fast_syscall_32+0x32/0x80 [ 347.734184][T14481] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.736028][T14481] RIP: 0023:0xf7f88579 [ 347.737217][T14481] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 347.742633][T14481] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 347.744952][T14481] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000002000e000 [ 347.747239][T14481] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 347.749503][T14481] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 347.751786][T14481] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 347.754059][T14481] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.756325][T14481] [ 347.757357][ C1] vkms_vblank_simulate: vblank timer overrun [ 347.759972][T14481] syz.3.2157: vmalloc error: size 288, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 347.764455][T14481] CPU: 1 UID: 0 PID: 14481 Comm: syz.3.2157 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 347.767532][T14481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 347.770595][T14481] Call Trace: [ 347.771598][T14481] [ 347.772466][T14481] dump_stack_lvl+0x16c/0x1f0 [ 347.773851][T14481] warn_alloc+0x24d/0x3a0 [ 347.775174][T14481] ? __pfx_warn_alloc+0x10/0x10 [ 347.776614][T14481] ? rcu_is_watching+0x12/0xc0 [ 347.778018][T14481] ? __kmalloc_cache_node_noprof+0x245/0x3f0 [ 347.779737][T14481] ? __kasan_kmalloc+0x8a/0xb0 [ 347.781131][T14481] ? __get_vm_area_node+0x1dc/0x2f0 [ 347.782817][T14481] __vmalloc_node_range_noprof+0xd27/0x1530 [ 347.784547][T14481] ? __lruvec_stat_mod_folio+0xa0/0x360 [ 347.786174][T14481] ? lock_acquire+0x2f/0xb0 [ 347.787499][T14481] ? bpf_check+0x206/0xc870 [ 347.788835][T14481] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 347.790672][T14481] ? rcu_is_watching+0x12/0xc0 [ 347.792105][T14481] ? trace_kmalloc+0x2d/0xd0 [ 347.793458][T14481] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 347.795110][T14481] ? __kvmalloc_node_noprof+0x6f/0x1a0 [ 347.796714][T14481] ? ktime_get+0x206/0x300 [ 347.798033][T14481] ? bpf_check+0x206/0xc870 [ 347.799382][T14481] vzalloc_noprof+0x6b/0x90 [ 347.800725][T14481] ? bpf_check+0x206/0xc870 [ 347.802072][T14481] bpf_check+0x206/0xc870 [ 347.803332][T14481] ? hlock_class+0x4e/0x130 [ 347.804662][T14481] ? __lock_acquire+0x15a9/0x3c40 [ 347.806075][ T8] libceph: connect (1)[c::]:6789 error -101 [ 347.806129][T14481] ? __pfx___lock_acquire+0x10/0x10 [ 347.807942][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 347.809324][T14481] ? __pfx_bpf_check+0x10/0x10 [ 347.809342][T14481] ? find_held_lock+0x2d/0x110 [ 347.809357][T14481] ? bpf_prog_load+0xd45/0x2670 [ 347.815219][T14481] ? __pfx_lock_release+0x10/0x10 [ 347.816683][T14481] ? trace_lock_acquire+0x14e/0x1f0 [ 347.818210][T14481] ? bpf_prog_load+0xd45/0x2670 [ 347.819619][T14481] ? ktime_get_with_offset+0x273/0x3a0 [ 347.821205][T14481] ? lockdep_hardirqs_on+0x7c/0x110 [ 347.822722][T14481] ? read_tsc+0x9/0x20 [ 347.823911][T14481] ? ktime_get_with_offset+0x20f/0x3a0 [ 347.825514][T14481] ? bpf_obj_name_cpy+0x156/0x1b0 [ 347.827139][T14481] bpf_prog_load+0xe3f/0x2670 [ 347.828551][T14481] ? __pfx_bpf_prog_load+0x10/0x10 [ 347.830051][T14481] ? find_held_lock+0x2d/0x110 [ 347.831449][T14481] ? __might_fault+0x13b/0x190 [ 347.832856][T14481] ? __might_fault+0xe3/0x190 [ 347.834251][T14481] __sys_bpf+0x5677/0x57a0 [ 347.835551][T14481] ? __pfx_lock_release+0x10/0x10 [ 347.837012][T14481] ? __pfx___sys_bpf+0x10/0x10 [ 347.838424][T14481] ? vfs_write+0x306/0x1150 [ 347.839753][T14481] ? __mutex_unlock_slowpath+0x164/0x690 [ 347.841386][T14481] ? fput+0x67/0x440 [ 347.842530][T14481] ? ksys_write+0x1ba/0x250 [ 347.843869][T14481] ? __pfx_ksys_write+0x10/0x10 [ 347.845300][T14481] __ia32_sys_bpf+0x76/0xe0 [ 347.846644][T14481] __do_fast_syscall_32+0x73/0x120 [ 347.848157][T14481] do_fast_syscall_32+0x32/0x80 [ 347.849588][T14481] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.851404][T14481] RIP: 0023:0xf7f88579 [ 347.852594][T14481] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 347.858135][T14481] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 347.860521][T14481] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000002000e000 [ 347.862794][T14481] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 347.865092][T14481] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 347.867395][T14481] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 347.869690][T14481] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.872017][T14481] [ 347.873011][ C1] vkms_vblank_simulate: vblank timer overrun [ 347.874966][T14481] Mem-Info: [ 347.876103][T14481] active_anon:10014 inactive_anon:165 isolated_anon:0 [ 347.876103][T14481] active_file:6377 inactive_file:43053 isolated_file:0 [ 347.876103][T14481] unevictable:1768 dirty:237 writeback:0 [ 347.876103][T14481] slab_reclaimable:5628 slab_unreclaimable:61904 [ 347.876103][T14481] mapped:29411 shmem:5352 pagetables:1417 [ 347.876103][T14481] sec_pagetables:308 bounce:0 [ 347.876103][T14481] kernel_misc_reclaimable:0 [ 347.876103][T14481] free:39984 free_pcp:5523 free_cma:0 [ 347.888934][T14481] Node 0 active_anon:6076kB inactive_anon:80kB active_file:6164kB inactive_file:704kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:4068kB dirty:0kB writeback:0kB shmem:5084kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9296kB pagetables:936kB sec_pagetables:1136kB all_unreclaimable? yes [ 347.898131][T14481] Node 1 active_anon:35080kB inactive_anon:580kB active_file:19344kB inactive_file:171508kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:114676kB dirty:948kB writeback:0kB shmem:17524kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3660kB pagetables:4748kB sec_pagetables:96kB all_unreclaimable? no [ 347.907369][T14481] Node 0 DMA free:2796kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:216kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:784kB local_pcp:228kB free_cma:0kB [ 347.915556][T14481] lowmem_reserve[]: 0 273 0 0 0 [ 347.917578][T14481] Node 0 DMA32 free:34372kB boost:31284kB min:45188kB low:48664kB high:52140kB reserved_highatomic:4096KB active_anon:5860kB inactive_anon:72kB active_file:6164kB inactive_file:704kB unevictable:3536kB writepending:0kB present:1032196kB managed:306308kB mlocked:0kB bounce:0kB free_pcp:248kB local_pcp:32kB free_cma:0kB [ 347.926804][T14481] lowmem_reserve[]: 0 0 0 0 0 [ 347.928300][T14481] Node 1 DMA32 free:118456kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:37080kB inactive_anon:580kB active_file:19344kB inactive_file:171508kB unevictable:3536kB writepending:948kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:23200kB local_pcp:1224kB free_cma:0kB [ 347.937048][T14481] lowmem_reserve[]: 0 0 0 0 0 [ 347.938526][T14481] Node 0 DMA: 93*4kB (UM) 39*8kB (UM) 12*16kB (UM) 38*32kB (UM) 7*64kB (UM) 0*128kB 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2796kB [ 347.942804][T14481] Node 0 DMA32: 869*4kB (UMH) 178*8kB (UMEH) 48*16kB (UMEH) 225*32kB (UMEH) 94*64kB (UMEH) 29*128kB (UME) 8*256kB (UM) 5*512kB (UM) 3*1024kB (M) 2*2048kB (M) 0*4096kB = 34372kB [ 347.947959][T14481] Node 1 DMA32: 1*4kB (U) 136*8kB (UME) 115*16kB (UME) 66*32kB (UME) 238*64kB (UME) 146*128kB (UME) 76*256kB (UME) 32*512kB (UME) 13*1024kB (UM) 6*2048kB (UM) 4*4096kB (UM) = 116788kB [ 347.953272][T14481] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 347.956047][T14481] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 347.958761][T14481] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 347.961560][T14481] Node 1 hugepages_total=6 hugepages_free=1 hugepages_surp=4 hugepages_size=2048kB [ 347.964343][T14481] 56157 total pagecache pages [ 347.965819][T14481] 0 pages in swap cache [ 347.967093][T14481] Free swap = 123936kB [ 347.968359][T14481] Total swap = 124996kB [ 347.969865][T14481] 524155 pages RAM [ 347.971026][T14481] 0 pages HighMem/MovableOnly [ 347.972475][T14481] 206675 pages reserved [ 347.973772][T14481] 0 pages cma reserved [ 348.197811][T14467] ceph: No mds server is up or the cluster is laggy [ 348.529860][T14508] netlink: 'syz.4.2161': attribute type 1 has an invalid length. [ 348.532230][T14508] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2161'. [ 348.550756][T14508] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 348.676611][T14511] FAULT_INJECTION: forcing a failure. [ 348.676611][T14511] name failslab, interval 1, probability 0, space 0, times 0 [ 348.681645][T14511] CPU: 3 UID: 0 PID: 14511 Comm: syz.0.2164 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 348.685843][T14511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 348.690039][T14511] Call Trace: [ 348.691399][T14511] [ 348.692607][T14511] dump_stack_lvl+0x16c/0x1f0 [ 348.694526][T14511] should_fail_ex+0x497/0x5b0 [ 348.696429][T14511] ? fs_reclaim_acquire+0xae/0x150 [ 348.698495][T14511] should_failslab+0xc2/0x120 [ 348.700397][T14511] __kmalloc_noprof+0xce/0x4f0 [ 348.702333][T14511] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 348.704562][T14511] ? tomoyo_realpath_from_path+0xbf/0x710 [ 348.706834][T14511] tomoyo_realpath_from_path+0xbf/0x710 [ 348.709020][T14511] ? tomoyo_path_number_perm+0x235/0x5b0 [ 348.710952][T14511] tomoyo_path_number_perm+0x248/0x5b0 [ 348.712634][T14511] ? tomoyo_path_number_perm+0x235/0x5b0 [ 348.714482][T14511] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 348.716663][T14511] ? __pfx_lock_release+0x10/0x10 [ 348.718133][T14511] ? trace_lock_acquire+0x14e/0x1f0 [ 348.719642][T14511] ? lock_acquire+0x2f/0xb0 [ 348.720959][T14511] ? __fget_files+0x40/0x3a0 [ 348.722346][T14511] ? __fget_files+0x206/0x3a0 [ 348.723728][T14511] security_file_ioctl_compat+0x9b/0x240 [ 348.725954][T14511] __do_compat_sys_ioctl+0x4e/0x2c0 [ 348.728185][T14511] __do_fast_syscall_32+0x73/0x120 [ 348.730344][T14511] do_fast_syscall_32+0x32/0x80 [ 348.732162][T14511] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 348.734637][T14511] RIP: 0023:0xf7fa0579 [ 348.736277][T14511] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 348.743834][T14511] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 348.747175][T14511] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0045520 [ 348.749883][T14511] RDX: 0000000020001000 RSI: 0000000000000000 RDI: 0000000000000000 [ 348.753026][T14511] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 348.756206][T14511] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 348.758515][T14511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 348.761222][T14511] [ 348.763148][T14511] ERROR: Out of memory at tomoyo_realpath_from_path. [ 348.912854][T14518] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2166'. [ 348.967821][T14520] netlink: 'syz.1.2165': attribute type 1 has an invalid length. [ 348.970095][T14520] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2165'. [ 349.752439][T14537] input: syz1 as /devices/virtual/input/input70 [ 350.221394][T14552] netlink: 1280 bytes leftover after parsing attributes in process `syz.3.2177'. [ 350.224176][T14552] openvswitch: netlink: Flow actions attr not present in new flow. [ 350.577613][T14569] nvme_fabrics: missing parameter 'transport=%s' [ 350.579722][T14569] nvme_fabrics: missing parameter 'nqn=%s' [ 350.724831][ T39] kauditd_printk_skb: 11 callbacks suppressed [ 350.724841][ T39] audit: type=1326 audit(1737152014.621:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.734378][ T39] audit: type=1326 audit(1737152014.621:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.740981][ T39] audit: type=1326 audit(1737152014.631:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.748071][ T39] audit: type=1326 audit(1737152014.631:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.755045][ T39] audit: type=1326 audit(1737152014.631:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.762108][ T39] audit: type=1326 audit(1737152014.641:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.770038][ T39] audit: type=1326 audit(1737152014.641:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.774576][T14576] PKCS7: Unknown OID: [4] 2.19.13055.940354.15722 [ 350.776429][ T39] audit: type=1326 audit(1737152014.641:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.778420][T14576] PKCS7: Only support pkcs7_signedData type [ 350.784492][ T39] audit: type=1326 audit(1737152014.641:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=349 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 350.792516][ T39] audit: type=1326 audit(1737152014.641:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.1.2183" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000 [ 351.031454][ T56] libceph: connect (1)[c::]:6789 error -101 [ 351.033125][T14567] Process accounting resumed [ 351.033554][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 351.297034][ T56] libceph: connect (1)[c::]:6789 error -101 [ 351.299229][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 351.569514][T14597] hugetlbfs: Bad value 'A' for mount option 'nr_inodes' [ 351.569514][T14597] [ 351.574762][T14597] binder: 14596:14597 ioctl c0306201 20000380 returned -14 [ 351.690182][T14585] ceph: No mds server is up or the cluster is laggy [ 351.711455][T14610] FAULT_INJECTION: forcing a failure. [ 351.711455][T14610] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.717113][T14610] CPU: 0 UID: 0 PID: 14610 Comm: syz.4.2191 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 351.721383][T14610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 351.725146][T14610] Call Trace: [ 351.726108][T14610] [ 351.726970][T14610] dump_stack_lvl+0x16c/0x1f0 [ 351.728331][T14610] should_fail_ex+0x497/0x5b0 [ 351.729760][T14610] _copy_from_user+0x2e/0xd0 [ 351.731139][T14610] copy_from_buffer+0x86/0xb0 [ 351.732513][T14610] copy_uabi_to_xstate+0x3c7/0x670 [ 351.733997][T14610] ? __pfx_copy_uabi_to_xstate+0x10/0x10 [ 351.735551][T14610] ? __fpu_restore_sig+0xc6f/0x1430 [ 351.737101][T14610] __fpu_restore_sig+0x1062/0x1430 [ 351.738573][T14610] ? __pfx___fpu_restore_sig+0x10/0x10 [ 351.740266][T14610] ? lock_acquire+0x2f/0xb0 [ 351.741555][T14610] ? __might_fault+0xe3/0x190 [ 351.742905][T14610] fpu__restore_sig+0x113/0x190 [ 351.744310][T14610] ia32_restore_sigcontext+0x40f/0x5d0 [ 351.745866][T14610] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 351.747579][T14610] ? __pfx_lock_release+0x10/0x10 [ 351.749062][T14610] ? _raw_spin_unlock_irq+0x23/0x50 [ 351.750878][T14610] ? lockdep_hardirqs_on+0x7c/0x110 [ 351.753046][T14610] __do_compat_sys_rt_sigreturn+0x121/0x1f0 [ 351.755471][T14610] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 351.758059][T14610] do_int80_emulation+0x104/0x200 [ 351.760080][T14610] asm_int80_emulation+0x1a/0x20 [ 351.761921][T14610] RIP: 0023:0xf7fb3577 [ 351.763105][T14610] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 351.768515][T14610] RSP: 002b:00000000f50e555c EFLAGS: 00000296 [ 351.770456][T14610] RAX: 0000000000000174 RBX: 0000000000000006 RCX: 0000000020000840 [ 351.772703][T14610] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 351.774914][T14610] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 351.777138][T14610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.779395][T14610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 351.782076][T14610] [ 352.017299][T14607] binder_alloc: 14598: binder_alloc_buf, no vma [ 352.201580][T14630] tipc: Resetting bearer [ 352.213216][T14628] netlink: 'syz.1.2196': attribute type 39 has an invalid length. [ 352.491623][T14636] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2201'. [ 352.494640][T14636] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2201'. [ 352.755379][T14655] wireguard1: entered promiscuous mode [ 353.141771][T14668] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2212'. [ 353.150452][ T5946] Bluetooth: hci3: unexpected event for opcode 0x2002 [ 353.213056][T14670] bridee_slave_0 speed is unknown, defaulting to 1000 [ 353.215424][T14670] lo speed is unknown, defaulting to 1000 [ 353.757491][T14692] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2219'. [ 354.519283][T14706] tipc: Enabling of bearer rejected, already enabled [ 354.636046][T14712] ata1.00: invalid multi_count 1 ignored [ 354.696089][ T834] [ 354.696831][ T834] ====================================================== [ 354.698799][ T834] WARNING: possible circular locking dependency detected [ 354.700750][ T834] 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 Not tainted [ 354.703501][ T834] ------------------------------------------------------ [ 354.706683][ T834] kworker/3:2/834 is trying to acquire lock: [ 354.708300][ T834] ffff8880246f8aa8 (&q->q_usage_counter(queue)#51){++++}-{0:0}, at: blk_mq_alloc_request+0x59b/0x950 [ 354.711275][ T834] [ 354.711275][ T834] but task is already holding lock: [ 354.713312][ T834] ffff8880246f90c0 (&q->limits_lock){+.+.}-{4:4}, at: sd_revalidate_disk.isra.0+0x52c/0xa8d0 [ 354.716180][ T834] [ 354.716180][ T834] which lock already depends on the new lock. [ 354.716180][ T834] [ 354.719095][ T834] [ 354.719095][ T834] the existing dependency chain (in reverse order) is: [ 354.721618][ T834] [ 354.721618][ T834] -> #5 (&q->limits_lock){+.+.}-{4:4}: [ 354.723765][ T834] __mutex_lock+0x19b/0xa60 [ 354.725215][ T834] loop_reconfigure_limits+0x407/0x8c0 [ 354.726929][ T834] lo_ioctl+0x8f4/0x18a0 [ 354.728293][ T834] lo_compat_ioctl+0xb9/0x170 [ 354.729785][ T834] compat_blkdev_ioctl+0x2f7/0x750 [ 354.731384][ T834] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 354.733062][ T834] __do_fast_syscall_32+0x73/0x120 [ 354.734652][ T834] do_fast_syscall_32+0x32/0x80 [ 354.736174][ T834] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 354.738102][ T834] [ 354.738102][ T834] -> #4 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 354.740543][ T834] blk_mq_submit_bio+0x1fb6/0x24c0 [ 354.742154][ T834] __submit_bio+0x384/0x540 [ 354.743593][ T834] submit_bio_noacct_nocheck+0x698/0xd70 [ 354.745362][ T834] submit_bio_noacct+0x93a/0x1e20 [ 354.746944][ T834] mpage_readahead+0x41d/0x590 [ 354.748452][ T834] read_pages+0x1a8/0xdc0 [ 354.749856][ T834] page_cache_ra_unbounded+0x3dc/0x750 [ 354.751588][ T834] force_page_cache_ra+0x24b/0x340 [ 354.753200][ T834] page_cache_sync_ra+0x110/0x9c0 [ 354.754787][ T834] filemap_get_pages+0xd7b/0x1be0 [ 354.756370][ T834] filemap_read+0x3ca/0xd70 [ 354.757820][ T834] blkdev_read_iter+0x187/0x480 [ 354.759348][ T834] vfs_read+0x87f/0xbe0 [ 354.760700][ T834] ksys_read+0x12b/0x250 [ 354.762044][ T834] do_syscall_64+0xcd/0x250 [ 354.763484][ T834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.765310][ T834] [ 354.765310][ T834] -> #3 (mapping.invalidate_lock#2){++++}-{4:4}: [ 354.767698][ T834] down_read+0x9a/0x330 [ 354.769061][ T834] filemap_fault+0x2e0/0x2820 [ 354.770561][ T834] __do_fault+0x10a/0x490 [ 354.772003][ T834] do_pte_missing+0x1a8/0x3e00 [ 354.773523][ T834] __handle_mm_fault+0x103c/0x2a40 [ 354.775127][ T834] handle_mm_fault+0x3fa/0xaa0 [ 354.776630][ T834] do_user_addr_fault+0x7a3/0x13f0 [ 354.778244][ T834] exc_page_fault+0x5c/0xc0 [ 354.779693][ T834] asm_exc_page_fault+0x26/0x30 [ 354.781189][ T834] _copy_to_user+0xb6/0xd0 [ 354.782572][ T834] msr_read+0x14f/0x250 [ 354.783923][ T834] vfs_read+0x1df/0xbe0 [ 354.785277][ T834] ksys_read+0x12b/0x250 [ 354.786646][ T834] __do_fast_syscall_32+0x73/0x120 [ 354.788245][ T834] do_fast_syscall_32+0x32/0x80 [ 354.789774][ T834] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 354.791720][ T834] [ 354.791720][ T834] -> #2 (&mm->mmap_lock){++++}-{4:4}: [ 354.793862][ T834] __might_fault+0x11b/0x190 [ 354.795324][ T834] _copy_from_user+0x29/0xd0 [ 354.796788][ T834] __blk_trace_setup+0xa8/0x180 [ 354.798309][ T834] blk_trace_setup+0x47/0x70 [ 354.799762][ T834] sg_ioctl+0x7a3/0x26b0 [ 354.801146][ T834] compat_ptr_ioctl+0x6b/0xa0 [ 354.802622][ T834] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 354.804281][ T834] __do_fast_syscall_32+0x73/0x120 [ 354.805890][ T834] do_fast_syscall_32+0x32/0x80 [ 354.807423][ T834] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 354.809399][ T834] [ 354.809399][ T834] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}: [ 354.811738][ T834] __mutex_lock+0x19b/0xa60 [ 354.813184][ T834] blk_mq_init_sched+0x42b/0x640 [ 354.814716][ T834] elevator_init_mq+0x2cd/0x420 [ 354.816248][ T834] add_disk_fwnode+0x113/0x1300 [ 354.817783][ T834] sd_probe+0xa66/0xfa0 [ 354.819131][ T834] really_probe+0x23e/0xa90 [ 354.820576][ T834] __driver_probe_device+0x1de/0x440 [ 354.822255][ T834] driver_probe_device+0x4c/0x1b0 [ 354.823837][ T834] __device_attach_driver+0x1df/0x310 [ 354.825546][ T834] bus_for_each_drv+0x157/0x1e0 [ 354.827187][ T834] __device_attach_async_helper+0x1d3/0x290 [ 354.829003][ T834] async_run_entry_fn+0x9c/0x530 [ 354.830570][ T834] process_one_work+0x958/0x1b30 [ 354.832123][ T834] worker_thread+0x6c8/0xf00 [ 354.833584][ T834] kthread+0x2c1/0x3a0 [ 354.834906][ T834] ret_from_fork+0x45/0x80 [ 354.836344][ T834] ret_from_fork_asm+0x1a/0x30 [ 354.837874][ T834] [ 354.837874][ T834] -> #0 (&q->q_usage_counter(queue)#51){++++}-{0:0}: [ 354.840362][ T834] __lock_acquire+0x249e/0x3c40 [ 354.841908][ T834] lock_acquire.part.0+0x11b/0x380 [ 354.843491][ T834] blk_queue_enter+0x50f/0x640 [ 354.844990][ T834] blk_mq_alloc_request+0x59b/0x950 [ 354.846612][ T834] scsi_execute_cmd+0x20a/0xf30 [ 354.848135][ T834] read_capacity_16+0x21a/0xe20 [ 354.849662][ T834] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 354.851476][ T834] scsi_rescan_device+0x243/0x340 [ 354.853061][ T834] ata_scsi_dev_rescan+0x1cb/0x470 [ 354.854653][ T834] process_one_work+0x958/0x1b30 [ 354.856193][ T834] worker_thread+0x6c8/0xf00 [ 354.857657][ T834] kthread+0x2c1/0x3a0 [ 354.858975][ T834] ret_from_fork+0x45/0x80 [ 354.860385][ T834] ret_from_fork_asm+0x1a/0x30 [ 354.861911][ T834] [ 354.861911][ T834] other info that might help us debug this: [ 354.861911][ T834] [ 354.864761][ T834] Chain exists of: [ 354.864761][ T834] &q->q_usage_counter(queue)#51 --> &q->q_usage_counter(io)#23 --> &q->limits_lock [ 354.864761][ T834] [ 354.869003][ T834] Possible unsafe locking scenario: [ 354.869003][ T834] [ 354.871148][ T834] CPU0 CPU1 [ 354.872670][ T834] ---- ---- [ 354.874189][ T834] lock(&q->limits_lock); [ 354.875469][ T834] lock(&q->q_usage_counter(io)#23); [ 354.877687][ T834] lock(&q->limits_lock); [ 354.879627][ T834] rlock(&q->q_usage_counter(queue)#51); [ 354.881269][ T834] [ 354.881269][ T834] *** DEADLOCK *** [ 354.881269][ T834] [ 354.883535][ T834] 5 locks held by kworker/3:2/834: [ 354.884982][ T834] #0: ffff88801ac88948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 354.887905][ T834] #1: ffffc9000449fd80 ((work_completion)(&(&ap->scsi_rescan_task)->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 354.891492][ T834] #2: ffff8880237ac358 (&ap->scsi_scan_mutex){+.+.}-{4:4}, at: ata_scsi_dev_rescan+0x3e/0x470 [ 354.894415][ T834] #3: ffff88804350a378 (&dev->mutex){....}-{4:4}, at: scsi_rescan_device+0x27/0x340 [ 354.897081][ T834] #4: ffff8880246f90c0 (&q->limits_lock){+.+.}-{4:4}, at: sd_revalidate_disk.isra.0+0x52c/0xa8d0 [ 354.900048][ T834] [ 354.900048][ T834] stack backtrace: [ 354.901745][ T834] CPU: 3 UID: 0 PID: 834 Comm: kworker/3:2 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 354.904716][ T834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 354.907736][ T834] Workqueue: events ata_scsi_dev_rescan [ 354.909306][ T834] Call Trace: [ 354.910257][ T834] [ 354.911105][ T834] dump_stack_lvl+0x116/0x1f0 [ 354.912455][ T834] print_circular_bug+0x41c/0x610 [ 354.913903][ T834] check_noncircular+0x31a/0x400 [ 354.915316][ T834] ? __pfx_check_noncircular+0x10/0x10 [ 354.916870][ T834] ? __pfx_try_to_wake_up+0x10/0x10 [ 354.918356][ T834] ? lockdep_lock+0xc6/0x200 [ 354.919688][ T834] ? __pfx_lockdep_lock+0x10/0x10 [ 354.921134][ T834] __lock_acquire+0x249e/0x3c40 [ 354.922524][ T834] ? __pfx___lock_acquire+0x10/0x10 [ 354.924002][ T834] lock_acquire.part.0+0x11b/0x380 [ 354.925471][ T834] ? blk_mq_alloc_request+0x59b/0x950 [ 354.927004][ T834] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 354.928603][ T834] ? rcu_is_watching+0x12/0xc0 [ 354.929985][ T834] ? trace_lock_acquire+0x14e/0x1f0 [ 354.931492][ T834] ? blk_mq_alloc_request+0x59b/0x950 [ 354.933038][ T834] ? lock_acquire+0x2f/0xb0 [ 354.934354][ T834] ? blk_mq_alloc_request+0x59b/0x950 [ 354.935885][ T834] blk_queue_enter+0x50f/0x640 [ 354.937264][ T834] ? blk_mq_alloc_request+0x59b/0x950 [ 354.938798][ T834] ? __pfx_blk_queue_enter+0x10/0x10 [ 354.940309][ T834] ? save_trace+0x42/0xa10 [ 354.941594][ T834] ? add_lock_to_list+0x17d/0x390 [ 354.943043][ T834] ? lockdep_unlock+0x11a/0x290 [ 354.944434][ T834] blk_mq_alloc_request+0x59b/0x950 [ 354.945930][ T834] ? __pfx_blk_mq_alloc_request+0x10/0x10 [ 354.947552][ T834] ? __pfx___lock_acquire+0x10/0x10 [ 354.949087][ T834] scsi_execute_cmd+0x20a/0xf30 [ 354.950502][ T834] ? lock_acquire.part.0+0x11b/0x380 [ 354.952002][ T834] ? __mutex_trylock_common+0xea/0x250 [ 354.953559][ T834] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 354.955083][ T834] ? sd_revalidate_disk.isra.0+0x52c/0xa8d0 [ 354.956762][ T834] ? rcu_is_watching+0x12/0xc0 [ 354.958143][ T834] read_capacity_16+0x21a/0xe20 [ 354.959543][ T834] ? __pfx_read_capacity_16+0x10/0x10 [ 354.961122][ T834] ? __pfx___mutex_lock+0x10/0x10 [ 354.962567][ T834] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 354.964084][ T834] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 354.965744][ T834] ? find_held_lock+0x2d/0x110 [ 354.967118][ T834] ? mark_held_locks+0x9f/0xe0 [ 354.968481][ T834] ? __pfx_sd_revalidate_disk.isra.0+0x10/0x10 [ 354.970232][ T834] ? kasan_save_stack+0x42/0x60 [ 354.971643][ T834] ? kasan_save_stack+0x33/0x60 [ 354.973061][ T834] ? kasan_save_track+0x14/0x30 [ 354.974448][ T834] ? kasan_save_free_info+0x3b/0x60 [ 354.975924][ T834] ? __kasan_slab_free+0x51/0x70 [ 354.977339][ T834] ? kfree+0x14f/0x4b0 [ 354.978502][ T834] ? scsi_attach_vpd+0x4dc/0x580 [ 354.979906][ T834] ? scsi_rescan_device+0xf5/0x340 [ 354.981325][ T834] ? ata_scsi_dev_rescan+0x1cb/0x470 [ 354.982903][ T834] ? process_one_work+0x958/0x1b30 [ 354.984355][ T834] ? worker_thread+0x6c8/0xf00 [ 354.985727][ T834] ? hlock_class+0x4e/0x130 [ 354.987018][ T834] ? mark_lock+0xb5/0xc60 [ 354.988274][ T834] ? mark_held_locks+0x9f/0xe0 [ 354.989649][ T834] ? kasan_quarantine_put+0x10a/0x240 [ 354.991237][ T834] ? lockdep_hardirqs_on+0x7c/0x110 [ 354.992742][ T834] ? kfree+0x14f/0x4b0 [ 354.993921][ T834] ? lockdep_hardirqs_on+0x7c/0x110 [ 354.995402][ T834] ? scsi_attach_vpd+0x4dc/0x580 [ 354.996791][ T834] ? scsi_attach_vpd+0x4dc/0x580 [ 354.998191][ T834] ? __pfx_sd_rescan+0x10/0x10 [ 354.999545][ T834] scsi_rescan_device+0x243/0x340 [ 355.000938][ T834] ata_scsi_dev_rescan+0x1cb/0x470 [ 355.002362][ T834] process_one_work+0x958/0x1b30 [ 355.003776][ T834] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 355.005365][ T834] ? __pfx_process_one_work+0x10/0x10 [ 355.006882][ T834] ? rcu_is_watching+0x12/0xc0 [ 355.008251][ T834] ? assign_work+0x1a0/0x250 [ 355.009588][ T834] worker_thread+0x6c8/0xf00 [ 355.010891][ T834] ? __kthread_parkme+0x148/0x220 [ 355.012337][ T834] ? __pfx_worker_thread+0x10/0x10 [ 355.013792][ T834] kthread+0x2c1/0x3a0 [ 355.014951][ T834] ? _raw_spin_unlock_irq+0x23/0x50 [ 355.016419][ T834] ? __pfx_kthread+0x10/0x10 [ 355.017742][ T834] ret_from_fork+0x45/0x80 [ 355.019008][ T834] ? __pfx_kthread+0x10/0x10 [ 355.020320][ T834] ret_from_fork_asm+0x1a/0x30 [ 355.021692][ T834] [ 357.175674][ T5946] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 357.178072][ T5946] Bluetooth: hci3: Injecting HCI hardware error event [ 357.180392][ T5946] Bluetooth: hci3: hardware error 0x00 [ 359.255775][ T5946] Bluetooth: hci3: Opcode 0x0c03 failed: -110 VM DIAGNOSIS: 22:13:24 Registers: info registers vcpu 0 CPU#0 RAX=0000000000010001 RBX=ffff88802b428400 RCX=ffffffff818a2dfc RDX=ffffffff8da977c0 RSI=ffffffff818a2e0b RDI=0000000000000005 RBP=000000528eeb6bbb RSP=ffffc90000007ec0 R8 =0000000000000005 R9 =0000000000000003 R10=0000000000000003 R11=ffffffff816b5e4e R12=0000000000000000 R13=0000000000000003 R14=0000000000000000 R15=7fffffffffffffff RIP=ffffffff81994e5e RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002001a000 CR3=0000000065848000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000f6de8c RBX=0000000000000001 RCX=ffffffff8b1a8889 RDX=ffffed10056a6fee RSI=ffffffff8bb17280 RDI=ffffffff81703079 RBP=ffffed10039dd910 RSP=ffffc9000047fe08 R8 =0000000000000000 R9 =ffffed10056a6fed R10=ffff88802b537f6b R11=0000000000000001 R12=0000000000000001 R13=ffff88801ceec880 R14=ffffffff901cf7d0 R15=0000000000000000 RIP=ffffffff8b1a9c6f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50e5da4 CR3=00000000749a2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000555a5c RBX=0000000000000002 RCX=ffffffff8b1a8889 RDX=ffffed10056c6fee RSI=ffffffff8bb17280 RDI=ffffffff81703079 RBP=ffffed10036ee000 RSP=ffffc9000048fe08 R8 =0000000000000000 R9 =ffffed10056c6fed R10=ffff88802b637f6b R11=0000000000000001 R12=0000000000000002 R13=ffff88801b770000 R14=ffffffff901cf7d0 R15=0000000000000000 RIP=ffffffff8b1a9c6f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000562aebfad000 CR3=00000000628a0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73a3ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85145dd5 RDI=ffffffff9a66a200 RBP=ffffffff9a66a1c0 RSP=ffffc9000449ea60 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=ffffffff85145d70 R15=0000000000000000 RIP=ffffffff85145dff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000057a504c0 CR3=00000000628a0000 CR4=00352ef0 DR0=0000000000000003 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a86fe822f23e88b 79ddf061ccb95016 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9211772f3b3d9927 d479646e12e05c0a ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f654cb006d8490e2 08945be58b43d2c7 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 90563270b54cae40 975a0b9988d162f0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000005040 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000d7000000d7 008001003c72e4d4 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e0380beee1016503 00800100e0489cf2 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00800100e03f6d92 000000d700800100 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6bd6770c000000d7 b30c1d1ee035fcbe ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a7d8e5695c9d8f8e 9d9de2121af36667 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c43dcd4afa3925d5 b8b822e671caa3a6 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000