last executing test programs: 2.627175278s ago: executing program 1 (id=1218): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x400}]}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r3) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x1c, r4, 0x1, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_PROBE_CLIENT(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000012c0)={&(0x7f0000000200)={0x58, r4, 0x4, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x58}}, 0x80) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r7}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) memfd_secret(0x0) socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r12, &(0x7f0000000180)=ANY=[@ANYRES64=r11], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r12, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0}) io_uring_enter(r8, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r13 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x40202, 0x0) ioctl$SNDCTL_DSP_STEREO(r13, 0xc0045003, &(0x7f00000000c0)=0x1) r14 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r15, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r15, r16, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r14, 0x47f6, 0x0, 0x0, 0x0, 0x0) 2.512725809s ago: executing program 1 (id=1220): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x32, 0x1, 0x70bd2a, 0x25dbdbfe, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = dup(0xffffffffffffffff) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, 0x0, 0xc00c055) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) migrate_pages(r2, 0x7, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001280)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e0000000400028008000a00", @ANYRESHEX], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) r3 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f00000000c0), 0x492492492492627, 0x0) 2.374682067s ago: executing program 1 (id=1221): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x4004e502, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000340)=ANY=[@ANYRES8=r2, @ANYRES16=0x0, @ANYRES64=r2], 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000480)={0x170, 0x2, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x9}, [@CTA_SEQ_ADJ_REPLY={0x44, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xdc49}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xfffffffb}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xa}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xb}]}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xe897}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x35}, @CTA_NAT_DST={0xdc, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_PROTO={0x4c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}]}, @CTA_NAT_PROTO={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private2}, @CTA_NAT_PROTO={0x1c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}]}, @CTA_LABELS={0x10, 0x16, 0x1, 0x0, [0x5, 0x0, 0x0]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x404}]}, 0x170}}, 0x4) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x1001, @none}, 0xe) socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newtaction={0x210, 0x30, 0x1, 0x0, 0x0, {}, [{0x1fc, 0x1, [@m_ct={0xb4, 0xa, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x73, 0x6, "cc5a52e5b66cbac5cde32bc264647fbb23ced92e24fda1596ae0b16f64aadac08a7c2b51a0b1b9d92cc67da0854e594a4f005ec41552ddde71fba3c123366af9959aca56a0b6bd6188713b2a4a6344e4640b5412d8eb8f90d7c43b4d44ca28feddfae372ce3ca2176135425aa2d111"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_nat={0x144, 0x19, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x10, 0x6, 0x5, 0x0, 0xe175}, @broadcast, @remote}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x7fff, 0xa, 0x8, 0xffff, 0xd9f9}, @dev={0xac, 0x14, 0x14, 0x15}, @loopback, 0xff0000ff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0xfffffff2, 0x1, 0x760f6fcd}, @remote, @empty}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xac2, 0x2da, 0x999f2bfead6e3486, 0xc6, 0x4}, @multicast2, @rand_addr=0x64010102, 0xff, 0x1}}]}, {0x7c, 0x6, "5a66e431e77d2d2160788dbcd9b6c5e018a237f6ded39b8fc2adec595720f8f92701e9e807459875e7f00f7021abc287e60627e1460a104db9752c5083521a489584e28cbf64afcab32b44e3d8e84e07e698170070158f8ccd455683f877a73af8058406d39bfaa8f11734cf2adc63cdbdf5f64aa0b3ed94"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x4, 0x3}}}}]}]}, 0x210}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) bpf$MAP_CREATE(0x300000000000000, 0x0, 0x48) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) write$sndseq(r7, &(0x7f0000000040)=[{0x41, 0x0, 0x0, 0xfd, @tick, {}, {0xf}, @addr={0x1b}}], 0x1c) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, 0x0, 0x0, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c100000000000224e0000", 0x58}], 0x1) 1.706987825s ago: executing program 3 (id=1231): r0 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil) r1 = shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff) shmdt(r1) 1.650250162s ago: executing program 3 (id=1232): r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x29) r2 = syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00') execveat$binfmt(r1, r2, &(0x7f00000000c0)={[&(0x7f0000000080)='/dev/cpu/#/msr\x00']}, &(0x7f0000000280)={[&(0x7f0000000100)='\'6-\x00', &(0x7f0000000180)='#\x00', &(0x7f0000000200)='}\x00', &(0x7f0000000240)=':^-&:\x00']}, 0x800) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000140)=0xfffffffffffffffe, 0xb, 0x3) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async) openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x29) (async) syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00') (async) execveat$binfmt(r1, r2, &(0x7f00000000c0)={[&(0x7f0000000080)='/dev/cpu/#/msr\x00']}, &(0x7f0000000280)={[&(0x7f0000000100)='\'6-\x00', &(0x7f0000000180)='#\x00', &(0x7f0000000200)='}\x00', &(0x7f0000000240)=':^-&:\x00']}, 0x800) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) (async) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000140)=0xfffffffffffffffe, 0xb, 0x3) (async) 1.469583306s ago: executing program 1 (id=1235): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000080)=""/181, 0xb5, 0x365) creat(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000000c0), 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r2}, 0x10) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4}) 1.420309815s ago: executing program 0 (id=1237): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x5, 0x2}, 0x1c) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0x7101}) r2 = bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000004080)=@base={0x8, 0x4, 0x4, 0xe02, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x48) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) sched_setscheduler(r3, 0x3, &(0x7f00000000c0)=0xfffffffa) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.sectors\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r4, 0x0) ftruncate(r4, 0x9) ioctl$LOOP_SET_CAPACITY(r4, 0x4c07) syz_emit_ethernet(0x22, &(0x7f0000000140)=ANY=[], 0x0) 1.42018054s ago: executing program 0 (id=1238): r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.369196082s ago: executing program 1 (id=1239): r0 = socket$alg(0x26, 0x5, 0x0) shmget$private(0x0, 0x3000, 0xfcf774859b375a8c, &(0x7f0000ffd000/0x3000)=nil) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706000000000000", 0xb) socket$inet(0x2, 0x4000000000000001, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x3, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x38, 0x1, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0) sendfile(r5, r4, &(0x7f00000000c0)=0x8e, 0x180000504) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETS(r6, 0x40045431, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r7 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r7, 0x1, 0x4000000000000002, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="0d0000001000010700000000000000000a000000"], 0x14}}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e870200010000000800004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400008a, 0x700) 1.368955249s ago: executing program 0 (id=1240): r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 1.309957749s ago: executing program 0 (id=1241): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x8040600) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) connect$inet6(r0, 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504"], 0x0) socket(0x10, 0x2, 0x0) socket(0x1e, 0x5, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x42) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 1.149718801s ago: executing program 3 (id=1242): r0 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil) r1 = shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff) shmdt(r1) 1.149100854s ago: executing program 3 (id=1243): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x4004e502, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000340)=ANY=[@ANYRES8=r2, @ANYRES16=0x0, @ANYRES64=r2], 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000480)={0x170, 0x2, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x9}, [@CTA_SEQ_ADJ_REPLY={0x44, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xdc49}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xfffffffb}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xa}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xb}]}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xe897}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x35}, @CTA_NAT_DST={0xdc, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_PROTO={0x4c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}]}, @CTA_NAT_PROTO={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private2}, @CTA_NAT_PROTO={0x1c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}]}, @CTA_LABELS={0x10, 0x16, 0x1, 0x0, [0x5, 0x0, 0x0]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x404}]}, 0x170}}, 0x4) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x1001, @none}, 0xe) socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newtaction={0x210, 0x30, 0x1, 0x0, 0x0, {}, [{0x1fc, 0x1, [@m_ct={0xb4, 0xa, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x73, 0x6, "cc5a52e5b66cbac5cde32bc264647fbb23ced92e24fda1596ae0b16f64aadac08a7c2b51a0b1b9d92cc67da0854e594a4f005ec41552ddde71fba3c123366af9959aca56a0b6bd6188713b2a4a6344e4640b5412d8eb8f90d7c43b4d44ca28feddfae372ce3ca2176135425aa2d111"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_nat={0x144, 0x19, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x10, 0x6, 0x5, 0x0, 0xe175}, @broadcast, @remote}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x7fff, 0xa, 0x8, 0xffff, 0xd9f9}, @dev={0xac, 0x14, 0x14, 0x15}, @loopback, 0xff0000ff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0xfffffff2, 0x1, 0x760f6fcd}, @remote, @empty}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xac2, 0x2da, 0x999f2bfead6e3486, 0xc6, 0x4}, @multicast2, @rand_addr=0x64010102, 0xff, 0x1}}]}, {0x7c, 0x6, "5a66e431e77d2d2160788dbcd9b6c5e018a237f6ded39b8fc2adec595720f8f92701e9e807459875e7f00f7021abc287e60627e1460a104db9752c5083521a489584e28cbf64afcab32b44e3d8e84e07e698170070158f8ccd455683f877a73af8058406d39bfaa8f11734cf2adc63cdbdf5f64aa0b3ed94"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x4, 0x3}}}}]}]}, 0x210}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) bpf$MAP_CREATE(0x300000000000000, 0x0, 0x48) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) write$sndseq(r7, &(0x7f0000000040)=[{0x41, 0x0, 0x0, 0xfd, @tick, {}, {0xf}, @addr={0x1b}}], 0x1c) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, 0x0, 0x0, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c100000000000224e0000", 0x58}], 0x1) 690.164103ms ago: executing program 2 (id=1248): r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x800) connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x6c, 0x3, 0x6, 0x301, 0x0, 0x0, {0xa, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4008081}, 0x24044000) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000040)=0x1) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, 0x0) r3 = accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000180), 0x800) bind$pptp(0xffffffffffffffff, &(0x7f0000000380)={0x18, 0x2, {0x3, @private=0xa010100}}, 0x1e) ioctl$sock_netdev_private(r3, 0x89fc, &(0x7f00000001c0)="7f061918d5e7e637c19ccbfc3c694d2b791812adfca7dc336e77623852c4ad00c022f9e7d5c9a32eec3546") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="1802000000000000000000000000000085e9ff002f000000c500000050"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) connect$pptp(r0, &(0x7f0000000200)={0x18, 0x2, {0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1e) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000580)=0x2) 689.865758ms ago: executing program 2 (id=1249): r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 650.144008ms ago: executing program 2 (id=1250): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000002f80)={'filter\x00', 0x7, 0x4, 0x3d8, 0x2f8, 0x0, 0x0, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@arp={@rand_addr=0x64010100, @multicast1, 0xffffffff, 0xff, 0x5, 0xf, {@mac=@remote, {[0xff, 0xff, 0x0, 0xff, 0xff, 0xff]}}, {@empty, {[0xff]}}, 0x9, 0x100, 0xc0, 0x101, 0xfffe, 0xff80, 'veth1_macvtap\x00', 'wlan0\x00', {0xff}, {}, 0x0, 0x540}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="c13b3c90711e", @mac=@random="152bb6583192", @private=0xa010100, @multicast2, 0x8}}}, {{@arp={@multicast1, @empty, 0x0, 0x0, 0x3, 0xe, {@empty, {[0xff, 0x0, 0xff, 0xff, 0xff, 0xff]}}, {@mac=@broadcast, {[0xff, 0xff, 0xff, 0x0, 0xff, 0xff]}}, 0x100, 0x76, 0x1, 0x1, 0x9cf6, 0x4fde, 'veth0_to_bond\x00', 'geneve0\x00', {}, {}, 0x0, 0x4}, 0xbc, 0xe0}, @unspec=@NFQUEUE0={0x24, 'NFQUEUE\x00', 0x0, {0x48}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0xf}, @broadcast, 0xffffffff, 0xffffffff, 0x3, 0x4, {@empty, {[0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}, {[0x0, 0x0, 0xff, 0x0, 0xff, 0xff]}}, 0x101, 0xa, 0x3, 0x0, 0x7, 0xf, 'hsr0\x00', 'macvlan0\x00', {0xff}, {0xff}, 0x0, 0x80}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @remote, 0x1, 0xffffffff}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x424) 600.164278ms ago: executing program 2 (id=1251): r0 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil) shmctl$IPC_RMID(r0, 0x0) shmdt(0x0) 599.898328ms ago: executing program 2 (id=1252): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async) r1 = fsmount(r0, 0x0, 0x18) symlinkat(&(0x7f0000000240)='./file0/../file0\x00', r1, &(0x7f0000000140)='./file0\x00') (async) openat2(0xffffffffffffffff, &(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x8}, 0x18) (async) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000280)=0x15) (async) r3 = dup(r2) write$UHID_CREATE(r3, 0x0, 0x0) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1b00000000000000000000000300040000000000", @ANYRESDEC=0x0, @ANYRES8=r0, @ANYBLOB="6483d1cae3cfc182e717369aec0d5ddc64378b799dad572c15275a681dcd171f62491e439c71e765da8eb23c5b73770ec49856961c30edd0bcd61d19e2708656cb9f276a9cf6a1c61c54a09872271c8c", @ANYRES8=r3, @ANYBLOB="01000000040000000400000000f1fa75cf0000002200000000000004"], 0x50) (async) r4 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r4, &(0x7f00000000c0)={0x28, 0x0, 0x0, @local}, 0x69) (async) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xd9, 0x0, &(0x7f00000006c0)="258ad059e67c0aee7411a7710d0cd09dce436992d1b41bf723f02373bd6bb3bc8849cef3ab5a0cda9a32ec8a7fef2f70ac2d89b3368df5e54dc0f5784178512c1fdba9aead11dc8d59c7a27bd650a3fb816694f328e19a161bfe49c3eed40007f28bc6d4088945344c67916a8adeafd381f31c797483c6dc81f68adb268c5ee58616d2cbbd129e6b8d5179be177c5b004b384f4808c4475cb84bc5715a8435503fed531c64010121d1590e508344a9d7d737c0bb771e72aaf0fcdd3a4aa447c29c4a32266475d384307576fa189ce5fd24052eebc3884e54f8", 0x0, 0xd05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10}, 0x4c) (async) listen(r4, 0x0) (async) r7 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000180)={0x60, 0x2, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x1, 0x0, 0x0, 0x4000000, 0x2a, 0x11, 0x14, 0x40}) (async) r8 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r8, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) (async) r9 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r9, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f0000006080)=ANY=[@ANYBLOB="2800000014001102000000000000000028"], 0x28}}, 0x0) (async) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r9}, 0x8) socket$packet(0x11, 0xa, 0x300) (async) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001ac0), &(0x7f0000000540)="39a120e0ec02c8b3b7e01d99c28c13205ab4ce9f52b240622fa292d7b19fde86a090d19833662f98e28d5f0b10f09cfce6905f61f1b70ea82de54feca47651d30124534e86e36a0428938a73268cda53cd1b01f4416529892cdc079c120b4b6a588ea461bbf9c539085b7ba9b8e88118c16e60ca14", 0x1}, 0x38) syz_emit_ethernet(0x42, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 529.276795ms ago: executing program 2 (id=1253): openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = creat(0x0, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_GET_CLOCK(r3, 0x8030ae7c, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c30000000e8fe55a1190015000600142603600e120900180000000401a80016000a0004400a080000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x4) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_buf(r5, 0x0, 0x4, &(0x7f0000000040)="9f0910bc996c301c8107070400", 0x28) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ff5000/0xb000)=nil, 0xb000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4073, 0xfe9, 0x0, &(0x7f0000000180)=""/14, 0x5}, &(0x7f0000001340)=0x90) socket$inet_smc(0x2b, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180100002020642500000000002020207b1af8ff7200000000f8ffffffb702000008000000b70300000000000085000000b10000009500"/88], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000100)=0x14) r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000040)=0x14) setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) 380.023525ms ago: executing program 1 (id=1254): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$SIOCGETSGCNT(r1, 0x89e1, &(0x7f0000000280)={@empty, @local}) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)="67d8902400aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db7", 0xfee9}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e27252804059094a318c4cdeeddd5793a427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a958df39f9c5a8c8e876a52816446d0106f4a81dba144c80fda0b401f0774edbf73b3de44d7ca5c28b0830910f3b0", 0x424}], 0x2}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x2004001) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x30313953, 0x0, 0xa, [{}, {0x10}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r4, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000240)=0x10, 0x4) recvmmsg(r6, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4}, @const={0x0, 0x0, 0x0, 0x4}, @func_proto={0x2, 0x0, 0x0, 0x4, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) sendfile(r5, r4, 0x0, 0x578410eb) 140.127728ms ago: executing program 0 (id=1255): syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e0c0201040200000affffff0006"], 0xf) 139.836088ms ago: executing program 0 (id=1256): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000080)=""/181, 0xb5, 0x365) creat(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000000c0), 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r2}, 0x10) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4}) 80.015572ms ago: executing program 3 (id=1257): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f890606892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 0s ago: executing program 3 (id=1258): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x32, 0x1, 0x70bd2a, 0x25dbdbfe, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = dup(0xffffffffffffffff) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, 0x0, 0xc00c055) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) migrate_pages(r2, 0x7, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001280)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e0000000400028008000a00", @ANYRESHEX], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) r3 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f00000000c0), 0x492492492492627, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b000000e5000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000008000"/28], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) r5 = gettid() rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, &(0x7f00000000c0), 0x0, 0x8) getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000380), &(0x7f00000003c0)=0x4) r6 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil) r7 = shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$packet(r8, &(0x7f0000000000)={0x10, 0x6, 0x0, 0xff0c, 0xff, 0x6, @dev}, 0x14) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c0, 0xec, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x1f8, 0x20a, 0x278, 0x1f8, 0x278, 0x3, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x7519, 0x38, 0x2}}}, {{@ipv6={@private2, @local, [], [], 'vlan0\x00', 'ip6erspan0\x00', {0xff}}, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x31c) shmctl$IPC_RMID(r6, 0x0) shmdt(r7) tkill(r5, 0x7) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c79880dc5130400000066646e6f3d", @ANYRESHEX, @ANYBLOB=',\x00']) kernel console output (not intermixed with test programs): [ T8757] Call Trace: [ 171.986099][ T8757] [ 171.986103][ T8757] dump_stack_lvl+0x16c/0x1f0 [ 171.986120][ T8757] should_fail_ex+0x50a/0x650 [ 171.986130][ T8757] ? __pfx___might_resched+0x10/0x10 [ 171.986149][ T8757] should_fail_alloc_page+0xe7/0x130 [ 171.986162][ T8757] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 171.986178][ T8757] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 171.986190][ T8757] ? hlock_class+0x4e/0x130 [ 171.986203][ T8757] ? mark_lock+0xb5/0xc60 [ 171.986214][ T8757] ? __pfx_mark_lock+0x10/0x10 [ 171.986225][ T8757] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 171.986241][ T8757] ? hlock_class+0x4e/0x130 [ 171.986253][ T8757] ? __lock_acquire+0xcc5/0x3c40 [ 171.986263][ T8757] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 171.986275][ T8757] ? policy_nodemask+0xea/0x4e0 [ 171.986288][ T8757] alloc_pages_mpol+0x1fc/0x540 [ 171.986298][ T8757] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 171.986312][ T8757] folio_alloc_mpol_noprof+0x36/0x2f0 [ 171.986326][ T8757] vma_alloc_folio_noprof+0xee/0x1b0 [ 171.986337][ T8757] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 171.986349][ T8757] ? find_held_lock+0x2d/0x110 [ 171.986364][ T8757] do_pte_missing+0x92d/0x3e10 [ 171.986375][ T8757] ? __pfx_lock_release+0x10/0x10 [ 171.986387][ T8757] __handle_mm_fault+0x1166/0x2c60 [ 171.986400][ T8757] ? __pfx___handle_mm_fault+0x10/0x10 [ 171.986409][ T8757] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 171.986426][ T8757] ? find_vma+0xc0/0x140 [ 171.986439][ T8757] ? __pfx_find_vma+0x10/0x10 [ 171.986452][ T8757] handle_mm_fault+0x3fa/0xaa0 [ 171.986464][ T8757] do_user_addr_fault+0x7a3/0x13f0 [ 171.986479][ T8757] exc_page_fault+0x5c/0xc0 [ 171.986491][ T8757] asm_exc_page_fault+0x26/0x30 [ 171.986502][ T8757] RIP: 0010:_copy_to_user+0xb6/0xd0 [ 171.986514][ T8757] Code: 89 ee 48 89 ef e8 7a 58 fc fc 4d 85 ff 75 a8 e8 00 5e fc fc 89 de 4c 89 e7 e8 d6 44 5f fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 a4 0f 1f 00 0f 01 ca 48 89 cb eb 80 66 2e 0f 1f 84 00 00 00 00 [ 171.986522][ T8757] RSP: 0018:ffffc9000e7c7bc0 EFLAGS: 00050297 [ 171.986530][ T8757] RAX: 0000000000000001 RBX: 0000000000000012 RCX: 0000000000000012 [ 171.986535][ T8757] RDX: fffff52001cf8f93 RSI: ffffc9000e7c7c88 RDI: 0000000020001600 [ 171.986540][ T8757] RBP: 0000000020001600 R08: 0000000000000000 R09: fffff52001cf8f93 [ 171.986545][ T8757] R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000e7c7c88 [ 171.986550][ T8757] R13: 0000000020001612 R14: 00007ffffffff000 R15: 0000000000000000 [ 171.986563][ T8757] usbdev_read+0x665/0x7d0 [ 171.986576][ T8757] ? __pfx_usbdev_read+0x10/0x10 [ 171.986585][ T8757] ? bpf_lsm_file_permission+0x9/0x10 [ 171.986596][ T8757] ? security_file_permission+0x71/0x210 [ 171.986607][ T8757] ? rw_verify_area+0xcf/0x680 [ 171.986620][ T8757] ? __pfx_usbdev_read+0x10/0x10 [ 171.986628][ T8757] vfs_read+0x1df/0xbf0 [ 171.986637][ T8757] ? __fget_files+0x1fc/0x3a0 [ 171.986646][ T8757] ? __pfx_lock_release+0x10/0x10 [ 171.986656][ T8757] ? __pfx_vfs_read+0x10/0x10 [ 171.986664][ T8757] ? lock_acquire+0x2f/0xb0 [ 171.986673][ T8757] ? __fget_files+0x40/0x3a0 [ 171.986683][ T8757] ? __fget_files+0x206/0x3a0 [ 171.986695][ T8757] ksys_read+0x12b/0x250 [ 171.986703][ T8757] ? __pfx_ksys_read+0x10/0x10 [ 171.986714][ T8757] __do_fast_syscall_32+0x73/0x120 [ 171.986728][ T8757] do_fast_syscall_32+0x32/0x80 [ 171.986741][ T8757] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 171.986753][ T8757] RIP: 0023:0xf7fe8579 [ 171.986760][ T8757] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 171.986767][ T8757] RSP: 002b:00000000f450055c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 171.986775][ T8757] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020001600 [ 171.986780][ T8757] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000 [ 171.986784][ T8757] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 171.986789][ T8757] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 171.986794][ T8757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 171.986804][ T8757] [ 172.125773][ C3] vkms_vblank_simulate: vblank timer overrun [ 172.202813][ T8764] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 172.232518][ T8768] netlink: 'syz.2.772': attribute type 21 has an invalid length. [ 172.234842][ T8768] netlink: 128 bytes leftover after parsing attributes in process `syz.2.772'. [ 172.237447][ T8768] netlink: 'syz.2.772': attribute type 4 has an invalid length. [ 172.239615][ T8768] netlink: 'syz.2.772': attribute type 3 has an invalid length. [ 172.242079][ T8768] netlink: 3 bytes leftover after parsing attributes in process `syz.2.772'. [ 172.245233][ T8766] netlink: 'syz.1.771': attribute type 4 has an invalid length. [ 172.299954][ T8771] block nbd1: NBD_DISCONNECT [ 172.301935][ T8771] block nbd1: Disconnected due to user request. [ 172.308232][ T8771] block nbd1: shutting down sockets [ 172.360288][ T8779] netlink: 4 bytes leftover after parsing attributes in process `syz.2.777'. [ 172.364578][ T8779] netlink: 4 bytes leftover after parsing attributes in process `syz.2.777'. [ 172.367247][ T8779] FAULT_INJECTION: forcing a failure. [ 172.367247][ T8779] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.371482][ T8779] CPU: 0 UID: 0 PID: 8779 Comm: syz.2.777 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 172.371494][ T8779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 172.371500][ T8779] Call Trace: [ 172.371503][ T8779] [ 172.371506][ T8779] dump_stack_lvl+0x16c/0x1f0 [ 172.371523][ T8779] should_fail_ex+0x50a/0x650 [ 172.371535][ T8779] _copy_to_user+0x32/0xd0 [ 172.371549][ T8779] simple_read_from_buffer+0xd0/0x160 [ 172.371563][ T8779] proc_fail_nth_read+0x198/0x270 [ 172.371576][ T8779] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.371588][ T8779] ? rw_verify_area+0xcf/0x680 [ 172.371601][ T8779] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.371613][ T8779] vfs_read+0x1df/0xbf0 [ 172.371621][ T8779] ? __fget_files+0x1fc/0x3a0 [ 172.371630][ T8779] ? __pfx___mutex_lock+0x10/0x10 [ 172.371642][ T8779] ? __pfx_vfs_read+0x10/0x10 [ 172.371654][ T8779] ? __fget_files+0x206/0x3a0 [ 172.371666][ T8779] ksys_read+0x12b/0x250 [ 172.371674][ T8779] ? __pfx_ksys_read+0x10/0x10 [ 172.371685][ T8779] __do_fast_syscall_32+0x73/0x120 [ 172.371700][ T8779] do_fast_syscall_32+0x32/0x80 [ 172.371712][ T8779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 172.371727][ T8779] RIP: 0023:0xf7fe8579 [ 172.371734][ T8779] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 172.371742][ T8779] RSP: 002b:00000000f4500590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 172.371750][ T8779] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f4500620 [ 172.371755][ T8779] RDX: 000000000000000f RSI: 00000000f746cff4 RDI: 0000000000000000 [ 172.371760][ T8779] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 172.371765][ T8779] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 172.371770][ T8779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 172.371781][ T8779] [ 172.461787][ T8783] fuse: Bad value for 'user_id' [ 172.463265][ T8783] fuse: Bad value for 'user_id' [ 172.500953][ T1017] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 172.535364][ T8792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.780'. [ 172.538695][ T8792] netlink: 116 bytes leftover after parsing attributes in process `syz.2.780'. [ 172.541768][ T8792] netlink: 116 bytes leftover after parsing attributes in process `syz.2.780'. [ 172.682228][ T1017] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 172.684753][ T1017] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.687653][ T1017] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 172.691551][ T8795] block nbd2: NBD_DISCONNECT [ 172.694405][ T8795] block nbd2: Disconnected due to user request. [ 172.696379][ T8795] block nbd2: shutting down sockets [ 172.698207][ T8795] FAULT_INJECTION: forcing a failure. [ 172.698207][ T8795] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.702119][ T1017] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 172.702986][ T8795] CPU: 3 UID: 0 PID: 8795 Comm: syz.2.781 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 172.703000][ T8795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 172.703006][ T8795] Call Trace: [ 172.703008][ T8795] [ 172.703012][ T8795] dump_stack_lvl+0x16c/0x1f0 [ 172.703029][ T8795] should_fail_ex+0x50a/0x650 [ 172.703042][ T8795] _copy_to_user+0x32/0xd0 [ 172.703055][ T8795] simple_read_from_buffer+0xd0/0x160 [ 172.703069][ T8795] proc_fail_nth_read+0x198/0x270 [ 172.703082][ T8795] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.703095][ T8795] ? rw_verify_area+0xcf/0x680 [ 172.703108][ T8795] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.703119][ T8795] vfs_read+0x1df/0xbf0 [ 172.703128][ T8795] ? __fget_files+0x1fc/0x3a0 [ 172.703137][ T8795] ? __pfx___mutex_lock+0x10/0x10 [ 172.703150][ T8795] ? __pfx_vfs_read+0x10/0x10 [ 172.703161][ T8795] ? __fget_files+0x206/0x3a0 [ 172.703173][ T8795] ksys_read+0x12b/0x250 [ 172.703181][ T8795] ? __pfx_ksys_read+0x10/0x10 [ 172.703193][ T8795] __do_fast_syscall_32+0x73/0x120 [ 172.703207][ T8795] do_fast_syscall_32+0x32/0x80 [ 172.703219][ T8795] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 172.703233][ T8795] RIP: 0023:0xf7fe8579 [ 172.703241][ T8795] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 172.703249][ T8795] RSP: 002b:00000000f4500590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 172.703257][ T8795] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f4500620 [ 172.703275][ T8795] RDX: 000000000000000f RSI: 00000000f746cff4 RDI: 0000000000000000 [ 172.703281][ T8795] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 172.703285][ T8795] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 172.703290][ T8795] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 172.703301][ T8795] [ 172.741049][ T8802] cgroup: Bad value for 'name' [ 172.745778][ T1017] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 172.745790][ T1017] usb 5-1: Manufacturer: syz [ 172.770654][ T1017] usb 5-1: config 0 descriptor?? [ 172.773354][ T1017] igorplugusb 5-1:0.0: incorrect number of endpoints [ 173.369703][ T8809] netlink: 8 bytes leftover after parsing attributes in process `syz.1.785'. [ 173.372556][ T8809] netlink: 12 bytes leftover after parsing attributes in process `syz.1.785'. [ 173.488685][ T1970] usb 5-1: USB disconnect, device number 29 [ 173.592579][ T8824] »»»»»» speed is unknown, defaulting to 1000 [ 173.628796][ T8824] »»»»»» speed is unknown, defaulting to 1000 [ 173.642972][ T8828] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 173.657228][ T8828] kvm: pic: non byte read [ 173.660384][ T8828] kvm: pic: non byte read [ 173.688213][ T8828] kvm: pic: non byte read [ 173.692323][ T8828] kvm: pic: non byte read [ 173.694987][ T8828] kvm: pic: non byte read [ 173.697304][ T8828] kvm: pic: single mode not supported [ 173.697605][ T8828] kvm: pic: non byte read [ 173.702585][ T8828] kvm: pic: non byte read [ 173.705928][ T8828] kvm: pic: non byte read [ 173.708177][ T8828] kvm: pic: non byte read [ 173.809322][ T8842] FAULT_INJECTION: forcing a failure. [ 173.809322][ T8842] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.813265][ T8842] CPU: 2 UID: 0 PID: 8842 Comm: syz.1.795 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 173.813278][ T8842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 173.813283][ T8842] Call Trace: [ 173.813286][ T8842] [ 173.813290][ T8842] dump_stack_lvl+0x16c/0x1f0 [ 173.813307][ T8842] should_fail_ex+0x50a/0x650 [ 173.813319][ T8842] _copy_from_iter+0x29b/0x1400 [ 173.813334][ T8842] ? __pfx__copy_from_iter+0x10/0x10 [ 173.813346][ T8842] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 173.813361][ T8842] ? tun_build_skb.constprop.0+0x1b8/0x1120 [ 173.813374][ T8842] ? __pfx_lock_release+0x10/0x10 [ 173.813387][ T8842] copy_page_from_iter+0xa5/0x120 [ 173.813400][ T8842] tun_build_skb.constprop.0+0x294/0x1120 [ 173.813413][ T8842] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 173.813424][ T8842] ? lock_acquire.part.0+0x11b/0x380 [ 173.813440][ T8842] ? __lock_acquire+0xcc5/0x3c40 [ 173.813452][ T8842] tun_get_user+0x870/0x3e40 [ 173.813465][ T8842] ? find_held_lock+0x2d/0x110 [ 173.813479][ T8842] ? __pfx_tun_get_user+0x10/0x10 [ 173.813489][ T8842] ? find_held_lock+0x2d/0x110 [ 173.813503][ T8842] ? __pfx_lock_release+0x10/0x10 [ 173.813518][ T8842] tun_chr_write_iter+0xdc/0x210 [ 173.813529][ T8842] vfs_write+0x5ae/0x1150 [ 173.813538][ T8842] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 173.813549][ T8842] ? __pfx_vfs_write+0x10/0x10 [ 173.813558][ T8842] ? __fget_files+0x40/0x3a0 [ 173.813573][ T8842] ksys_write+0x12b/0x250 [ 173.813581][ T8842] ? __pfx_ksys_write+0x10/0x10 [ 173.813593][ T8842] __do_fast_syscall_32+0x73/0x120 [ 173.813606][ T8842] do_fast_syscall_32+0x32/0x80 [ 173.813619][ T8842] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 173.813633][ T8842] RIP: 0023:0xf73fe579 [ 173.813640][ T8842] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 173.813648][ T8842] RSP: 002b:00000000f4480520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 173.813656][ T8842] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 00000000200001c0 [ 173.813661][ T8842] RDX: 0000000000000022 RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 173.813666][ T8842] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 173.813671][ T8842] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 173.813676][ T8842] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.813686][ T8842] [ 173.914399][ T8849] FAULT_INJECTION: forcing a failure. [ 173.914399][ T8849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.918178][ T8849] CPU: 1 UID: 0 PID: 8849 Comm: syz.1.798 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 173.918190][ T8849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 173.918195][ T8849] Call Trace: [ 173.918198][ T8849] [ 173.918202][ T8849] dump_stack_lvl+0x16c/0x1f0 [ 173.918218][ T8849] should_fail_ex+0x50a/0x650 [ 173.918230][ T8849] _copy_from_user+0x2e/0xd0 [ 173.918243][ T8849] kvm_vm_ioctl+0x13df/0x3d70 [ 173.918257][ T8849] ? stack_trace_save+0x95/0xd0 [ 173.918271][ T8849] ? __pfx_stack_trace_save+0x10/0x10 [ 173.918282][ T8849] ? __pfx_mark_lock+0x10/0x10 [ 173.918293][ T8849] ? stack_depot_save_flags+0x28/0x9e0 [ 173.918305][ T8849] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 173.918316][ T8849] ? kasan_save_stack+0x42/0x60 [ 173.918325][ T8849] ? kasan_save_stack+0x33/0x60 [ 173.918333][ T8849] ? kasan_save_track+0x14/0x30 [ 173.918341][ T8849] ? kasan_save_free_info+0x3b/0x60 [ 173.918353][ T8849] ? __kasan_slab_free+0x51/0x70 [ 173.918362][ T8849] ? kfree+0x2c4/0x4d0 [ 173.918370][ T8849] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 173.918378][ T8849] ? security_file_ioctl_compat+0x9b/0x240 [ 173.918387][ T8849] ? __do_compat_sys_ioctl+0x4e/0x2c0 [ 173.918399][ T8849] ? __do_fast_syscall_32+0x73/0x120 [ 173.918411][ T8849] ? do_fast_syscall_32+0x32/0x80 [ 173.918423][ T8849] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 173.918436][ T8849] ? kvm_arch_vm_compat_ioctl+0x2d1/0x480 [ 173.918445][ T8849] ? hlock_class+0x4e/0x130 [ 173.918458][ T8849] ? mark_lock+0xb5/0xc60 [ 173.918467][ T8849] ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10 [ 173.918476][ T8849] ? __pfx_mark_lock+0x10/0x10 [ 173.918492][ T8849] ? find_held_lock+0x2d/0x110 [ 173.918506][ T8849] ? tomoyo_path_number_perm+0x298/0x5b0 [ 173.918514][ T8849] ? __pfx_lock_release+0x10/0x10 [ 173.918525][ T8849] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 173.918539][ T8849] ? do_vfs_ioctl+0x513/0x1950 [ 173.918551][ T8849] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 173.918567][ T8849] kvm_vm_compat_ioctl+0x399/0x440 [ 173.918580][ T8849] ? __pfx_kvm_vm_compat_ioctl+0x10/0x10 [ 173.918591][ T8849] ? __pfx_lock_release+0x10/0x10 [ 173.918600][ T8849] ? trace_lock_acquire+0x14e/0x1f0 [ 173.918612][ T8849] ? __fget_files+0x206/0x3a0 [ 173.918623][ T8849] ? __pfx_kvm_vm_compat_ioctl+0x10/0x10 [ 173.918636][ T8849] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 173.918649][ T8849] __do_fast_syscall_32+0x73/0x120 [ 173.918662][ T8849] do_fast_syscall_32+0x32/0x80 [ 173.918674][ T8849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 173.918687][ T8849] RIP: 0023:0xf73fe579 [ 173.918693][ T8849] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 173.918702][ T8849] RSP: 002b:00000000f448055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 173.918710][ T8849] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004020ae46 [ 173.918716][ T8849] RDX: 0000000020000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 173.918720][ T8849] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 173.918725][ T8849] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 173.918730][ T8849] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.918740][ T8849] [ 174.110904][ T1970] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 174.261281][ T1970] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 174.264371][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.266940][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.270034][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 174.272912][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.275496][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.278520][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 174.281289][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.283843][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.286917][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 174.289538][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.292381][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.295473][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 174.298058][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.300615][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.303957][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 174.306592][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.309140][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.312359][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 174.315078][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.317668][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.320989][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 174.324162][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.326724][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.329833][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 174.333325][ T1970] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 174.335928][ T1970] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 174.338359][ T1970] usb 7-1: Product: syz [ 174.339586][ T1970] usb 7-1: Manufacturer: syz [ 174.341059][ T1970] usb 7-1: SerialNumber: syz [ 174.350322][ T1970] usb 7-1: config 0 descriptor?? [ 174.353916][ T1970] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 174.409850][ T8859] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 174.420938][ T8859] netlink: 16 bytes leftover after parsing attributes in process `syz.0.802'. [ 174.423525][ T8859] tipc: Enabling of bearer rejected, failed to enable media [ 175.057516][ T8871] gtp0: entered promiscuous mode [ 176.420938][ T7414] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 176.580867][ T7414] usb 6-1: Using ep0 maxpacket: 8 [ 176.583678][ T7414] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 176.586021][ T7414] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 176.588777][ T7414] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 176.592216][ C3] usb 7-1: yurex_control_callback - control failed: -2 [ 176.595118][ T1017] usb 7-1: USB disconnect, device number 16 [ 176.599130][ T1017] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 176.600837][ T7414] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 176.603946][ T7414] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.607642][ T7414] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 176.610233][ T7414] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.824325][ T7414] usb 6-1: GET_CAPABILITIES returned 0 [ 176.826032][ T7414] usbtmc 6-1:16.0: can't read capabilities [ 176.898063][ T6594] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 177.088015][ T8910] ipt_ECN: cannot use operation on non-tcp rule [ 177.187424][ T8915] qrtr: Invalid version 0 [ 177.274984][ T8] usb 6-1: USB disconnect, device number 30 [ 178.022021][ T5928] block nbd2: Receive control failed (result -32) [ 178.027069][ T8916] block nbd2: shutting down sockets [ 178.311008][ T6594] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 178.462238][ T6594] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 178.464650][ T6594] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.467514][ T6594] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 178.472020][ T6594] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 178.474607][ T6594] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 178.476888][ T6594] usb 6-1: Manufacturer: syz [ 178.479454][ T6594] usb 6-1: config 0 descriptor?? [ 178.482278][ T6594] igorplugusb 6-1:0.0: incorrect number of endpoints [ 179.196813][ T1970] usb 6-1: USB disconnect, device number 31 [ 183.792813][ T8952] syzkaller1: entered promiscuous mode [ 183.794469][ T8952] syzkaller1: entered allmulticast mode [ 184.039752][ T8964] overlayfs: overlapping lowerdir path [ 184.101539][ T6594] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 184.452198][ T6594] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 184.455615][ T6594] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 184.458395][ T6594] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 184.461269][ T6594] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.466361][ T8954] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 184.469818][ T6594] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 184.712296][ T8] usb 7-1: USB disconnect, device number 17 [ 184.941009][ T1970] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 185.091873][ T1970] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 185.094849][ T1970] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.097552][ T1970] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.100723][ T1970] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.103490][ T1970] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.106116][ T1970] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.109199][ T1970] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.112060][ T1970] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.114602][ T1970] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.117712][ T1970] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.120296][ T1970] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.123058][ T1970] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.126242][ T1970] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.128904][ T1970] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.131753][ T1970] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.134976][ T1970] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.137904][ T1970] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.141099][ T1970] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.145089][ T1970] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.147853][ T1970] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.150563][ T1970] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.154007][ T1970] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.157294][ T1970] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 185.159970][ T1970] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 185.163268][ T1970] usb 5-1: config 0 interface 0 has no altsetting 0 [ 185.166726][ T1970] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 185.169468][ T1970] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 185.172021][ T1970] usb 5-1: Product: syz [ 185.173289][ T1970] usb 5-1: Manufacturer: syz [ 185.174716][ T1970] usb 5-1: SerialNumber: syz [ 185.177339][ T1970] usb 5-1: config 0 descriptor?? [ 185.181033][ T1970] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 185.259205][ T8982] __nla_validate_parse: 1 callbacks suppressed [ 185.259275][ T8982] netlink: 4 bytes leftover after parsing attributes in process `syz.2.832'. [ 185.336153][ T8984] syz.2.833 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 185.631586][ T8994] netlink: 64 bytes leftover after parsing attributes in process `syz.1.836'. [ 185.634229][ T8994] netlink: 64 bytes leftover after parsing attributes in process `syz.1.836'. [ 186.317280][ T9008] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 186.319209][ T9008] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 186.321653][ T9008] vhci_hcd vhci_hcd.0: Device attached [ 186.326444][ T5928] Bluetooth: hci1: unexpected event 0x03 length: 17 > 11 [ 186.327082][ T9009] vhci_hcd: connection closed [ 186.329427][ T91] vhci_hcd: stop threads [ 186.332262][ T91] vhci_hcd: release socket [ 186.333688][ T91] vhci_hcd: disconnect device [ 187.077495][ T9025] FAULT_INJECTION: forcing a failure. [ 187.077495][ T9025] name failslab, interval 1, probability 0, space 0, times 0 [ 187.081381][ T9025] CPU: 1 UID: 0 PID: 9025 Comm: syz.2.841 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 187.081403][ T9025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 187.081409][ T9025] Call Trace: [ 187.081413][ T9025] [ 187.081417][ T9025] dump_stack_lvl+0x16c/0x1f0 [ 187.081434][ T9025] should_fail_ex+0x50a/0x650 [ 187.081445][ T9025] ? fs_reclaim_acquire+0xae/0x150 [ 187.081460][ T9025] should_failslab+0xc2/0x120 [ 187.081471][ T9025] __kmalloc_node_noprof+0xd1/0x520 [ 187.081481][ T9025] ? security_capable+0x7e/0x260 [ 187.081494][ T9025] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 187.081503][ T9025] ? ns_capable_noaudit+0xda/0x110 [ 187.081516][ T9025] __kvmalloc_node_noprof+0xad/0x1a0 [ 187.081526][ T9025] proc_sys_call_handler+0x2a8/0x5a0 [ 187.081537][ T9025] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 187.081548][ T9025] ? splice_from_pipe_next+0x1f8/0x5d0 [ 187.081564][ T9025] iter_file_splice_write+0x90f/0x10b0 [ 187.081579][ T9025] ? __pfx_iter_file_splice_write+0x10/0x10 [ 187.081589][ T9025] ? mark_held_locks+0x9f/0xe0 [ 187.081601][ T9025] ? lockdep_hardirqs_on+0x7c/0x110 [ 187.081618][ T9025] ? direct_splice_actor+0xac/0x6c0 [ 187.081631][ T9025] ? __pfx_iter_file_splice_write+0x10/0x10 [ 187.081640][ T9025] direct_splice_actor+0x18f/0x6c0 [ 187.081654][ T9025] splice_direct_to_actor+0x346/0xa40 [ 187.081668][ T9025] ? __pfx_direct_splice_actor+0x10/0x10 [ 187.081684][ T9025] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 187.081698][ T9025] ? __fget_files+0x1fc/0x3a0 [ 187.081715][ T9025] do_splice_direct+0x178/0x250 [ 187.081728][ T9025] ? __pfx_do_splice_direct+0x10/0x10 [ 187.081742][ T9025] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 187.081756][ T9025] ? rw_verify_area+0xcf/0x680 [ 187.081771][ T9025] do_sendfile+0xafb/0xe40 [ 187.081786][ T9025] ? __pfx_do_sendfile+0x10/0x10 [ 187.081799][ T9025] ? __fget_files+0x206/0x3a0 [ 187.081811][ T9025] __ia32_compat_sys_sendfile+0x1e7/0x230 [ 187.081822][ T9025] ? ksys_write+0x1ba/0x250 [ 187.081830][ T9025] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 187.081845][ T9025] __do_fast_syscall_32+0x73/0x120 [ 187.081859][ T9025] do_fast_syscall_32+0x32/0x80 [ 187.081871][ T9025] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 187.081886][ T9025] RIP: 0023:0xf7fe8579 [ 187.081893][ T9025] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 187.081901][ T9025] RSP: 002b:00000000f44be55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 187.081909][ T9025] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000006 [ 187.081915][ T9025] RDX: 0000000000000000 RSI: 000000000000106f RDI: 0000000000000000 [ 187.081919][ T9025] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 187.081924][ T9025] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 187.081929][ T9025] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 187.081940][ T9025] [ 187.176784][ T9026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.189154][ T9026] program syz.1.840 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 187.392144][ C3] usb 5-1: yurex_control_callback - control failed: -2 [ 187.397332][ T1970] usb 5-1: USB disconnect, device number 30 [ 187.399817][ T1970] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 187.738409][ T9030] netlink: 12 bytes leftover after parsing attributes in process `syz.2.842'. [ 188.361034][ T5928] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.564484][ T9042] netlink: 20 bytes leftover after parsing attributes in process `syz.3.846'. [ 189.003342][ T9052] syz.2.847: attempt to access beyond end of device [ 189.003342][ T9052] nbd2: rw=4096, sector=0, nr_sectors = 2 limit=0 [ 189.008540][ T9052] XFS (nbd2): SB validate failed with error -5. [ 189.075701][ T9060] syz.2.847: attempt to access beyond end of device [ 189.075701][ T9060] nbd2: rw=4096, sector=0, nr_sectors = 2 limit=0 [ 189.087976][ T9060] XFS (nbd2): SB validate failed with error -5. [ 189.320948][ T8] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 189.501348][ T8] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 189.504444][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.506983][ T8] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.510111][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.512852][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.515433][ T8] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.518492][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.521155][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.523728][ T8] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.526792][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.529352][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.532101][ T8] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.535230][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.537802][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.540337][ T8] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.543623][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.546323][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.548853][ T8] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.552319][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.555030][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.557650][ T8] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.560722][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.563461][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.567009][ T8] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.570112][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 189.573590][ T8] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 189.576245][ T8] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 189.578602][ T8] usb 5-1: Product: syz [ 189.579814][ T8] usb 5-1: Manufacturer: syz [ 189.581423][ T8] usb 5-1: SerialNumber: syz [ 189.583639][ T8] usb 5-1: config 0 descriptor?? [ 189.588056][ T8] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 189.735050][ T9089] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 189.947500][ T1970] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 190.093365][ T1970] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 190.096416][ T1970] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 190.100013][ T1970] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 190.105481][ T1970] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 190.108539][ T1970] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 190.111333][ T1970] usb 6-1: Manufacturer: syz [ 190.113626][ T1970] usb 6-1: config 0 descriptor?? [ 190.116333][ T1970] igorplugusb 6-1:0.0: incorrect number of endpoints [ 190.241698][ T39] audit: type=1326 audit(2000000048.049:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.2.862" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 190.835539][ T1485] usb 6-1: USB disconnect, device number 32 [ 190.971936][ T39] audit: type=1326 audit(2000000048.779:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.2.862" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 191.447596][ T39] audit: type=1326 audit(2000000049.249:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.2.866" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 191.451698][ T9141] x_tables: duplicate underflow at hook 3 [ 191.485224][ T39] audit: type=1326 audit(2000000049.289:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.2.866" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 191.491278][ T39] audit: type=1326 audit(2000000049.289:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.2.866" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7fc00000 [ 191.665123][ T9166] 9pnet: p9_errstr2errno: server reported unknown error I;þ [ 191.781714][ T9169] FAULT_INJECTION: forcing a failure. [ 191.781714][ T9169] name failslab, interval 1, probability 0, space 0, times 0 [ 191.785360][ T9169] CPU: 0 UID: 0 PID: 9169 Comm: syz.2.877 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 191.785371][ T9169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 191.785377][ T9169] Call Trace: [ 191.785380][ T9169] [ 191.785383][ T9169] dump_stack_lvl+0x16c/0x1f0 [ 191.785400][ T9169] should_fail_ex+0x50a/0x650 [ 191.785411][ T9169] ? fs_reclaim_acquire+0xae/0x150 [ 191.785426][ T9169] should_failslab+0xc2/0x120 [ 191.785449][ T9169] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 191.785460][ T9169] ? skb_clone+0x190/0x3f0 [ 191.785472][ T9169] skb_clone+0x190/0x3f0 [ 191.785481][ T9169] pfkey_process+0xc7/0x840 [ 191.785492][ T9169] ? rcu_is_watching+0x12/0xc0 [ 191.785506][ T9169] ? __pfx_pfkey_process+0x10/0x10 [ 191.785524][ T9169] ? __virt_addr_valid+0x5e/0x590 [ 191.785533][ T9169] ? __phys_addr_symbol+0x30/0x80 [ 191.785548][ T9169] pfkey_sendmsg+0x43b/0x840 [ 191.785560][ T9169] ____sys_sendmsg+0x9ae/0xb40 [ 191.785572][ T9169] ? __pfx_____sys_sendmsg+0x10/0x10 [ 191.785583][ T9169] ? get_compat_msghdr+0x11b/0x170 [ 191.785599][ T9169] ___sys_sendmsg+0x135/0x1e0 [ 191.785609][ T9169] ? __pfx____sys_sendmsg+0x10/0x10 [ 191.785622][ T9169] ? __pfx_lock_release+0x10/0x10 [ 191.785633][ T9169] ? trace_lock_acquire+0x14e/0x1f0 [ 191.785645][ T9169] ? __fget_files+0x206/0x3a0 [ 191.785658][ T9169] __sys_sendmsg+0x16e/0x220 [ 191.785667][ T9169] ? __pfx___sys_sendmsg+0x10/0x10 [ 191.785683][ T9169] __do_fast_syscall_32+0x73/0x120 [ 191.785702][ T9169] do_fast_syscall_32+0x32/0x80 [ 191.785714][ T9169] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 191.785728][ T9169] RIP: 0023:0xf7fe8579 [ 191.785736][ T9169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 191.785745][ T9169] RSP: 002b:00000000f450055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 191.785753][ T9169] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 191.785758][ T9169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 191.785763][ T9169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 191.785768][ T9169] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 191.785773][ T9169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 191.785784][ T9169] [ 191.863066][ T8] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 191.881095][ C0] usb 5-1: yurex_control_callback - control failed: -2 [ 191.884876][ T1485] usb 5-1: USB disconnect, device number 31 [ 191.892114][ T1485] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 192.042171][ T8] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 192.044584][ T8] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.047486][ T8] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 192.052346][ T8] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 192.054914][ T8] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 192.057176][ T8] usb 6-1: Manufacturer: syz [ 192.062401][ T8] usb 6-1: config 0 descriptor?? [ 192.065128][ T8] igorplugusb 6-1:0.0: incorrect number of endpoints [ 192.267857][ T8] usb 6-1: USB disconnect, device number 33 [ 192.488065][ T9195] FAULT_INJECTION: forcing a failure. [ 192.488065][ T9195] name failslab, interval 1, probability 0, space 0, times 0 [ 192.491956][ T9195] CPU: 1 UID: 0 PID: 9195 Comm: syz.0.881 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 192.491968][ T9195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 192.491974][ T9195] Call Trace: [ 192.491977][ T9195] [ 192.491980][ T9195] dump_stack_lvl+0x16c/0x1f0 [ 192.491998][ T9195] should_fail_ex+0x50a/0x650 [ 192.492008][ T9195] ? fs_reclaim_acquire+0xae/0x150 [ 192.492023][ T9195] should_failslab+0xc2/0x120 [ 192.492033][ T9195] __kmalloc_noprof+0xce/0x4f0 [ 192.492042][ T9195] ? d_absolute_path+0x137/0x1b0 [ 192.492053][ T9195] ? tomoyo_encode2+0x100/0x3e0 [ 192.492066][ T9195] tomoyo_encode2+0x100/0x3e0 [ 192.492076][ T9195] tomoyo_realpath_from_path+0x1a7/0x710 [ 192.492090][ T9195] tomoyo_path_number_perm+0x248/0x5b0 [ 192.492097][ T9195] ? tomoyo_path_number_perm+0x235/0x5b0 [ 192.492107][ T9195] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 192.492127][ T9195] ? __pfx_lock_release+0x10/0x10 [ 192.492137][ T9195] ? trace_lock_acquire+0x14e/0x1f0 [ 192.492147][ T9195] ? lock_acquire+0x2f/0xb0 [ 192.492156][ T9195] ? __fget_files+0x40/0x3a0 [ 192.492166][ T9195] ? __fget_files+0x206/0x3a0 [ 192.492176][ T9195] security_file_ioctl_compat+0x9b/0x240 [ 192.492186][ T9195] __do_compat_sys_ioctl+0x4e/0x2c0 [ 192.492201][ T9195] __do_fast_syscall_32+0x73/0x120 [ 192.492221][ T9195] do_fast_syscall_32+0x32/0x80 [ 192.492233][ T9195] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 192.492247][ T9195] RIP: 0023:0xf73fe579 [ 192.492254][ T9195] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 192.492262][ T9195] RSP: 002b:00000000f448055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 192.492271][ T9195] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af22 [ 192.492276][ T9195] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 192.492280][ T9195] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 192.492285][ T9195] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 192.492290][ T9195] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 192.492301][ T9195] [ 192.492308][ T9195] ERROR: Out of memory at tomoyo_realpath_from_path. [ 192.695473][ T9203] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 192.970980][ T8] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 193.120929][ T8] usb 7-1: Using ep0 maxpacket: 8 [ 193.123590][ T8] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 193.126151][ T8] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 193.128907][ T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 193.131825][ T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 193.134670][ T8] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 193.138429][ T8] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 193.141149][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.348163][ T8] usb 7-1: usb_control_msg returned -32 [ 193.350176][ T8] usbtmc 7-1:16.0: can't read capabilities [ 193.631915][ T1411] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.633759][ T1411] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.600856][ T6594] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 195.744642][ T8] usb 7-1: USB disconnect, device number 18 [ 195.772125][ T6594] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 195.775203][ T6594] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.778922][ T6594] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 195.784551][ T6594] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 195.787256][ T6594] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 195.789698][ T6594] usb 6-1: Manufacturer: syz [ 195.792348][ T6594] usb 6-1: config 0 descriptor?? [ 195.795055][ T6594] igorplugusb 6-1:0.0: incorrect number of endpoints [ 196.010656][ T6594] usb 6-1: USB disconnect, device number 34 [ 197.040930][ T1017] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 197.070878][ T8] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 197.119530][ T5928] Bluetooth: hci2: unexpected event for opcode 0x0402 [ 197.183132][ T9339] bond0 (unregistering): Released all slaves [ 197.191708][ T1017] usb 5-1: no configurations [ 197.193218][ T9340] »»»»»» speed is unknown, defaulting to 1000 [ 197.193572][ T1017] usb 5-1: can't read configurations, error -22 [ 197.232982][ T8] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 197.241033][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 197.243805][ T8] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 197.245518][ T9340] »»»»»» speed is unknown, defaulting to 1000 [ 197.246965][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 197.252686][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 197.255215][ T8] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 197.258439][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 197.261707][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 197.264504][ T8] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 197.267682][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 197.271041][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 197.274062][ T8] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 197.277252][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 197.280720][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 197.283440][ T8] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 197.286608][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 197.291453][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 197.294546][ T8] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 197.297764][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 197.301195][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 197.303795][ T8] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 197.306944][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 197.309795][ T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 197.312529][ T8] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 197.315723][ T8] usb 7-1: config 0 interface 0 has no altsetting 0 [ 197.320474][ T8] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 197.323273][ T8] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 197.325696][ T8] usb 7-1: Product: syz [ 197.326960][ T8] usb 7-1: Manufacturer: syz [ 197.328346][ T8] usb 7-1: SerialNumber: syz [ 197.331140][ T1017] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 197.424581][ T8] usb 7-1: config 0 descriptor?? [ 197.431545][ T8] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 197.474425][ T9348] netlink: 80 bytes leftover after parsing attributes in process `syz.3.911'. [ 197.479072][ T9348] netlink: 80 bytes leftover after parsing attributes in process `syz.3.911'. [ 197.483043][ T1017] usb 5-1: no configurations [ 197.484420][ T1017] usb 5-1: can't read configurations, error -22 [ 197.487902][ T1017] usb usb5-port1: attempt power cycle [ 197.661276][ T9351] ebtables: wrong size: *len 120, entries_size 48, replsz 48 [ 197.700938][ T6594] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 197.820980][ T1017] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 197.841625][ T1017] usb 5-1: no configurations [ 197.842998][ T1017] usb 5-1: can't read configurations, error -22 [ 197.852191][ T6594] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 197.854572][ T6594] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.857397][ T6594] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 197.861804][ T6594] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 197.864412][ T6594] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 197.866665][ T6594] usb 6-1: Manufacturer: syz [ 197.869171][ T6594] usb 6-1: config 0 descriptor?? [ 197.871885][ T6594] igorplugusb 6-1:0.0: incorrect number of endpoints [ 197.970967][ T1017] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 197.991679][ T1017] usb 5-1: no configurations [ 197.993060][ T1017] usb 5-1: can't read configurations, error -22 [ 197.994962][ T1017] usb usb5-port1: unable to enumerate USB device [ 198.075245][ T8] usb 6-1: USB disconnect, device number 35 [ 199.711039][ C0] usb 7-1: yurex_control_callback - control failed: -2 [ 199.715170][ T8] usb 7-1: USB disconnect, device number 19 [ 199.718021][ T8] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 199.745680][ T9375] random: crng reseeded on system resumption [ 199.874743][ T9375] »»»»»» speed is unknown, defaulting to 1000 [ 199.921544][ T9375] »»»»»» speed is unknown, defaulting to 1000 [ 200.528747][ T9394] fuse: Unknown parameter '00000000000000000000007' [ 200.665729][ T9396] netlink: 9 bytes leftover after parsing attributes in process `syz.1.924'. [ 201.130932][ T1485] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 201.321690][ T1485] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 201.324122][ T1485] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 201.327018][ T1485] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 201.354453][ T1485] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 201.357600][ T1485] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 201.359892][ T1485] usb 5-1: Manufacturer: syz [ 201.367199][ T1485] usb 5-1: config 0 descriptor?? [ 201.370230][ T1485] igorplugusb 5-1:0.0: incorrect number of endpoints [ 202.085462][ T1485] usb 5-1: USB disconnect, device number 36 [ 202.215650][ T9418] random: crng reseeded on system resumption [ 202.253357][ T39] audit: type=1326 audit(2000000060.059:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9409 comm="syz.3.929" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7fc00000 [ 202.316858][ T9426] netlink: 80 bytes leftover after parsing attributes in process `syz.3.933'. [ 202.322205][ T9426] netlink: 80 bytes leftover after parsing attributes in process `syz.3.933'. [ 202.421634][ T9418] »»»»»» speed is unknown, defaulting to 1000 [ 202.442796][ T9429] netlink: 'syz.3.934': attribute type 21 has an invalid length. [ 202.445260][ T9429] netlink: 128 bytes leftover after parsing attributes in process `syz.3.934'. [ 202.448233][ T9429] netlink: 'syz.3.934': attribute type 5 has an invalid length. [ 202.450522][ T9429] netlink: 'syz.3.934': attribute type 6 has an invalid length. [ 202.452851][ T9429] netlink: 3 bytes leftover after parsing attributes in process `syz.3.934'. [ 202.462221][ T9418] »»»»»» speed is unknown, defaulting to 1000 [ 202.985460][ T9436] netlink: 4 bytes leftover after parsing attributes in process `syz.2.936'. [ 204.017370][ T9470] random: crng reseeded on system resumption [ 204.225166][ T9470] »»»»»» speed is unknown, defaulting to 1000 [ 204.259897][ T9470] »»»»»» speed is unknown, defaulting to 1000 [ 204.791700][ T9485] block nbd2: shutting down sockets [ 205.223162][ T9488] netlink: 12 bytes leftover after parsing attributes in process `syz.0.952'. [ 206.202216][ T9520] block nbd1: shutting down sockets [ 207.010935][ T8] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 207.151055][ T8] usb 6-1: device descriptor read/64, error -71 [ 207.400921][ T8] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 207.530871][ T8] usb 6-1: device descriptor read/64, error -71 [ 207.641002][ T8] usb usb6-port1: attempt power cycle [ 207.981534][ T8] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 208.001275][ T8] usb 6-1: device descriptor read/8, error -71 [ 208.280947][ T8] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 208.311307][ T8] usb 6-1: device descriptor read/8, error -71 [ 208.390307][ T9560] netlink: 8 bytes leftover after parsing attributes in process `syz.2.980'. [ 208.421091][ T8] usb usb6-port1: unable to enumerate USB device [ 208.755611][ T9557] netlink: 4 bytes leftover after parsing attributes in process `syz.0.972'. [ 209.030135][ T8] IPVS: starting estimator thread 0... [ 209.033923][ T9565] netlink: del zone limit has 4 unknown bytes [ 209.040619][ T9565] tipc: Started in network mode [ 209.042468][ T9565] tipc: Node identity ac1414aa, cluster identity 4711 [ 209.045055][ T9565] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 209.047656][ T9565] tipc: Enabled bearer , priority 10 [ 209.120949][ T9567] IPVS: using max 21 ests per chain, 50400 per kthread [ 209.182146][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 209.330873][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 209.388202][ T9579] input: syz1 as /devices/virtual/input/input14 [ 209.480889][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 209.630853][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 209.638012][ T9582] could not open pipe file descriptor [ 209.680750][ T9586] FAULT_INJECTION: forcing a failure. [ 209.680750][ T9586] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 209.685020][ T9586] CPU: 1 UID: 0 PID: 9586 Comm: syz.0.978 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 209.685043][ T9586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 209.685049][ T9586] Call Trace: [ 209.685053][ T9586] [ 209.685057][ T9586] dump_stack_lvl+0x16c/0x1f0 [ 209.685074][ T9586] should_fail_ex+0x50a/0x650 [ 209.685087][ T9586] _copy_from_user+0x2e/0xd0 [ 209.685099][ T9586] get_compat_msghdr+0xa8/0x170 [ 209.685110][ T9586] ? __pfx_get_compat_msghdr+0x10/0x10 [ 209.685125][ T9586] ___sys_sendmsg+0x1b0/0x1e0 [ 209.685135][ T9586] ? __pfx____sys_sendmsg+0x10/0x10 [ 209.685148][ T9586] ? __pfx_lock_release+0x10/0x10 [ 209.685159][ T9586] ? trace_lock_acquire+0x14e/0x1f0 [ 209.685170][ T9586] ? __fget_files+0x206/0x3a0 [ 209.685183][ T9586] __sys_sendmsg+0x16e/0x220 [ 209.685191][ T9586] ? __pfx___sys_sendmsg+0x10/0x10 [ 209.685207][ T9586] __do_fast_syscall_32+0x73/0x120 [ 209.685221][ T9586] do_fast_syscall_32+0x32/0x80 [ 209.685234][ T9586] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 209.685248][ T9586] RIP: 0023:0xf73fe579 [ 209.685255][ T9586] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 209.685264][ T9586] RSP: 002b:00000000f441d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 209.685272][ T9586] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000000 [ 209.685277][ T9586] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 209.685282][ T9586] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 209.685287][ T9586] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 209.685292][ T9586] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 209.685302][ T9586] [ 209.743178][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.770857][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 209.920861][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 210.072288][ T7414] tipc: Node number set to 2886997162 [ 210.098544][ T9599] netlink: 'syz.2.982': attribute type 1 has an invalid length. [ 210.220911][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 210.490858][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 210.952480][ T9607] block nbd3: shutting down sockets [ 211.274894][ T9620] netlink: 8 bytes leftover after parsing attributes in process `syz.3.986'. [ 212.559818][ T39] audit: type=1326 audit(2000000070.359:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.566448][ T39] audit: type=1326 audit(2000000070.359:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.575292][ T39] audit: type=1326 audit(2000000070.359:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.583053][ T39] audit: type=1326 audit(2000000070.359:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.590368][ T39] audit: type=1326 audit(2000000070.359:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.598155][ T39] audit: type=1326 audit(2000000070.369:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.605138][ T39] audit: type=1326 audit(2000000070.369:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.632597][ T39] audit: type=1326 audit(2000000070.369:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.667633][ T39] audit: type=1326 audit(2000000070.369:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 212.674106][ T39] audit: type=1326 audit(2000000070.369:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9648 comm="syz.2.998" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7fe8579 code=0x7ffc0000 [ 214.151718][ T9672] net_ratelimit: 3 callbacks suppressed [ 214.151729][ T9672] netlink: del zone limit has 4 unknown bytes [ 214.168937][ T9672] tipc: Started in network mode [ 214.170413][ T9672] tipc: Node identity ac1414aa, cluster identity 4711 [ 214.174750][ T9672] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 214.176906][ T9672] tipc: Enabled bearer , priority 10 [ 214.190853][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 214.201300][ T9662] ALSA: mixer_oss: invalid OSS volume '·' [ 214.310927][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 214.460867][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 214.530913][ T7414] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 214.600874][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 214.682228][ T7414] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 214.684697][ T7414] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.687718][ T7414] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 214.692696][ T7414] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 214.695352][ T7414] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 214.697703][ T7414] usb 7-1: Manufacturer: syz [ 214.699970][ T7414] usb 7-1: config 0 descriptor?? [ 214.710348][ T7414] igorplugusb 7-1:0.0: incorrect number of endpoints [ 214.740883][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 214.880884][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 215.030885][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 215.181748][ T1017] tipc: Node number set to 2886997162 [ 215.230873][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 215.241186][ T8] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 215.370934][ T8] usb 5-1: device descriptor read/64, error -71 [ 215.426922][ T35] usb 7-1: USB disconnect, device number 20 [ 215.530759][ T9692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1008'. [ 215.610866][ T8] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 215.750891][ T8] usb 5-1: device descriptor read/64, error -71 [ 215.861021][ T8] usb usb5-port1: attempt power cycle [ 216.112421][ T9] kernel write not supported for file /video36 (pid: 9 comm: kworker/0:1) [ 216.113487][ T9702] tipc: Enabled bearer , priority 10 [ 216.200897][ T8] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 216.221280][ T8] usb 5-1: device descriptor read/8, error -71 [ 216.460913][ T8] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 216.481328][ T8] usb 5-1: device descriptor read/8, error -71 [ 216.598036][ T8] usb usb5-port1: unable to enumerate USB device [ 216.821893][ T9716] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1017'. [ 217.146907][ T9718] »»»»»» speed is unknown, defaulting to 1000 [ 217.179108][ T9718] »»»»»» speed is unknown, defaulting to 1000 [ 217.242738][ T35] tipc: Node number set to 4278190081 [ 218.230037][ T9728] netlink: 'syz.1.1028': attribute type 1 has an invalid length. [ 218.251167][ T9728] bond0: (slave ip6erspan0): making interface the new active one [ 218.253724][ T9728] bond0: (slave ip6erspan0): Enslaving as an active interface with an up link [ 218.568518][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 218.568529][ T39] audit: type=1326 audit(2000000076.359:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.590497][ T39] audit: type=1326 audit(2000000076.379:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.597210][ T39] audit: type=1326 audit(2000000076.399:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.603305][ T39] audit: type=1326 audit(2000000076.399:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.609521][ T39] audit: type=1326 audit(2000000076.399:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.651196][ T39] audit: type=1326 audit(2000000076.419:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.652996][ T9741] FAULT_INJECTION: forcing a failure. [ 218.652996][ T9741] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.661259][ T39] audit: type=1326 audit(2000000076.459:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.662042][ T9741] CPU: 1 UID: 0 PID: 9741 Comm: syz.1.1022 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 218.662065][ T9741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 218.662071][ T9741] Call Trace: [ 218.662074][ T9741] [ 218.662077][ T9741] dump_stack_lvl+0x16c/0x1f0 [ 218.662095][ T9741] should_fail_ex+0x50a/0x650 [ 218.662107][ T9741] strncpy_from_user+0x3b/0x2d0 [ 218.662118][ T9741] getname_flags.part.0+0x8f/0x550 [ 218.662132][ T9741] getname+0x8d/0xe0 [ 218.662140][ T9741] do_sys_openat2+0x104/0x1e0 [ 218.662151][ T9741] ? __pfx_do_sys_openat2+0x10/0x10 [ 218.662163][ T9741] ? irqentry_exit+0x3b/0x90 [ 218.662175][ T9741] ? lockdep_hardirqs_on+0x7c/0x110 [ 218.662189][ T9741] __ia32_compat_sys_openat+0x16e/0x210 [ 218.662201][ T9741] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 218.662214][ T9741] ? __secure_computing+0x26c/0x3f0 [ 218.662224][ T9741] ? __secure_computing+0x273/0x3f0 [ 218.662233][ T9741] __do_fast_syscall_32+0x73/0x120 [ 218.662248][ T9741] do_fast_syscall_32+0x32/0x80 [ 218.662260][ T9741] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 218.662274][ T9741] RIP: 0023:0xf73fe579 [ 218.662282][ T9741] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 218.662290][ T9741] RSP: 002b:00000000f443e4f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 218.662298][ T9741] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f727522c [ 218.662304][ T9741] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f73ecff4 [ 218.662309][ T9741] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 218.662313][ T9741] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 218.662318][ T9741] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 218.662328][ T9741] [ 218.720518][ T39] audit: type=1326 audit(2000000076.459:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.726599][ T39] audit: type=1326 audit(2000000076.469:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.732609][ T39] audit: type=1326 audit(2000000076.479:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9736 comm="syz.1.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 218.984870][ T9745] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1024'. [ 219.049921][ T9743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1023'. [ 219.240839][ C2] net_ratelimit: 20 callbacks suppressed [ 219.240850][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 219.240875][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 219.390844][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 219.540871][ T8] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 219.670954][ T8] usb 6-1: device descriptor read/64, error -71 [ 219.853461][ T9764] input: syz0 as /devices/virtual/input/input15 [ 219.910876][ T8] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 220.060861][ T8] usb 6-1: device descriptor read/64, error -71 [ 220.170993][ T8] usb usb6-port1: attempt power cycle [ 220.221574][ T9776] overlayfs: missing 'lowerdir' [ 220.270917][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 220.280864][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 220.440848][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 220.510876][ T8] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 220.531234][ T8] usb 6-1: device descriptor read/8, error -71 [ 220.780861][ T8] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 220.801248][ T8] usb 6-1: device descriptor read/8, error -71 [ 220.911918][ T8] usb usb6-port1: unable to enumerate USB device [ 221.310919][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 221.320837][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 221.470923][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 222.350857][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 223.089116][ T9805] program syz.2.1043 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 223.154735][ T9807] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1046'. [ 223.470885][ T35] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 223.600860][ T35] usb 5-1: device descriptor read/64, error -71 [ 223.840863][ T35] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 223.980863][ T35] usb 5-1: device descriptor read/64, error -71 [ 224.090975][ T35] usb usb5-port1: attempt power cycle [ 224.430874][ C2] net_ratelimit: 5 callbacks suppressed [ 224.430891][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 224.440894][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 224.443166][ T35] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 224.472738][ T35] usb 5-1: device descriptor read/8, error -71 [ 224.600849][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 224.700860][ T1970] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 224.710991][ T35] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 224.741234][ T35] usb 5-1: device descriptor read/8, error -71 [ 224.850980][ T35] usb usb5-port1: unable to enumerate USB device [ 224.853061][ T1970] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 224.856228][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 224.858805][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 224.862104][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 224.864742][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 224.867423][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 224.870542][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 224.873295][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 224.875851][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 224.879081][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 224.882241][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 224.884834][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 224.887919][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 224.890611][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 224.893240][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 224.896376][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 224.898994][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 224.901854][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 224.904972][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 224.907559][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 224.910133][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 224.913560][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 224.916156][ T1970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 224.918726][ T1970] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 224.922085][ T1970] usb 7-1: config 0 interface 0 has no altsetting 0 [ 224.925474][ T1970] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 224.928065][ T1970] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 224.930487][ T1970] usb 7-1: Product: syz [ 224.932111][ T1970] usb 7-1: Manufacturer: syz [ 224.933502][ T1970] usb 7-1: SerialNumber: syz [ 224.935807][ T1970] usb 7-1: config 0 descriptor?? [ 224.939087][ T1970] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 225.230880][ T5928] Bluetooth: hci1: command 0x0c1a tx timeout [ 225.470853][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 225.470914][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 225.630902][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 226.510843][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 226.520863][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 226.680858][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 227.161022][ C3] usb 7-1: yurex_control_callback - control failed: -2 [ 227.181329][ T1970] usb 7-1: USB disconnect, device number 21 [ 227.186526][ T1970] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 227.550849][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 227.785561][ T9872] »»»»»» speed is unknown, defaulting to 1000 [ 227.826007][ T9872] »»»»»» speed is unknown, defaulting to 1000 [ 228.150862][ T1485] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 228.311266][ T1485] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 228.314391][ T1485] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.316956][ T1485] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.320054][ T1485] usb 7-1: config 0 interface 0 has no altsetting 0 [ 228.324472][ T1485] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.327112][ T1485] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.330294][ T1485] usb 7-1: config 0 interface 0 has no altsetting 0 [ 228.333166][ T1485] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.336252][ T1485] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.339364][ T1485] usb 7-1: config 0 interface 0 has no altsetting 0 [ 228.342250][ T1485] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.344876][ T1485] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.347979][ T1485] usb 7-1: config 0 interface 0 has no altsetting 0 [ 228.430581][ T1485] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.433588][ T1485] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.436733][ T1485] usb 7-1: config 0 interface 0 has no altsetting 0 [ 228.439488][ T1485] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.442172][ T1485] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.445383][ T1485] usb 7-1: config 0 interface 0 has no altsetting 0 [ 228.447994][ T1485] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.450690][ T1485] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.453892][ T1485] usb 7-1: config 0 interface 0 has no altsetting 0 [ 228.458421][ T1485] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 228.461195][ T1485] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 228.464762][ T1485] usb 7-1: config 0 interface 0 has no altsetting 0 [ 228.469547][ T1485] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 228.472326][ T1485] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 228.474825][ T1485] usb 7-1: Product: syz [ 228.476345][ T1485] usb 7-1: Manufacturer: syz [ 228.478214][ T1485] usb 7-1: SerialNumber: syz [ 228.519555][ T1485] usb 7-1: config 0 descriptor?? [ 228.749881][ T9893] FAULT_INJECTION: forcing a failure. [ 228.749881][ T9893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.753835][ T9893] CPU: 2 UID: 0 PID: 9893 Comm: syz.1.1072 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 228.753856][ T9893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 228.753863][ T9893] Call Trace: [ 228.753866][ T9893] [ 228.753870][ T9893] dump_stack_lvl+0x16c/0x1f0 [ 228.753887][ T9893] should_fail_ex+0x50a/0x650 [ 228.753900][ T9893] _copy_to_user+0x32/0xd0 [ 228.753913][ T9893] simple_read_from_buffer+0xd0/0x160 [ 228.753928][ T9893] proc_fail_nth_read+0x198/0x270 [ 228.753941][ T9893] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.753954][ T9893] ? rw_verify_area+0xcf/0x680 [ 228.753967][ T9893] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.753979][ T9893] vfs_read+0x1df/0xbf0 [ 228.753987][ T9893] ? __fget_files+0x1fc/0x3a0 [ 228.753997][ T9893] ? __pfx___mutex_lock+0x10/0x10 [ 228.754010][ T9893] ? __pfx_vfs_read+0x10/0x10 [ 228.754021][ T9893] ? __fget_files+0x206/0x3a0 [ 228.754033][ T9893] ksys_read+0x12b/0x250 [ 228.754041][ T9893] ? __pfx_ksys_read+0x10/0x10 [ 228.754053][ T9893] __do_fast_syscall_32+0x73/0x120 [ 228.754067][ T9893] do_fast_syscall_32+0x32/0x80 [ 228.754080][ T9893] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 228.754094][ T9893] RIP: 0023:0xf73fe579 [ 228.754101][ T9893] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 228.754110][ T9893] RSP: 002b:00000000f445f590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 228.754118][ T9893] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f445f620 [ 228.754124][ T9893] RDX: 000000000000000f RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 228.754129][ T9893] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 228.754133][ T9893] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 228.754138][ T9893] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 228.754149][ T9893] [ 228.871526][ T9892] program syz.0.1073 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 228.996475][ T1485] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 229.003403][ T9897] FAULT_INJECTION: forcing a failure. [ 229.003403][ T9897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 229.007148][ T9897] CPU: 2 UID: 0 PID: 9897 Comm: syz.1.1074 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 229.007159][ T9897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 229.007165][ T9897] Call Trace: [ 229.007168][ T9897] [ 229.007171][ T9897] dump_stack_lvl+0x16c/0x1f0 [ 229.007187][ T9897] should_fail_ex+0x50a/0x650 [ 229.007201][ T9897] _copy_to_user+0x32/0xd0 [ 229.007214][ T9897] simple_read_from_buffer+0xd0/0x160 [ 229.007229][ T9897] proc_fail_nth_read+0x198/0x270 [ 229.007241][ T9897] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 229.007254][ T9897] ? rw_verify_area+0xcf/0x680 [ 229.007267][ T9897] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 229.007278][ T9897] vfs_read+0x1df/0xbf0 [ 229.007287][ T9897] ? __fget_files+0x1fc/0x3a0 [ 229.007296][ T9897] ? __pfx___mutex_lock+0x10/0x10 [ 229.007309][ T9897] ? __pfx_vfs_read+0x10/0x10 [ 229.007320][ T9897] ? __fget_files+0x206/0x3a0 [ 229.007332][ T9897] ksys_read+0x12b/0x250 [ 229.007340][ T9897] ? __pfx_ksys_read+0x10/0x10 [ 229.007352][ T9897] __do_fast_syscall_32+0x73/0x120 [ 229.007365][ T9897] do_fast_syscall_32+0x32/0x80 [ 229.007378][ T9897] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 229.007392][ T9897] RIP: 0023:0xf73fe579 [ 229.007399][ T9897] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 229.007407][ T9897] RSP: 002b:00000000f4480590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 229.007415][ T9897] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f4480620 [ 229.007420][ T9897] RDX: 000000000000000f RSI: 00000000f73ecff4 RDI: 0000000000000000 [ 229.007425][ T9897] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 229.007430][ T9897] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 229.007435][ T9897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 229.007445][ T9897] [ 229.121659][ T6594] usb 7-1: USB disconnect, device number 22 [ 229.127419][ T6594] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 229.630849][ C3] net_ratelimit: 5 callbacks suppressed [ 229.630861][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 229.630869][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 229.790874][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 230.670868][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 230.670900][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 230.807529][ T9931] program syz.1.1086 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.830899][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 230.857613][ T9932] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1090'. [ 230.990895][ T5928] Bluetooth: hci3: command 0x0c1a tx timeout [ 231.710854][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 231.710900][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 231.880907][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 232.366793][ T9970] FAULT_INJECTION: forcing a failure. [ 232.366793][ T9970] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 232.370606][ T9970] CPU: 3 UID: 0 PID: 9970 Comm: syz.3.1100 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 232.370618][ T9970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 232.370624][ T9970] Call Trace: [ 232.370627][ T9970] [ 232.370631][ T9970] dump_stack_lvl+0x16c/0x1f0 [ 232.370648][ T9970] should_fail_ex+0x50a/0x650 [ 232.370660][ T9970] _copy_to_user+0x32/0xd0 [ 232.370674][ T9970] simple_read_from_buffer+0xd0/0x160 [ 232.370689][ T9970] proc_fail_nth_read+0x198/0x270 [ 232.370702][ T9970] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 232.370715][ T9970] ? rw_verify_area+0xcf/0x680 [ 232.370727][ T9970] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 232.370739][ T9970] vfs_read+0x1df/0xbf0 [ 232.370747][ T9970] ? __fget_files+0x1fc/0x3a0 [ 232.370757][ T9970] ? __pfx___mutex_lock+0x10/0x10 [ 232.370769][ T9970] ? __pfx_vfs_read+0x10/0x10 [ 232.370792][ T9970] ? __fget_files+0x206/0x3a0 [ 232.370805][ T9970] ksys_read+0x12b/0x250 [ 232.370813][ T9970] ? __pfx_ksys_read+0x10/0x10 [ 232.370825][ T9970] __do_fast_syscall_32+0x73/0x120 [ 232.370840][ T9970] do_fast_syscall_32+0x32/0x80 [ 232.370852][ T9970] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 232.370867][ T9970] RIP: 0023:0xf7f52579 [ 232.370874][ T9970] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 232.370882][ T9970] RSP: 002b:00000000f4470590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 232.370890][ T9970] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f4470620 [ 232.370896][ T9970] RDX: 000000000000000f RSI: 00000000f73dcff4 RDI: 0000000000000000 [ 232.370901][ T9970] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 232.370905][ T9970] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 232.370910][ T9970] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 232.370920][ T9970] [ 232.404337][ T5928] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 232.404539][ C3] vkms_vblank_simulate: vblank timer overrun [ 232.429948][ C3] vkms_vblank_simulate: vblank timer overrun [ 232.431701][ C3] hrtimer: interrupt took 60760260 ns [ 232.492547][ C3] vkms_vblank_simulate: vblank timer overrun [ 232.541823][ T9974] fuse: Bad value for 'fd' [ 232.543895][ T39] kauditd_printk_skb: 3 callbacks suppressed [ 232.543903][ T39] audit: type=1326 audit(2000000001.829:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9971 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 232.553892][ T9985] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 232.558752][ T39] audit: type=1326 audit(2000000001.829:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9971 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 232.570854][ T39] audit: type=1326 audit(2000000001.829:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9971 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=27 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 232.576969][ T39] audit: type=1326 audit(2000000001.829:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9971 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 232.583247][ T9986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1104'. [ 232.586596][ T39] audit: type=1326 audit(2000000001.829:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9971 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 232.593002][ T39] audit: type=1326 audit(2000000001.829:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9971 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 232.750899][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 232.846422][ T39] audit: type=1326 audit(2000000002.129:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9971 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 232.852952][ T39] audit: type=1326 audit(2000000002.129:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9971 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 232.910982][ T5928] Bluetooth: hci0: command 0x0c1a tx timeout [ 232.950904][ T9996] FAULT_INJECTION: forcing a failure. [ 232.950904][ T9996] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 232.954567][ T9996] CPU: 1 UID: 0 PID: 9996 Comm: syz.3.1107 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 232.954578][ T9996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 232.954593][ T9996] Call Trace: [ 232.954598][ T9996] [ 232.954602][ T9996] dump_stack_lvl+0x16c/0x1f0 [ 232.954618][ T9996] should_fail_ex+0x50a/0x650 [ 232.954632][ T9996] _copy_from_user+0x2e/0xd0 [ 232.954645][ T9996] get_compat_msghdr+0xa8/0x170 [ 232.954657][ T9996] ? __pfx_get_compat_msghdr+0x10/0x10 [ 232.954671][ T9996] ___sys_recvmsg+0x193/0x1a0 [ 232.954681][ T9996] ? __pfx____sys_recvmsg+0x10/0x10 [ 232.954689][ T9996] ? __fget_files+0x1fc/0x3a0 [ 232.954699][ T9996] ? trace_lock_acquire+0x14e/0x1f0 [ 232.954711][ T9996] ? __fget_files+0x206/0x3a0 [ 232.954720][ T9996] ? __pfx___might_resched+0x10/0x10 [ 232.954733][ T9996] do_recvmmsg+0x55d/0x740 [ 232.954743][ T9996] ? __pfx_do_recvmmsg+0x10/0x10 [ 232.954752][ T9996] ? vfs_write+0x306/0x1150 [ 232.954767][ T9996] ? __fget_files+0x206/0x3a0 [ 232.954777][ T9996] __sys_recvmmsg+0x21e/0x280 [ 232.954786][ T9996] ? __pfx___sys_recvmmsg+0x10/0x10 [ 232.954795][ T9996] ? __pfx_ksys_write+0x10/0x10 [ 232.954805][ T9996] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 232.954816][ T9996] ? lockdep_hardirqs_on+0x7c/0x110 [ 232.954829][ T9996] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 232.954842][ T9996] __do_fast_syscall_32+0x73/0x120 [ 232.954856][ T9996] do_fast_syscall_32+0x32/0x80 [ 232.954868][ T9996] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 232.954882][ T9996] RIP: 0023:0xf7f52579 [ 232.954890][ T9996] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 232.954898][ T9996] RSP: 002b:00000000f447055c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 232.954907][ T9996] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000600 [ 232.954912][ T9996] RDX: 00000000cb88ff8b RSI: 0000000000000002 RDI: 0000000000000000 [ 232.954917][ T9996] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 232.954922][ T9996] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 232.954927][ T9996] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 232.954937][ T9996] [ 233.373887][T10002] random: crng reseeded on system resumption [ 233.384072][T10002] »»»»»» speed is unknown, defaulting to 1000 [ 233.415673][T10002] »»»»»» speed is unknown, defaulting to 1000 [ 233.431428][T10002] ebtables: wrong size: *len 120, entries_size 48, replsz 48 [ 233.827170][T10020] sctp: [Deprecated]: syz.1.1113 (pid 10020) Use of struct sctp_assoc_value in delayed_ack socket option. [ 233.827170][T10020] Use struct sctp_sack_info instead [ 233.886376][T10021] syz.1.1113: attempt to access beyond end of device [ 233.886376][T10021] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 233.891923][T10020] nbd1: detected capacity change from 0 to 67108884 [ 233.895735][T10021] block nbd1: Send control failed (result -89) [ 233.899475][T10021] block nbd1: Request send failed, requeueing [ 233.903517][ T5928] block nbd1: Receive control failed (result -32) [ 233.904362][ T122] block nbd1: Dead connection, failed to find a fallback [ 233.908893][ T122] block nbd1: shutting down sockets [ 233.910768][ T122] I/O error, dev nbd1, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.914780][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 233.918592][T10021] I/O error, dev nbd1, sector 67108882 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.922315][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554441, location=33554441 [ 233.925735][T10021] I/O error, dev nbd1, sector 67108370 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.928642][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554185, location=33554185 [ 233.932077][T10021] I/O error, dev nbd1, sector 67108880 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.935207][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554440, location=33554440 [ 233.938560][T10021] I/O error, dev nbd1, sector 67108368 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.941743][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554184, location=33554184 [ 233.946060][T10021] I/O error, dev nbd1, sector 67108878 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.950064][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554439, location=33554439 [ 233.954506][T10021] I/O error, dev nbd1, sector 67108366 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.957608][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554183, location=33554183 [ 233.986469][T10021] I/O error, dev nbd1, sector 67108582 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.989409][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554291, location=33554291 [ 233.992937][T10021] I/O error, dev nbd1, sector 67108070 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 233.995861][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554035, location=33554035 [ 233.999423][T10021] I/O error, dev nbd1, sector 67108578 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 234.002932][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554289, location=33554289 [ 234.006033][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=33554033, location=33554033 [ 234.010581][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 234.014580][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 234.017468][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16777220, location=16777220 [ 234.020681][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16776964, location=16776964 [ 234.024137][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16777219, location=16777219 [ 234.027161][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16776963, location=16776963 [ 234.030395][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16777218, location=16777218 [ 234.034228][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16776962, location=16776962 [ 234.036604][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.037832][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16777070, location=16777070 [ 234.037918][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16776814, location=16776814 [ 234.037984][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16777068, location=16777068 [ 234.038050][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16776812, location=16776812 [ 234.038123][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 234.059423][ T8956] Buffer I/O error on dev nbd1, logical block 1, async page read [ 234.071982][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 234.075910][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.078324][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.080672][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.084767][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.085172][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388609, location=8388609 [ 234.087128][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.091536][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388353, location=8388353 [ 234.092977][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.095710][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388608, location=8388608 [ 234.097908][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.103345][ T8956] ldm_validate_partition_table(): Disk read failed. [ 234.105054][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388352, location=8388352 [ 234.105809][ T8956] Buffer I/O error on dev nbd1, logical block 0, async page read [ 234.108972][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388607, location=8388607 [ 234.111380][ T8956] Dev nbd1: unable to read RDB block 0 [ 234.116836][ T8956] nbd1: unable to read partition table [ 234.119618][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388351, location=8388351 [ 234.123415][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388459, location=8388459 [ 234.126391][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388203, location=8388203 [ 234.129339][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388457, location=8388457 [ 234.132597][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=8388201, location=8388201 [ 234.134388][ T8956] ldm_validate_partition_table(): Disk read failed. [ 234.135568][T10021] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 234.137846][ T8956] Dev nbd1: unable to read RDB block 0 [ 234.140170][T10021] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 234.144515][ T8956] nbd1: unable to read partition table [ 234.457388][T10041] hub 9-0:1.0: USB hub found [ 234.461350][T10041] hub 9-0:1.0: 1 port detected [ 234.464805][T10041] netlink: 'syz.0.1119': attribute type 1 has an invalid length. [ 234.467051][T10041] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1119'. [ 234.527882][T10045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1120'. [ 234.657532][T10042] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 234.664239][T10042] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 234.699036][T10042] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 234.701232][T10042] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 234.830927][ C2] net_ratelimit: 6 callbacks suppressed [ 234.830938][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 234.840876][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 235.000906][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 235.100859][ T7414] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 235.261644][ T7414] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 235.264618][ T7414] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 235.267146][ T7414] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 235.270254][ T7414] usb 6-1: config 0 interface 0 has no altsetting 0 [ 235.272947][ T7414] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 235.275510][ T7414] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 235.278632][ T7414] usb 6-1: config 0 interface 0 has no altsetting 0 [ 235.281274][ T7414] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 235.283826][ T7414] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 235.286904][ T7414] usb 6-1: config 0 interface 0 has no altsetting 0 [ 235.289533][ T7414] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 235.292584][ T7414] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 235.295926][ T7414] usb 6-1: config 0 interface 0 has no altsetting 0 [ 235.298758][ T7414] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 235.301645][ T7414] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 235.304720][ T7414] usb 6-1: config 0 interface 0 has no altsetting 0 [ 235.307320][ T7414] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 235.309944][ T7414] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 235.313157][ T7414] usb 6-1: config 0 interface 0 has no altsetting 0 [ 235.316921][ T7414] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 235.319492][ T7414] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 235.322671][ T7414] usb 6-1: config 0 interface 0 has no altsetting 0 [ 235.325249][ T7414] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 235.327791][ T7414] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 235.330936][ T7414] usb 6-1: config 0 interface 0 has no altsetting 0 [ 235.334220][ T7414] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 235.336843][ T7414] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 235.339244][ T7414] usb 6-1: Product: syz [ 235.340467][ T7414] usb 6-1: Manufacturer: syz [ 235.341899][ T7414] usb 6-1: SerialNumber: syz [ 235.344071][ T7414] usb 6-1: config 0 descriptor?? [ 235.347506][ T7414] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 235.870875][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 235.880840][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 236.030835][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 236.590882][ T5928] Bluetooth: hci0: command 0x0c1a tx timeout [ 236.725961][T10090] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1130'. [ 236.750925][ T5305] Bluetooth: hci1: command 0x0c1a tx timeout [ 236.752991][ T65] Bluetooth: hci2: command 0x0c1a tx timeout [ 236.754817][ T5928] Bluetooth: hci3: command 0x0c1a tx timeout [ 236.910848][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 237.070879][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 237.550905][ C1] usb 6-1: yurex_control_callback - control failed: -2 [ 237.563402][ T1970] usb 6-1: USB disconnect, device number 44 [ 237.565924][ T1970] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 237.680924][ T6594] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 237.831461][ T6594] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 237.835442][ T6594] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.839572][ T6594] usb 7-1: config 0 has no interfaces? [ 237.849573][ T6594] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.853775][ T6594] usb 7-1: config 0 has no interfaces? [ 237.856826][ T6594] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.860932][ T6594] usb 7-1: config 0 has no interfaces? [ 237.868663][ T6594] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.872719][ T6594] usb 7-1: config 0 has no interfaces? [ 237.875792][ T6594] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.879898][ T6594] usb 7-1: config 0 has no interfaces? [ 237.882918][ T6594] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.908893][ T6594] usb 7-1: config 0 has no interfaces? [ 237.911515][ T6594] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.914489][ T6594] usb 7-1: config 0 has no interfaces? [ 237.916804][ T6594] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.919827][ T6594] usb 7-1: config 0 has no interfaces? [ 237.923320][ T6594] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 237.926003][ T6594] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 237.928443][ T6594] usb 7-1: Product: syz [ 237.929735][ T6594] usb 7-1: Manufacturer: syz [ 237.931264][ T6594] usb 7-1: SerialNumber: syz [ 237.933984][ T6594] usb 7-1: config 0 descriptor?? [ 237.950864][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 237.950866][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 238.153505][ T1970] usb 7-1: USB disconnect, device number 23 [ 238.242829][T10107] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 238.244771][T10107] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 238.248381][T10107] vhci_hcd vhci_hcd.0: Device attached [ 238.252526][ T65] Bluetooth: hci0: unexpected event 0x03 length: 17 > 11 [ 238.257991][T10108] vhci_hcd: connection closed [ 238.258480][ T6217] vhci_hcd: stop threads [ 238.261887][ T6217] vhci_hcd: release socket [ 238.263662][ T6217] vhci_hcd: disconnect device [ 238.619871][T10113] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 238.831012][ T5305] Bluetooth: hci1: command 0x0c1a tx timeout [ 238.833512][ T5928] Bluetooth: hci3: command 0x0c1a tx timeout [ 238.935640][T10117] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 238.938612][T10117] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 238.941810][T10117] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 238.943607][T10117] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 239.214482][T10128] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1143'. [ 240.040847][ C2] net_ratelimit: 4 callbacks suppressed [ 240.040859][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 240.210857][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 240.910901][ T65] Bluetooth: hci0: command 0x0c1a tx timeout [ 240.990877][ T65] Bluetooth: hci1: command 0x0c1a tx timeout [ 240.990904][ T5928] Bluetooth: hci2: command 0x0c1a tx timeout [ 241.000876][ T5928] Bluetooth: hci3: command 0x0c1a tx timeout [ 241.070869][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 241.073127][ T1970] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 241.221370][ T1970] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 241.224491][ T1970] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 241.227065][ T1970] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 241.230230][ T1970] usb 6-1: config 0 interface 0 has no altsetting 0 [ 241.233153][ T1970] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 241.235705][ T1970] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 241.238780][ T1970] usb 6-1: config 0 interface 0 has no altsetting 0 [ 241.240855][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 241.241536][ T1970] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 241.245483][ T1970] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 241.248637][ T1970] usb 6-1: config 0 interface 0 has no altsetting 0 [ 241.251943][ T1970] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 241.254588][ T1970] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 241.257686][ T1970] usb 6-1: config 0 interface 0 has no altsetting 0 [ 241.260432][ T1970] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 241.263190][ T1970] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 241.266439][ T1970] usb 6-1: config 0 interface 0 has no altsetting 0 [ 241.269191][ T1970] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 241.271997][ T1970] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 241.275134][ T1970] usb 6-1: config 0 interface 0 has no altsetting 0 [ 241.277747][ T1970] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 241.280396][ T1970] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 241.283612][ T1970] usb 6-1: config 0 interface 0 has no altsetting 0 [ 241.287058][ T1970] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 241.289601][ T1970] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 241.292808][ T1970] usb 6-1: config 0 interface 0 has no altsetting 0 [ 241.297560][ T1970] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 241.300209][ T1970] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 241.302997][ T1970] usb 6-1: Product: syz [ 241.304274][ T1970] usb 6-1: Manufacturer: syz [ 241.305662][ T1970] usb 6-1: SerialNumber: syz [ 241.307903][ T1970] usb 6-1: config 0 descriptor?? [ 241.311475][ T1970] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 241.682716][T10161] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 241.684845][T10161] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 241.686775][T10161] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 241.689923][T10161] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 242.110855][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 242.113191][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 242.270855][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 243.150853][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 243.153036][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 243.310857][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 243.550907][ C3] usb 6-1: yurex_control_callback - control failed: -2 [ 243.571205][ T6594] usb 6-1: USB disconnect, device number 45 [ 243.573904][ T6594] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 243.631557][ T5928] Bluetooth: hci0: command 0x0c1a tx timeout [ 243.711047][ T65] Bluetooth: hci1: command 0x0c1a tx timeout [ 243.712872][ T5928] Bluetooth: hci2: command 0x0c1a tx timeout [ 243.720902][ T5928] Bluetooth: hci3: command 0x0c1a tx timeout [ 244.351918][T10182] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1156'. [ 244.561652][T10185] vxlan0: entered promiscuous mode [ 244.563226][T10185] vxlan0: entered allmulticast mode [ 244.642322][T10187] netlink: 'syz.0.1158': attribute type 1 has an invalid length. [ 244.644591][T10187] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1158'. [ 244.672570][ T39] audit: type=1800 audit(2000000013.959:87): pid=10189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1159" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 244.824165][T10200] nbd: must specify an index to disconnect [ 245.230875][ C3] net_ratelimit: 3 callbacks suppressed [ 245.230893][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 245.230953][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 245.390918][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 245.566286][ T5928] block nbd0: Receive control failed (result -32) [ 245.571282][T10196] block nbd0: shutting down sockets [ 245.891393][ T7414] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 246.041507][ T7414] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 246.045588][ T7414] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.048255][ T7414] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 246.051599][ T7414] usb 7-1: config 0 interface 0 has no altsetting 0 [ 246.057381][ T7414] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.059999][ T7414] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 246.063476][ T7414] usb 7-1: config 0 interface 0 has no altsetting 0 [ 246.066708][ T7414] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.069369][ T7414] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 246.073073][ T7414] usb 7-1: config 0 interface 0 has no altsetting 0 [ 246.077481][ T7414] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.080098][ T7414] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 246.083850][ T7414] usb 7-1: config 0 interface 0 has no altsetting 0 [ 246.087356][ T7414] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.089963][ T7414] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 246.093224][ T7414] usb 7-1: config 0 interface 0 has no altsetting 0 [ 246.098640][ T7414] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.101534][ T7414] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 246.104684][ T7414] usb 7-1: config 0 interface 0 has no altsetting 0 [ 246.107967][ T7414] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.110579][ T7414] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 246.114258][ T7414] usb 7-1: config 0 interface 0 has no altsetting 0 [ 246.117673][ T7414] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.120305][ T7414] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 246.123831][ T7414] usb 7-1: config 0 interface 0 has no altsetting 0 [ 246.128591][ T7414] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 246.131359][ T7414] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 246.133779][ T7414] usb 7-1: Product: syz [ 246.135036][ T7414] usb 7-1: Manufacturer: syz [ 246.136426][ T7414] usb 7-1: SerialNumber: syz [ 246.143669][ T7414] usb 7-1: config 0 descriptor?? [ 246.153610][ T7414] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 246.270860][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 246.270872][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 246.350874][ T5928] Bluetooth: hci2: command 0x0c1a tx timeout [ 246.430841][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 246.607455][T10224] netlink: 'syz.3.1172': attribute type 1 has an invalid length. [ 246.609852][T10224] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1172'. [ 246.707438][T10229] vxlan0: entered promiscuous mode [ 246.709485][T10229] vxlan0: entered allmulticast mode [ 246.780902][ T1970] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 246.812906][ T39] audit: type=1800 audit(2000000016.099:88): pid=10231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1174" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 246.899850][T10235] netlink: 'syz.3.1177': attribute type 10 has an invalid length. [ 246.943772][ T1970] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 246.947149][ T1970] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.951371][ T1970] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 246.957306][ T1970] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 246.960889][ T1970] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 246.963212][ T1970] usb 5-1: Manufacturer: syz [ 246.965372][ T1970] usb 5-1: config 0 descriptor?? [ 246.968559][ T1970] igorplugusb 5-1:0.0: incorrect number of endpoints [ 247.070963][T10237] loop7: detected capacity change from 0 to 16383 [ 247.310828][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 247.310847][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 247.470950][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 247.688135][ T7414] usb 5-1: USB disconnect, device number 45 [ 248.350842][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 248.431042][ C1] usb 7-1: yurex_control_callback - control failed: -2 [ 248.454464][ T6594] usb 7-1: USB disconnect, device number 24 [ 248.459400][ T6594] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 248.783017][ T39] audit: type=1804 audit(2000000018.069:89): pid=10259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1184" name="/newroot/291/file0" dev="fuse" ino=1 res=1 errno=0 [ 249.610948][ T8] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 249.762179][ T8] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 249.764668][ T8] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.767625][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 249.772373][ T8] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 249.775034][ T8] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 249.777570][ T8] usb 7-1: Manufacturer: syz [ 249.781123][ T8] usb 7-1: config 0 descriptor?? [ 249.785035][ T8] igorplugusb 7-1:0.0: incorrect number of endpoints [ 250.025875][T10282] fuse: Unknown parameter 'roode' [ 250.031495][ T5928] Bluetooth: hci0: unexpected event for opcode 0x0000 [ 250.430906][ C3] net_ratelimit: 6 callbacks suppressed [ 250.430923][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 250.430965][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 250.499609][ T1485] usb 7-1: USB disconnect, device number 25 [ 250.590853][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 250.886940][T10293] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1202'. [ 250.952976][T10292] vxlan0: entered promiscuous mode [ 250.954530][T10292] vxlan0: entered allmulticast mode [ 251.002689][T10296] vxlan0: entered promiscuous mode [ 251.004210][T10296] vxlan0: entered allmulticast mode [ 251.063940][ T39] audit: type=1800 audit(2000000020.349:90): pid=10292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1194" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0 [ 251.144504][T10304] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1197'. [ 251.470916][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 251.480893][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 251.630849][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 251.870760][T10322] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1206'. [ 252.010623][T10329] vxlan0: entered promiscuous mode [ 252.012282][T10329] vxlan0: entered allmulticast mode [ 252.134175][ T39] audit: type=1800 audit(2000000021.419:91): pid=10337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1212" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 252.150382][T10334] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1211'. [ 252.194631][T10342] FAULT_INJECTION: forcing a failure. [ 252.194631][T10342] name failslab, interval 1, probability 0, space 0, times 0 [ 252.198406][T10342] CPU: 3 UID: 0 PID: 10342 Comm: syz.0.1214 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 252.198418][T10342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 252.198424][T10342] Call Trace: [ 252.198427][T10342] [ 252.198431][T10342] dump_stack_lvl+0x16c/0x1f0 [ 252.198448][T10342] should_fail_ex+0x50a/0x650 [ 252.198459][T10342] ? fs_reclaim_acquire+0xae/0x150 [ 252.198474][T10342] should_failslab+0xc2/0x120 [ 252.198485][T10342] __kmalloc_noprof+0xce/0x4f0 [ 252.198495][T10342] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 252.198506][T10342] ? tomoyo_realpath_from_path+0xbf/0x710 [ 252.198519][T10342] tomoyo_realpath_from_path+0xbf/0x710 [ 252.198530][T10342] ? tomoyo_path_number_perm+0x235/0x5b0 [ 252.198540][T10342] tomoyo_path_number_perm+0x248/0x5b0 [ 252.198548][T10342] ? tomoyo_path_number_perm+0x235/0x5b0 [ 252.198557][T10342] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 252.198577][T10342] ? __pfx_lock_release+0x10/0x10 [ 252.198586][T10342] ? trace_lock_acquire+0x14e/0x1f0 [ 252.198595][T10342] ? lock_acquire+0x2f/0xb0 [ 252.198604][T10342] ? __fget_files+0x40/0x3a0 [ 252.198615][T10342] ? __fget_files+0x206/0x3a0 [ 252.198625][T10342] security_file_ioctl_compat+0x9b/0x240 [ 252.198636][T10342] __do_compat_sys_ioctl+0x4e/0x2c0 [ 252.198650][T10342] __do_fast_syscall_32+0x73/0x120 [ 252.198664][T10342] do_fast_syscall_32+0x32/0x80 [ 252.198677][T10342] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.198691][T10342] RIP: 0023:0xf73fe579 [ 252.198698][T10342] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 252.198707][T10342] RSP: 002b:00000000f448055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 252.198715][T10342] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0945662 [ 252.198720][T10342] RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000000 [ 252.198725][T10342] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 252.198730][T10342] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 252.198735][T10342] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 252.198745][T10342] [ 252.198749][T10342] ERROR: Out of memory at tomoyo_realpath_from_path. [ 252.331096][T10349] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1217'. [ 252.486467][T10356] vxlan0: entered promiscuous mode [ 252.488026][T10356] vxlan0: entered allmulticast mode [ 252.510857][ C2] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 252.510901][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 252.670852][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 252.744673][ T39] audit: type=1800 audit(2000000022.029:92): pid=10363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1222" name="SYSV00000000" dev="hugetlbfs" ino=5 res=0 errno=0 [ 252.940146][T10373] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1227'. [ 253.179907][T10379] can0: slcan on ttyS3. [ 253.244254][T10384] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1228'. [ 253.246234][ T39] audit: type=1800 audit(2000000022.529:93): pid=10386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1231" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 253.476501][T10406] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1236'. [ 253.550846][ C3] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 253.792778][ T39] audit: type=1800 audit(2000000023.079:94): pid=10423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1242" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 253.860898][ T1970] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 253.931098][T10374] can0 (unregistered): slcan off ttyS3. [ 254.022014][ T1970] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 254.024452][ T1970] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 254.027284][ T1970] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 254.033046][ T5928] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 254.035559][ T5928] Bluetooth: hci0: Injecting HCI hardware error event [ 254.038198][ T5928] Bluetooth: hci0: hardware error 0x00 [ 254.043179][ T1970] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 254.045795][ T1970] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 254.048085][ T1970] usb 5-1: Manufacturer: syz [ 254.050591][ T1970] usb 5-1: config 0 descriptor?? [ 254.053457][ T1970] igorplugusb 5-1:0.0: incorrect number of endpoints [ 254.412803][T10458] netlink: 'syz.2.1253': attribute type 4 has an invalid length. [ 254.414989][T10458] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1253'. [ 254.766776][ T1970] usb 5-1: USB disconnect, device number 46 [ 254.961930][T10490] vxlan0: entered promiscuous mode [ 254.963584][T10490] vxlan0: entered allmulticast mode [ 255.074874][ T1411] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.076709][ T1411] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.093555][ T39] audit: type=1800 audit(2000000024.359:95): pid=10490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1258" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 255.260174][ T1411] ================================================================== [ 255.262507][ T1411] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 255.264657][ T1411] Read of size 8 at addr ffff888013693020 by task aoe_tx0/1411 [ 255.267688][ T1411] [ 255.269086][ T1411] CPU: 2 UID: 0 PID: 1411 Comm: aoe_tx0 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 255.269097][ T1411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 255.269103][ T1411] Call Trace: [ 255.269106][ T1411] [ 255.269110][ T1411] dump_stack_lvl+0x116/0x1f0 [ 255.269126][ T1411] print_report+0xc3/0x620 [ 255.269136][ T1411] ? __virt_addr_valid+0x5e/0x590 [ 255.269145][ T1411] ? __phys_addr+0xc6/0x150 [ 255.269153][ T1411] kasan_report+0xd9/0x110 [ 255.269163][ T1411] ? tty_write_room+0x7d/0x90 [ 255.269173][ T1411] ? tty_write_room+0x7d/0x90 [ 255.269183][ T1411] tty_write_room+0x7d/0x90 [ 255.269192][ T1411] handle_tx+0x151/0x630 [ 255.269204][ T1411] dev_hard_start_xmit+0x9a/0x7b0 [ 255.269218][ T1411] __dev_queue_xmit+0x7f0/0x43e0 [ 255.269231][ T1411] ? __pfx___dev_queue_xmit+0x10/0x10 [ 255.269241][ T1411] ? __pfx___lock_acquire+0x10/0x10 [ 255.269252][ T1411] ? __pfx___lock_acquire+0x10/0x10 [ 255.269263][ T1411] ? lock_acquire.part.0+0x11b/0x380 [ 255.269272][ T1411] ? find_held_lock+0x2d/0x110 [ 255.269286][ T1411] ? find_held_lock+0x2d/0x110 [ 255.269299][ T1411] ? tx+0xa8/0x190 [ 255.269308][ T1411] ? __pfx_lock_release+0x10/0x10 [ 255.269318][ T1411] ? lock_acquire+0x2f/0xb0 [ 255.269329][ T1411] tx+0xcc/0x190 [ 255.269339][ T1411] ? __pfx_tx+0x10/0x10 [ 255.269347][ T1411] kthread+0x1e7/0x3c0 [ 255.269356][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.269364][ T1411] ? __pfx_default_wake_function+0x10/0x10 [ 255.269375][ T1411] ? lockdep_hardirqs_on+0x7c/0x110 [ 255.269387][ T1411] ? __kthread_parkme+0x148/0x220 [ 255.269400][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.269408][ T1411] kthread+0x3af/0x750 [ 255.269416][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.269425][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.269433][ T1411] ret_from_fork+0x45/0x80 [ 255.269444][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.269452][ T1411] ret_from_fork_asm+0x1a/0x30 [ 255.269464][ T1411] [ 255.269467][ T1411] [ 255.324737][ T1411] Allocated by task 10462: [ 255.326023][ T1411] kasan_save_stack+0x33/0x60 [ 255.327380][ T1411] kasan_save_track+0x14/0x30 [ 255.328759][ T1411] __kasan_kmalloc+0xaa/0xb0 [ 255.330095][ T1411] alloc_tty_struct+0x98/0x8d0 [ 255.331480][ T1411] tty_init_dev.part.0+0x1e/0x660 [ 255.332937][ T1411] tty_open+0xac1/0xf80 [ 255.334153][ T1411] chrdev_open+0x237/0x6a0 [ 255.335449][ T1411] do_dentry_open+0x735/0x1c40 [ 255.336833][ T1411] vfs_open+0x82/0x3f0 [ 255.338172][ T1411] path_openat+0x1e88/0x2d80 [ 255.339534][ T1411] do_filp_open+0x20c/0x470 [ 255.340878][ T1411] do_sys_openat2+0x17a/0x1e0 [ 255.342249][ T1411] __ia32_compat_sys_openat+0x16e/0x210 [ 255.343862][ T1411] __do_fast_syscall_32+0x73/0x120 [ 255.345356][ T1411] do_fast_syscall_32+0x32/0x80 [ 255.346777][ T1411] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 255.348616][ T1411] [ 255.349325][ T1411] Freed by task 7414: [ 255.350486][ T1411] kasan_save_stack+0x33/0x60 [ 255.351852][ T1411] kasan_save_track+0x14/0x30 [ 255.353246][ T1411] kasan_save_free_info+0x3b/0x60 [ 255.354705][ T1411] __kasan_slab_free+0x51/0x70 [ 255.356106][ T1411] kfree+0x2c4/0x4d0 [ 255.357255][ T1411] process_one_work+0x958/0x1b30 [ 255.358708][ T1411] worker_thread+0x6c8/0xf00 [ 255.360059][ T1411] kthread+0x3af/0x750 [ 255.361246][ T1411] ret_from_fork+0x45/0x80 [ 255.362538][ T1411] ret_from_fork_asm+0x1a/0x30 [ 255.363925][ T1411] [ 255.364648][ T1411] Last potentially related work creation: [ 255.366278][ T1411] kasan_save_stack+0x33/0x60 [ 255.367642][ T1411] kasan_record_aux_stack+0xb8/0xd0 [ 255.369167][ T1411] insert_work+0x36/0x230 [ 255.370427][ T1411] __queue_work+0x97e/0x1080 [ 255.371766][ T1411] queue_work_on+0x11a/0x140 [ 255.373129][ T1411] release_tty+0x4de/0x5d0 [ 255.374437][ T1411] tty_release_struct+0xb7/0xe0 [ 255.375846][ T1411] tty_release+0xe25/0x1410 [ 255.377198][ T1411] __fput+0x3ff/0xb70 [ 255.378391][ T1411] task_work_run+0x14e/0x250 [ 255.379754][ T1411] syscall_exit_to_user_mode+0x27b/0x2a0 [ 255.381384][ T1411] __do_fast_syscall_32+0x80/0x120 [ 255.382862][ T1411] do_fast_syscall_32+0x32/0x80 [ 255.384294][ T1411] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 255.386121][ T1411] [ 255.386826][ T1411] The buggy address belongs to the object at ffff888013693000 [ 255.386826][ T1411] which belongs to the cache kmalloc-cg-2k of size 2048 [ 255.390861][ T1411] The buggy address is located 32 bytes inside of [ 255.390861][ T1411] freed 2048-byte region [ffff888013693000, ffff888013693800) [ 255.394720][ T1411] [ 255.395429][ T1411] The buggy address belongs to the physical page: [ 255.397265][ T1411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13690 [ 255.399786][ T1411] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 255.402184][ T1411] memcg:ffff888022f7b001 [ 255.403426][ T1411] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 255.405566][ T1411] page_type: f5(slab) [ 255.406772][ T1411] raw: 00fff00000000040 ffff88801b050140 ffffea0000859200 dead000000000002 [ 255.409224][ T1411] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888022f7b001 [ 255.411672][ T1411] head: 00fff00000000040 ffff88801b050140 ffffea0000859200 dead000000000002 [ 255.414181][ T1411] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888022f7b001 [ 255.416656][ T1411] head: 00fff00000000003 ffffea00004da401 ffffffffffffffff 0000000000000000 [ 255.419147][ T1411] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 255.421607][ T1411] page dumped because: kasan: bad access detected [ 255.423460][ T1411] page_owner tracks the page as allocated [ 255.425092][ T1411] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5923, tgid 5923 (syz-executor), ts 175088995457, free_ts 174318019443 [ 255.431103][ T1411] post_alloc_hook+0x181/0x1b0 [ 255.432492][ T1411] get_page_from_freelist+0xfce/0x2f80 [ 255.434062][ T1411] __alloc_frozen_pages_noprof+0x221/0x2470 [ 255.435749][ T1411] alloc_pages_mpol+0x1fc/0x540 [ 255.437172][ T1411] new_slab+0x23d/0x330 [ 255.438395][ T1411] ___slab_alloc+0xbfa/0x1600 [ 255.439766][ T1411] __slab_alloc.constprop.0+0x56/0xb0 [ 255.441323][ T1411] __kmalloc_node_noprof+0x2f0/0x520 [ 255.442843][ T1411] __kvmalloc_node_noprof+0xad/0x1a0 [ 255.444379][ T1411] xt_alloc_table_info+0x3e/0xa0 [ 255.445824][ T1411] translate_compat_table+0xc06/0x18e0 [ 255.447393][ T1411] compat_do_replace+0x35d/0x500 [ 255.448840][ T1411] do_ip6t_set_ctl+0x686/0xc20 [ 255.450227][ T1411] nf_setsockopt+0x8a/0xf0 [ 255.451522][ T1411] ipv6_setsockopt+0x135/0x170 [ 255.452912][ T1411] tcp_setsockopt+0xa4/0x100 [ 255.454270][ T1411] page last free pid 8855 tgid 8852 stack trace: [ 255.456083][ T1411] free_frozen_pages+0x6db/0xfb0 [ 255.457526][ T1411] __put_partials+0x14c/0x170 [ 255.458907][ T1411] qlist_free_all+0x4e/0x120 [ 255.460256][ T1411] kasan_quarantine_reduce+0x195/0x1e0 [ 255.461834][ T1411] __kasan_slab_alloc+0x69/0x90 [ 255.463258][ T1411] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 255.464857][ T1411] getname_flags.part.0+0x4c/0x550 [ 255.466336][ T1411] getname+0x8d/0xe0 [ 255.467469][ T1411] do_sys_openat2+0x104/0x1e0 [ 255.468848][ T1411] __ia32_compat_sys_openat+0x16e/0x210 [ 255.470432][ T1411] __do_fast_syscall_32+0x73/0x120 [ 255.471907][ T1411] do_fast_syscall_32+0x32/0x80 [ 255.473344][ T1411] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 255.475155][ T1411] [ 255.475844][ T1411] Memory state around the buggy address: [ 255.477454][ T1411] ffff888013692f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 255.479768][ T1411] ffff888013692f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 255.482078][ T1411] >ffff888013693000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.484377][ T1411] ^ [ 255.485866][ T1411] ffff888013693080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.488159][ T1411] ffff888013693100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.490452][ T1411] ================================================================== [ 255.492804][ T1411] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 255.494880][ T1411] CPU: 2 UID: 0 PID: 1411 Comm: aoe_tx0 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0 [ 255.497751][ T1411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 255.500907][ T1411] Call Trace: [ 255.501897][ T1411] [ 255.502772][ T1411] dump_stack_lvl+0x3d/0x1f0 [ 255.504136][ T1411] panic+0x71d/0x800 [ 255.505288][ T1411] ? mark_held_locks+0x9f/0xe0 [ 255.506675][ T1411] ? __pfx_panic+0x10/0x10 [ 255.507974][ T1411] ? irqentry_exit+0x3b/0x90 [ 255.509321][ T1411] ? lockdep_hardirqs_on+0x7c/0x110 [ 255.510843][ T1411] ? check_panic_on_warn+0x1f/0xb0 [ 255.512315][ T1411] check_panic_on_warn+0xab/0xb0 [ 255.513763][ T1411] end_report+0x117/0x180 [ 255.515022][ T1411] kasan_report+0xe9/0x110 [ 255.516316][ T1411] ? tty_write_room+0x7d/0x90 [ 255.517692][ T1411] ? tty_write_room+0x7d/0x90 [ 255.519069][ T1411] tty_write_room+0x7d/0x90 [ 255.520380][ T1411] handle_tx+0x151/0x630 [ 255.521621][ T1411] dev_hard_start_xmit+0x9a/0x7b0 [ 255.523085][ T1411] __dev_queue_xmit+0x7f0/0x43e0 [ 255.524525][ T1411] ? __pfx___dev_queue_xmit+0x10/0x10 [ 255.526078][ T1411] ? __pfx___lock_acquire+0x10/0x10 [ 255.527575][ T1411] ? __pfx___lock_acquire+0x10/0x10 [ 255.529104][ T1411] ? lock_acquire.part.0+0x11b/0x380 [ 255.530620][ T1411] ? find_held_lock+0x2d/0x110 [ 255.532008][ T1411] ? find_held_lock+0x2d/0x110 [ 255.533420][ T1411] ? tx+0xa8/0x190 [ 255.534515][ T1411] ? __pfx_lock_release+0x10/0x10 [ 255.535963][ T1411] ? lock_acquire+0x2f/0xb0 [ 255.537287][ T1411] tx+0xcc/0x190 [ 255.538348][ T1411] ? __pfx_tx+0x10/0x10 [ 255.539561][ T1411] kthread+0x1e7/0x3c0 [ 255.540774][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.542116][ T1411] ? __pfx_default_wake_function+0x10/0x10 [ 255.543800][ T1411] ? lockdep_hardirqs_on+0x7c/0x110 [ 255.545309][ T1411] ? __kthread_parkme+0x148/0x220 [ 255.546760][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.548112][ T1411] kthread+0x3af/0x750 [ 255.549309][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.550651][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.551990][ T1411] ret_from_fork+0x45/0x80 [ 255.553313][ T1411] ? __pfx_kthread+0x10/0x10 [ 255.554646][ T1411] ret_from_fork_asm+0x1a/0x30 [ 255.556035][ T1411] [ 255.557572][ T1411] Kernel Offset: disabled [ 255.558826][ T1411] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:52:58 Registers: info registers vcpu 0 CPU#0 RAX=ffff88801eb9a440 RBX=ffff88801eb9a440 RCX=0000000000000001 RDX=ffff88801eb9a860 RSI=0000000000000000 RDI=0000000000000000 RBP=ffff88801c6fd800 RSP=ffffc90000007be0 R8 =0000000000000000 R9 =fffffbfff2dc3f98 R10=ffffffff96e1fcc7 R11=ffffffff818b320e R12=ffffffff8de97740 R13=0000000000000001 R14=0000000000000000 R15=ffff88801d68fc00 RIP=ffffffff818b5a07 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffdf661ffe0 CR3=000000004d118000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 0000000000ff0000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff00ffffff00 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=000000000000003f RCX=ffffffff8195319e RDX=fffffbfff2dc3f99 RSI=0000000000000008 RDI=ffffffff96e1fcc0 RBP=0000000000000000 RSP=ffffc9000047f9b8 R8 =0000000000000000 R9 =fffffbfff2dc3f98 R10=ffffffff96e1fcc7 R11=0000000000000001 R12=0000000000000000 R13=ffff88801d694880 R14=000000000000003f R15=ffff88801d695370 RIP=ffffffff819531a6 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f5dc6ff50a0 CR3=00000000693b2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004040101 Opmask01=0000000001100000 Opmask02=000000000fffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff2b6f1fe0 0000003000000010 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff2b6f1fe0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e2e2e2e2e2e2e2e 2e2e2e2e2e2e2e2e ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 000000ff00000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 000000ff00000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5548474900000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5548474953004d52 4c4147495300424b 4c56444049405700 4d52455447495300 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000181 0000000000000000 335379747466632f 74656e2f6c617574 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 45962117c112ef78 0000000557a43050 0000000000000071 000000316e616c77 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000557a2663a233 73656d5f70636864 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 725f0f53eef89661 72610f6dfafff37f 6567757b7777ffff 7f7f7d7f75777965 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000031 0000726565666965 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000031 00006d5f65636864 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbf2b313423342c ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853823b5 RDI=ffffffff9aacfea0 RBP=ffffffff9aacfe60 RSP=ffffc9000772f430 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000031343154 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9aacfe60 R15=0000000000000000 RIP=ffffffff853823df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020000358 CR3=000000004bc76000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000000 RBX=ffffffff941b3028 RCX=ffffffff8195319e RDX=1ffffffff2d7f3f6 RSI=0000000000000008 RDI=ffffffff96e1fcd0 RBP=dffffc0000000000 RSP=ffffc900038efb90 R8 =0000000000000000 R9 =fffffbfff2dc3f9a R10=ffffffff96e1fcd7 R11=0000000000000000 R12=0000000000044472 R13=ffff888023800000 R14=1f523f5682bb91d0 R15=ffff888023800af0 RIP=ffffffff8195ef80 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fa8c538bd00 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73dd230 CR3=000000004c86a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=220478495feec3ca 1f65b098173ea35c dd7eb82a633fa95f 366e02c5c4be5759 a479162ed2422838 f282e17d0b6edaad 9bb59f90b797831b 644dfa2a6aff9be6 ZMM17=4970a87c89fec192 389ac58cf454e69f 09f43f605808aed2 27f7c260395e04b4 cc4f0f2dc2c7d194 e138707cf9bdbe2e d0806aac4eea474a 2f9f045e9fe5dc10 ZMM18=bb0a0b771bcdf2b4 56644865f92f21b6 5dbd431037f83503 1934de2ff7da20de 19bcf48d8fbb4bb3 0356f1bedd525547 961e2215dad71ad6 d8d9d2990d0e614f ZMM19=d9e475aa690b0dc2 109eacfbbbbe180a 6907488944f97e6a 69fd08a1b3cb1f2b a0d3caebbec13747 8d622cb3747a3d35 5e4282f061f20a5a ad66bef066b9c5bc ZMM20=3715fd783715fd78 3715fd783715fd78 3715fd783715fd78 3715fd783715fd78 3715fd783715fd78 3715fd783715fd78 3715fd783715fd78 3715fd783715fd78 ZMM21=e6e3d8e9e6e3d8e9 e6e3d8e9e6e3d8e9 e6e3d8e9e6e3d8e9 e6e3d8e9e6e3d8e9 e6e3d8e9e6e3d8e9 e6e3d8e9e6e3d8e9 e6e3d8e9e6e3d8e9 e6e3d8e9e6e3d8e9 ZMM22=b6781542b6781542 b6781542b6781542 b6781542b6781542 b6781542b6781542 b6781542b6781542 b6781542b6781542 b6781542b6781542 b6781542b6781542 ZMM23=8f1e3e228f1e3e22 8f1e3e228f1e3e22 8f1e3e228f1e3e22 8f1e3e228f1e3e22 8f1e3e228f1e3e22 8f1e3e228f1e3e22 8f1e3e228f1e3e22 8f1e3e228f1e3e22 ZMM24=0d2d41580d2d4158 0d2d41580d2d4158 0d2d41580d2d4158 0d2d41580d2d4158 0d2d41580d2d4158 0d2d41580d2d4158 0d2d41580d2d4158 0d2d41580d2d4158 ZMM25=5c3013d55c3013d5 5c3013d55c3013d5 5c3013d55c3013d5 5c3013d55c3013d5 5c3013d55c3013d5 5c3013d55c3013d5 5c3013d55c3013d5 5c3013d55c3013d5 ZMM26=e92a9df2e92a9df2 e92a9df2e92a9df2 e92a9df2e92a9df2 e92a9df2e92a9df2 e92a9df2e92a9df2 e92a9df2e92a9df2 e92a9df2e92a9df2 e92a9df2e92a9df2 ZMM27=9160053991600539 9160053991600539 9160053991600539 9160053991600539 9160053991600539 9160053991600539 9160053991600539 9160053991600539 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=4b0e00004b0e0000 4b0e00004b0e0000 4b0e00004b0e0000 4b0e00004b0e0000 4b0e00004b0e0000 4b0e00004b0e0000 4b0e00004b0e0000 4b0e00004b0e0000