last executing test programs: 6m40.890673746s ago: executing program 1 (id=389): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r1, @ANYBLOB="10005e80080002000000000104000100a9ae7d67a3476e2ba1db63c7a65caa978d097c8b0c"], 0x2c}}, 0x0) 6m40.890406992s ago: executing program 1 (id=390): openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x0) 6m40.823136587s ago: executing program 1 (id=391): r0 = socket$inet_tcp(0x2, 0x1, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @remote, 0x24}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000100)=0x80000012, 0x4) r2 = socket$inet_sctp(0x2, 0x1, 0x84) dup(r2) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0) read$FUSE(r4, &(0x7f0000001b40)={0x2020}, 0x205c) timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={&(0x7f0000000400)="40000400000008000000d0861b18a9ad6d22069453d6d18872dce30960594c9a395c4aa7a430bcde1968f29904538e69df9f9627000000000000000000000052445e7309df79468c3f37e96c0247ae1737d41949edaecfdee1fcee8c6d1315a973000000000000000000", &(0x7f0000000240)="28fa96731e6cec075f7f84fa184f0e57f8fa14ded8f1a6f1d977e50b5022fa92a0320dade5b02b923e5ef473"}}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x3, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) dup(0xffffffffffffffff) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) unshare(0x6a040000) r6 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) mq_timedsend(r6, 0x0, 0x0, 0x6, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00') prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4) pread64(r7, 0x0, 0x0, 0x40000000007) mq_timedreceive(r6, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x1, 0xfc, 0x4}]}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) close_range(r8, 0xffffffffffffffff, 0x0) 6m39.753564904s ago: executing program 1 (id=397): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x7e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa0380c2000000080045de0070006400040f0190780a010101ac1414aa0c00907809000000452603ff006700090033000effffffffe000000107d40fffffffff890fa6e0000002e0000001ffffffff8627ffffffff05041a00000b2a04ca996499b968b1070c6d0ae793a603ae3302d7050662f1212c000000ed600be046adbb4b53adc73552162009383f91f4bbce07fcf80be994bfe6d15ef1400299673631b739fe240a97efce2c724b96b4dcea7ae882dab847dc"], 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) brk(0x55555ede6000) brk(0x55555ede6001) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) 6m39.634047852s ago: executing program 1 (id=398): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x2c0, 0x0, 0x700001b, 0x148, 0x150, 0x148, 0x228, 0x206, 0x240, 0x228, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x1ea, 0xf0, 0x150, 0x0, {0x390, 0x8f00}, [@common=@set={{0x41}, {{0x0, [0x5, 0x2, 0x1, 0x4, 0x5, 0xa], 0x3}}}, @common=@set={{0x40}, {{0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x5, 0x6], 0x4, 0x1}}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 0x7, 0x0, [0x2d, 0x12, 0x2e, 0x40, 0xd, 0x3a, 0x23, 0x2b, 0x103, 0x1c, 0x37, 0x15, 0x19, 0x4, 0x31, 0x1d], 0x1, 0x8, 0x7}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1, 0x900, 0x10, 0x8, 'snmp\x00', 'syz0\x00', {0x8000}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x320) close(0x3) fsetxattr$security_evm(r0, &(0x7f0000000000), &(0x7f0000000040)=@v1={0x2, "6340bbb5a5287c6c53"}, 0xa, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0x2}}, './file0\x00'}) r5 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r6) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)={0x20, r7, 0x60b, 0x70bd2d, 0x4000, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x8000000, 0x0, 0x1}, 0x0) preadv(r5, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/243, 0xf3}], 0x1, 0x4, 0x3) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2}, 0xc) ioctl$DRM_IOCTL_AGP_ACQUIRE(r3, 0x6430) 6m39.633668829s ago: executing program 1 (id=399): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000fd3f000000000000090000008500000007000000850000001100000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe, 0x0, &(0x7f0000000540)="00000000000000008a7e84d67aa8", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd29, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xfff1, 0xc}, {0xfff3, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8}, @TCA_CAKE_NAT={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0x10) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2, 0x0, 0x93}, 0xe) sendto$inet6(r1, &(0x7f0000000040)="8b", 0x1, 0x40, &(0x7f0000000000)={0xa, 0x4e20, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x4c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x4c}}, 0x0) recvmmsg(r1, &(0x7f0000000800)=[{{&(0x7f0000000380)=@sco, 0x80, &(0x7f0000000780)=[{&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000440)}, {&(0x7f0000000840)=""/241, 0xf1}, {&(0x7f0000000580)=""/90, 0x5a}, {&(0x7f0000000600)=""/72, 0x48}, {&(0x7f0000000680)=""/235, 0xeb}], 0x6, &(0x7f00000007c0)=""/24, 0x18}, 0x4}], 0x1, 0x400001a2, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r7 = syz_io_uring_setup(0x10d3, &(0x7f0000000000)={0x0, 0x7f36, 0x0, 0x1, 0x34f}, &(0x7f00000000c0), &(0x7f0000000100)) io_uring_enter(r7, 0x47bc, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r7, 0x18, &(0x7f00000001c0)={0x79c, r6, 0x32, {0xb, 0x100004000}, 0x2}, 0x1) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r7, 0x1e, &(0x7f00000002c0)={r3}, 0x1) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r9 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r9, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000340)=@ethtool_regs={0x7}}) ioctl$sock_proto_private(r8, 0x8b2d, &(0x7f0000000080)) shutdown(r1, 0x1) r10 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TLS_TX(r10, 0x6, 0x17, &(0x7f0000000140)=@gcm_128={{0x304}, "60000100", "9de66ebc3914c06f0f109088d190e700", "000e3102", "f8dde5bf3eba23db"}, 0x28) r11 = syz_open_procfs(0x0, 0x0) ioctl$FE_DISEQC_RESET_OVERLOAD(r11, 0x6f3e, 0x0) r12 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r11, &(0x7f0000000140)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000940)=ANY=[@ANYBLOB="6c010000", @ANYRES16=r12, @ANYBLOB="020028bd7000ffdbdf2505000000080001007063690011000200303030303a30303a31302e30000000000800030001000000080001007063690011000200303030303a30303a31302e300000000008000300020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300020000000e0001006e657464657673696d0000000f0066006e657464657673696d3000000800030000000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030002000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f000200030003000000957acdaf170634a96d16fd88118087d15283b7bb4e0e76fa1eadcc6ad505b77c94c712b8bd4ddb753d18fca93af730aaa05d546db14431cffb7aa276958a82bc139e97f9cb"], 0x16c}, 0x1, 0x0, 0x0, 0x20040001}, 0x4) 6m24.58114026s ago: executing program 32 (id=399): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000fd3f000000000000090000008500000007000000850000001100000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe, 0x0, &(0x7f0000000540)="00000000000000008a7e84d67aa8", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd29, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xfff1, 0xc}, {0xfff3, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8}, @TCA_CAKE_NAT={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0x10) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2, 0x0, 0x93}, 0xe) sendto$inet6(r1, &(0x7f0000000040)="8b", 0x1, 0x40, &(0x7f0000000000)={0xa, 0x4e20, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x4c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x4c}}, 0x0) recvmmsg(r1, &(0x7f0000000800)=[{{&(0x7f0000000380)=@sco, 0x80, &(0x7f0000000780)=[{&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000440)}, {&(0x7f0000000840)=""/241, 0xf1}, {&(0x7f0000000580)=""/90, 0x5a}, {&(0x7f0000000600)=""/72, 0x48}, {&(0x7f0000000680)=""/235, 0xeb}], 0x6, &(0x7f00000007c0)=""/24, 0x18}, 0x4}], 0x1, 0x400001a2, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r7 = syz_io_uring_setup(0x10d3, &(0x7f0000000000)={0x0, 0x7f36, 0x0, 0x1, 0x34f}, &(0x7f00000000c0), &(0x7f0000000100)) io_uring_enter(r7, 0x47bc, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r7, 0x18, &(0x7f00000001c0)={0x79c, r6, 0x32, {0xb, 0x100004000}, 0x2}, 0x1) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r7, 0x1e, &(0x7f00000002c0)={r3}, 0x1) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r9 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r9, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000340)=@ethtool_regs={0x7}}) ioctl$sock_proto_private(r8, 0x8b2d, &(0x7f0000000080)) shutdown(r1, 0x1) r10 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TLS_TX(r10, 0x6, 0x17, &(0x7f0000000140)=@gcm_128={{0x304}, "60000100", "9de66ebc3914c06f0f109088d190e700", "000e3102", "f8dde5bf3eba23db"}, 0x28) r11 = syz_open_procfs(0x0, 0x0) ioctl$FE_DISEQC_RESET_OVERLOAD(r11, 0x6f3e, 0x0) r12 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r11, &(0x7f0000000140)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000940)=ANY=[@ANYBLOB="6c010000", @ANYRES16=r12, @ANYBLOB="020028bd7000ffdbdf2505000000080001007063690011000200303030303a30303a31302e30000000000800030001000000080001007063690011000200303030303a30303a31302e300000000008000300020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300020000000e0001006e657464657673696d0000000f0066006e657464657673696d3000000800030000000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030002000000080001007063690011000200303030303a30303a31302e300000000008000300010000000e0001006e657464657673696d0000000f000200030003000000957acdaf170634a96d16fd88118087d15283b7bb4e0e76fa1eadcc6ad505b77c94c712b8bd4ddb753d18fca93af730aaa05d546db14431cffb7aa276958a82bc139e97f9cb"], 0x16c}, 0x1, 0x0, 0x0, 0x20040001}, 0x4) 25.791238282s ago: executing program 4 (id=2248): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local, 0x1}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 25.686868622s ago: executing program 4 (id=2249): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {0x0, 0x10, 0x2, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x40000, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000, 0x24, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x293, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x6, 0x5f1, 0x6], [0x0, 0x5, 0x8, 0x0, 0x0, 0x5, 0x0, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7, 0xfffffffc, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x400, 0x0, 0x200, 0x0, 0x2, 0x0, 0x3, 0x5, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffff], [0x4, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x0, 0x0, 0xb77, 0x4, 0x1000, 0x80, 0x0, 0x200, 0x0, 0xffffffff, 0x1, 0xfffffffc, 0x0, 0xfffffffd, 0xffffffff, 0x0, 0x0, 0x9fa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0xbda6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8], [0x40000000, 0x0, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xcaa, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r1, 0x29, 0xc8, 0x0, 0xc000000) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$kcm(0x2, 0xa, 0x2) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xcc, 0x0, 0x1}) r5 = openat$mice(0xffffff9c, &(0x7f0000000000), 0x84280) ioctl$TUNGETVNETBE(r5, 0x800454df, &(0x7f0000000040)=0x1) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x42) 24.65064247s ago: executing program 4 (id=2254): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) pread64(r0, &(0x7f0000000240)=""/152, 0x98, 0xe1) r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff0905"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) unshare(0x6a040000) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f0000000100)={'filter\x00', 0x0, 0x0, 0x0, [0x8, 0x7, 0x809bc6, 0x5, 0x43, 0x80000003], 0x2, 0x0, 0x0, [{}, {}]}, 0x70) 21.600753853s ago: executing program 4 (id=2268): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffe}) ioctl(r1, 0x8b22, &(0x7f0000000040)) 21.445068117s ago: executing program 4 (id=2270): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) chdir(&(0x7f0000000080)='./file0\x00') r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0x40049366, 0x0) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) r4 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0xe8c00) io_setup(0x3, &(0x7f0000000180)=0x0) io_submit(r5, 0x1, &(0x7f0000000800)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) ioctl$IOC_PR_PREEMPT(r4, 0x40046109, &(0x7f0000000040)={0xd0, 0xfffffffffffffffe, 0x1000000}) ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={[], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) 19.530984473s ago: executing program 4 (id=2278): io_setup(0x222, &(0x7f0000000180)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000044402, 0x0) io_submit(r0, 0x5, &(0x7f0000000240)=[&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, 0x6417, r1, &(0x7f0000000300)="31e4117a6f54a9fa4362e3974c7fc7793ed39a64ca66936dde45aac38ace4abf37176ff5dc70d417310ad3cfd23b59adb75b38978f8aed4e77544ec851a529f8be6a458386a6bb1d663781f249518335b0d38014582c0d42405ab2ec91c09b324175e4e5795d842ad00e1e68720b97a6f2ef3c614fb36e993152a7a2103f946c736f02356933bbcd5b9c9d10c1a4f1e87c5dab38356c87da1b4f624f961ebd4cd3f006a426cb3b1e88f5304def3f3d099a9fd68849c2b2c5fa3208de0b5bf17cc8227da4a17bf0398473006cfc0f567d3690618cf51e3396ed21", 0xda, 0x6ed}, &(0x7f00000000c0)={0x0, 0x0, 0x1f, 0x1, 0x6, r1, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x101, 0xffffffffffffffff, &(0x7f0000000000)="f0c28ae849de60ffbc0173d047a2d6772256852daf8bf5e8001d091087b9be2dab5c1def4c3b3f6d", 0x28, 0x10}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x3, r1, &(0x7f0000000400)="a3c7c34da9270f6367e3760b95249f613e09e309ba91a4d6af74c3979ecba7643f33fd6b40c280bbf40147c06917380677cb80cfa050821f238c10afbaff076928514c99a051f19d360d0d5fa3b54c734448ef22", 0x54, 0x3, 0x0, 0x1}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, &(0x7f0000000480)="773a6b15a9ba9aef4235dcce3c32940a6d65fdfe9b398d6991994c318bcc761865eb2cee00db35713f88178b298d6e1a58e93bd6a415ab17d73ed0e2ef7836ad4845f6808a36273f89479d30a7c0a5a4d22f65f2ae7020d18f73c15df6333953dec3c5f7ff3d2638657cd5e4d6e9ecb8b9b170e79cd936b9fa4d18338478209a8564ac1c62500a6fa2bfa8001bfbb1a306716e50ebc8a826ac8db4b771228c07a1e3ce61ab8d9b184601e82c1951d3e1c3af8b10c31c7345a3bf1b", 0xbb, 0x8, 0x0, 0x1}]) 7.900505388s ago: executing program 0 (id=2312): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000020601080000000000000000000000080c00078008000640200000000500010006000000050005000a00000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}, 0x1, 0x0, 0x0, 0x4010}, 0x20008840) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd0ffffff}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5}, 0x94) r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_GET_BYNAME(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0xe, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x840}, 0x4040054) sendmsg$L2TP_CMD_SESSION_DELETE(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x48, r8, 0x1, 0x270bd2c, 0x5, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaac}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}]}, 0x48}}, 0x0) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3, [0x9, 0x3, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x35, 0x747d5a13, 0x8, 0xfffffb9a, 0x112, 0x4, 0xfffffffb, 0x4, 0x3, 0x7, 0xf252, 0x7, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x9, 0x0, 0x1, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba50, 0x1, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x10000, 0x8, 0x9, 0x2001, 0x199f, 0x8, 0x5, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x2, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x23, 0x0, 0x5, 0x7, 0xfffffffc, 0x20, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x100003, 0x1, 0x297, 0x5, 0x0, 0x1981, 0x800, 0x100, 0x2, 0xa, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0xfffffffe, 0xffffffff, 0x5, 0x5, 0x800, 0xffff, 0xa, 0x96, 0x2, 0x102, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xf, 0x5, 0xffff, 0x6, 0x2, 0xffffffff, 0x1, 0x8, 0x5, 0x200, 0x3], [0x9, 0xc584, 0x7, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10001, 0x80000001, 0x4, 0x6, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf22, 0x8, 0x3, 0x95a, 0xffffffff, 0x4, 0x3, 0xfffffff8, 0x100fffd, 0x102005, 0x7, 0x4, 0xea, 0x0, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x1006, 0x4, 0x4d, 0x2, 0x763, 0xb, 0x402, 0x800, 0x318, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0x8000e47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0x80000001, 0x65f413f9, 0x4, 0x8, 0x40008a8, 0x2, 0x40, 0x7, 0x26f, 0x4, 0x4, 0x10, 0x1, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x9, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ppoll(&(0x7f0000000040)=[{r0, 0x40}], 0x1, 0x0, 0x0, 0x0) 6.293094281s ago: executing program 3 (id=2314): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local, 0x1}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 6.013889235s ago: executing program 3 (id=2315): r0 = fsopen(&(0x7f0000000280)='ext4\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\xf9', 0x0) 5.869920081s ago: executing program 3 (id=2316): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, 0x1, 0x9, 0x401, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFCTH_TUPLE={0x38, 0x2, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x2b}}, {0x14, 0x4, @private0}}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40044}, 0x8000) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000090603000000000000000000050000400900020073797a3100000000050001000700000018000780060004404e2100000c00018008000140e000400001e7bdf6b0d90602b89f66c090f7c3c50a1e7237ac72e240edfc4d07c371d5e381756b070d0fe774ed7fc5cf263ef50480"], 0x40}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 5.74619637s ago: executing program 3 (id=2317): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000002060300000000000000000007000006050001000700000009000200730011000300686173683a69702c706f7274000000001a0000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) 5.560678019s ago: executing program 3 (id=2318): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d000110000000090400"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r1}, 0x38) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}, @NFTA_IMMEDIATE_DATA={0x18, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xed}}, 0x0) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r3, 0x40025b0c, 0x0) 4.44994653s ago: executing program 33 (id=2278): io_setup(0x222, &(0x7f0000000180)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000044402, 0x0) io_submit(r0, 0x5, &(0x7f0000000240)=[&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, 0x6417, r1, &(0x7f0000000300)="31e4117a6f54a9fa4362e3974c7fc7793ed39a64ca66936dde45aac38ace4abf37176ff5dc70d417310ad3cfd23b59adb75b38978f8aed4e77544ec851a529f8be6a458386a6bb1d663781f249518335b0d38014582c0d42405ab2ec91c09b324175e4e5795d842ad00e1e68720b97a6f2ef3c614fb36e993152a7a2103f946c736f02356933bbcd5b9c9d10c1a4f1e87c5dab38356c87da1b4f624f961ebd4cd3f006a426cb3b1e88f5304def3f3d099a9fd68849c2b2c5fa3208de0b5bf17cc8227da4a17bf0398473006cfc0f567d3690618cf51e3396ed21", 0xda, 0x6ed}, &(0x7f00000000c0)={0x0, 0x0, 0x1f, 0x1, 0x6, r1, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x101, 0xffffffffffffffff, &(0x7f0000000000)="f0c28ae849de60ffbc0173d047a2d6772256852daf8bf5e8001d091087b9be2dab5c1def4c3b3f6d", 0x28, 0x10}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x3, r1, &(0x7f0000000400)="a3c7c34da9270f6367e3760b95249f613e09e309ba91a4d6af74c3979ecba7643f33fd6b40c280bbf40147c06917380677cb80cfa050821f238c10afbaff076928514c99a051f19d360d0d5fa3b54c734448ef22", 0x54, 0x3, 0x0, 0x1}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, &(0x7f0000000480)="773a6b15a9ba9aef4235dcce3c32940a6d65fdfe9b398d6991994c318bcc761865eb2cee00db35713f88178b298d6e1a58e93bd6a415ab17d73ed0e2ef7836ad4845f6808a36273f89479d30a7c0a5a4d22f65f2ae7020d18f73c15df6333953dec3c5f7ff3d2638657cd5e4d6e9ecb8b9b170e79cd936b9fa4d18338478209a8564ac1c62500a6fa2bfa8001bfbb1a306716e50ebc8a826ac8db4b771228c07a1e3ce61ab8d9b184601e82c1951d3e1c3af8b10c31c7345a3bf1b", 0xbb, 0x8, 0x0, 0x1}]) 4.095277176s ago: executing program 0 (id=2321): r0 = socket$inet_sctp(0x2, 0x1, 0x84) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = syz_clone(0x21000180, &(0x7f0000000540)="e685445801dc2f92150586eb63f6f891d23ba4df2e9873612aeb4c456d3868a3408d3249d392530bf9f3dcc11525927683d902729794abece16fd5aae7de0951b79bc547429b64f78da6c47208a558809f684f58d128631d49ae1312a1d0ff3d62b5d747c92d8505ba6419894731c169ad6adc3329d7bedd42e2ec6ce556ccad56b068d06f8a5964e8a77c9942db02cf3f97977fde759a6d32f340ecb0ee03f72350b02cc17e7153dce693c6b6fa3725770ba14f86b4f53343e16e9f6dc9e4c9a547b7a8b2f80ffe1ab6a4890d97debc6902ed03", 0xd4, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000640)="2bd9d5badefbe4aeb8b3322091699e03d7103571660d70f3003874da8858f417c5fc41257f9ffe41089a1953c5024d7bd209807ad5a99f04527d39e152c32bfb130a0f2af0c7612a5d08251f0037763a9f96c22c28b29f5c28836e5b2eca9c6d4d418067d6fa9f1f8afea42fb66200778136eacc7ee79094100647064b0bd714862275897bd069bf98414e8b778aed") prlimit64(r1, 0x8, &(0x7f0000000280)={0x2e84, 0x8}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000018010000202070250000000000201ddd0a656b2dabdd5f8edfec8bfdac31fdf64eaf468fd2ebbe7dfcd40bf6b7f3e8ceeb0f3b95e6b29b549f65bcff4b787f747f9518fc7ad99e31f08d4f01982194d9e719a7356b209ce85dc922ad56433697ceb4565ac8135ca527793bf1ca2772c2e6b25fdd23df3db12641e2771f6209190fe0003b089b8f49375a1131964e441311074009c7af19d3bf435fdaac7f95b8f2cd17908536e11882e9ee88c76144ad208158947aa47c5881a46669ae66a9085a6e10156953254dbcf6c2f896315e66e31c1bae4d31b3e61e8a2e0ae5d3fcbb5a6afd646a22505360759818fb4e561b28eebdb23f95"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r5 = socket(0x1d, 0x2, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) openat$fb1(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_mreqn(r5, 0x0, 0x0, &(0x7f0000000780)={@local, @rand_addr, 0x0}, &(0x7f00000007c0)=0xc) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000005000000000000000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r7, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r7, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1f, 0x3, &(0x7f00000002c0)=@raw=[@btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @ldst={0x1, 0x1, 0x2, 0x1, 0x5, 0xffffffffffffffc0, 0x4}], &(0x7f0000000340)='GPL\x00', 0x2, 0x7a, &(0x7f0000000700)=""/122, 0x41000, 0x36, '\x00', r6, @fallback=0x2b, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000840)={0x4, 0xa, 0x2, 0x7}, 0x10, 0xffffffffffffffff, r7, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x94) sendto$inet(r0, &(0x7f0000000100)="ab", 0x34000, 0x2000c8d4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) 3.24102656s ago: executing program 2 (id=2323): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local, 0x1}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 2.993851939s ago: executing program 2 (id=2324): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xc, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa99}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fffffff}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x15}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (fail_nth: 8) 2.993407921s ago: executing program 0 (id=2325): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) syz_open_dev$dri(0x0, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6307ce22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001580)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x54}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000010000000f000000080034000400000008000300", @ANYRES32=r4, @ANYBLOB="0500330081"], 0x2c}}, 0x80) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast}) write$tun(r5, &(0x7f0000002240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x2c, 0x66, 0x0, 0x40, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x1a}}, {0x4e20, 0x4e21, 0x18, 0x0, @wg=@data={0x4, 0x2, 0x3}}}}, 0x3a) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-des3_ede-asm\x00'}, 0x58) r8 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x211a, 0x80, 0x0, 0x328}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, r7, 0x0}) io_uring_enter(r8, 0x3516, 0xc2de, 0x8, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2.481097703s ago: executing program 2 (id=2326): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x103) renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x5) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) unshare(0x40000100) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000080)={'nat\x00', 0x0, 0x0, 0x0, [0x8, 0x8, 0x9bc6, 0x80008, 0x43, 0x7fffffff], 0x1, 0x0, 0x0, [{}]}, 0x60) pipe2$9p(0x0, 0x800) 2.385503868s ago: executing program 3 (id=2327): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) pread64(r0, &(0x7f0000000240)=""/152, 0x98, 0xe1) r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x21c0, 0x103) unshare(0x6a040000) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f0000000100)={'filter\x00', 0x0, 0x0, 0x0, [0x8, 0x7, 0x809bc6, 0x5, 0x43, 0x80000003], 0x2, 0x0, 0x0, [{}, {}]}, 0x70) 1.500908459s ago: executing program 0 (id=2328): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={0x0, 0x265}, 0x8) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0) sendto$inet6(r0, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback={0x1b0}, 0xc5f}, 0x1c) 1.229811688s ago: executing program 2 (id=2329): r0 = userfaultfd(0x801) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x14, &(0x7f00000000c0)=@framed={{}, [@ringbuf_output, @printk={@ld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff8d, 0x0, 0x0, 0x0}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x1cb8c0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141102) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0xa00, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x380}) 442.668583ms ago: executing program 0 (id=2330): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x3, @local, 0x1}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @rand_addr=' \x01\x00', 0x4}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0xfffffffffffffff8, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_DELCHAIN={0x44, 0x5, 0xa, 0x1b, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x18, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}]}], {0x14}}, 0x6c}}, 0x0) 360.414852ms ago: executing program 2 (id=2331): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local, 0x1}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 733.761µs ago: executing program 0 (id=2332): r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[], 0xe4) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@bridge_dellink={0x28, 0x11, 0x2, 0x70bd26, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x41000, 0x2008}, [@IFLA_EVENT={0x8, 0x2c, 0x10001}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x40001) 0s ago: executing program 2 (id=2333): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) syz_open_dev$dri(0x0, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6307ce22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) socket$xdp(0x2c, 0x3, 0x0) kernel console output (not intermixed with test programs): Number=3 [ 385.306808][ T829] usb 9-1: Product: syz [ 385.309893][ T829] usb 9-1: Manufacturer: syz [ 385.325272][ T829] usb 9-1: SerialNumber: syz [ 385.332415][ T829] usb 9-1: config 0 descriptor?? [ 385.567256][ T5983] usb 9-1: USB disconnect, device number 25 [ 386.098118][T12383] overlay: Unknown parameter '/' [ 386.124094][T12383] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 386.172599][T12383] ovl_lookup_single: 21 callbacks suppressed [ 386.172621][T12383] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 386.213774][T12383] overlayfs: failed to look up (tracing) for ino (-66) [ 386.330188][ T1022] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 386.481258][ T1022] usb 9-1: Using ep0 maxpacket: 32 [ 386.496895][ T1022] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 386.564833][ T1022] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 386.571376][ T1022] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 386.575859][ T1022] usb 9-1: Product: syz [ 386.578116][ T1022] usb 9-1: Manufacturer: syz [ 386.591221][ T1022] usb 9-1: SerialNumber: syz [ 386.595750][ T1022] usb 9-1: config 0 descriptor?? [ 386.599316][T12347] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 387.166983][ T829] usb 9-1: USB disconnect, device number 26 [ 388.456408][T12408] input: syz1 as /devices/virtual/input/input37 [ 389.381327][ T60] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 389.594089][ T60] usb 5-1: Using ep0 maxpacket: 32 [ 389.617344][ T60] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 389.621491][ T60] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 389.648750][ T60] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 98, changing to 10 [ 389.662052][ T60] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 57915, setting to 1024 [ 389.679101][ T60] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 389.684646][ T60] usb 5-1: config 0 interface 0 has no altsetting 0 [ 389.712129][ T60] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 389.717960][ T60] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 389.725323][ T60] usb 5-1: Product: syz [ 389.728401][ T60] usb 5-1: Manufacturer: syz [ 389.732997][ T60] usb 5-1: SerialNumber: syz [ 389.748581][ T60] usb 5-1: config 0 descriptor?? [ 389.770500][ T60] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 389.808358][ T60] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 390.048729][T12415] ldusb 5-1:0.0: Write buffer overflow, 2 bytes dropped [ 390.078566][T12415] FAULT_INJECTION: forcing a failure. [ 390.078566][T12415] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 390.089079][T12415] CPU: 1 UID: 0 PID: 12415 Comm: syz.0.1820 Tainted: G L syzkaller #0 PREEMPT(full) [ 390.089108][T12415] Tainted: [L]=SOFTLOCKUP [ 390.089114][T12415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 390.089125][T12415] Call Trace: [ 390.089131][T12415] [ 390.089155][T12415] dump_stack_lvl+0x100/0x190 [ 390.089211][T12415] should_fail_ex.cold+0x5/0xa [ 390.089230][T12415] _copy_from_user+0x2e/0xd0 [ 390.089258][T12415] ld_usb_write+0x331/0xbc0 [ 390.089281][T12415] ? __pfx_ld_usb_write+0x10/0x10 [ 390.089299][T12415] ? common_file_perm+0x1ab/0x4f0 [ 390.089321][T12415] ? bpf_lsm_file_permission+0x9/0x10 [ 390.089339][T12415] ? security_file_permission+0x76/0x210 [ 390.089356][T12415] ? rw_verify_area+0xce/0x6d0 [ 390.089383][T12415] vfs_write+0x2aa/0x1070 [ 390.089401][T12415] ? __pfx_ld_usb_write+0x10/0x10 [ 390.089424][T12415] ? __pfx_vfs_write+0x10/0x10 [ 390.089439][T12415] ? find_held_lock+0x2b/0x80 [ 390.089462][T12415] ? __fget_files+0x215/0x3d0 [ 390.089478][T12415] ? __fget_files+0x215/0x3d0 [ 390.089499][T12415] ? __fget_files+0x21f/0x3d0 [ 390.089523][T12415] ksys_write+0x1f8/0x250 [ 390.089539][T12415] ? __pfx_ksys_write+0x10/0x10 [ 390.089556][T12415] ? __pfx_ksys_write+0x10/0x10 [ 390.089580][T12415] __do_fast_syscall_32+0xe3/0x8c0 [ 390.089627][T12415] do_fast_syscall_32+0x32/0x70 [ 390.089645][T12415] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 390.089670][T12415] RIP: 0023:0xf70ad579 [ 390.089685][T12415] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 390.089704][T12415] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 390.089723][T12415] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000380 [ 390.089736][T12415] RDX: 0000000000000142 RSI: 0000000000000000 RDI: 0000000000000000 [ 390.089747][T12415] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 390.089851][T12415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 390.089862][T12415] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 390.089888][T12415] [ 392.199002][ T60] usb 5-1: USB disconnect, device number 33 [ 392.205088][ T60] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 393.966280][T12449] netlink: 7076 bytes leftover after parsing attributes in process `syz.0.1831'. [ 393.985127][T12449] openvswitch: netlink: Flow key attr not present in new flow. [ 394.932817][T12455] input: syz1 as /devices/virtual/input/input39 [ 395.855172][T12466] netlink: 7076 bytes leftover after parsing attributes in process `syz.4.1837'. [ 395.863573][T12466] openvswitch: netlink: Flow key attr not present in new flow. [ 396.600345][T12474] geneve2: entered promiscuous mode [ 396.617213][T12474] geneve2: entered allmulticast mode [ 398.202973][T12490] Invalid ELF header magic: != ELF [ 399.763656][T12493] overlayfs: failed to clone upperpath [ 399.801306][T12495] netlink: 'syz.4.1843': attribute type 1 has an invalid length. [ 399.961349][T12498] loop6: detected capacity change from 0 to 2560 [ 399.972264][T12498] buffer_io_error: 29 callbacks suppressed [ 399.972281][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 399.995193][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.006166][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.040748][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.061047][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.073334][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.081282][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.101695][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.104648][T12498] ldm_validate_partition_table(): Disk read failed. [ 400.108008][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.113804][T12498] Buffer I/O error on dev loop6, logical block 0, async page read [ 400.120438][T12498] Dev loop6: unable to read RDB block 0 [ 400.123130][T12498] loop6: unable to read partition table [ 400.141763][T12498] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 401.444021][ T40] kauditd_printk_skb: 39 callbacks suppressed [ 401.444039][ T40] audit: type=1326 audit(1770791744.035:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.2.1853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 401.461247][ T40] audit: type=1326 audit(1770791744.035:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.2.1853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 401.504790][ T40] audit: type=1326 audit(1770791744.035:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.2.1853" exe="/syz-executor" sig=0 arch=40000003 syscall=396 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 401.536992][ T40] audit: type=1326 audit(1770791744.035:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.2.1853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 401.592976][ T40] audit: type=1326 audit(1770791744.035:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.2.1853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 401.617290][ T40] audit: type=1326 audit(1770791744.035:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.2.1853" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 401.635279][ T40] audit: type=1326 audit(1770791744.045:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.2.1853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 401.661331][ T40] audit: type=1326 audit(1770791744.045:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.2.1853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 401.670652][T12537] tipc: Enabled bearer , priority 0 [ 401.710062][T12537] syzkaller0: entered promiscuous mode [ 401.712639][T12537] syzkaller0: entered allmulticast mode [ 401.745841][T12537] FAULT_INJECTION: forcing a failure. [ 401.745841][T12537] name failslab, interval 1, probability 0, space 0, times 0 [ 401.752315][T12537] CPU: 0 UID: 0 PID: 12537 Comm: syz.2.1855 Tainted: G L syzkaller #0 PREEMPT(full) [ 401.752344][T12537] Tainted: [L]=SOFTLOCKUP [ 401.752350][T12537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 401.752383][T12537] Call Trace: [ 401.752391][T12537] [ 401.752398][T12537] dump_stack_lvl+0x100/0x190 [ 401.752428][T12537] should_fail_ex.cold+0x5/0xa [ 401.752450][T12537] should_failslab+0xc2/0x120 [ 401.752469][T12537] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 401.752486][T12537] ? __alloc_skb+0x156/0x410 [ 401.752504][T12537] ? __alloc_skb+0x156/0x410 [ 401.752518][T12537] __alloc_skb+0x156/0x410 [ 401.752533][T12537] ? __alloc_skb+0x35d/0x410 [ 401.752548][T12537] ? __pfx___alloc_skb+0x10/0x10 [ 401.752564][T12537] ? ip6_create_rt_rcu+0x4e0/0x5a0 [ 401.752595][T12537] ? __fib6_drop_pcpu_from.part.0+0x1e4/0x480 [ 401.752620][T12537] inet6_rt_notify+0x1d2/0x4c0 [ 401.752651][T12537] fib6_del+0xf7a/0x1790 [ 401.752680][T12537] ? __pfx_fib6_del+0x10/0x10 [ 401.752698][T12537] ? kernel_text_address+0x8d/0x100 [ 401.752720][T12537] ? __kernel_text_address+0xd/0x30 [ 401.752739][T12537] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 401.752763][T12537] ? fib6_ifdown+0xcd/0x7d0 [ 401.752792][T12537] fib6_clean_node+0x424/0x5d0 [ 401.752815][T12537] ? __pfx_fib6_clean_node+0x10/0x10 [ 401.752837][T12537] ? stack_trace_save+0x8e/0xc0 [ 401.752869][T12537] fib6_walk_continue+0x451/0x8d0 [ 401.752892][T12537] fib6_walk+0x182/0x370 [ 401.752911][T12537] fib6_clean_tree+0xdc/0x120 [ 401.752928][T12537] ? __pfx_fib6_ifdown+0x10/0x10 [ 401.752953][T12537] ? __pfx_fib6_clean_tree+0x10/0x10 [ 401.752976][T12537] ? __pfx_fib6_clean_node+0x10/0x10 [ 401.752997][T12537] ? __pfx_fib6_ifdown+0x10/0x10 [ 401.753029][T12537] ? __pfx_fib6_ifdown+0x10/0x10 [ 401.753054][T12537] __fib6_clean_all+0x107/0x2d0 [ 401.753075][T12537] rt6_disable_ip+0x29e/0x970 [ 401.753100][T12537] ? __pfx___might_resched+0x10/0x10 [ 401.753122][T12537] ? rcu_is_watching+0x12/0xc0 [ 401.753142][T12537] ? __pfx_rt6_disable_ip+0x10/0x10 [ 401.753168][T12537] ? __mutex_lock+0x26a/0x1b90 [ 401.753201][T12537] addrconf_ifdown.isra.0+0x11d/0x1b70 [ 401.753228][T12537] ? __mutex_unlock_slowpath+0x15c/0x790 [ 401.753258][T12537] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 401.753283][T12537] ? net_generic+0xea/0x2a0 [ 401.753307][T12537] addrconf_notify+0x750/0x19c0 [ 401.753330][T12537] ? ip6mr_device_event+0x1bc/0x230 [ 401.753358][T12537] notifier_call_chain+0x99/0x3b0 [ 401.753381][T12537] call_netdevice_notifiers_info+0xbe/0x110 [ 401.753407][T12537] netif_set_mtu_ext+0x48b/0x7b0 [ 401.753428][T12537] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 401.753452][T12537] ? __lock_acquire+0x4a5/0x2630 [ 401.753474][T12537] netif_set_mtu+0x9c/0x130 [ 401.753493][T12537] ? __pfx_netif_set_mtu+0x10/0x10 [ 401.753521][T12537] ? full_name_hash+0xbc/0x100 [ 401.753547][T12537] dev_set_mtu+0xb2/0x260 [ 401.753570][T12537] dev_ifsioc+0x452/0x1eb0 [ 401.753599][T12537] ? __pfx_dev_ifsioc+0x10/0x10 [ 401.753615][T12537] ? __pfx___mutex_lock+0x10/0x10 [ 401.753650][T12537] ? dev_load+0x8e/0x240 [ 401.753665][T12537] ? dev_load+0x8e/0x240 [ 401.753689][T12537] dev_ioctl+0x342/0x1070 [ 401.753708][T12537] sock_do_ioctl+0x1a0/0x280 [ 401.753732][T12537] ? __pfx_sock_do_ioctl+0x10/0x10 [ 401.753755][T12537] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 401.753780][T12537] ? do_vfs_ioctl+0x226/0x13e0 [ 401.753804][T12537] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 401.753825][T12537] ? __pfx_unix_compat_ioctl+0x10/0x10 [ 401.753846][T12537] ? unix_ioctl+0x9c/0x510 [ 401.753868][T12537] compat_sock_ioctl+0x568/0x760 [ 401.753897][T12537] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 401.753928][T12537] ? __fget_files+0x21f/0x3d0 [ 401.753950][T12537] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 401.753978][T12537] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 401.754006][T12537] __do_fast_syscall_32+0xe3/0x8c0 [ 401.754036][T12537] do_fast_syscall_32+0x32/0x70 [ 401.754052][T12537] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 401.754077][T12537] RIP: 0023:0xf707d579 [ 401.754092][T12537] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 401.754109][T12537] RSP: 002b:00000000f546d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 401.754128][T12537] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008922 [ 401.754140][T12537] RDX: 0000000080002280 RSI: 0000000000000000 RDI: 0000000000000000 [ 401.754151][T12537] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 401.754161][T12537] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 401.754170][T12537] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 401.754194][T12537] [ 401.755314][T12537] tipc: Resetting bearer [ 402.338904][T12536] tipc: Resetting bearer [ 402.410490][T12536] tipc: Disabling bearer [ 402.844514][T12553] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 402.875151][T12553] CIFS: Unable to determine destination address [ 402.914700][ T40] audit: type=1326 audit(1770791745.485:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12554 comm="syz.4.1860" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702d579 code=0x0 [ 403.039240][T12565] FAULT_INJECTION: forcing a failure. [ 403.039240][T12565] name failslab, interval 1, probability 0, space 0, times 0 [ 403.066705][T12565] CPU: 2 UID: 0 PID: 12565 Comm: syz.0.1862 Tainted: G L syzkaller #0 PREEMPT(full) [ 403.066739][T12565] Tainted: [L]=SOFTLOCKUP [ 403.066746][T12565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 403.066756][T12565] Call Trace: [ 403.066763][T12565] [ 403.066774][T12565] dump_stack_lvl+0x100/0x190 [ 403.066804][T12565] should_fail_ex.cold+0x5/0xa [ 403.066827][T12565] should_failslab+0xc2/0x120 [ 403.066849][T12565] ? copy_splice_read+0x1a3/0xb90 [ 403.066864][T12565] __kmalloc_noprof+0xf6/0x9c0 [ 403.066898][T12565] ? copy_splice_read+0x1a3/0xb90 [ 403.066915][T12565] copy_splice_read+0x1a3/0xb90 [ 403.067710][T12565] ? __pfx_iter_file_splice_write+0x10/0x10 [ 403.067736][T12565] ? __pfx_copy_splice_read+0x10/0x10 [ 403.067761][T12565] ? find_held_lock+0x2b/0x80 [ 403.067790][T12565] ? __pfx_copy_splice_read+0x10/0x10 [ 403.067808][T12565] do_splice_read+0x285/0x370 [ 403.067828][T12565] splice_direct_to_actor+0x2a1/0xa30 [ 403.067849][T12565] ? __pfx_direct_splice_actor+0x10/0x10 [ 403.067870][T12565] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 403.067889][T12565] ? find_held_lock+0x2b/0x80 [ 403.067920][T12565] do_splice_direct+0x174/0x240 [ 403.067938][T12565] ? __pfx_do_splice_direct+0x10/0x10 [ 403.067954][T12565] ? common_file_perm+0x1ab/0x4f0 [ 403.067972][T12565] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 403.068013][T12565] ? rw_verify_area+0xce/0x6d0 [ 403.068042][T12565] do_sendfile+0xadc/0xe20 [ 403.068076][T12565] ? __pfx_do_sendfile+0x10/0x10 [ 403.068158][T12565] ? __might_fault+0xc5/0x140 [ 403.068219][T12565] __ia32_compat_sys_sendfile+0x162/0x220 [ 403.068242][T12565] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 403.068262][T12565] ? arch_syscall_is_vdso_sigreturn+0x19b/0x200 [ 403.068284][T12565] ? syscall_user_dispatch+0x76/0x130 [ 403.068307][T12565] __do_fast_syscall_32+0xe3/0x8c0 [ 403.068342][T12565] do_fast_syscall_32+0x32/0x70 [ 403.068377][T12565] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 403.068400][T12565] RIP: 0023:0xf70ad579 [ 403.068415][T12565] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 403.068432][T12565] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000bb [ 403.068452][T12565] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003 [ 403.068463][T12565] RDX: 00000000800000c0 RSI: 0000000080000504 RDI: 0000000000000000 [ 403.068475][T12565] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 403.068486][T12565] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 403.068497][T12565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 403.068522][T12565] [ 403.421760][T12567] syzkaller0: entered promiscuous mode [ 403.425848][T12567] syzkaller0: entered allmulticast mode [ 404.792307][T12594] FAULT_INJECTION: forcing a failure. [ 404.792307][T12594] name failslab, interval 1, probability 0, space 0, times 0 [ 404.813249][T12594] CPU: 2 UID: 0 PID: 12594 Comm: syz.4.1871 Tainted: G L syzkaller #0 PREEMPT(full) [ 404.813279][T12594] Tainted: [L]=SOFTLOCKUP [ 404.813285][T12594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 404.813295][T12594] Call Trace: [ 404.813302][T12594] [ 404.813308][T12594] dump_stack_lvl+0x100/0x190 [ 404.813357][T12594] should_fail_ex.cold+0x5/0xa [ 404.813379][T12594] should_failslab+0xc2/0x120 [ 404.813399][T12594] ? lsm_blob_alloc+0x68/0x90 [ 404.813419][T12594] __kmalloc_noprof+0xf6/0x9c0 [ 404.813450][T12594] ? lsm_blob_alloc+0x68/0x90 [ 404.813469][T12594] lsm_blob_alloc+0x68/0x90 [ 404.813490][T12594] security_sk_alloc+0x2d/0x290 [ 404.813517][T12594] sk_prot_alloc+0x1d1/0x2a0 [ 404.813543][T12594] sk_alloc+0x36/0xe80 [ 404.813567][T12594] inet_create+0x3a0/0x1060 [ 404.813593][T12594] ? inet_create+0x94/0x1060 [ 404.813621][T12594] __sock_create+0x339/0x860 [ 404.813653][T12594] mptcp_subflow_create_socket+0xec/0xa30 [ 404.813671][T12594] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 404.813689][T12594] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 404.813714][T12594] __mptcp_nmpc_sk+0x17f/0x870 [ 404.813733][T12594] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 404.813754][T12594] ? __local_bh_enable_ip+0x9e/0x120 [ 404.813780][T12594] mptcp_sendmsg+0x168f/0x1e40 [ 404.813807][T12594] ? aa_sk_perm+0x2de/0xb40 [ 404.813827][T12594] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 404.813856][T12594] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 404.813879][T12594] inet_sendmsg+0x11c/0x140 [ 404.813903][T12594] ____sys_sendmsg+0x9ad/0xc30 [ 404.813927][T12594] ? __pfx_____sys_sendmsg+0x10/0x10 [ 404.813948][T12594] ? _parse_integer_limit+0x17f/0x1d0 [ 404.813974][T12594] ? _kstrtoull+0x13c/0x1f0 [ 404.813994][T12594] ? __pfx__kstrtoull+0x10/0x10 [ 404.814017][T12594] ___sys_sendmsg+0x190/0x1e0 [ 404.814042][T12594] ? __pfx____sys_sendmsg+0x10/0x10 [ 404.814066][T12594] ? __lock_acquire+0x4a5/0x2630 [ 404.814092][T12594] ? find_held_lock+0x2b/0x80 [ 404.814127][T12594] __sys_sendmmsg+0x2ff/0x430 [ 404.814149][T12594] ? __pfx___sys_sendmmsg+0x10/0x10 [ 404.814175][T12594] ? __fget_files+0x215/0x3d0 [ 404.814203][T12594] ? fput+0x79/0x100 [ 404.814223][T12594] ? ksys_write+0x1ac/0x250 [ 404.814238][T12594] ? __pfx_ksys_write+0x10/0x10 [ 404.814257][T12594] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 404.814278][T12594] ? lockdep_hardirqs_on+0x78/0x100 [ 404.814302][T12594] __do_fast_syscall_32+0xe3/0x8c0 [ 404.814330][T12594] do_fast_syscall_32+0x32/0x70 [ 404.814346][T12594] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 404.814367][T12594] RIP: 0023:0xf702d579 [ 404.814383][T12594] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 404.814399][T12594] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159 [ 404.814418][T12594] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001b80 [ 404.814429][T12594] RDX: 0000000000000001 RSI: 0000000030008001 RDI: 0000000000000000 [ 404.814440][T12594] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 404.814450][T12594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.814460][T12594] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 404.814483][T12594] [ 405.238157][T12596] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1873'. [ 405.438426][T12601] netlink: 'syz.2.1874': attribute type 3 has an invalid length. [ 405.444301][T12601] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1874'. [ 405.689319][T12603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1872'. [ 405.695223][T12603] lo: entered promiscuous mode [ 405.890806][T12603] lo: entered allmulticast mode [ 405.932638][T12603] tunl0: entered promiscuous mode [ 405.934721][T12603] tunl0: entered allmulticast mode [ 405.937861][T12603] gre0: entered promiscuous mode [ 405.939802][T12603] gre0: entered allmulticast mode [ 405.987917][T12603] gretap0: entered promiscuous mode [ 406.006381][T12603] gretap0: entered allmulticast mode [ 406.018275][T12603] erspan0: entered promiscuous mode [ 406.036998][T12603] erspan0: entered allmulticast mode [ 406.093253][T12603] ip_vti0: entered promiscuous mode [ 406.095863][T12603] ip_vti0: entered allmulticast mode [ 406.153698][T12603] ip6_vti0: entered promiscuous mode [ 406.167238][T12603] ip6_vti0: entered allmulticast mode [ 406.229339][T12603] sit0: entered promiscuous mode [ 406.259399][T12603] sit0: entered allmulticast mode [ 406.285487][T12603] ip6tnl0: entered promiscuous mode [ 406.302556][T12603] ip6tnl0: entered allmulticast mode [ 406.308582][T12603] ip6gre0: entered promiscuous mode [ 406.321181][T12603] ip6gre0: entered allmulticast mode [ 406.325122][T12603] syz_tun: entered promiscuous mode [ 406.327320][T12603] syz_tun: entered allmulticast mode [ 406.350240][T12603] ip6gretap0: entered promiscuous mode [ 406.353143][T12603] ip6gretap0: entered allmulticast mode [ 406.375033][T12603] bridge0: entered promiscuous mode [ 406.377889][T12603] bridge0: entered allmulticast mode [ 406.383072][T12603] team0: entered promiscuous mode [ 406.400666][T12603] team_slave_0: entered promiscuous mode [ 406.405371][T12603] team_slave_1: entered promiscuous mode [ 406.424030][T12603] team0: entered allmulticast mode [ 406.426431][T12603] team_slave_0: entered allmulticast mode [ 406.428847][T12603] team_slave_1: entered allmulticast mode [ 406.436228][T12603] 8021q: adding VLAN 0 to HW filter on device team0 [ 406.451600][T12603] dummy0: entered promiscuous mode [ 406.657454][T12603] dummy0: entered allmulticast mode [ 406.675753][T12603] nlmon0: entered promiscuous mode [ 406.678047][T12603] nlmon0: entered allmulticast mode [ 406.711355][T12603] caif0: entered promiscuous mode [ 406.714592][T12603] caif0: entered allmulticast mode [ 406.717776][T12603] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 407.786781][T12635] wg1 speed is unknown, defaulting to 1000 [ 408.136401][T12636] wg1 speed is unknown, defaulting to 1000 [ 408.635925][T12649] overlayfs: missing 'lowerdir' [ 408.877771][T12654] overlayfs: failed to clone upperpath [ 409.229861][T12657] binder: 12656:12657 ioctl 40046205 0 returned -22 [ 409.820608][ T40] audit: type=1326 audit(1770791752.415:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12666 comm="syz.4.1890" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7fc00000 [ 410.182233][T12677] siw: device registration error -23 [ 410.188822][T12677] 9pnet_virtio: no channels available for device syz [ 410.441042][ T40] audit: type=1326 audit(1770791753.025:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12666 comm="syz.4.1890" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702d598 code=0x7fc00000 [ 411.091337][T12689] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1896'. [ 412.211165][ T6088] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 412.371171][ T6088] usb 9-1: Using ep0 maxpacket: 16 [ 412.375545][ T6088] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.408659][ T6088] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.413621][ T6088] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 412.451431][ T5936] Bluetooth: hci1: unexpected event for opcode 0x0404 [ 412.481270][ T6088] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 412.500477][ T6088] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.668502][ T6088] usb 9-1: config 0 descriptor?? [ 413.116810][ T6088] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 413.127769][ T6088] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 413.133892][ T6088] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 413.137574][ T6088] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 413.142324][ T6088] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 413.156609][ T6088] input: HID 0955:7214 Haptics as /devices/virtual/input/input43 [ 413.264098][ T6088] shield 0003:0955:7214.0007: Registered Thunderstrike controller [ 413.293280][ T6088] shield 0003:0955:7214.0007: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 413.318975][T12713] random: crng reseeded on system resumption [ 413.384133][T12544] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 413.395380][ T6088] usb 9-1: USB disconnect, device number 27 [ 413.404411][T12544] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 413.423923][T12544] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 413.440156][T12544] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 413.867485][T12744] wg1 speed is unknown, defaulting to 1000 [ 414.017220][T12749] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1910'. [ 415.585847][T12791] input: syz1 as /devices/virtual/input/input44 [ 416.613015][T12801] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1923'. [ 418.476040][T12819] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1928'. [ 418.534643][T12822] netlink: 'syz.2.1929': attribute type 8 has an invalid length. [ 418.776894][T12826] FAULT_INJECTION: forcing a failure. [ 418.776894][T12826] name failslab, interval 1, probability 0, space 0, times 0 [ 418.792779][T12826] CPU: 2 UID: 0 PID: 12826 Comm: syz.4.1930 Tainted: G L syzkaller #0 PREEMPT(full) [ 418.792808][T12826] Tainted: [L]=SOFTLOCKUP [ 418.792815][T12826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 418.792825][T12826] Call Trace: [ 418.792851][T12826] [ 418.792859][T12826] dump_stack_lvl+0x100/0x190 [ 418.792888][T12826] should_fail_ex.cold+0x5/0xa [ 418.792908][T12826] should_failslab+0xc2/0x120 [ 418.792928][T12826] __kvmalloc_node_noprof+0x101/0xac0 [ 418.792947][T12826] ? io_alloc_cache_init+0x38/0x170 [ 418.792975][T12826] ? io_alloc_cache_init+0x38/0x170 [ 418.792997][T12826] ? __init_waitqueue_head+0xca/0x150 [ 418.793016][T12826] io_alloc_cache_init+0x38/0x170 [ 418.793041][T12826] io_uring_setup.cold+0x432/0x1cb9 [ 418.793066][T12826] ? ksys_write+0x190/0x250 [ 418.793080][T12826] ? ksys_write+0x190/0x250 [ 418.793095][T12826] ? __pfx_io_uring_setup+0x10/0x10 [ 418.793118][T12826] ? __mutex_unlock_slowpath+0x15c/0x790 [ 418.793144][T12826] ? __fget_files+0x215/0x3d0 [ 418.793170][T12826] ? fput+0x79/0x100 [ 418.793190][T12826] ? ksys_write+0x1ac/0x250 [ 418.793205][T12826] ? __pfx_ksys_write+0x10/0x10 [ 418.793223][T12826] __ia32_sys_io_uring_setup+0xc2/0x170 [ 418.793246][T12826] __do_fast_syscall_32+0xe3/0x8c0 [ 418.793278][T12826] do_fast_syscall_32+0x32/0x70 [ 418.793305][T12826] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 418.793330][T12826] RIP: 0023:0xf702d579 [ 418.793347][T12826] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 418.793364][T12826] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 00000000000001a9 [ 418.793383][T12826] RAX: ffffffffffffffda RBX: 000000000000665c RCX: 0000000080000700 [ 418.793396][T12826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 418.793407][T12826] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 418.793418][T12826] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 418.793429][T12826] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 418.793455][T12826] [ 419.040473][T12832] input: syz1 as /devices/virtual/input/input45 [ 419.473643][ T5942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 419.482761][ T5942] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 419.518011][ T5942] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 419.551242][T12844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1935'. [ 419.555279][ T5942] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 419.564396][ T5942] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 419.654354][T12845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1935'. [ 419.695605][T12841] wg1 speed is unknown, defaulting to 1000 [ 420.335630][T12841] chnl_net:caif_netlink_parms(): no params data found [ 420.589584][T12841] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.631448][T12841] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.634765][T12841] bridge_slave_0: entered allmulticast mode [ 420.638951][T12841] bridge_slave_0: entered promiscuous mode [ 420.653061][T12841] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.657123][T12841] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.691216][T12841] bridge_slave_1: entered allmulticast mode [ 420.784224][T12841] bridge_slave_1: entered promiscuous mode [ 420.837010][T12865] syzkaller0: entered promiscuous mode [ 420.864293][T12865] syzkaller0: entered allmulticast mode [ 421.020471][T12859] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 421.023838][T12859] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 421.035101][T12859] vhci_hcd vhci_hcd.0: Device attached [ 421.144299][T12869] vhci_hcd: connection closed [ 421.145050][ T58] vhci_hcd vhci_hcd.0: stop threads [ 421.154000][ T58] vhci_hcd vhci_hcd.0: release socket [ 421.164011][ T58] vhci_hcd vhci_hcd.0: disconnect device [ 421.311773][T12841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 421.320217][T12841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.356462][T12841] team0: Port device team_slave_0 added [ 421.368890][T12841] team0: Port device team_slave_1 added [ 421.433496][T12841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 421.437969][T12841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 421.465875][T12841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 421.495392][T12841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 421.500175][T12841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 421.516341][T12841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 421.565553][T12841] hsr_slave_0: entered promiscuous mode [ 421.568976][T12841] hsr_slave_1: entered promiscuous mode [ 421.573222][T12841] debugfs: 'hsr0' already exists in 'hsr' [ 421.575831][T12841] Cannot create hsr debugfs directory [ 421.631164][ T5936] Bluetooth: hci3: command tx timeout [ 422.040391][T12886] input: syz1 as /devices/virtual/input/input46 [ 422.070072][T12841] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.080353][T12841] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 422.412421][T12841] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.444495][T12841] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 423.283001][T12841] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.303173][T12841] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 423.375918][T12901] mkiss: ax0: crc mode is auto. [ 423.578543][T12841] netdevsim netdevsim3  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.603006][T12841] netdevsim netdevsim3  (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 423.716448][ T5936] Bluetooth: hci3: command tx timeout [ 423.865133][T12899] team0 (unregistering): Port device team_slave_0 removed [ 423.906600][T12899] team0 (unregistering): Port device team_slave_1 removed [ 423.915732][T12910] loop6: detected capacity change from 0 to 2560 [ 423.918861][T12910] buffer_io_error: 11 callbacks suppressed [ 423.918876][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 423.941475][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 423.946005][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 423.950044][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 423.970326][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 423.975606][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 423.985444][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 423.991580][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 423.996757][T12910] ldm_validate_partition_table(): Disk read failed. [ 424.003099][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 424.010393][T12910] Buffer I/O error on dev loop6, logical block 0, async page read [ 424.016713][T12910] Dev loop6: unable to read RDB block 0 [ 424.022256][T12910] loop6: unable to read partition table [ 424.040281][T12910] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 424.163176][ T5346] ldm_validate_partition_table(): Disk read failed. [ 424.166048][ T5346] Dev loop6: unable to read RDB block 0 [ 424.249709][ T5346] loop6: unable to read partition table [ 424.315629][T12841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 424.377067][T12841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 424.418124][T12841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 424.431216][T12841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 424.642375][T12841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.678802][T12841] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.700517][T10303] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.706798][T10303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.745106][T10303] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.753348][T10303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 424.816288][T12841] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 424.826729][T12841] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 425.109950][T12935] bridge_slave_0: left allmulticast mode [ 425.127189][T12935] bridge_slave_0: left promiscuous mode [ 425.130276][T12935] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.168205][T12936] netlink: 'syz.2.1953': attribute type 10 has an invalid length. [ 425.186509][T12935] bridge_slave_1: left allmulticast mode [ 425.192188][T12935] bridge_slave_1: left promiscuous mode [ 425.197165][T12935] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.222217][T12935] bond0: (slave bond_slave_0): Releasing backup interface [ 425.224289][T12937] netlink: 'syz.2.1953': attribute type 10 has an invalid length. [ 425.231872][T12935] bond0: (slave bond_slave_1): Releasing backup interface [ 425.239298][T12935] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 425.277236][T12935] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 425.287208][T12940] tmpfs: Bad value for 'mpol' [ 425.302881][T12942] input: syz1 as /devices/virtual/input/input47 [ 425.542175][T12935] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 425.581065][T12936] syz_tun: entered promiscuous mode [ 425.802843][ T5936] Bluetooth: hci3: command tx timeout [ 425.983909][T12934] delete_channel: no stack [ 426.249936][T12841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 426.342773][T12841] veth0_vlan: entered promiscuous mode [ 426.357000][T12841] veth1_vlan: entered promiscuous mode [ 426.424899][T12841] veth0_macvtap: entered promiscuous mode [ 426.460039][T12841] veth1_macvtap: entered promiscuous mode [ 426.522389][T12841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.561897][T12841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 426.572078][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.578646][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.583779][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.623056][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.733469][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.738889][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.787795][T10303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.795193][T10303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.382072][T12977] FAULT_INJECTION: forcing a failure. [ 427.382072][T12977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.390165][T12977] CPU: 1 UID: 0 PID: 12977 Comm: syz.3.1964 Tainted: G L syzkaller #0 PREEMPT(full) [ 427.390192][T12977] Tainted: [L]=SOFTLOCKUP [ 427.390198][T12977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 427.390207][T12977] Call Trace: [ 427.390215][T12977] [ 427.390223][T12977] dump_stack_lvl+0x100/0x190 [ 427.390248][T12977] should_fail_ex.cold+0x5/0xa [ 427.390265][T12977] _copy_to_user+0x32/0xd0 [ 427.390281][T12977] simple_read_from_buffer+0xcb/0x170 [ 427.390306][T12977] proc_fail_nth_read+0x1af/0x230 [ 427.390323][T12977] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 427.390340][T12977] ? rw_verify_area+0xce/0x6d0 [ 427.390361][T12977] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 427.390382][T12977] vfs_read+0x1e4/0xb30 [ 427.390399][T12977] ? __pfx_vfs_read+0x10/0x10 [ 427.390411][T12977] ? find_held_lock+0x2b/0x80 [ 427.390431][T12977] ? __fget_files+0x215/0x3d0 [ 427.390450][T12977] ? __fget_files+0x21f/0x3d0 [ 427.390469][T12977] ksys_read+0x12a/0x250 [ 427.390482][T12977] ? __pfx_ksys_read+0x10/0x10 [ 427.390502][T12977] do_int80_emulation+0x141/0x6b0 [ 427.390519][T12977] asm_int80_emulation+0x1a/0x20 [ 427.390534][T12977] RIP: 0023:0xf71e572b [ 427.390546][T12977] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 427.390560][T12977] RSP: 002b:00000000f545b4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 427.390576][T12977] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f545b5d0 [ 427.390585][T12977] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 427.390594][T12977] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 427.390602][T12977] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 427.390611][T12977] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 427.390630][T12977] [ 427.956329][ T5936] Bluetooth: hci3: command tx timeout [ 428.006247][T12979] input: syz1 as /devices/virtual/input/input48 [ 429.807637][T13004] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1973'. [ 429.917279][T13009] overlayfs: missing 'workdir' [ 430.083719][T13013] input: syz1 as /devices/virtual/input/input49 [ 430.821803][T13023] wg1 speed is unknown, defaulting to 1000 [ 431.633713][T13041] netlink: 'syz.2.1980': attribute type 3 has an invalid length. [ 431.648581][ T6004] usb 9-1: new high-speed USB device number 28 using dummy_hcd [ 431.809639][T13044] FAULT_INJECTION: forcing a failure. [ 431.809639][T13044] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 431.830607][T13044] CPU: 1 UID: 0 PID: 13044 Comm: syz.0.1983 Tainted: G L syzkaller #0 PREEMPT(full) [ 431.830640][T13044] Tainted: [L]=SOFTLOCKUP [ 431.830647][T13044] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 431.830659][T13044] Call Trace: [ 431.830666][T13044] [ 431.830676][T13044] dump_stack_lvl+0x100/0x190 [ 431.830709][T13044] should_fail_ex.cold+0x5/0xa [ 431.830731][T13044] _copy_from_user+0x2e/0xd0 [ 431.830753][T13044] dev_ethtool+0x114b/0x5d70 [ 431.830782][T13044] ? stack_trace_save+0x8e/0xc0 [ 431.830830][T13044] ? __pfx_stack_trace_save+0x10/0x10 [ 431.830859][T13044] ? stack_depot_save_flags+0x27/0x9d0 [ 431.830887][T13044] ? __pfx_dev_ethtool+0x10/0x10 [ 431.830911][T13044] ? kasan_save_track+0x14/0x30 [ 431.830929][T13044] ? kasan_save_free_info+0x3b/0x70 [ 431.830954][T13044] ? __kasan_slab_free+0x5f/0x80 [ 431.830973][T13044] ? tomoyo_path_number_perm+0x46d/0x580 [ 431.830993][T13044] ? __ia32_compat_sys_ioctl+0xc2/0x360 [ 431.831018][T13044] ? __do_fast_syscall_32+0xe3/0x8c0 [ 431.831047][T13044] ? do_fast_syscall_32+0x32/0x70 [ 431.831062][T13044] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 431.831117][T13044] ? kasan_quarantine_put+0x104/0x240 [ 431.831136][T13044] ? lockdep_hardirqs_on+0x78/0x100 [ 431.831172][T13044] ? __lock_acquire+0x4a5/0x2630 [ 431.831196][T13044] ? tomoyo_path_number_perm+0x188/0x580 [ 431.831226][T13044] ? find_held_lock+0x2b/0x80 [ 431.831253][T13044] ? dev_load+0x8e/0x240 [ 431.831272][T13044] ? dev_load+0x8e/0x240 [ 431.831427][T13044] dev_ioctl+0x63b/0x1070 [ 431.831452][T13044] compat_sock_ioctl+0x4f9/0x760 [ 431.831487][T13044] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 431.831529][T13044] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 431.831559][T13044] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 431.831592][T13044] __do_fast_syscall_32+0xe3/0x8c0 [ 431.831627][T13044] do_fast_syscall_32+0x32/0x70 [ 431.831646][T13044] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 431.831670][T13044] RIP: 0023:0xf70ad579 [ 431.831688][T13044] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 431.831707][T13044] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 431.831728][T13044] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008946 [ 431.831741][T13044] RDX: 0000000080000f80 RSI: 0000000000000000 RDI: 0000000000000000 [ 431.831752][T13044] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 431.831763][T13044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.831774][T13044] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 431.831800][T13044] [ 432.080227][ T6004] usb 9-1: Using ep0 maxpacket: 8 [ 432.092681][ T6004] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 432.093156][T13046] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 432.097444][ T6004] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 432.149516][ T6004] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 432.156841][ T6004] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.657506][T13051] input: syz1 as /devices/virtual/input/input50 [ 433.186558][T13057] wg1 speed is unknown, defaulting to 1000 [ 434.615305][T12963] usb 9-1: USB disconnect, device number 28 [ 435.206500][T13083] input: syz1 as /devices/virtual/input/input51 [ 435.490550][T13090] netlink: 'syz.0.1997': attribute type 4 has an invalid length. [ 435.521031][T13090] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1997'. [ 436.703892][ T60] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 436.882195][ T60] usb 5-1: Using ep0 maxpacket: 8 [ 436.890619][ T60] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 436.909852][ T60] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 436.931004][ T60] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 436.937457][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.926656][T13115] wg1 speed is unknown, defaulting to 1000 [ 438.865688][T13128] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 438.986577][T13128] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 439.383539][T13131] input: syz1 as /devices/virtual/input/input52 [ 439.551946][ T1453] usb 5-1: USB disconnect, device number 34 [ 440.181003][T13144] netlink: 'syz.0.2012': attribute type 4 has an invalid length. [ 440.184077][T13144] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2012'. [ 441.402409][ T60] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 441.581281][ T60] usb 5-1: Using ep0 maxpacket: 8 [ 441.592551][ T60] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 441.602972][ T60] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 441.616535][ T60] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 441.656525][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.509525][T13167] input: syz1 as /devices/virtual/input/input53 [ 442.629460][T13168] wg1 speed is unknown, defaulting to 1000 [ 443.363196][T13176] usb usb7: usbfs: process 13176 (syz.4.2024) did not claim interface 0 before use [ 444.326911][ T10] usb 5-1: USB disconnect, device number 35 [ 444.739895][T13195] input: syz1 as /devices/virtual/input/input54 [ 444.768113][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.774159][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.819159][T13199] FAULT_INJECTION: forcing a failure. [ 444.819159][T13199] name failslab, interval 1, probability 0, space 0, times 0 [ 444.849334][T13198] syz_tun: entered allmulticast mode [ 444.872048][T13196] syz_tun: left allmulticast mode [ 444.873898][T13199] CPU: 0 UID: 0 PID: 13199 Comm: syz.0.2033 Tainted: G L syzkaller #0 PREEMPT(full) [ 444.873928][T13199] Tainted: [L]=SOFTLOCKUP [ 444.873934][T13199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 444.873945][T13199] Call Trace: [ 444.873951][T13199] [ 444.873958][T13199] dump_stack_lvl+0x100/0x190 [ 444.873987][T13199] should_fail_ex.cold+0x5/0xa [ 444.874007][T13199] should_failslab+0xc2/0x120 [ 444.874028][T13199] __kmalloc_node_noprof+0xfb/0x9e0 [ 444.874045][T13199] ? __lock_acquire+0x4a5/0x2630 [ 444.874225][T13199] ? get_callchain_buffers+0x1e5/0x380 [ 444.874261][T13199] ? get_callchain_buffers+0x1e5/0x380 [ 444.874284][T13199] get_callchain_buffers+0x1e5/0x380 [ 444.874308][T13199] ? security_capable+0x80/0x260 [ 444.874334][T13199] stack_map_alloc+0x316/0x610 [ 444.874358][T13199] ? __pfx_stack_map_mem_usage+0x10/0x10 [ 444.874380][T13199] map_create+0x84e/0x2ba0 [ 444.874411][T13199] ? __pfx_map_create+0x10/0x10 [ 444.874430][T13199] ? __might_fault+0xc5/0x140 [ 444.874456][T13199] ? __might_fault+0xc5/0x140 [ 444.874491][T13199] __sys_bpf+0x2091/0x4b90 [ 444.874519][T13199] ? __pfx___sys_bpf+0x10/0x10 [ 444.874542][T13199] ? proc_fail_nth_write+0x9f/0x220 [ 444.874560][T13199] ? find_held_lock+0x2b/0x80 [ 444.874583][T13199] ? find_held_lock+0x2b/0x80 [ 444.874602][T13199] ? ksys_write+0x190/0x250 [ 444.874621][T13199] ? __mutex_unlock_slowpath+0x15c/0x790 [ 444.874658][T13199] ? fput+0x79/0x100 [ 444.874677][T13199] ? ksys_write+0x1ac/0x250 [ 444.874698][T13199] __ia32_sys_bpf+0x79/0xf0 [ 444.874719][T13199] ? lockdep_hardirqs_on+0x78/0x100 [ 444.874741][T13199] __do_fast_syscall_32+0xe3/0x8c0 [ 444.874769][T13199] do_fast_syscall_32+0x32/0x70 [ 444.874786][T13199] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 444.874808][T13199] RIP: 0023:0xf70ad579 [ 444.874823][T13199] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 444.874840][T13199] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 444.874858][T13199] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000280 [ 444.874869][T13199] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 444.874879][T13199] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 444.874890][T13199] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 444.874900][T13199] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 444.874923][T13199] [ 445.641046][T12189] usb 9-1: new high-speed USB device number 29 using dummy_hcd [ 445.826789][T12189] usb 9-1: Using ep0 maxpacket: 8 [ 445.849636][T12189] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 445.861590][T12189] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 445.884633][T12189] usb 9-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 445.897258][T12189] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 445.905379][T12189] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.931889][T12189] usbtmc 9-1:16.0: bulk endpoints not found [ 446.579926][T13238] FAULT_INJECTION: forcing a failure. [ 446.579926][T13238] name failslab, interval 1, probability 0, space 0, times 0 [ 446.585993][T13238] CPU: 0 UID: 0 PID: 13238 Comm: syz.0.2046 Tainted: G L syzkaller #0 PREEMPT(full) [ 446.586023][T13238] Tainted: [L]=SOFTLOCKUP [ 446.586029][T13238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 446.586040][T13238] Call Trace: [ 446.586047][T13238] [ 446.586054][T13238] dump_stack_lvl+0x100/0x190 [ 446.586085][T13238] should_fail_ex.cold+0x5/0xa [ 446.586107][T13238] should_failslab+0xc2/0x120 [ 446.586128][T13238] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 446.586150][T13238] ? __alloc_skb+0x156/0x410 [ 446.586167][T13238] ? __alloc_skb+0x35d/0x410 [ 446.586193][T13238] ? __alloc_skb+0x156/0x410 [ 446.586281][T13238] __alloc_skb+0x156/0x410 [ 446.586297][T13238] ? __alloc_skb+0x35d/0x410 [ 446.586312][T13238] ? __pfx___alloc_skb+0x10/0x10 [ 446.586330][T13238] ? netlink_autobind.isra.0+0x90/0x370 [ 446.586359][T13238] netlink_alloc_large_skb+0x69/0x150 [ 446.586382][T13238] netlink_sendmsg+0x680/0xda0 [ 446.586406][T13238] ? __pfx_netlink_sendmsg+0x10/0x10 [ 446.586430][T13238] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 446.586459][T13238] ____sys_sendmsg+0xa54/0xc30 [ 446.586486][T13238] ? __pfx_____sys_sendmsg+0x10/0x10 [ 446.586521][T13238] ___sys_sendmsg+0x190/0x1e0 [ 446.586548][T13238] ? __pfx____sys_sendmsg+0x10/0x10 [ 446.586603][T13238] __sys_sendmsg+0x170/0x220 [ 446.586623][T13238] ? __pfx___sys_sendmsg+0x10/0x10 [ 446.586651][T13238] ? __pfx_ksys_write+0x10/0x10 [ 446.586673][T13238] __do_fast_syscall_32+0xe3/0x8c0 [ 446.586702][T13238] do_fast_syscall_32+0x32/0x70 [ 446.586718][T13238] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 446.586739][T13238] RIP: 0023:0xf70ad579 [ 446.586754][T13238] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 446.586772][T13238] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 446.586790][T13238] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180 [ 446.586802][T13238] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 446.586812][T13238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 446.586823][T13238] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 446.586834][T13238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 446.586856][T13238] [ 446.761336][T13239] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 446.769907][T13239] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 446.777336][T13239] vhci_hcd vhci_hcd.0: Device attached [ 446.993823][T13243] wg1 speed is unknown, defaulting to 1000 [ 447.050946][ T5983] usb 42-1: SetAddress Request (11) to port 0 [ 447.055310][ T5983] usb 42-1: new SuperSpeed USB device number 11 using vhci_hcd [ 447.151330][T13252] netlink: 'syz.0.2050': attribute type 1 has an invalid length. [ 447.263495][T13254] usb 9-1: USB disconnect, device number 29 [ 447.267380][T13240] vhci_hcd: connection reset by peer [ 447.318314][ T1143] vhci_hcd vhci_hcd.2: stop threads [ 447.334558][ T1143] vhci_hcd vhci_hcd.2: release socket [ 447.345038][ T1143] vhci_hcd vhci_hcd.2: disconnect device [ 447.549506][T13256] input: syz1 as /devices/virtual/input/input55 [ 447.707159][T13258] lo: left promiscuous mode [ 447.709089][T13258] lo: left allmulticast mode [ 448.839042][T13285] input: syz1 as /devices/virtual/input/input56 [ 450.341127][T13313] syz.2.2072: vmalloc error: size 17179873280, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 450.363225][T13313] CPU: 2 UID: 0 PID: 13313 Comm: syz.2.2072 Tainted: G L syzkaller #0 PREEMPT(full) [ 450.363257][T13313] Tainted: [L]=SOFTLOCKUP [ 450.363265][T13313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 450.363277][T13313] Call Trace: [ 450.363285][T13313] [ 450.363294][T13313] dump_stack_lvl+0x100/0x190 [ 450.363326][T13313] warn_alloc.cold+0x95/0x1c1 [ 450.363360][T13313] ? __pfx_warn_alloc+0x10/0x10 [ 450.363403][T13313] ? kasan_save_stack+0x3f/0x50 [ 450.363422][T13313] ? kasan_save_stack+0x30/0x50 [ 450.363439][T13313] ? kasan_save_track+0x14/0x30 [ 450.363459][T13313] ? xskq_create+0xfb/0x1d0 [ 450.363483][T13313] __vmalloc_node_range_noprof+0x1252/0x1530 [ 450.363515][T13313] ? xskq_create+0xfb/0x1d0 [ 450.363544][T13313] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 450.363582][T13313] ? xskq_create+0xfb/0x1d0 [ 450.363602][T13313] vmalloc_user_noprof+0x9e/0xe0 [ 450.363628][T13313] ? xskq_create+0xfb/0x1d0 [ 450.363651][T13313] xskq_create+0xfb/0x1d0 [ 450.363675][T13313] xsk_setsockopt+0x725/0xa90 [ 450.363699][T13313] ? __pfx_xsk_setsockopt+0x10/0x10 [ 450.363722][T13313] ? find_held_lock+0x2b/0x80 [ 450.363749][T13313] ? aa_sock_opt_perm+0xfe/0x1b0 [ 450.363777][T13313] ? __pfx_xsk_setsockopt+0x10/0x10 [ 450.363801][T13313] do_sock_setsockopt+0xf3/0x1d0 [ 450.363830][T13313] __sys_setsockopt+0x119/0x190 [ 450.363856][T13313] __ia32_sys_setsockopt+0xbc/0x160 [ 450.363874][T13313] ? __do_fast_syscall_32+0x94/0x8c0 [ 450.363903][T13313] ? lockdep_hardirqs_on+0x78/0x100 [ 450.363958][T13313] __do_fast_syscall_32+0xe3/0x8c0 [ 450.363992][T13313] do_fast_syscall_32+0x32/0x70 [ 450.364260][T13313] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 450.364291][T13313] RIP: 0023:0xf707d579 [ 450.364306][T13313] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 450.364325][T13313] RSP: 002b:00000000f544c50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 450.364344][T13313] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 000000000000011b [ 450.364358][T13313] RDX: 0000000000000006 RSI: 0000000080000080 RDI: 0000000000000004 [ 450.364370][T13313] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 450.364381][T13313] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 450.364392][T13313] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 450.364418][T13313] [ 450.364426][T13313] Mem-Info: [ 450.614150][T13313] active_anon:9577 inactive_anon:2028 isolated_anon:0 [ 450.614150][T13313] active_file:13331 inactive_file:12743 isolated_file:0 [ 450.614150][T13313] unevictable:1768 dirty:59 writeback:0 [ 450.614150][T13313] slab_reclaimable:7544 slab_unreclaimable:55952 [ 450.614150][T13313] mapped:31353 shmem:7810 pagetables:1594 [ 450.614150][T13313] sec_pagetables:317 bounce:0 [ 450.614150][T13313] kernel_misc_reclaimable:0 [ 450.614150][T13313] free:59812 free_pcp:12917 free_cma:0 [ 450.649865][T13313] Node 0 active_anon:12kB inactive_anon:60kB active_file:4kB inactive_file:16kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:8kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9856kB pagetables:2120kB sec_pagetables:1156kB all_unreclaimable? yes Balloon:0kB [ 450.667116][T13313] Node 1 active_anon:38396kB inactive_anon:8052kB active_file:53320kB inactive_file:50956kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:126092kB dirty:228kB writeback:0kB shmem:27704kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4464kB pagetables:4256kB sec_pagetables:112kB all_unreclaimable? no Balloon:0kB [ 450.684515][T13313] Node 0 DMA free:2032kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:468kB local_pcp:84kB free_cma:0kB [ 450.707494][T13313] lowmem_reserve[]: 0 285 285 285 285 [ 450.716872][T13313] Node 0 DMA32 free:18176kB boost:2048kB min:15152kB low:18428kB high:21704kB reserved_highatomic:2048KB free_highatomic:444KB active_anon:12kB inactive_anon:60kB active_file:4kB inactive_file:16kB unevictable:3536kB writepending:8kB zspages:0kB present:1032196kB managed:292540kB mlocked:0kB bounce:0kB free_pcp:13752kB local_pcp:3516kB free_cma:0kB [ 450.737548][T13313] lowmem_reserve[]: 0 0 0 0 0 [ 450.739901][T13313] Node 1 DMA32 free:219040kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:38296kB inactive_anon:8052kB active_file:53320kB inactive_file:50956kB unevictable:3536kB writepending:228kB zspages:3604kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:37764kB local_pcp:10584kB free_cma:0kB [ 450.764229][T13313] lowmem_reserve[]: 0 0 0 0 0 [ 450.766905][T13313] Node 0 DMA: 24*4kB (UM) 10*8kB (U) 4*16kB (U) 2*32kB (UM) 1*64kB (U) 1*128kB (M) 2*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2032kB [ 450.799016][T13313] Node 0 DMA32: 1200*4kB (UH) 196*8kB (UEH) 68*16kB (UEH) 57*32kB (UMEH) 37*64kB (UME) 15*128kB (UME) 10*256kB (UME) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18176kB [ 450.809395][T13313] Node 1 DMA32: 2027*4kB (UME) 2008*8kB (UE) 1536*16kB (UME) 22*32kB (UE) 44*64kB (UME) 89*128kB (UME) 49*256kB (UM) 65*512kB (UME) 47*1024kB (UM) 10*2048kB (UM) 10*4096kB (UM) = 219052kB [ 450.810668][T13323] input: syz1 as /devices/virtual/input/input57 [ 450.824618][T13313] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 450.855119][T13313] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 450.859937][T13313] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 450.865356][T13313] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 450.869907][T13313] 34895 total pagecache pages [ 450.872729][T13313] 1014 pages in swap cache [ 450.874964][T13313] Free swap = 112016kB [ 450.877169][T13313] Total swap = 124996kB [ 450.879033][T13313] 524155 pages RAM [ 450.880572][T13313] 0 pages HighMem/MovableOnly [ 450.883014][T13313] 210127 pages reserved [ 450.884825][T13313] 0 pages cma reserved [ 451.905888][T13335] FAULT_INJECTION: forcing a failure. [ 451.905888][T13335] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 451.915789][T13335] CPU: 3 UID: 0 PID: 13335 Comm: syz.4.2077 Tainted: G L syzkaller #0 PREEMPT(full) [ 451.915819][T13335] Tainted: [L]=SOFTLOCKUP [ 451.915826][T13335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 451.915837][T13335] Call Trace: [ 451.915844][T13335] [ 451.915851][T13335] dump_stack_lvl+0x100/0x190 [ 451.915880][T13335] should_fail_ex.cold+0x5/0xa [ 451.915900][T13335] _copy_to_user+0x32/0xd0 [ 451.916806][T13335] simple_read_from_buffer+0xcb/0x170 [ 451.917066][T13335] proc_fail_nth_read+0x1af/0x230 [ 451.917087][T13335] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 451.917106][T13335] ? rw_verify_area+0xce/0x6d0 [ 451.917129][T13335] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 451.917146][T13335] vfs_read+0x1e4/0xb30 [ 451.917165][T13335] ? __pfx_vfs_read+0x10/0x10 [ 451.917178][T13335] ? find_held_lock+0x2b/0x80 [ 451.917199][T13335] ? __fget_files+0x215/0x3d0 [ 451.917219][T13335] ? __fget_files+0x21f/0x3d0 [ 451.917241][T13335] ksys_read+0x12a/0x250 [ 451.917255][T13335] ? __pfx_ksys_read+0x10/0x10 [ 451.917277][T13335] do_int80_emulation+0x141/0x6b0 [ 451.917297][T13335] asm_int80_emulation+0x1a/0x20 [ 451.917313][T13335] RIP: 0023:0xf716572b [ 451.917327][T13335] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 451.917343][T13335] RSP: 002b:00000000f53fc4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 451.917360][T13335] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f53fc5d0 [ 451.917371][T13335] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 451.917381][T13335] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 451.917390][T13335] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 451.917400][T13335] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 451.917423][T13335] [ 452.204789][ T5983] usb 42-1: device descriptor read/8, error -110 [ 452.607370][ T5983] usb usb42-port1: attempt power cycle [ 453.201464][ T5983] usb usb42-port1: unable to enumerate USB device [ 453.334163][T13346] FAULT_INJECTION: forcing a failure. [ 453.334163][T13346] name failslab, interval 1, probability 0, space 0, times 0 [ 453.340432][T13346] CPU: 3 UID: 0 PID: 13346 Comm: syz.0.2082 Tainted: G L syzkaller #0 PREEMPT(full) [ 453.340461][T13346] Tainted: [L]=SOFTLOCKUP [ 453.340468][T13346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 453.340478][T13346] Call Trace: [ 453.340486][T13346] [ 453.340494][T13346] dump_stack_lvl+0x100/0x190 [ 453.340523][T13346] should_fail_ex.cold+0x5/0xa [ 453.340543][T13346] should_failslab+0xc2/0x120 [ 453.340563][T13346] ? tomoyo_realpath_from_path+0xb6/0x690 [ 453.340584][T13346] __kmalloc_noprof+0xf6/0x9c0 [ 453.340616][T13346] ? tomoyo_realpath_from_path+0xb6/0x690 [ 453.340637][T13346] tomoyo_realpath_from_path+0xb6/0x690 [ 453.340663][T13346] tomoyo_path_number_perm+0x23c/0x580 [ 453.340680][T13346] ? tomoyo_path_number_perm+0x22e/0x580 [ 453.340698][T13346] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 453.340739][T13346] ? find_held_lock+0x2b/0x80 [ 453.340761][T13346] ? hook_file_ioctl_common+0x146/0x410 [ 453.340779][T13346] ? __fget_files+0x215/0x3d0 [ 453.340968][T13346] ? __fget_files+0x21f/0x3d0 [ 453.340994][T13346] security_file_ioctl_compat+0xd3/0x230 [ 453.341014][T13346] __ia32_compat_sys_ioctl+0xc2/0x360 [ 453.341041][T13346] __do_fast_syscall_32+0xe3/0x8c0 [ 453.341074][T13346] do_fast_syscall_32+0x32/0x70 [ 453.341089][T13346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.341110][T13346] RIP: 0023:0xf70ad579 [ 453.341125][T13346] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 453.341141][T13346] RSP: 002b:00000000f547c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 453.341159][T13346] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0686611 [ 453.341178][T13346] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 453.341188][T13346] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 453.341199][T13346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.341208][T13346] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 453.341233][T13346] [ 453.495461][T13346] ERROR: Out of memory at tomoyo_realpath_from_path. [ 453.859257][T13357] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2086'. [ 453.908102][T13356] input: syz1 as /devices/virtual/input/input58 [ 454.820008][T13385] FAULT_INJECTION: forcing a failure. [ 454.820008][T13385] name failslab, interval 1, probability 0, space 0, times 0 [ 454.829367][T13385] CPU: 2 UID: 0 PID: 13385 Comm: syz.0.2095 Tainted: G L syzkaller #0 PREEMPT(full) [ 454.829399][T13385] Tainted: [L]=SOFTLOCKUP [ 454.829405][T13385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 454.829416][T13385] Call Trace: [ 454.829425][T13385] [ 454.829434][T13385] dump_stack_lvl+0x100/0x190 [ 454.829464][T13385] should_fail_ex.cold+0x5/0xa [ 454.829488][T13385] should_failslab+0xc2/0x120 [ 454.829512][T13385] ? alloc_pipe_info+0x1ec/0x590 [ 454.829531][T13385] __kmalloc_noprof+0xf6/0x9c0 [ 454.829563][T13385] ? alloc_pipe_info+0x1ec/0x590 [ 454.829583][T13385] alloc_pipe_info+0x1ec/0x590 [ 454.829602][T13385] ? aa_file_perm+0x277/0x1530 [ 454.829627][T13385] splice_direct_to_actor+0x78f/0xa30 [ 454.829644][T13385] ? __pfx_direct_splice_actor+0x10/0x10 [ 454.829658][T13385] ? __pfx_aa_file_perm+0x10/0x10 [ 454.829678][T13385] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 454.829692][T13385] ? find_held_lock+0x2b/0x80 [ 454.829716][T13385] do_splice_direct+0x174/0x240 [ 454.829797][T13385] ? __pfx_do_splice_direct+0x10/0x10 [ 454.829812][T13385] ? common_file_perm+0x1ab/0x4f0 [ 454.829827][T13385] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 454.829853][T13385] ? bpf_lsm_file_permission+0x9/0x10 [ 454.829870][T13385] ? security_file_permission+0x76/0x210 [ 454.829887][T13385] ? rw_verify_area+0xce/0x6d0 [ 454.829910][T13385] do_sendfile+0xadc/0xe20 [ 454.829936][T13385] ? __pfx_do_sendfile+0x10/0x10 [ 454.829960][T13385] ? __fget_files+0x21f/0x3d0 [ 454.829978][T13385] __ia32_compat_sys_sendfile+0x1e5/0x220 [ 454.829996][T13385] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 454.830014][T13385] ? __pfx_ksys_write+0x10/0x10 [ 454.830032][T13385] __do_fast_syscall_32+0xe3/0x8c0 [ 454.830057][T13385] do_fast_syscall_32+0x32/0x70 [ 454.830070][T13385] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.830088][T13385] RIP: 0023:0xf70ad579 [ 454.830104][T13385] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 454.830118][T13385] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000bb [ 454.830132][T13385] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000005 [ 454.830141][T13385] RDX: 0000000000000000 RSI: 00000000000053d2 RDI: 0000000000000000 [ 454.830149][T13385] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 454.830158][T13385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.830166][T13385] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 454.830184][T13385] [ 455.589284][T13400] input: syz1 as /devices/virtual/input/input59 [ 456.492468][T13412] IPVS: set_ctl: invalid protocol: 0 10.1.1.1:20002 [ 456.857516][T13415] FAULT_INJECTION: forcing a failure. [ 456.857516][T13415] name failslab, interval 1, probability 0, space 0, times 0 [ 456.873440][T13415] CPU: 2 UID: 0 PID: 13415 Comm: syz.3.2105 Tainted: G L syzkaller #0 PREEMPT(full) [ 456.873470][T13415] Tainted: [L]=SOFTLOCKUP [ 456.873476][T13415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 456.873486][T13415] Call Trace: [ 456.873491][T13415] [ 456.873497][T13415] dump_stack_lvl+0x100/0x190 [ 456.873527][T13415] should_fail_ex.cold+0x5/0xa [ 456.873547][T13415] should_failslab+0xc2/0x120 [ 456.873566][T13415] ? ethnl_default_notify+0x1c3/0x9f0 [ 456.873584][T13415] __kmalloc_noprof+0xf6/0x9c0 [ 456.873615][T13415] ? ethnl_default_notify+0x1c3/0x9f0 [ 456.873632][T13415] ethnl_default_notify+0x1c3/0x9f0 [ 456.873653][T13415] ? __pfx_ethnl_default_notify+0x10/0x10 [ 456.873682][T13415] ? ethnl_set_coalesce+0xd2/0x160 [ 456.873707][T13415] ? __pfx_ethnl_set_coalesce+0x10/0x10 [ 456.873735][T13415] ? __pfx_ethnl_default_notify+0x10/0x10 [ 456.873753][T13415] ethnl_notify+0xc2/0x1c0 [ 456.873772][T13415] ethnl_default_set_doit+0x436/0x9b0 [ 456.873794][T13415] genl_family_rcv_msg_doit+0x214/0x300 [ 456.873820][T13415] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 456.873840][T13415] ? genl_get_cmd+0x3ef/0x720 [ 456.873867][T13415] ? bpf_lsm_capable+0x9/0x10 [ 456.873887][T13415] ? security_capable+0x80/0x260 [ 456.873912][T13415] ? ns_capable+0xd2/0xf0 [ 456.873936][T13415] genl_rcv_msg+0x560/0x800 [ 456.873970][T13415] ? __pfx_genl_rcv_msg+0x10/0x10 [ 456.873992][T13415] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 456.874020][T13415] netlink_rcv_skb+0x159/0x420 [ 456.874040][T13415] ? __pfx_genl_rcv_msg+0x10/0x10 [ 456.874062][T13415] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 456.874092][T13415] ? netlink_deliver_tap+0x1ae/0xcc0 [ 456.874115][T13415] genl_rcv+0x28/0x40 [ 456.874134][T13415] netlink_unicast+0x5aa/0x870 [ 456.874157][T13415] ? __pfx_netlink_unicast+0x10/0x10 [ 456.874187][T13415] netlink_sendmsg+0x8b0/0xda0 [ 456.874211][T13415] ? __pfx_netlink_sendmsg+0x10/0x10 [ 456.874233][T13415] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 456.874261][T13415] ____sys_sendmsg+0xa54/0xc30 [ 456.874287][T13415] ? __pfx_____sys_sendmsg+0x10/0x10 [ 456.874321][T13415] ___sys_sendmsg+0x190/0x1e0 [ 456.874347][T13415] ? __pfx____sys_sendmsg+0x10/0x10 [ 456.874403][T13415] __sys_sendmsg+0x170/0x220 [ 456.874422][T13415] ? __pfx___sys_sendmsg+0x10/0x10 [ 456.874449][T13415] ? __pfx_ksys_write+0x10/0x10 [ 456.874471][T13415] __do_fast_syscall_32+0xe3/0x8c0 [ 456.874502][T13415] do_fast_syscall_32+0x32/0x70 [ 456.874518][T13415] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 456.874539][T13415] RIP: 0023:0xf70ad579 [ 456.874554][T13415] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 456.874569][T13415] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 456.874587][T13415] RAX: ffffffffffffffda RBX: 000000000000001b RCX: 0000000080000540 [ 456.874598][T13415] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 456.874607][T13415] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 456.874617][T13415] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 456.874627][T13415] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 456.874650][T13415] [ 457.737297][T13428] fuse: Bad value for 'group_id' [ 457.739545][T13428] fuse: Bad value for 'group_id' [ 457.889902][T13435] input: syz1 as /devices/virtual/input/input60 [ 458.009009][T13442] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2113'. [ 458.020880][T13442] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2113'. [ 458.643263][ T40] audit: type=1326 audit(1770791801.155:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.755305][ T40] audit: type=1326 audit(1770791801.155:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.769054][ T40] audit: type=1326 audit(1770791801.195:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.789231][ T40] audit: type=1326 audit(1770791801.195:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.868898][ T40] audit: type=1326 audit(1770791801.195:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.883202][ T40] audit: type=1326 audit(1770791801.195:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.897776][ T40] audit: type=1326 audit(1770791801.195:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.912242][ T40] audit: type=1326 audit(1770791801.195:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.931343][ T40] audit: type=1326 audit(1770791801.195:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 458.955449][ T40] audit: type=1326 audit(1770791801.195:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13440 comm="syz.2.2113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000 [ 459.037854][T13462] ./cgroup: Can't lookup blockdev [ 459.077722][ T6004] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 459.176240][T13464] syz_tun: entered allmulticast mode [ 459.192094][T13464] FAULT_INJECTION: forcing a failure. [ 459.192094][T13464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.198477][T13464] CPU: 2 UID: 0 PID: 13464 Comm: syz.2.2119 Tainted: G L syzkaller #0 PREEMPT(full) [ 459.198510][T13464] Tainted: [L]=SOFTLOCKUP [ 459.198516][T13464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 459.198528][T13464] Call Trace: [ 459.198538][T13464] [ 459.198548][T13464] dump_stack_lvl+0x100/0x190 [ 459.198578][T13464] should_fail_ex.cold+0x5/0xa [ 459.198599][T13464] _copy_from_user+0x2e/0xd0 [ 459.198619][T13464] ip_mroute_setsockopt+0xd47/0x11a0 [ 459.198647][T13464] ? __pfx_ip_mroute_setsockopt+0x10/0x10 [ 459.198677][T13464] ? get_pid_task+0xfc/0x250 [ 459.198694][T13464] ? get_pid_task+0xfc/0x250 [ 459.198717][T13464] do_ip_setsockopt+0x382/0x3200 [ 459.198747][T13464] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 459.198772][T13464] ? aa_sk_perm+0x2de/0xb40 [ 459.198792][T13464] ? ksys_write+0x190/0x250 [ 459.198810][T13464] ? __pfx_aa_sk_perm+0x10/0x10 [ 459.198834][T13464] ip_setsockopt+0x5a/0xf0 [ 459.198861][T13464] raw_setsockopt+0x60/0x1b0 [ 459.198885][T13464] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 459.198911][T13464] do_sock_setsockopt+0xf3/0x1d0 [ 459.198938][T13464] __sys_setsockopt+0x119/0x190 [ 459.198962][T13464] __ia32_sys_setsockopt+0xbc/0x160 [ 459.198980][T13464] ? __do_fast_syscall_32+0x94/0x8c0 [ 459.199007][T13464] ? lockdep_hardirqs_on+0x78/0x100 [ 459.199032][T13464] __do_fast_syscall_32+0xe3/0x8c0 [ 459.199063][T13464] do_fast_syscall_32+0x32/0x70 [ 459.199079][T13464] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 459.199101][T13464] RIP: 0023:0xf707d579 [ 459.199117][T13464] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 459.199140][T13464] RSP: 002b:00000000f546d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 459.199160][T13464] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 459.199171][T13464] RDX: 00000000000000d2 RSI: 0000000080000200 RDI: 000000000000003c [ 459.199182][T13464] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 459.199193][T13464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.199204][T13464] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 459.199231][T13464] [ 459.252158][ T6004] usb 5-1: Using ep0 maxpacket: 8 [ 459.391227][ T6004] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 459.395880][ T6004] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 459.404120][ T6004] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 459.418912][ T6004] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 459.425955][ T6004] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 459.444159][ T6004] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 459.448152][ T6004] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.498799][ T6004] usbtmc 5-1:16.0: bulk endpoints not found [ 460.087504][T13485] input: syz1 as /devices/virtual/input/input61 [ 460.452432][T13490] wg1 speed is unknown, defaulting to 1000 [ 460.730732][T13494] netlink: 'syz.3.2129': attribute type 10 has an invalid length. [ 460.743560][T13494] FAULT_INJECTION: forcing a failure. [ 460.743560][T13494] name failslab, interval 1, probability 0, space 0, times 0 [ 460.752502][T13494] CPU: 0 UID: 0 PID: 13494 Comm: syz.3.2129 Tainted: G L syzkaller #0 PREEMPT(full) [ 460.752530][T13494] Tainted: [L]=SOFTLOCKUP [ 460.752536][T13494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 460.752546][T13494] Call Trace: [ 460.752553][T13494] [ 460.752559][T13494] dump_stack_lvl+0x100/0x190 [ 460.752587][T13494] should_fail_ex.cold+0x5/0xa [ 460.752606][T13494] should_failslab+0xc2/0x120 [ 460.752627][T13494] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 460.752646][T13494] ? __alloc_skb+0x156/0x410 [ 460.752668][T13494] ? __alloc_skb+0x156/0x410 [ 460.752682][T13494] __alloc_skb+0x156/0x410 [ 460.752697][T13494] ? __alloc_skb+0x35d/0x410 [ 460.752713][T13494] ? __pfx___alloc_skb+0x10/0x10 [ 460.752726][T13494] ? cfg80211_netdev_notifier_call+0x55b/0x10e0 [ 460.752748][T13494] ? notifier_call_chain+0x99/0x3b0 [ 460.752762][T13494] ? call_netdevice_notifiers_info+0xbe/0x110 [ 460.752782][T13494] ? __dev_close_many+0xb0/0x700 [ 460.752802][T13494] ? __dev_change_flags+0x2c1/0x6f0 [ 460.752819][T13494] ? rtnl_newlink+0x11bd/0x2380 [ 460.752844][T13494] cfg80211_del_sta_sinfo+0x17d/0x630 [ 460.752864][T13494] ? __pfx_cfg80211_del_sta_sinfo+0x10/0x10 [ 460.753003][T13494] ? rcu_is_watching+0x12/0xc0 [ 460.753026][T13494] ? trace_drv_return_int+0x70/0x1e0 [ 460.753049][T13494] ? drv_sta_state+0x381/0x17b0 [ 460.753083][T13494] __sta_info_destroy_part2+0x31f/0x540 [ 460.753106][T13494] __sta_info_flush+0x4f6/0x720 [ 460.753128][T13494] ? __pfx___sta_info_flush+0x10/0x10 [ 460.753153][T13494] ieee80211_ibss_disconnect+0x169/0xba0 [ 460.753181][T13494] ieee80211_ibss_leave+0x4a/0x160 [ 460.753204][T13494] cfg80211_leave_ibss+0x1a7/0x450 [ 460.753229][T13494] cfg80211_leave+0x219/0x410 [ 460.753253][T13494] cfg80211_netdev_notifier_call+0x55b/0x10e0 [ 460.753279][T13494] ? __pfx_cfg80211_netdev_notifier_call+0x10/0x10 [ 460.753305][T13494] ? __lock_acquire+0x4a5/0x2630 [ 460.753325][T13494] ? desc_read_finalized_seq+0x131/0x1d0 [ 460.753345][T13494] ? __asan_memcpy+0x3c/0x60 [ 460.753374][T13494] ? lock_acquire+0x17c/0x330 [ 460.753390][T13494] ? find_held_lock+0x2b/0x80 [ 460.753410][T13494] ? select_task_rq_fair+0x588/0x5330 [ 460.753427][T13494] ? select_task_rq_fair+0x588/0x5330 [ 460.753443][T13494] ? look_up_lock_class+0x64/0x120 [ 460.753469][T13494] ? register_lock_class+0x40/0x560 [ 460.753486][T13494] ? __lock_acquire+0x4a5/0x2630 [ 460.753507][T13494] ? __lock_acquire+0x4a5/0x2630 [ 460.753529][T13494] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.753556][T13494] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.753579][T13494] ? inetdev_event+0x149/0x17f0 [ 460.753599][T13494] ? igmp_netdev_event+0x7b/0x890 [ 460.753617][T13494] ? __pfx_igmp_netdev_event+0x10/0x10 [ 460.753634][T13494] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.753652][T13494] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.753669][T13494] ? ipmr_device_event+0x1bc/0x230 [ 460.753690][T13494] notifier_call_chain+0x99/0x3b0 [ 460.753713][T13494] call_netdevice_notifiers_info+0xbe/0x110 [ 460.753737][T13494] __dev_close_many+0xff/0x700 [ 460.753758][T13494] ? mark_held_locks+0x40/0x70 [ 460.753774][T13494] ? __pfx___dev_close_many+0x10/0x10 [ 460.753799][T13494] ? __local_bh_enable_ip+0x9e/0x120 [ 460.753826][T13494] __dev_change_flags+0x2c1/0x6f0 [ 460.753845][T13494] ? __pfx___dev_change_flags+0x10/0x10 [ 460.753865][T13494] ? __pfx_validate_linkmsg+0x10/0x10 [ 460.753886][T13494] netif_change_flags+0x8d/0x160 [ 460.753905][T13494] do_setlink.isra.0+0x1abb/0x3e50 [ 460.753932][T13494] ? __pfx_do_setlink.isra.0+0x10/0x10 [ 460.754039][T13494] ? __lock_acquire+0x4a5/0x2630 [ 460.754057][T13494] ? __pfx_vprintk_emit+0x10/0x10 [ 460.754088][T13494] ? find_held_lock+0x2b/0x80 [ 460.754109][T13494] ? ___ratelimit+0x77b/0xae0 [ 460.754134][T13494] ? lock_acquire+0x17c/0x330 [ 460.754152][T13494] ? __pfx___might_resched+0x10/0x10 [ 460.754172][T13494] ? rcu_is_watching+0x12/0xc0 [ 460.754191][T13494] ? trace_contention_end+0xd6/0x110 [ 460.754209][T13494] ? __mutex_lock+0x26a/0x1b90 [ 460.754231][T13494] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.754254][T13494] ? rtnl_newlink+0x8bb/0x2380 [ 460.754271][T13494] ? __nla_validate_parse+0x1e7/0x28b0 [ 460.754300][T13494] ? __pfx___mutex_lock+0x10/0x10 [ 460.754328][T13494] ? apparmor_capable+0x1d7/0x4e0 [ 460.754367][T13494] rtnl_newlink+0x11bd/0x2380 [ 460.754394][T13494] ? __pfx_rtnl_newlink+0x10/0x10 [ 460.754412][T13494] ? kasan_quarantine_put+0x104/0x240 [ 460.754427][T13494] ? lockdep_hardirqs_on+0x78/0x100 [ 460.754454][T13494] ? kmem_cache_free+0x143/0x720 [ 460.754479][T13494] ? sk_tx_queue_get+0x119/0x270 [ 460.754508][T13494] ? __lock_acquire+0x4a5/0x2630 [ 460.754525][T13494] ? consume_skb+0xd6/0x110 [ 460.754546][T13494] ? find_held_lock+0x2b/0x80 [ 460.754576][T13494] ? find_held_lock+0x2b/0x80 [ 460.754597][T13494] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 460.754617][T13494] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 460.754637][T13494] ? __pfx_rtnl_newlink+0x10/0x10 [ 460.754658][T13494] rtnetlink_rcv_msg+0x95e/0xe90 [ 460.754681][T13494] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 460.755149][T13494] ? ref_tracker_free+0x37e/0x6c0 [ 460.755173][T13494] netlink_rcv_skb+0x159/0x420 [ 460.755194][T13494] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 460.755215][T13494] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 460.755242][T13494] ? netlink_deliver_tap+0x1ae/0xcc0 [ 460.755264][T13494] netlink_unicast+0x5aa/0x870 [ 460.755286][T13494] ? __pfx_netlink_unicast+0x10/0x10 [ 460.755313][T13494] netlink_sendmsg+0x8b0/0xda0 [ 460.755338][T13494] ? __pfx_netlink_sendmsg+0x10/0x10 [ 460.755361][T13494] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 460.755390][T13494] ____sys_sendmsg+0xa54/0xc30 [ 460.755416][T13494] ? __pfx_____sys_sendmsg+0x10/0x10 [ 460.755449][T13494] ___sys_sendmsg+0x190/0x1e0 [ 460.755474][T13494] ? __pfx____sys_sendmsg+0x10/0x10 [ 460.755528][T13494] __sys_sendmsg+0x170/0x220 [ 460.755549][T13494] ? __pfx___sys_sendmsg+0x10/0x10 [ 460.755573][T13494] ? __pfx_ksys_write+0x10/0x10 [ 460.755595][T13494] __do_fast_syscall_32+0xe3/0x8c0 [ 460.755624][T13494] do_fast_syscall_32+0x32/0x70 [ 460.755639][T13494] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 460.755660][T13494] RIP: 0023:0xf70ad579 [ 460.755675][T13494] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 460.755691][T13494] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 460.755710][T13494] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000600 [ 460.755721][T13494] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 460.755731][T13494] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 460.755741][T13494] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 460.755750][T13494] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 460.755774][T13494] [ 461.323282][T13494] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 461.839419][T12189] usb 5-1: USB disconnect, device number 36 [ 461.891141][T13514] input: syz1 as /devices/virtual/input/input62 [ 461.958512][T13516] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2136'. [ 463.795420][T13558] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2153'. [ 463.801349][T13559] input: syz1 as /devices/virtual/input/input63 [ 463.818725][T13560] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2153'. [ 464.141252][T13570] FAULT_INJECTION: forcing a failure. [ 464.141252][T13570] name failslab, interval 1, probability 0, space 0, times 0 [ 464.145967][T13570] CPU: 0 UID: 0 PID: 13570 Comm: syz.2.2155 Tainted: G L syzkaller #0 PREEMPT(full) [ 464.145992][T13570] Tainted: [L]=SOFTLOCKUP [ 464.145998][T13570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 464.146007][T13570] Call Trace: [ 464.146013][T13570] [ 464.146019][T13570] dump_stack_lvl+0x100/0x190 [ 464.146044][T13570] should_fail_ex.cold+0x5/0xa [ 464.146062][T13570] should_failslab+0xc2/0x120 [ 464.146080][T13570] kmem_cache_alloc_noprof+0x83/0x780 [ 464.146098][T13570] ? __pfx_map_id_range_down+0x10/0x10 [ 464.146115][T13570] ? security_inode_alloc+0x3b/0x2c0 [ 464.146142][T13570] ? security_inode_alloc+0x3b/0x2c0 [ 464.146163][T13570] security_inode_alloc+0x3b/0x2c0 [ 464.146186][T13570] inode_init_always_gfp+0xced/0x1040 [ 464.146205][T13570] alloc_inode+0x8e/0x250 [ 464.146225][T13570] sock_alloc+0x44/0x280 [ 464.146245][T13570] do_accept+0xf9/0x530 [ 464.146267][T13570] ? do_raw_spin_lock+0x128/0x260 [ 464.146285][T13570] ? __pfx_do_accept+0x10/0x10 [ 464.146320][T13570] __sys_accept4+0x108/0x200 [ 464.146333][T13570] ? __pfx___sys_accept4+0x10/0x10 [ 464.146345][T13570] ? fput+0x79/0x100 [ 464.146362][T13570] ? ksys_write+0x1ac/0x250 [ 464.146376][T13570] ? __pfx_ksys_write+0x10/0x10 [ 464.146392][T13570] __ia32_sys_accept4+0x94/0x100 [ 464.146405][T13570] ? lockdep_hardirqs_on+0x78/0x100 [ 464.146427][T13570] __do_fast_syscall_32+0xe3/0x8c0 [ 464.146453][T13570] do_fast_syscall_32+0x32/0x70 [ 464.146466][T13570] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 464.146484][T13570] RIP: 0023:0xf707d579 [ 464.146497][T13570] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 464.146511][T13570] RSP: 002b:00000000f542b50c EFLAGS: 00000292 ORIG_RAX: 000000000000016c [ 464.146527][T13570] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 464.146537][T13570] RDX: 0000000000000000 RSI: 0000000000080000 RDI: 0000000000000000 [ 464.146546][T13570] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 464.146555][T13570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.146564][T13570] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 464.146583][T13570] [ 465.099820][T13577] tmpfs: Bad value for 'grpquota_block_hardlimit' [ 465.379391][T13573] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2156'. [ 465.388686][T13573] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2156'. [ 467.054973][T13614] input: syz1 as /devices/virtual/input/input64 [ 467.525683][T13623] overlayfs: failed to resolve './file1/file0': -2 [ 469.044846][T13643] syz.0.2175 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 469.475920][T13655] binder_alloc: 13654: binder_alloc_buf, no vma [ 469.652231][T13663] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2180'. [ 469.658418][T13663] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2180'. [ 469.708682][T13666] input: syz1 as /devices/virtual/input/input65 [ 470.317466][T13682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2185'. [ 472.221139][T13712] input: syz1 as /devices/virtual/input/input66 [ 472.742440][ T1022] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 472.778057][T13725] binder: 13724:13725 ioctl c0306201 800001c0 returned -22 [ 472.883941][T13729] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2200'. [ 472.930971][ T1022] usb 5-1: Using ep0 maxpacket: 8 [ 472.959615][T13734] xt_socket: unknown flags 0x50 [ 472.993448][ T1022] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 472.997390][ T1022] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 473.000456][ T1022] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 473.006735][ T1022] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 473.026121][ T1022] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 473.035988][ T1022] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 473.041574][ T1022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.073928][ T1022] usbtmc 5-1:16.0: bulk endpoints not found [ 473.151351][T13739] netlink: 'syz.4.2203': attribute type 1 has an invalid length. [ 473.174509][T13739] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 473.360429][T13747] 8021q: adding VLAN 0 to HW filter on device bond1 [ 473.362480][T13747] bond0: (slave bond1): Enslaving as an active interface with an up link [ 473.362648][T13751] netem: change failed [ 473.363315][T13751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2206'. [ 473.465965][T13757] input: syz1 as /devices/virtual/input/input68 [ 474.150478][T13763] wg1 speed is unknown, defaulting to 1000 [ 475.586258][ T24] usb 5-1: USB disconnect, device number 37 [ 475.846602][T13794] input: syz1 as /devices/virtual/input/input69 [ 475.991606][T13798] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2220'. [ 476.184279][T13802] FAULT_INJECTION: forcing a failure. [ 476.184279][T13802] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 476.261002][T13802] CPU: 0 UID: 0 PID: 13802 Comm: syz.3.2221 Tainted: G L syzkaller #0 PREEMPT(full) [ 476.261033][T13802] Tainted: [L]=SOFTLOCKUP [ 476.261039][T13802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 476.261049][T13802] Call Trace: [ 476.261055][T13802] [ 476.261062][T13802] dump_stack_lvl+0x100/0x190 [ 476.261090][T13802] should_fail_ex.cold+0x5/0xa [ 476.261109][T13802] _copy_from_user+0x2e/0xd0 [ 476.261127][T13802] copy_from_buffer+0x7f/0xc0 [ 476.261146][T13802] copy_uabi_to_xstate+0x266/0x650 [ 476.261167][T13802] ? __pfx_copy_uabi_to_xstate+0x10/0x10 [ 476.261189][T13802] ? __fpu_restore_sig+0xa65/0x12f0 [ 476.261205][T13802] ? rcu_is_watching+0x12/0xc0 [ 476.261223][T13802] ? x86_task_fpu+0x5f/0x90 [ 476.261246][T13802] __fpu_restore_sig+0x1043/0x12f0 [ 476.261266][T13802] ? __lock_acquire+0x4a5/0x2630 [ 476.261282][T13802] ? __pfx___fpu_restore_sig+0x10/0x10 [ 476.261300][T13802] ? signal_setup_done+0x2c9/0x5c0 [ 476.261331][T13802] ? __might_fault+0xc5/0x140 [ 476.261359][T13802] fpu__restore_sig+0x151/0x190 [ 476.261378][T13802] ia32_restore_sigcontext+0x450/0x620 [ 476.261398][T13802] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 476.261423][T13802] ? rcu_is_watching+0x12/0xc0 [ 476.261440][T13802] ? _raw_spin_unlock_irq+0x23/0x50 [ 476.261462][T13802] ? lockdep_hardirqs_on+0x78/0x100 [ 476.261488][T13802] __do_compat_sys_rt_sigreturn+0x18c/0x270 [ 476.261509][T13802] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 476.261532][T13802] ? rcu_is_watching+0x12/0xc0 [ 476.261551][T13802] do_int80_emulation+0x141/0x6b0 [ 476.261568][T13802] asm_int80_emulation+0x1a/0x20 [ 476.261583][T13802] RIP: 0023:0xf70ad577 [ 476.261597][T13802] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 [ 476.261611][T13802] RSP: 002b:00000000f549d50c EFLAGS: 00000292 [ 476.261625][T13802] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000080001e80 [ 476.261634][T13802] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000 [ 476.261643][T13802] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 476.261651][T13802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 476.261661][T13802] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 476.261682][T13802] [ 476.466353][T13807] FAULT_INJECTION: forcing a failure. [ 476.466353][T13807] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 476.474297][T13807] CPU: 1 UID: 0 PID: 13807 Comm: syz.4.2224 Tainted: G L syzkaller #0 PREEMPT(full) [ 476.474327][T13807] Tainted: [L]=SOFTLOCKUP [ 476.474333][T13807] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 476.474344][T13807] Call Trace: [ 476.474353][T13807] [ 476.474361][T13807] dump_stack_lvl+0x100/0x190 [ 476.474390][T13807] should_fail_ex.cold+0x5/0xa [ 476.474411][T13807] strncpy_from_user+0x3b/0x2d0 [ 476.474433][T13807] do_getname+0x78/0x390 [ 476.474457][T13807] __ia32_sys_unlinkat+0xa0/0x130 [ 476.474481][T13807] __do_fast_syscall_32+0xe3/0x8c0 [ 476.474510][T13807] do_fast_syscall_32+0x32/0x70 [ 476.474608][T13807] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 476.474632][T13807] RIP: 0023:0xf702d579 [ 476.474648][T13807] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 476.474666][T13807] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 000000000000012d [ 476.474694][T13807] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000380 [ 476.474706][T13807] RDX: 0000000000000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 476.474717][T13807] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 476.474727][T13807] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 476.474738][T13807] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 476.474761][T13807] [ 477.856867][T13835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2235'. [ 478.313079][T13841] input: syz1 as /devices/virtual/input/input70 [ 478.943327][T13851] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2241'. [ 478.988172][T13852] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2241'. [ 480.990494][T13878] input: syz1 as /devices/virtual/input/input71 [ 481.316884][T13865] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 481.398735][T13885] FAULT_INJECTION: forcing a failure. [ 481.398735][T13885] name failslab, interval 1, probability 0, space 0, times 0 [ 481.404611][T13885] CPU: 3 UID: 0 PID: 13885 Comm: syz.3.2252 Tainted: G L syzkaller #0 PREEMPT(full) [ 481.404641][T13885] Tainted: [L]=SOFTLOCKUP [ 481.404663][T13885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 481.404674][T13885] Call Trace: [ 481.404681][T13885] [ 481.404687][T13885] dump_stack_lvl+0x100/0x190 [ 481.404732][T13885] should_fail_ex.cold+0x5/0xa [ 481.404753][T13885] should_failslab+0xc2/0x120 [ 481.404774][T13885] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 481.404793][T13885] ? __alloc_skb+0x156/0x410 [ 481.404808][T13885] ? __alloc_skb+0x35d/0x410 [ 481.404828][T13885] ? __alloc_skb+0x156/0x410 [ 481.404844][T13885] __alloc_skb+0x156/0x410 [ 481.404859][T13885] ? __alloc_skb+0x35d/0x410 [ 481.404874][T13885] ? __pfx___alloc_skb+0x10/0x10 [ 481.404891][T13885] ? netlink_autobind.isra.0+0x90/0x370 [ 481.404919][T13885] netlink_alloc_large_skb+0x69/0x150 [ 481.404939][T13885] netlink_sendmsg+0x680/0xda0 [ 481.404963][T13885] ? __pfx_netlink_sendmsg+0x10/0x10 [ 481.404988][T13885] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 481.405017][T13885] ____sys_sendmsg+0xa54/0xc30 [ 481.405043][T13885] ? __pfx_____sys_sendmsg+0x10/0x10 [ 481.405076][T13885] ___sys_sendmsg+0x190/0x1e0 [ 481.405101][T13885] ? __pfx____sys_sendmsg+0x10/0x10 [ 481.405156][T13885] __sys_sendmsg+0x170/0x220 [ 481.405173][T13885] ? __pfx___sys_sendmsg+0x10/0x10 [ 481.405200][T13885] ? __pfx_ksys_write+0x10/0x10 [ 481.405223][T13885] __do_fast_syscall_32+0xe3/0x8c0 [ 481.405254][T13885] do_fast_syscall_32+0x32/0x70 [ 481.405271][T13885] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 481.405291][T13885] RIP: 0023:0xf70ad579 [ 481.405304][T13885] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 481.405321][T13885] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 481.405339][T13885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480 [ 481.405351][T13885] RDX: 0000000004040800 RSI: 0000000000000000 RDI: 0000000000000000 [ 481.405361][T13885] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 481.405372][T13885] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 481.405382][T13885] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 481.405405][T13885] [ 482.621255][T13896] syz.3.2256 (13896) used greatest stack depth: 18392 bytes left [ 483.064386][T13914] input: syz1 as /devices/virtual/input/input72 [ 484.792746][T13927] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2266'. [ 484.807384][T13927] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2266'. [ 486.133062][T13944] FAULT_INJECTION: forcing a failure. [ 486.133062][T13944] name failslab, interval 1, probability 0, space 0, times 0 [ 486.141035][T13944] CPU: 0 UID: 0 PID: 13944 Comm: syz.3.2272 Tainted: G L syzkaller #0 PREEMPT(full) [ 486.141068][T13944] Tainted: [L]=SOFTLOCKUP [ 486.141075][T13944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 486.141086][T13944] Call Trace: [ 486.141095][T13944] [ 486.141106][T13944] dump_stack_lvl+0x100/0x190 [ 486.141135][T13944] should_fail_ex.cold+0x5/0xa [ 486.141156][T13944] should_failslab+0xc2/0x120 [ 486.141177][T13944] ? tomoyo_encode2+0xfb/0x3c0 [ 486.141197][T13944] __kmalloc_noprof+0xf6/0x9c0 [ 486.141232][T13944] ? tomoyo_encode2+0xfb/0x3c0 [ 486.141251][T13944] tomoyo_encode2+0xfb/0x3c0 [ 486.141272][T13944] ? strlen+0x6d/0xa0 [ 486.141300][T13944] tomoyo_encode+0x29/0x50 [ 486.141320][T13944] tomoyo_realpath_from_path+0x18c/0x690 [ 486.141348][T13944] tomoyo_path_number_perm+0x23c/0x580 [ 486.141365][T13944] ? tomoyo_path_number_perm+0x22e/0x580 [ 486.141384][T13944] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 486.141428][T13944] ? find_held_lock+0x2b/0x80 [ 486.141451][T13944] ? hook_file_ioctl_common+0x146/0x410 [ 486.141470][T13944] ? __fget_files+0x215/0x3d0 [ 486.141492][T13944] ? __fget_files+0x21f/0x3d0 [ 486.141514][T13944] security_file_ioctl_compat+0xd3/0x230 [ 486.141535][T13944] __ia32_compat_sys_ioctl+0xc2/0x360 [ 486.141563][T13944] __do_fast_syscall_32+0xe3/0x8c0 [ 486.141662][T13944] do_fast_syscall_32+0x32/0x70 [ 486.141785][T13944] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 486.141811][T13944] RIP: 0023:0xf70ad579 [ 486.141826][T13944] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 486.141843][T13944] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 486.141862][T13944] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000008b22 [ 486.141873][T13944] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 486.141884][T13944] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 486.141894][T13944] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 486.141905][T13944] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 486.141929][T13944] [ 486.141955][T13944] ERROR: Out of memory at tomoyo_realpath_from_path. [ 486.407118][T13936] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 486.488506][T13948] input: syz1 as /devices/virtual/input/input73 [ 486.495285][T13952] netlink: 'syz.0.2276': attribute type 1 has an invalid length. [ 486.503365][T13952] netlink: 'syz.0.2276': attribute type 2 has an invalid length. [ 486.576918][T13952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2276'. [ 487.239900][ T1022] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 487.411022][ T1022] usb 5-1: Using ep0 maxpacket: 8 [ 487.418240][ T1022] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 487.430685][ T1022] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 487.436804][ T1022] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 487.442513][ T1022] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 487.447504][ T1022] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 487.453883][ T1022] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 487.462850][ T1022] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 487.468389][ T1022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.518303][ T1022] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 488.477844][T13980] wg1 speed is unknown, defaulting to 1000 [ 488.629188][T13977] syz.3.2282 (13977): drop_caches: 2 [ 489.977919][ T60] usb 5-1: USB disconnect, device number 38 [ 490.948518][T13990] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2285'. [ 491.142214][T13992] bond5: option ad_actor_sys_prio: invalid value (0) [ 491.144595][T13992] bond5: option ad_actor_sys_prio: allowed values 1 - 65535 [ 491.157778][T13992] bond5 (unregistering): Released all slaves [ 492.080168][T14004] input: syz1 as /devices/virtual/input/input74 [ 493.216614][T14012] syzkaller0: entered promiscuous mode [ 493.219451][T14012] syzkaller0: entered allmulticast mode [ 493.698718][T14020] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 493.736841][T14020] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 493.740759][T14020] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 493.968487][T14030] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2296'. [ 494.670333][T14040] input: syz1 as /devices/virtual/input/input75 [ 495.286961][T14047] syzkaller0: entered promiscuous mode [ 495.297615][T14047] syzkaller0: entered allmulticast mode [ 495.596819][ T24] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 495.837162][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 495.841954][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 495.846336][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 495.854112][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 495.865857][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 495.885624][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 495.894510][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.099009][T14057] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2305'. [ 496.207685][ T24] usb 5-1: GET_CAPABILITIES returned 0 [ 496.210225][ T24] usbtmc 5-1:16.0: can't read capabilities [ 496.428142][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.443423][ C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.492707][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.506442][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.511575][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.517581][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.527360][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.532929][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.537186][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.542931][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.557426][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.563228][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.574146][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.579680][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.590027][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.596012][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 496.618887][T14064] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 496.634177][ T829] usb 5-1: USB disconnect, device number 39 [ 496.641066][T14064] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 496.680723][T14064] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 497.618311][T14074] input: syz1 as /devices/virtual/input/input76 [ 497.991210][T12963] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 498.179762][T12963] usb 5-1: Using ep0 maxpacket: 32 [ 498.205852][T12963] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 498.233201][T12963] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 498.237817][T12963] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.250477][T12963] usb 5-1: Product: syz [ 498.255520][T12963] usb 5-1: Manufacturer: syz [ 498.262146][T12963] usb 5-1: SerialNumber: syz [ 498.290987][T14069] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 498.367454][T14083] wg1 speed is unknown, defaulting to 1000 [ 498.634105][T12963] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 498.691215][T12963] usb 5-1: USB disconnect, device number 40 [ 500.385749][T14097] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2314'. [ 500.703737][T14101] netlink: 'syz.3.2316': attribute type 1 has an invalid length. [ 500.841481][T14103] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2317'. [ 502.386903][T14111] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 502.476638][T14111] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 502.745527][T14111] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 502.758653][T14111] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 502.764972][T14111] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 502.806839][T14109] wg1 speed is unknown, defaulting to 1000 [ 503.054397][T14109] chnl_net:caif_netlink_parms(): no params data found [ 503.316226][T14109] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.341980][T14109] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.347170][T14109] bridge_slave_0: entered allmulticast mode [ 503.380660][T14109] bridge_slave_0: entered promiscuous mode [ 503.408049][T14109] bridge0: port 2(bridge_slave_1) entered blocking state [ 503.431124][T14109] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.434201][T14109] bridge_slave_1: entered allmulticast mode [ 503.439373][T14109] bridge_slave_1: entered promiscuous mode [ 503.452774][T14129] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2323'. [ 503.504374][T14131] FAULT_INJECTION: forcing a failure. [ 503.504374][T14131] name failslab, interval 1, probability 0, space 0, times 0 [ 503.510797][T14131] CPU: 2 UID: 0 PID: 14131 Comm: syz.2.2324 Tainted: G L syzkaller #0 PREEMPT(full) [ 503.510844][T14131] Tainted: [L]=SOFTLOCKUP [ 503.510851][T14131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 503.510863][T14131] Call Trace: [ 503.510872][T14131] [ 503.510883][T14131] dump_stack_lvl+0x100/0x190 [ 503.510918][T14131] should_fail_ex.cold+0x5/0xa [ 503.510939][T14131] should_failslab+0xc2/0x120 [ 503.510960][T14131] __kmalloc_node_noprof+0xfb/0x9e0 [ 503.510979][T14131] ? __get_vm_area_node+0x1dc/0x330 [ 503.511002][T14131] ? __vmalloc_node_range_noprof+0x3dc/0x1530 [ 503.511030][T14131] ? __vmalloc_node_range_noprof+0x3dc/0x1530 [ 503.511053][T14131] __vmalloc_node_range_noprof+0x3dc/0x1530 [ 503.511083][T14131] ? bpf_prog_alloc_no_stats+0x58/0x640 [ 503.511103][T14131] ? __lock_acquire+0x4a5/0x2630 [ 503.511126][T14131] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 503.511161][T14131] ? bpf_prog_alloc_no_stats+0x58/0x640 [ 503.511178][T14131] __vmalloc_node_noprof+0xad/0xf0 [ 503.511201][T14131] ? bpf_prog_alloc_no_stats+0x58/0x640 [ 503.511222][T14131] __vmalloc_noprof+0xa3/0x120 [ 503.511245][T14131] ? __pfx___vmalloc_noprof+0x10/0x10 [ 503.511266][T14131] ? is_bpf_text_address+0x94/0x1a0 [ 503.511357][T14131] ? apparmor_capable+0x1d7/0x4e0 [ 503.511402][T14131] bpf_prog_alloc_no_stats+0x58/0x640 [ 503.511422][T14131] ? security_capable+0x80/0x260 [ 503.511524][T14131] bpf_prog_alloc+0x3b/0x200 [ 503.511542][T14131] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 503.511565][T14131] bpf_prog_load+0x494/0x2c20 [ 503.511585][T14131] ? _parse_integer_limit+0x17f/0x1d0 [ 503.511613][T14131] ? __pfx_bpf_prog_load+0x10/0x10 [ 503.511633][T14131] ? __lock_acquire+0x4a5/0x2630 [ 503.511690][T14131] __sys_bpf+0x223a/0x4b90 [ 503.511719][T14131] ? __pfx___sys_bpf+0x10/0x10 [ 503.511743][T14131] ? proc_fail_nth_write+0x9f/0x220 [ 503.511762][T14131] ? find_held_lock+0x2b/0x80 [ 503.511791][T14131] ? find_held_lock+0x2b/0x80 [ 503.511814][T14131] ? ksys_write+0x190/0x250 [ 503.511836][T14131] ? __mutex_unlock_slowpath+0x15c/0x790 [ 503.511879][T14131] ? fput+0x79/0x100 [ 503.511900][T14131] ? ksys_write+0x1ac/0x250 [ 503.511921][T14131] __ia32_sys_bpf+0x79/0xf0 [ 503.511946][T14131] ? lockdep_hardirqs_on+0x78/0x100 [ 503.511972][T14131] __do_fast_syscall_32+0xe3/0x8c0 [ 503.512002][T14131] do_fast_syscall_32+0x32/0x70 [ 503.512019][T14131] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 503.512044][T14131] RIP: 0023:0xf707d579 [ 503.512061][T14131] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 503.512077][T14131] RSP: 002b:00000000f546d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 503.512095][T14131] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000380 [ 503.512106][T14131] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 503.512117][T14131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 503.512128][T14131] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 503.512138][T14131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 503.512163][T14131] [ 503.512517][T14109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 503.541472][T14131] syz.2.2324: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 503.553519][T14109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 503.555316][T14131] ,cpuset= [ 503.625228][T14109] team0: Port device team_slave_0 added [ 503.626843][T14131] / [ 503.733253][T14109] team0: Port device team_slave_1 added [ 503.737737][T14131] ,mems_allowed=0-1 [ 503.766180][T14131] CPU: 2 UID: 0 PID: 14131 Comm: syz.2.2324 Tainted: G L syzkaller #0 PREEMPT(full) [ 503.766212][T14131] Tainted: [L]=SOFTLOCKUP [ 503.766219][T14131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 503.766231][T14131] Call Trace: [ 503.766238][T14131] [ 503.766246][T14131] dump_stack_lvl+0x100/0x190 [ 503.766278][T14131] warn_alloc.cold+0x95/0x1c1 [ 503.766310][T14131] ? __pfx_warn_alloc+0x10/0x10 [ 503.766346][T14131] ? rcu_is_watching+0x12/0xc0 [ 503.766369][T14131] ? trace_kmalloc+0x83/0xb0 [ 503.766388][T14131] ? __kmalloc_node_noprof+0x375/0x9e0 [ 503.766414][T14131] ? __get_vm_area_node+0x1dc/0x330 [ 503.766438][T14131] ? __vmalloc_node_range_noprof+0x3dc/0x1530 [ 503.766469][T14131] __vmalloc_node_range_noprof+0x1275/0x1530 [ 503.766501][T14131] ? bpf_prog_alloc_no_stats+0x58/0x640 [ 503.766522][T14131] ? __lock_acquire+0x4a5/0x2630 [ 503.766546][T14131] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 503.766586][T14131] ? bpf_prog_alloc_no_stats+0x58/0x640 [ 503.766606][T14131] __vmalloc_node_noprof+0xad/0xf0 [ 503.766631][T14131] ? bpf_prog_alloc_no_stats+0x58/0x640 [ 503.766655][T14131] __vmalloc_noprof+0xa3/0x120 [ 503.766680][T14131] ? __pfx___vmalloc_noprof+0x10/0x10 [ 503.766705][T14131] ? is_bpf_text_address+0x94/0x1a0 [ 503.766729][T14131] ? apparmor_capable+0x1d7/0x4e0 [ 503.766762][T14131] bpf_prog_alloc_no_stats+0x58/0x640 [ 503.766782][T14131] ? security_capable+0x80/0x260 [ 503.766812][T14131] bpf_prog_alloc+0x3b/0x200 [ 503.766832][T14131] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 503.766862][T14131] bpf_prog_load+0x494/0x2c20 [ 503.766886][T14131] ? _parse_integer_limit+0x17f/0x1d0 [ 503.766918][T14131] ? __pfx_bpf_prog_load+0x10/0x10 [ 503.766939][T14131] ? __lock_acquire+0x4a5/0x2630 [ 503.766986][T14131] __sys_bpf+0x223a/0x4b90 [ 503.767017][T14131] ? __pfx___sys_bpf+0x10/0x10 [ 503.767043][T14131] ? proc_fail_nth_write+0x9f/0x220 [ 503.767064][T14131] ? find_held_lock+0x2b/0x80 [ 503.767093][T14131] ? find_held_lock+0x2b/0x80 [ 503.767117][T14131] ? ksys_write+0x190/0x250 [ 503.767141][T14131] ? __mutex_unlock_slowpath+0x15c/0x790 [ 503.767187][T14131] ? fput+0x79/0x100 [ 503.767211][T14131] ? ksys_write+0x1ac/0x250 [ 503.767232][T14131] __ia32_sys_bpf+0x79/0xf0 [ 503.767258][T14131] ? lockdep_hardirqs_on+0x78/0x100 [ 503.767313][T14131] __do_fast_syscall_32+0xe3/0x8c0 [ 503.767346][T14131] do_fast_syscall_32+0x32/0x70 [ 503.767364][T14131] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 503.767388][T14131] RIP: 0023:0xf707d579 [ 503.767405][T14131] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 503.767431][T14131] RSP: 002b:00000000f546d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 503.767480][T14131] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000380 [ 503.767492][T14131] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 503.767504][T14131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 503.767515][T14131] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 503.767527][T14131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 503.767553][T14131] [ 503.767561][T14131] Mem-Info: [ 503.847236][T14109] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.856281][T14131] active_anon:17290 inactive_anon:6318 isolated_anon:0 [ 503.856281][T14131] active_file:8371 inactive_file:16546 isolated_file:0 [ 503.856281][T14131] unevictable:1768 dirty:37 writeback:0 [ 503.856281][T14131] slab_reclaimable:6366 slab_unreclaimable:57856 [ 503.856281][T14131] mapped:35160 shmem:20340 pagetables:1594 [ 503.856281][T14131] sec_pagetables:319 bounce:0 [ 503.856281][T14131] kernel_misc_reclaimable:0 [ 503.856281][T14131] free:50412 free_pcp:9854 free_cma:0 [ 503.870926][T14109] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 503.902243][T14131] Node 0 active_anon:4kB inactive_anon:60kB active_file:16kB inactive_file:28kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:8kB writeback:0kB shmem:3632kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9844kB pagetables:2120kB sec_pagetables:1156kB all_unreclaimable? yes Balloon:0kB [ 503.931538][T14109] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.951130][T14131] Node 1 active_anon:70196kB inactive_anon:25212kB active_file:33468kB inactive_file:66156kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:140620kB dirty:140kB writeback:0kB shmem:78708kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4324kB pagetables:4224kB sec_pagetables:120kB all_unreclaimable? no Balloon:0kB [ 503.951222][T14131] Node 0 DMA free:2352kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:136kB local_pcp:0kB free_cma:0kB [ 503.951815][T14131] lowmem_reserve[]: 0 285 285 285 285 [ 503.951851][T14131] Node 0 DMA32 free:19448kB boost:4096kB min:17200kB low:20476kB high:23752kB reserved_highatomic:2048KB free_highatomic:484KB active_anon:4kB inactive_anon:60kB active_file:16kB inactive_file:28kB unevictable:3536kB writepending:8kB zspages:0kB present:1032196kB managed:292540kB mlocked:0kB bounce:0kB free_pcp:9980kB local_pcp:2172kB free_cma:0kB [ 503.951939][T14131] lowmem_reserve[]: 0 0 0 0 0 [ 503.952009][T14131] Node 1 DMA32 free:178816kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:70196kB inactive_anon:25212kB active_file:33468kB inactive_file:66156kB unevictable:3536kB writepending:140kB zspages:4044kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:29152kB local_pcp:12044kB free_cma:0kB [ 503.952097][T14131] lowmem_reserve[]: 0 0 0 0 0 [ 503.952168][T14131] Node 0 DMA: 34*4kB (UM) 11*8kB (UM) 3*16kB (U) 9*32kB (UM) 2*64kB (UM) 1*128kB (M) 2*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2352kB [ 503.952377][T14131] Node 0 DMA32: 102*4kB (UH) 312*8kB (UEH) 158*16kB (UMEH) 120*32kB (UMEH) 63*64kB (UME) 28*128kB (UME) 4*256kB (UM) 3*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 19448kB [ 503.952995][T14131] Node 1 DMA32: 1126*4kB (UME) 2404*8kB (UME) 1406*16kB (UME) 184*32kB (UME) 129*64kB (UME) 76*128kB (UE) 72*256kB (UE) 72*512kB (UE) 32*1024kB (U) 8*2048kB (U) 1*4096kB (U) = 178648kB [ 503.953559][T14131] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 503.953750][T14131] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 503.953764][T14131] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 503.953777][T14131] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 503.953929][T14131] 46466 total pagecache pages [ 503.953936][T14131] 941 pages in swap cache [ 503.953943][T14131] Free swap = 110156kB [ 503.953950][T14131] Total swap = 124996kB [ 503.953958][T14131] 524155 pages RAM [ 503.953965][T14131] 0 pages HighMem/MovableOnly [ 503.954108][T14131] 210127 pages reserved [ 503.954116][T14131] 0 pages cma reserved [ 504.515858][T14133] syzkaller1: entered promiscuous mode [ 504.519122][T14133] syzkaller1: entered allmulticast mode [ 504.841374][T14111] Bluetooth: hci1: command tx timeout [ 504.853710][T14109] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 504.882953][T14109] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 504.924498][T14109] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 504.989878][T14109] hsr_slave_0: entered promiscuous mode [ 504.993998][T14109] hsr_slave_1: entered promiscuous mode [ 504.997421][T14109] debugfs: 'hsr0' already exists in 'hsr' [ 505.007311][T14109] Cannot create hsr debugfs directory [ 505.339261][T14109] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 505.354657][T14109] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 505.362508][T14109] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 505.399123][T14109] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 505.593992][T14109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 505.627025][T14109] 8021q: adding VLAN 0 to HW filter on device team0 [ 505.680904][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 505.684612][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 505.728669][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.742343][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 505.820931][T14109] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 506.145288][T14109] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 506.197904][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.201888][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.211838][T14161] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2331'. [ 506.695082][T14109] veth0_vlan: entered promiscuous mode [ 506.720680][T14109] veth1_vlan: entered promiscuous mode [ 506.823403][T14109] veth0_macvtap: entered promiscuous mode [ 506.835248][T14109] veth1_macvtap: entered promiscuous mode [ 506.882986][T14109] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 506.918269][T14109] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 507.450789][T14175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2334'. [ 507.501234][T14178] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2334'. [ 522.483419][ T1416] ================================================================== [ 522.486786][ T1416] BUG: KASAN: slab-use-after-free in handle_tx+0x5c2/0x620 [ 522.489667][ T1416] Read of size 1 at addr ffff888072277490 by task aoe_tx0/1416 [ 522.504756][ T1416] [ 522.506022][ T1416] CPU: 2 UID: 0 PID: 1416 Comm: aoe_tx0 Tainted: G L syzkaller #0 PREEMPT(full) [ 522.506051][ T1416] Tainted: [L]=SOFTLOCKUP [ 522.506056][ T1416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 522.506066][ T1416] Call Trace: [ 522.506074][ T1416] [ 522.506083][ T1416] dump_stack_lvl+0x100/0x190 [ 522.506110][ T1416] print_report+0x156/0x4c9 [ 522.506132][ T1416] ? __virt_addr_valid+0x81/0x620 [ 522.506149][ T1416] ? __phys_addr+0xe8/0x180 [ 522.506167][ T1416] ? handle_tx+0x5c2/0x620 [ 522.506185][ T1416] kasan_report+0xdf/0x1a0 [ 522.506203][ T1416] ? handle_tx+0x5c2/0x620 [ 522.506222][ T1416] handle_tx+0x5c2/0x620 [ 522.506242][ T1416] dev_hard_start_xmit+0x127/0x6c0 [ 522.506269][ T1416] __dev_queue_xmit+0x6dd/0x46f0 [ 522.506295][ T1416] ? finish_task_switch.isra.0+0x205/0xb80 [ 522.506318][ T1416] ? __pfx___dev_queue_xmit+0x10/0x10 [ 522.506344][ T1416] ? __lock_acquire+0x4a5/0x2630 [ 522.506359][ T1416] ? ref_tracker_free+0x37e/0x6c0 [ 522.506379][ T1416] ? do_raw_spin_lock+0x128/0x260 [ 522.506400][ T1416] ? tx+0xa4/0x130 [ 522.506424][ T1416] ? rcu_is_watching+0x12/0xc0 [ 522.506445][ T1416] ? __pfx_tx+0x10/0x10 [ 522.506465][ T1416] tx+0xc4/0x130 [ 522.506485][ T1416] kthread+0x1d8/0x3c0 [ 522.506513][ T1416] ? __kthread_parkme+0xbb/0x230 [ 522.506536][ T1416] ? __pfx_kthread+0x10/0x10 [ 522.506555][ T1416] ? rcu_is_watching+0x12/0xc0 [ 522.506572][ T1416] ? __pfx_default_wake_function+0x10/0x10 [ 522.506595][ T1416] ? __kthread_parkme+0x18c/0x230 [ 522.506619][ T1416] ? kthread+0x13a/0x450 [ 522.506635][ T1416] ? __pfx_kthread+0x10/0x10 [ 522.506652][ T1416] kthread+0x370/0x450 [ 522.506667][ T1416] ? __pfx_kthread+0x10/0x10 [ 522.506683][ T1416] ret_from_fork+0x754/0xd80 [ 522.506703][ T1416] ? __pfx_ret_from_fork+0x10/0x10 [ 522.506722][ T1416] ? __switch_to+0x7b9/0x10c0 [ 522.506736][ T1416] ? __pfx_kthread+0x10/0x10 [ 522.506751][ T1416] ret_from_fork_asm+0x1a/0x30 [ 522.506773][ T1416] [ 522.506779][ T1416] [ 522.674070][ T1416] Allocated by task 7949: [ 522.677371][ T1416] kasan_save_stack+0x30/0x50 [ 522.682520][ T1416] kasan_save_track+0x14/0x30 [ 522.686465][ T1416] __kasan_kmalloc+0xaa/0xb0 [ 522.690321][ T1416] alloc_tty_struct+0x96/0x8c0 [ 522.694065][ T1416] tty_init_dev.part.0+0x20/0x470 [ 522.696600][ T1416] tty_open+0xa63/0xfa0 [ 522.699616][ T1416] chrdev_open+0x234/0x6a0 [ 522.703790][ T1416] do_dentry_open+0x6d8/0x1660 [ 522.711331][ T1416] vfs_open+0x82/0x3f0 [ 522.716335][ T1416] path_openat+0x208c/0x31a0 [ 522.719906][ T1416] do_file_open+0x20e/0x430 [ 522.722845][ T1416] do_sys_openat2+0x10d/0x1e0 [ 522.727945][ T1416] __ia32_compat_sys_openat+0x12d/0x210 [ 522.733400][ T1416] __do_fast_syscall_32+0xe3/0x8c0 [ 522.737628][ T1416] do_fast_syscall_32+0x32/0x70 [ 522.741343][ T1416] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 522.746178][ T1416] [ 522.748604][ T1416] Freed by task 34: [ 522.752298][ T1416] kasan_save_stack+0x30/0x50 [ 522.755717][ T1416] kasan_save_track+0x14/0x30 [ 522.760399][ T1416] kasan_save_free_info+0x3b/0x70 [ 522.763548][ T1416] __kasan_slab_free+0x5f/0x80 [ 522.766322][ T1416] kfree+0x1c7/0x690 [ 522.769187][ T1416] process_one_work+0x9c2/0x1840 [ 522.773243][ T1416] worker_thread+0x5da/0xe40 [ 522.777735][ T1416] kthread+0x370/0x450 [ 522.779483][ T1416] ret_from_fork+0x754/0xd80 [ 522.783303][ T1416] ret_from_fork_asm+0x1a/0x30 [ 522.787216][ T1416] [ 522.789745][ T1416] Last potentially related work creation: [ 522.792022][ T1416] kasan_save_stack+0x30/0x50 [ 522.796661][ T1416] kasan_record_aux_stack+0xa7/0xc0 [ 522.801658][ T1416] insert_work+0x36/0x230 [ 522.806224][ T1416] __queue_work+0x96f/0x10f0 [ 522.809796][ T1416] queue_work_on+0x180/0x1e0 [ 522.812908][ T1416] release_tty+0x4f3/0x5f0 [ 522.816624][ T1416] tty_release_struct+0xb7/0xe0 [ 522.820642][ T1416] tty_release+0xd7a/0x1300 [ 522.824495][ T1416] __fput+0x3ff/0xb40 [ 522.829533][ T1416] task_work_run+0x150/0x240 [ 522.835047][ T1416] do_exit+0x829/0x2a30 [ 522.838710][ T1416] do_group_exit+0xd5/0x2a0 [ 522.841102][ T1416] get_signal+0x1ec7/0x21e0 [ 522.843550][ T1416] arch_do_signal_or_restart+0x91/0x770 [ 522.846890][ T1416] exit_to_user_mode_loop+0x86/0x4a0 [ 522.850500][ T1416] do_int80_emulation+0x4b8/0x6b0 [ 522.853351][ T1416] asm_int80_emulation+0x1a/0x20 [ 522.856941][ T1416] [ 522.858764][ T1416] The buggy address belongs to the object at ffff888072277000 [ 522.858764][ T1416] which belongs to the cache kmalloc-cg-2k of size 2048 [ 522.865665][ T1416] The buggy address is located 1168 bytes inside of [ 522.865665][ T1416] freed 2048-byte region [ffff888072277000, ffff888072277800) [ 522.875999][ T1416] [ 522.877908][ T1416] The buggy address belongs to the physical page: [ 522.883133][ T1416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72270 [ 522.890816][ T1416] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 522.897828][ T1416] memcg:ffff88806f86d881 [ 522.901208][ T1416] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 522.905582][ T1416] page_type: f5(slab) [ 522.907162][ T1416] raw: 04fff00000000040 ffff88801b84c140 0000000000000000 dead000000000001 [ 522.911956][ T1416] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88806f86d881 [ 522.916159][ T1416] head: 04fff00000000040 ffff88801b84c140 0000000000000000 dead000000000001 [ 522.921439][ T1416] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88806f86d881 [ 522.927907][ T1416] head: 04fff00000000003 ffffea0001c89c01 00000000ffffffff 00000000ffffffff [ 522.934477][ T1416] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 522.940846][ T1416] page dumped because: kasan: bad access detected [ 522.944352][ T1416] page_owner tracks the page as allocated [ 522.946967][ T1416] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7579, tgid 7577 (syz.3.435), ts 113616608017, free_ts 96492431737 [ 522.958365][ T1416] post_alloc_hook+0x1e1/0x250 [ 522.961280][ T1416] get_page_from_freelist+0x111d/0x3140 [ 522.965992][ T1416] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 522.970496][ T1416] alloc_pages_mpol+0x1fb/0x550 [ 522.973663][ T1416] new_slab+0x2c4/0x440 [ 522.976366][ T1416] ___slab_alloc+0xdb3/0x1cb0 [ 522.979136][ T1416] __slab_alloc.isra.0+0x63/0x110 [ 522.982132][ T1416] __kmalloc_noprof+0x618/0x9c0 [ 522.985561][ T1416] __register_sysctl_table+0xac/0x1650 [ 522.988767][ T1416] sctp_sysctl_net_register+0x15e/0x200 [ 522.991460][ T1416] sctp_defaults_init+0x6d2/0xd90 [ 522.995676][ T1416] ops_init+0x1e2/0x5f0 [ 522.997653][ T1416] setup_net+0x118/0x3a0 [ 522.999288][ T1416] copy_net_ns+0x46f/0x7c0 [ 523.001191][ T1416] create_new_namespaces+0x3ea/0xac0 [ 523.003526][ T1416] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 523.008155][ T1416] page last free pid 46 tgid 46 stack trace: [ 523.012448][ T1416] free_unref_folios+0xb2a/0x1760 [ 523.016518][ T1416] folios_put_refs+0x53c/0x840 [ 523.020791][ T1416] release_pages+0x29e/0x4a0 [ 523.024589][ T1416] io_free_region+0x23e/0x2a0 [ 523.030435][ T1416] io_ring_exit_work+0x9f4/0xcdb [ 523.034311][ T1416] process_one_work+0x9c2/0x1840 [ 523.038728][ T1416] worker_thread+0x5da/0xe40 [ 523.041595][ T1416] kthread+0x370/0x450 [ 523.044164][ T1416] ret_from_fork+0x754/0xd80 [ 523.046719][ T1416] ret_from_fork_asm+0x1a/0x30 [ 523.050083][ T1416] [ 523.051476][ T1416] Memory state around the buggy address: [ 523.053903][ T1416] ffff888072277380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 523.058715][ T1416] ffff888072277400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 523.063722][ T1416] >ffff888072277480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 523.068321][ T1416] ^ [ 523.070072][ T1416] ffff888072277500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 523.073142][ T1416] ffff888072277580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 523.076291][ T1416] ================================================================== [ 523.079413][ T1416] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 523.082543][ T1416] CPU: 2 UID: 0 PID: 1416 Comm: aoe_tx0 Tainted: G L syzkaller #0 PREEMPT(full) [ 523.087888][ T1416] Tainted: [L]=SOFTLOCKUP [ 523.090450][ T1416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 523.094616][ T1416] Call Trace: [ 523.095948][ T1416] [ 523.097078][ T1416] dump_stack_lvl+0x100/0x190 [ 523.098893][ T1416] vpanic+0x20d/0x630 [ 523.100449][ T1416] panic+0xd1/0xd1 [ 523.102093][ T1416] ? __pfx_panic+0x10/0x10 [ 523.104056][ T1416] ? check_panic_on_warn+0x1f/0x90 [ 523.106306][ T1416] check_panic_on_warn.cold+0x19/0x34 [ 523.108835][ T1416] end_report.part.0+0x3a/0x90 [ 523.111253][ T1416] kasan_report.cold+0xe/0x18 [ 523.115090][ T1416] ? handle_tx+0x5c2/0x620 [ 523.118725][ T1416] handle_tx+0x5c2/0x620 [ 523.122363][ T1416] dev_hard_start_xmit+0x127/0x6c0 [ 523.125099][ T1416] __dev_queue_xmit+0x6dd/0x46f0 [ 523.129304][ T1416] ? finish_task_switch.isra.0+0x205/0xb80 [ 523.131861][ T1416] ? __pfx___dev_queue_xmit+0x10/0x10 [ 523.134851][ T1416] ? __lock_acquire+0x4a5/0x2630 [ 523.136951][ T1416] ? ref_tracker_free+0x37e/0x6c0 [ 523.139036][ T1416] ? do_raw_spin_lock+0x128/0x260 [ 523.141907][ T1416] ? tx+0xa4/0x130 [ 523.143611][ T1416] ? rcu_is_watching+0x12/0xc0 [ 523.145809][ T1416] ? __pfx_tx+0x10/0x10 [ 523.148256][ T1416] tx+0xc4/0x130 [ 523.150281][ T1416] kthread+0x1d8/0x3c0 [ 523.152319][ T1416] ? __kthread_parkme+0xbb/0x230 [ 523.154515][ T1416] ? __pfx_kthread+0x10/0x10 [ 523.157786][ T1416] ? rcu_is_watching+0x12/0xc0 [ 523.160412][ T1416] ? __pfx_default_wake_function+0x10/0x10 [ 523.182759][ T1416] ? __kthread_parkme+0x18c/0x230 [ 523.186062][ T1416] ? kthread+0x13a/0x450 [ 523.191512][ T1416] ? __pfx_kthread+0x10/0x10 [ 523.193444][ T1416] kthread+0x370/0x450 [ 523.203431][ T1416] ? __pfx_kthread+0x10/0x10 [ 523.205360][ T1416] ret_from_fork+0x754/0xd80 [ 523.214997][ T1416] ? __pfx_ret_from_fork+0x10/0x10 [ 523.218528][ T1416] ? __switch_to+0x7b9/0x10c0 [ 523.221682][ T1416] ? __pfx_kthread+0x10/0x10 [ 523.227126][ T1416] ret_from_fork_asm+0x1a/0x30 [ 523.229244][ T1416] [ 523.231823][ T1416] Kernel Offset: disabled [ 523.233706][ T1416] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:37:43 Registers: info registers vcpu 0 CPU#0 RAX=0000000000527939 RBX=ffffffff8e2975c0 RCX=ffffffff8b783c75 RDX=0000000000000000 RSI=ffffffff8dc4df07 RDI=ffffffff8bfa8fa0 RBP=0000000000000000 RSP=ffffffff8e207e00 R8 =0000000000000001 R9 =ffffed1005646755 R10=ffff88802b233aab R11=0000000000000000 R12=fffffbfff1c52eb8 R13=0000000000000000 R14=ffffffff90b7fbd0 R15=0000000000000000 RIP=ffffffff8b7825df RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880973bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000573024ec CR3=000000000e396000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fec4e000 Opmask01=0000000000000000 Opmask02=00000000ffff7fdf Opmask03=0000000000080040 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3ff8c238a6e0b5b1 d313708f1d833a3e ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 49dfc28a6bad5d41 ea0a7dbfc49f947d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 21880cab427012ce f2f9db5822bc3aa1 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8dbf7e9a33c28f81 bc561650fd0dc4ee ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 00000000000000b4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000034 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 931af7e219ad0561 30cf65d243123fd8 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 bb6a7a30fb820bd4 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 368bac003747843e 92e010b835bda53b ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ec05b9c400000000 9725509cae59e995 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9ab000b8a98b19aa c4cfcf4293e63aa8 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0b89d9d3f593bdad fc4691a6fccc9498 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3274726f702d3162 73752f302e313a30 2d312f316273752f 302e64313a30303a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 005600051f40494c 43055c5155484005 424b4c55554c4e53 004057005b1a0f00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 303030302f30303a 303030306963702f 736563697665642f 3d54524f505f544e ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001d1 0000000000305f65 6b69727473726564 6e7568742f796c70 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a302e30312d3533 712d63707276703a 29393030322c3948 43492b3533512843 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 50647261646e6174 536e703a554d4551 6e76733a302e3072 623a343130322f31 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302f343064623a32 2d332e36312e312d 6e61696265642d33 2e36312e31727662 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00004d203a504550 0000000000000021 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff8880692a35d8 RCX=ffffffff823fc0e3 RDX=0000000000000000 RSI=ffffffff8dd3eb21 RDI=ffffffff8bfa8fa0 RBP=ffffffff823fc0c0 RSP=ffffc9000684f2f0 R8 =0000000000000001 R9 =0000000000001000 R10=ffff88804facf9c2 R11=0000000000000000 R12=ffff888020acc900 R13=0000000000000002 R14=0000000000000287 R15=000000000000000c RIP=ffffffff8b7843f0 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f713fa70 CR3=000000000e396000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000770058 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffff0f0e0d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000043 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff856b5715 RDI=ffffffff9b218320 RBP=ffffffff9b2182e0 RSP=ffffc90007b6f410 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552032203a555043 R12=0000000000000000 R13=0000000000000043 R14=0000000000000010 R15=ffffffff856b56b0 RIP=ffffffff856b573f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 000fffff 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 000fffff 00400000 DS =0000 0000000000000000 000fffff 00000000 FS =0000 0000000000000000 000fffff 00000000 GS =0000 ffff8880975bf000 000fffff 00000000 LDT=0000 0000000000000000 000fffff 00000000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7faa190 CR3=000000000e396000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffffea0001901800 RCX=ffffffff82550955 RDX=ffff8880279a2480 RSI=ffffffff8255099e RDI=ffff8880279a2480 RBP=0000000000000130 RSP=ffffc90003b4f5c8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000001 R13=ffffea0001901800 R14=ffff8880239f0680 R15=8000000064060007 RIP=ffffffff82068fff RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7405000 CR3=000000000e396000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000770058 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffff0f0e0d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000