last executing test programs: 9m1.011432933s ago: executing program 0 (id=637): bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0x8, 0x1}]}}, 0x0, 0x26, 0x0, 0x1}, 0x28) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, 0x0, &(0x7f00000001c0)=0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, 0x0, 0x0, 0x40000, &(0x7f0000000580)={0xa, 0x4e20, 0x0, @private2, 0x1}, 0x1c) syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r5, &(0x7f00000001c0)={'exec ', ':\x00~\x14-\x90\x14\x05\x00\x8fQhj\x1b\x04\xe5\x8d\xa1\xc2\xaa-\xc7gD#\x03\x1c\xee\xaa\xdd\x80\x9e/\x19{S\x15\xfe\xbaO\xae\xa1z,\xde-\x8fKN\x86g\x9b\xe4\xfe\xae/\x90\xd8^O\x86\x81\x84\xabq\xeb\x8b;F\xe9\xee\xc8\xd1\xb4Q\x05\x14\xe7\xa9c(0D7[\xccB\xe1Y\x99\x05\xae\xba\x00\xc4\b1\x84\xd6\b\xb0\xf0\x9a\x98\x85;\xffUq9:\xaf\xa2\x83\x88d\xc0\xe5\xcfF\x144}\x02\xb9\xb1\x85\x7fx\xe6\'\x8c\x898\'ej\xde;+\n1\xd4\x15\xf9Q\xacw\xcfS\xed\x80\fkt\xed\xdb|\x10\xbd\xbe\xf1\x94\x99\xe1?\x10\xda\xc7\xed['}, 0xb0) creat(&(0x7f0000000080)='./file0\x00', 0xac) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) socket$inet(0x2, 0x2, 0x1) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r6, &(0x7f0000000080)={0x2, 0x0, {&(0x7f0000001380)=""/4092, 0xfffffffffffffe78, 0x0, 0x3, 0x2}}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 9m0.605907418s ago: executing program 0 (id=641): socket$inet_tcp(0x2, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) close(r0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, 0x0, 0x50) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x2, 0x2, 0x0, 0x3, 0x11, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_x_sa2={0x2, 0x9}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, @sadb_x_sec_ctx={0x1, 0x18, 0x4}]}, 0x88}}, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netlink\x00') r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x141, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0x7e) getsockopt$MRT6(r5, 0x29, 0xce, &(0x7f0000000040), &(0x7f00000000c0)=0x4) preadv(r5, &(0x7f0000000600)=[{&(0x7f0000000280)=""/215, 0xd7}, {0x0}], 0x2, 0x6c, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000240)={0x0, 0x1000000}) 8m59.46573385s ago: executing program 0 (id=645): ioctl$KVM_CAP_DISABLE_QUIRKS2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000100)={0xd5, 0x0, 0x50}) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x27, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x80000) 8m59.345895849s ago: executing program 0 (id=646): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') openat$incfs(0xffffffffffffff9c, &(0x7f00000a0040)='.pending_reads\x00', 0x80102, 0x10) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x200010, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x264282, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x286, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000000)={0xff, "340b7832c1efd131b8e6498c25f54a2700", 0xffffffffffffffff}) ioctl$sock_TIOCINQ(r3, 0x541b, 0x0) syz_usb_disconnect(r1) syz_usb_connect(0x6, 0x24, &(0x7f0000000740)=ANY=[], 0x0) ioctl$EVIOCRMFF(r1, 0x4004550d, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000580)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xae}, @printk={@d, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x27}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0xffffff6e, 0xffffffffffffffff, {0x4}}, './file0\x00'}) 8m58.358387264s ago: executing program 0 (id=649): bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0x8, 0x1}]}}, 0x0, 0x26, 0x0, 0x1}, 0x28) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, 0x0, 0x0, 0x40000, &(0x7f0000000580)={0xa, 0x4e20, 0x0, @private2, 0x1}, 0x1c) syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r5, &(0x7f00000001c0)={'exec ', ':\x00~\x14-\x90\x14\x05\x00\x8fQhj\x1b\x04\xe5\x8d\xa1\xc2\xaa-\xc7gD#\x03\x1c\xee\xaa\xdd\x80\x9e/\x19{S\x15\xfe\xbaO\xae\xa1z,\xde-\x8fKN\x86g\x9b\xe4\xfe\xae/\x90\xd8^O\x86\x81\x84\xabq\xeb\x8b;F\xe9\xee\xc8\xd1\xb4Q\x05\x14\xe7\xa9c(0D7[\xccB\xe1Y\x99\x05\xae\xba\x00\xc4\b1\x84\xd6\b\xb0\xf0\x9a\x98\x85;\xffUq9:\xaf\xa2\x83\x88d\xc0\xe5\xcfF\x144}\x02\xb9\xb1\x85\x7fx\xe6\'\x8c\x898\'ej\xde;+\n1\xd4\x15\xf9Q\xacw\xcfS\xed\x80\fkt\xed\xdb|\x10\xbd\xbe\xf1\x94\x99\xe1?\x10\xda\xc7\xed['}, 0xb0) creat(&(0x7f0000000080)='./file0\x00', 0xac) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) socket$inet(0x2, 0x2, 0x1) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r6, &(0x7f0000000080)={0x2, 0x0, {&(0x7f0000001380)=""/4092, 0xfffffffffffffe78, 0x0, 0x3, 0x2}}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 8m57.886062913s ago: executing program 0 (id=654): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000100)=0x1) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000040)=0x1000000, 0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58) shutdown(r1, 0x1) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) 8m57.840593249s ago: executing program 32 (id=654): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000100)=0x1) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000040)=0x1000000, 0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58) shutdown(r1, 0x1) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) 6.563147951s ago: executing program 3 (id=3078): r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$inet_icmp(0x2, 0x2, 0x1) sendto$inet(r2, &(0x7f0000000080)="2a3e09f29bd6fa0e", 0x8, 0x44008018, 0x0, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-fixed-time)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r1, 0x0, 0x0, 0x800) r4 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x40000) ioctl$SNDRV_TIMER_IOCTL_INFO(r4, 0x80e05411, &(0x7f0000000380)) sendmmsg$alg(r3, &(0x7f0000000040), 0x0, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1}, 0x40) sendmsg$inet(r0, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) recvmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)}, 0x2143) 5.621102139s ago: executing program 3 (id=3082): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) io_uring_setup(0x68e5, &(0x7f0000000240)={0x0, 0x4177, 0x1a57d1b2317816df, 0x2, 0x3e4}) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x88000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x80) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r2, &(0x7f0000001580)=""/102400, 0x19000) fcntl$notify(0xffffffffffffffff, 0x402, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {0x36}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x9c) socket$inet6(0xa, 0xa, 0x1) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) keyctl$session_to_parent(0x12) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r4, 0x80047437, &(0x7f0000001f00)) sendmmsg(r4, &(0x7f0000009140)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000000)="b3c7", 0x2}], 0x1}}], 0x1, 0x0) preadv2(r3, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000080)={0x1, 0x4, 0x81}) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000780)={0x0, 0x0, @ioapic={0xdddd0000, 0x8, 0xff, 0x9, 0x0, [{0x76, 0x9, 0xb}, {0x9, 0x6, 0x5, '\x00', 0x81}, {0x5, 0x2, 0x7, '\x00', 0x7}, {0xe7, 0x75, 0x0, '\x00', 0x64}, {0xdd, 0x6d, 0x5, '\x00', 0xfe}, {0x7, 0xf3, 0x81, '\x00', 0x9}, {0x8, 0x72, 0x6, '\x00', 0x4}, {0xfa, 0x93, 0x9, '\x00', 0x9}, {0x4, 0x0, 0x1, '\x00', 0xfd}, {0x0, 0x3, 0x1, '\x00', 0x4}, {0x4, 0x4c, 0xd1, '\x00', 0x9}, {0x2, 0x0, 0x9, '\x00', 0x3}, {0x7, 0xfa, 0xf3, '\x00', 0x7f}, {0x3, 0x81, 0xb9, '\x00', 0xf}, {0x40, 0x5, 0x5, '\x00', 0x10}, {0x0, 0x5, 0xfb, '\x00', 0x9}, {0x6, 0xfb, 0x9, '\x00', 0x4}, {0x5, 0x7, 0x4, '\x00', 0x25}, {0x8e, 0x0, 0x8, '\x00', 0x3}, {0x49, 0x3, 0xb0, '\x00', 0x70}, {0x6, 0x8, 0x49, '\x00', 0x10}, {0x1, 0x3, 0xff, '\x00', 0x9}, {0x1, 0x9, 0xf3, '\x00', 0x6}, {0x9, 0x0, 0x0, '\x00', 0x16}]}}) 5.344783848s ago: executing program 4 (id=3083): ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc00c64b5, &(0x7f00000002c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc01c64b9, &(0x7f00000003c0)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000040), 0x9, r0, 0xc0c0c0c0}) r1 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000004700)=""/4091, 0xffb}, {&(0x7f0000003700)=""/4074, 0xfea}, {&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f0000000300)=""/192, 0xc0}, {&(0x7f0000000400)=""/157, 0x9d}, {&(0x7f0000000140)=""/179, 0xb3}, {0x0}], 0x7}, 0x0) r2 = openat$binfmt(0xffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_script(r2, &(0x7f0000000200)={'#! ', './file0', [{}, {}, {0x20, '(@)'}, {}, {}, {0x20, '+-\x8d##$}[{'}], 0xa, "8be064105288a1fae376729428adc0ada6528434db3070b1cc132c39a886f711c77f18caf90e69d951e22b864bb067fe3f92aa88a039d1b6c81d4d59cd1ff80ec4d121ccab41f7a1946c03357d366f5cd2de62d31a556927900d3542d86c7a34bbad25e90cdbe64a927184fe31b5bbcc085d596afda378732cc49067237a1593deadc5ca73fcfa188d324e0b912c6b971e"}, 0xae) 5.221071718s ago: executing program 4 (id=3084): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) io_uring_setup(0x68e5, &(0x7f0000000240)={0x0, 0x4177, 0x1a57d1b2317816df, 0x2, 0x3e4}) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x88000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x80) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000001580)=""/102400, 0x19000) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004090) fcntl$notify(0xffffffffffffffff, 0x402, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {0x36}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x9c) socket$inet6(0xa, 0xa, 0x1) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) keyctl$session_to_parent(0x12) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000001f00)) sendmmsg(r3, &(0x7f0000009140)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000000)="b3c7", 0x2}], 0x1}}], 0x1, 0x0) preadv2(r2, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000080)={0x1, 0x4, 0x81}) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000780)={0x0, 0x0, @ioapic={0xdddd0000, 0x8, 0xff, 0x9, 0x0, [{0x76, 0x9, 0xb}, {0x9, 0x6, 0x5, '\x00', 0x81}, {0x5, 0x2, 0x7, '\x00', 0x7}, {0xe7, 0x75, 0x0, '\x00', 0x64}, {0xdd, 0x6d, 0x5, '\x00', 0xfe}, {0x7, 0xf3, 0x81, '\x00', 0x9}, {0x8, 0x72, 0x6, '\x00', 0x4}, {0xfa, 0x93, 0x9, '\x00', 0x9}, {0x4, 0x0, 0x1, '\x00', 0xfd}, {0x0, 0x3, 0x1, '\x00', 0x4}, {0x4, 0x4c, 0xd1, '\x00', 0x9}, {0x2, 0x0, 0x9, '\x00', 0x3}, {0x7, 0xfa, 0xf3, '\x00', 0x7f}, {0x3, 0x81, 0xb9, '\x00', 0xf}, {0x40, 0x5, 0x5, '\x00', 0x10}, {0x0, 0x5, 0xfb, '\x00', 0x9}, {0x6, 0xfb, 0x9, '\x00', 0x4}, {0x5, 0x7, 0x4, '\x00', 0x25}, {0x8e, 0x0, 0x8, '\x00', 0x3}, {0x49, 0x3, 0xb0, '\x00', 0x70}, {0x6, 0x8, 0x49, '\x00', 0x10}, {0x1, 0x3, 0xff, '\x00', 0x9}, {0x1, 0x9, 0xf3, '\x00', 0x6}, {0x9, 0x0, 0x0, '\x00', 0x16}]}}) 4.250964404s ago: executing program 3 (id=3086): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x92) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000280), 0x2000001, &(0x7f0000002140)=ANY=[@ANYBLOB='f ', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,use', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) syz_clone(0x150000, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0) syz_io_uring_setup(0x186, 0x0, 0x0, &(0x7f0000000000)) syz_io_uring_setup(0x239, 0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) chdir(0x0) execve(&(0x7f0000000200)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000640)) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x60000000000, 0x0) ioctl$VT_RESIZE(r4, 0x5609, &(0x7f0000000080)={0x1, 0xf, 0xf}) (fail_nth: 5) 4.171050754s ago: executing program 4 (id=3087): socket$inet_mptcp(0x2, 0x1, 0x106) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x100000000004, 0x0, 0x0, 0x2, 0x7fffffff], 0x80a0000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_emit_ethernet(0x11b, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, @void, {@ipv4={0x800, @dccp={{0x23, 0x4, 0x0, 0x9, 0x10d, 0x68, 0x0, 0x7, 0x21, 0x0, @dev={0xac, 0x14, 0x14, 0x30}, @loopback, {[@timestamp={0x44, 0x4, 0x9d, 0x0, 0x3}, @cipso={0x86, 0x29, 0x2, [{0x6, 0x12, "a698ccaaa32055683054d67c7a8f59f9"}, {0x4, 0xc, "b226ac36299d8adaf278"}, {0x2, 0x5, "3d6f9c"}]}, @rr={0x7, 0x17, 0xae, [@broadcast, @broadcast, @rand_addr=0x64010102, @loopback, @rand_addr=0x64010102]}, @ssrr={0x89, 0x13, 0xe, [@multicast2, @rand_addr=0x64010100, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @lsrr={0x83, 0x1f, 0x4d, [@dev={0xac, 0x14, 0x14, 0x24}, @broadcast, @multicast2, @multicast2, @local, @broadcast, @multicast2]}, @noop]}}, {{0x4e24, 0x4e21, 0x4, 0x1, 0x5, 0x0, 0x0, 0x0, 0x7, "f73a94", 0x6, "93572c"}, "1028490abb8272157cd8009f8631290a82146de18adf3037abc2b2a0378468f99f5eb509b7413a875c23600168cae5c263b890efa146c6adf4de9f00e2fa72a897ed0ee4f9fa452dd3619fa50e6ab16d2e4608649641030979df7c8a0e27495103260a98e6e642f64ae204886fca73716f"}}}}}, 0x0) 3.940463211s ago: executing program 4 (id=3089): rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) r0 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000540)="9e5a2869", 0x4}], 0x1, 0x0, 0x0, 0x1) r1 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x41fec472531ebcab, 0xde) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000080)={r2, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x14, 0xc, "00f9737227af149989fc8dbe43ea6affffffffdc25f5ab60c9e6d680f985881a4c516bdd010f35000000b0000006000800000000000000005c9f00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}}) mkdir(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc2c45512, &(0x7f0000000340)={{0x7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0xffffffff, 0xffff, 0x8, 0xfffffffd, 0x80000001, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x400006, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xffffffc7, 0x0, 0x4, 0x0, 0x2, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x20000000, 0x3, 0x7fff, 0x0, 0x800, 0x402, 0x0, 0x0, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x0, 0x0, 0x9, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r6 = eventfd2(0xff, 0x80001) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000300)=r6, 0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(0xffffffffffffffff, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f0000000080)={0xa, 0x8, 0x2, 0x2, 0x0, 0x0, 0x1, 0x6, r9}, &(0x7f0000000180)=0x20) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000040)={r9, 0x7, 0x1, 0x5, 0x80000000, 0x3}, &(0x7f00000001c0)=0x14) 3.64042034s ago: executing program 1 (id=3090): socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x1) fchdir(r2) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) getdents64(r3, &(0x7f0000000000)=""/48, 0x30) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b) sendmsg$rds(r6, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x3, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="18090000000000000000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095000000000000197e"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.631679855s ago: executing program 3 (id=3091): epoll_create(0x80) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x20000) syz_io_uring_setup(0x70ca, &(0x7f0000001380)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100), &(0x7f00000007c0)) r0 = syz_io_uring_setup(0xee9, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x0, 0x7}, &(0x7f00000011c0), &(0x7f0000000140)) io_uring_enter(r0, 0x567, 0x1, 0x4, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="020e0000140000000000000000000000030005000000000002004000ac1e040100000000000000000300060000000000020000000000000000000000000000000800120000000200000000000000000006000000000000000000000000000000ff0200000000000000000000000000010000000000000000000000000000000004000300000000000000000000000000fdffffffffffffff0000000000000000bf8aae65f8c41bfc1b3df94e00484ddd077dc95b40aafdc20015ebf871620110a6a5c354c02111395b34571e8bb201234d4e8c9cc2f9"], 0xa0}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000040000900fffffffffddbdf25020000fd03001f000800018004001f80080004"], 0x28}, 0x1, 0x0, 0x0, 0x4084}, 0x0) r4 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f00000001c0)='.dead\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000500)="919589260730b273f496cf06d990644c39b2b5adebdec2b0a12e329ac75eead5f8fced16747cdce6d710084f3aade2c451d95955973c2b65b231f587a371a9cab101299202b71fbe33da6bfbaa25a9c03f18387293418acbf1b13e010105ee5149a8ae811d7aea21fb1d2512f9351684105e0e6a30675e080ab3e125cce8a6914774813581b054a142b39292cd328e466de72453a4dc6499f9be1f1b05311375bc66dc770279b27ae818e6890d2edce313b23959d2a0c51b26529f60066271dcf69ba503d0f85a0cf3191e6b5b7793e03f00e0e34a46c8b1cd10c1", 0xdb, r4) ioctl$CDROMSTART(0xffffffffffffffff, 0x5308) socket(0x15, 0x5, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000040)={'veth1_to_bond\x00', 0x200}) r6 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000003c0), &(0x7f0000000440)=0x8) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x3, 0x6, 0xd2}, {0x9, 0x8, 0xcb, 0x3000000}, {0x0, 0x20, 0x8, 0x6}]}) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 2.818486749s ago: executing program 4 (id=3092): ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001100050000000000feffffff07000000", @ANYRES32=r4, @ANYBLOB="003000000000000014001a80100004800c000880"], 0x34}, 0x1, 0x0, 0x0, 0x804c004}, 0x0) r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x20200, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000001, 0x12, r5, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x1d, 0x2, 0x6) syz_clone(0x0, 0x0, 0xfffffffffffffdaf, 0x0, 0x0, 0x0) r7 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCL_PASTESEL(r7, 0x541c, &(0x7f0000000180)) write$P9_RLINK(r1, 0x0, 0x0) write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) r8 = syz_io_uring_setup(0x1dbc, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x18}, 0x0, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r8, 0x22, &(0x7f0000000380)={0x0}, 0x1) socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x28, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) 2.68072878s ago: executing program 3 (id=3093): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f00000000c0)={0x12}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1, {0x9}}, './file0\x00'}) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000200), 0x4) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0x0, 0xb) r6 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000140)={r5, 0x800, {0x2a00, 0x80010000, 0x12000000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) ioctl$KVM_SET_NESTED_STATE(r5, 0x4080aebf, &(0x7f000001aa40)={{0x0, 0x0, 0x80, {0xffff1000, 0xdddd1000, 0x1}}, "88c4e3010e8cb569aa253ff10e1ba58e4d64ca3cb8ea4266a8b3c661ff3fdf6ebd8808242055b6460320c401c3fa7be989b67280fdba0ea43f7f0d69e78fa23a9292b0b90847e892a535bc65acf05c5791cffd548796124e7dcca17d267bbe2958712178ddbfe1aee19a801a6e51991e441bccc87a9d3b8e152d9a365c5196a9c1e8402d22d900a982f6b1830be5b366fe535a347275b4afb9578ca67a422c40e9e8429060cb9ef89a02033ba96fff14a5e715a9041f4bbce717497b56b02a13cb7dd15889ac6b8b07a1052ac8cc83575791a6b3aebb724f5804ed4da5156a7d608acb222942547572ff3f1180c64ed8997f061fd59df1fad3214557317f667e17c0e727f0325c7de3648238fadae92e90f80899bdd4ede19ca051609cb98054c0c4d4a7b1a1a71d4c641bebe2cc52167d6a26e330b259edf88843cdacaacf7f8372bbdffc211ec983a67a24e4629e536ca522685db68757a19d693ff5b90b9d91c99bd7e4fb8612bd48340c980baeb77e2bcfbd92213937880d734f1df972d7eca5f01556449617ebf867e37c7c7e8ba20bfce8cff11c80a0f97dadd00afdaca006267459148ca8fc9eb7792176dbddc4175fb5e143c6f86c801c0ee87baef12b0054ec0991896f240fc745bf07d00b1ab2f990704097b4dfd1bdd8aa1ab8ae81d63905a07ad8534da98ece3f2831f709338abacd9c1d1ece0fc6774b650c48a9bfaf5141fd545a85ebd5a470f42910bc87f1de4db75ba3014836ee36501500bfe60c1f7111d614646068d6ba7b8764c778b72191f515237944fb05eb9dfd5fcc07a16c036d160e1ceb3308057db12c73ca4448f3cf2e285f46fc6b95cbd126184fa631f5131f317de18e785a9a4858025b0654c226612ec684a9344c777a6b3f8650ef1249673d584c0e374998e2fc8e5f25edd065e8d596f9614f731eb6101d53c40430b784c2b65d5f2a9d2c628f7c9e5aad0b6c630a749d1cddf5e0a0344ee68f3c74c2f1a793ed9b8b60819af20df8c8cf8a451f9f9dbe45249755b191f45be01c6a70ea1aab9055c9bd5d81b702dc0aab7b542992abda4f08106b681ae04bc3eb856c94b721d14a70e64a7ab22fbf69b3708cb93c72cf662b549b08f48e8de07a8bb94262440673ffbabaa86d92669abadbe4602e1952ad0eec24f8e8ee939be064e56b8822b8567ccc397697dfd327770af468e92f614264886bfbc8ec5af2347b4f4d128ce17ef7457ffa611f20e96406e3f4bcd1cf422b32dbef081dd602b7f56943ae93e26f8c009e8df8d6666980a26b3760c69c1abbe11918656f493e220fee2e6b7b101d45b1117222b640bc21bbb70f265f1f9c55e3a9c9f35818763fa9917f2052a9aab4e9a3971e5f1ea3225dadfa79b4063cb884d2598697fe0d1e14205c0b9704a1c2a015e0539cf144af0d86f18b13283e25d3bb0a21bd285064c008fd26316253717fec482d323f01a52e4b6400383ee032eb953ca5b284ab7345fafcdd4c3a14263325a622a7881e50bb226e213402df1d1973682943cb6c3a35b337aed7a720ec371d1c011b794d687c81043a97e930a1e2d8811f568e2468745e4fedd50405b259b17cb750dd393febd6f24e5ac3cfb5475b80ba482b405b76dcf7581c3aa5fca6ba3fb780d4f893ad0b8cbdf28fe75b2afefd5aff77d26ceeb879534bf9a4203892458b30b39131f13e178db1787bb31182378a715c71b134dbe98c07ee98f7ef2b02cb4f5e6c38660ac045a4fbddf62b630fd7a4af0db56cc5eb52c6c33d865167cee8e5bdecdd84fcf5f204f95415e15625fda761f674679248a7e87353dc52354a86c018d65cd0231271c44d4049521f219714c17c756820f3f8edd3c940b485874a9d7a5435b86499999c925eab7be4b79a7e88a488c1a63c19b289cb9d7a9a2a6a054e77e78f5e46e38827b03158a037fc4ddf65d2d41039260be25917ec5c8bb1dfc04295f52e9bc2bd3b305a4d61a50b453158c5f92d393755cdc28a6fefc81221e2e61b3fd70a11abca4991219fa32e4a1bb45d791893af76480bb494a096dd2d26efdc6157a2a9b58e5d2c8b345b32e622e70c813e50a46f3070c1330ce456ab5bc177952897bb5b4919cad3df341fa2511662a2aab853271488de95b95ce53d0e30af21a325b1eee17e1f9f69cd3d3123dffcccb2687102213f05265378dc3d6382b12c77b8a7c785c836861b29a39e37587fee5044641b6f0129ede93e80b5b7e4d923629aa7ff2a8c4e130e0c1f48aa996855146f319e3e54fec05c38548bc338b20fb2325042f1af9e5884bce89256b237f08c857745dc992f1da1cd693b4e85941e39117264ec1545ac29013d358a33878ff20ce7fdd1616380f4844d93648113e7674f6d3a35eadcfed7190cde8d1d1bcf7785e2b8cbb680ae3da0bea8978430df7e532b98a7eaee8d16c0ec6b528f633bb14577aebb41b6de08ecac101f62d3e3748dab683ee5b81cb4c62d82ebb637538d81b4f60146c0841397b4f49be5c36d2e67abe30f6fb3dc92145b5d107b1f689bf770aa9301b7b1e5f5fef1c355d13ae3401aea7ed550885edeea39ae15b78c1604bf965f7db86288e778020b6fbe8aae95e960f8662d8dfcc0e330c36d519e0eb4606b3db0ddb5e1f6f1dc35881d644b07732af2533655e65adfb58137a044585a1bc495cd01d4a30b7d0069b3835b02fe4ac58626eb4f3e39e12bb7c4edb41131ff462e2dc9cb33739fb88ac0ecec298ba87a5b7ddd48388e02d537ed43ba248002f705d2657628421f5a5575ac7a155a0e0a69fc0f20e63aee9e0d6a584118a45f0df2bed74a18c79fadade78492d77302b3de168f18841332dd68e55b011cabe3782ac954a8e5c6e80f6907f50e5d9e2c7e3f93675f2841e1d0a8f95fdc01dedef4efc30453726f42824cecdc760a44adff08c08dec0d17db21d8d0d6108b88af4a5a3f085d6db58a45fa26aadf23d16009af2a509896a88aca186d11684202bcfee9d6fbe6eae1fef161728ef4c4bfa342e95c4f47831f2815bc3154d0cdbd0a9569f87a8acec3974238326417fc0021a08dcc531dfd46a9b459e8a1d3a06719bac6b013d58ebfee991091e7504eb93129d27c40d8d753bc4952f216015b5a2ae7ce5a3e39818c1ac50eeafdf6ec75c2f3a7a42bea3311d5760d8d6539008da0eaa3991ab0ee4f753d23a28992528b094b23376b014b55fd2ae13577779ebf70d4144297839cd1a6965f7ccdc3508ae5186307c72cc1f2a5752c85d66d944057f835bf42a500e6ea7954d9d8dd2f2c7785dfdd501a145fdb9412b0288dbb81f26840bf9e95d8b928fb83acb34a9d36f0ed30135cbc249a3876fc32793761d8c761506faf642f4b9d26b0dbda40d0eee5cc6e9cb38efb453e0e6c80db2aec346a3743a10e353c8111ec6b8d6c3810e7a8886aba80d868b9fc4657efbe7a1bbc96811e462edc047648b52417724f6989c71220f43e0f9671f0b2066130f605af246ed9b03222cfc82ff2d26f576208cf851d3b04b0259360429cfdae2e5550073a58c1a878cef5b0123e2991e868374b5227108fe959e9d07b2d0111569bc451d13778ed029f75ea0e87ebcd21a0034739cc51f28bcf129ea7de84a236f1445382ebeac97df06ee14dfbebd900ebc7a24ac0f445df28dfee85f8e4ad1af0828e3a6944b62768e2b40d897c9742ff01be34d17fcfd722a90a9790e0dfadd0f680af1ab785bb41830ca9a17df140d7d58d5707f4b7cfd7a5111b451f0fb7dc1fafe2d48f72f026fe3dc88bfb49f7e56e993472f7d18d1b4d17a2eabc419ef7c0bf3203c87317ee8ef3fef66d02cfe24c7bc645ab6fdec5858f406122357fb5512688b0e91cdb28f0946251259555f4b6a8f10eca29f7b542f7deec232640241f1264ef15b58e7ee82ba37bce62c52a5572a8c72415c676149f646b27cb6488cf510519d724647719d8698bbfe861a554f57aa3b3b9c5d9f23134607a01ce7cfb2d2e08278f2c0c5b2c64b5c8819823670747298f16b3b00143575a8851120079688ded590ff6cd78542ba99a6d3f6d7c8bd95da0afb773bedfdeeebef30ee0be71924914165273f44fa1f60dada3fe5adc9913217eb27d342982d627535ed4172c858dc6375ccfbe908a701ff7ede6089634c1b1e08d0486dad1da3b23d7b36761017431956665d575132696708c3b2eb0ad631624303b88c669fb29e63931bb14dd16b55ad30e1122b5f03cfd7650a437f2f64c9dabd66e2fa2cfd200bf422920e035afd95e343653e4497a905e500cc79bcfaa968ef737e472fb6b8ddde1e7ebf3c60d52f2caec5d558882991acd129663260d1633fbe8098a6fecefdf665478635454e6db94a2222307d0d163d74c804a690dd7b4c06d9ec96264f7d6e82aa15f08d208e4a961138281ec71b94a4ccc8f9e7d4269df9df3822dbaf00803be4dc3524aa34e2d5ecd67c9bbdf941128f83ee33c9fe565129b2e2598449fe751ddc884dc9f6e205e81246daf273f267761ed7ad2a65f3bbe43886e1d3ae8707543007878d9486fb894634e727d23d8719b32814309b80f706c06f406434183bcddcb64e8d165b4483268e7ec69bd0ebe121bd2cd8431791f2d68d400f4d996ff860b81693cc3aa1336ba9d19c9e52edb5d92d7063df4ab4bd93da08b18881e103eca6343c1841ceb36dbdffd3a70295cad319e35ec18785a2cbf77be024f6cf39a474c43e83e248f4b5baf0542e4950f45872e7d4b9b1d8c800e472d10f683eab070601f9c559cec111997c42a222c5bd268831e987ff949c67ea94c51f9899b51e567c2e1ba82b8077e41161c955df839f1770b107c415e932de1cb8a5c8f3f5600657368ab41927751f6a6306707ee9806579a8f506f64b6dcacbec128b88f044f468ac874d790eaed22dc5da764fc4ea0a128304c074f97822141805ee24a03e54697967dac5f116213a1a9419c6055f0ede39a4e99ddca088f3a4b3ed53b449fe1092a54ef09aa9d88cceddbe22c3448bc61f6414a84e511f6c1f07c4c8fddd2c46d6da3ca215fffd3111854b6cfbea2e08774fd0ce3543104c6376c2c3d3ac3e7f908fb299b101dfb743553f3a3e69194e9eebfac53321b2dafc4840eb5ef7a3707dc7fd27170c988d78c61024a85801af6ae938c815f0c8425a10b09174e9876d610636b579e4e0143671e0c20ff78f37df5dca28b43766b31f582ead65c8d455de7a51f63829afdb32e61a81089c00d3c272819df5bd9b5ed7d1991a84ea1d8607f39b183e637c81d780b74841fa2cc89f3a812ca1317a712e56066b1bfa1eb44775dabd4b7603e01d59186da88e721e67cfb8f478d37fb574191937928dacd8c51bbac1b0137b8b77a72b63628bf7288686612339119bbc2b45e50252dadc196aa65f9dee7338373e4c9eee8c25e15ce257d133627530517529b10949a228ab2ed28453f4b3c1d6e84452a3e580c916c2b811a5604e41df04ecb527aaf68fad1ad99d2e30ecf34f795f2606c48c68174fc88cbabae1155a15faa714015e8c4dc7aca7ec25c3e0abf96cb68b649edce63ef88bd9816150d0392d412a6674cbbdcbc1a6ceee6f27bad168a91305d8a0a90f905329f71cac70da9b14b5980e9e0a991c4152af9f39ddf0fa9746411d1bf70df788278018f84191701a7c66a8664ae4375601949552dc3a842599fa236adfcc1b8bc3e01992bc85d65d1dddbed5a8992bd8e069984de2cbe48802b7f80745dddc11f62f7aef67adf3301ba866f493afc40f7fc20b3f5186a195a9fc6ced5f2e2b2b5906109", "c714f2cd09f5ac4bd1dc25993af5af58eefc66858706250087060f47db7769ad59816fde3a15bcc01a8ac4f48cb10bcb30f886c36cc9f012f81db7f504912573e1823e3e0d34ee18c6a92baa82236df516792fe2f67038d987add3f46105412bc208a27a30e7d75e1823cdb6128a43568678f937fb36aa9b686e9e0914a24032244080ab9491e610cb76a269faa2546eabfcd1da9be08e3d1e4674377d193feb19c1c3fc88a7cfd34bcf21c702d2eb382322a63e5e045a8be601a390b48622469318b52ce79495a1e01b3fd8ff4c5a2a06755b9ee82a82b2ab9de9df4f715b4650f1cecd58e0f3968f44069abfcc6f8553b7215d53f83ce20e0b0a14c8c6da79d0cb1940b2124d508e876cf19f0a4a9659a19cd9eeef72a8da196a5c95923640ec672440521458e1ada207470092f1dc6390aa2e50c27e22d34e1cddaf4f666a1c552533850274560cd705eb797875ee62ca449c53db5a6b2cfdd07eb099750906aa14526da85e611fc6f91012cf8987560160ae0c9d1259786f28b2d402d90ea901276132cce3436e4c7c6e3d0b3733929088472c098e6edb7625b4be9b02ffe0ec12ba9e775a59bce0a3b2423caf0a53cf0ab1cbeb965891e3e536d40665c04bca89f2f93ac074f7d4e8960c629dadd7c3764037788d9ad3808d09a00df60c765ff6457e92bb47c7d696dc7d2e8104bbb4029f8cc8c06c190746961ed9e4712d1a22a7c1013cb24328555f418c6f1dd3706e50eeaed4050ccc89051d6867b067367c8a3478813036e1b3ee3ac1507fc017e7a5b5aff11a01109ab63e7a7124dd1d1719778abebf19d06ecfd3c8b97fc4bb1bf40977e5270b9d380e607d4b3c0254974e9200262b4851970b7360f264056c309b5993a9e5672f0ed4877b7ce309c5df9bc4c85d2de43d64b463e0ce09072fc5932b22dfdc60264281ff627f19b5d1ce967b1a2254180621a7d72b91187910cf082ad751e10790d404b883687212f64a3b98a249af7c5f9af8c1175cec3844028528a3d629e396ddfd394c94c1ed586e0ad21e88581176e987abf47ca209473991250dcfd98d3b0e13f5bd1a9ac67eb18a475c9c0b3b3ace49690a110793d45880ac1c8d22b4e7b809e664d20236899c55e48350b4214ca5885177926d25c2d565b4b62b2dcd1fc102609607a1708fe43f85a945815f07aa5a83ad00c5dcfe7a6a12b46dcdca24e43796ae418a4addfccd0756c773ae778ed818ab13a4de9f2e863d05a80145b2ae2c9daaa0decc2aad82afb17457886f760e667857df74b3f3305d42ea317b001b1304ca4aea5e2d634a959f79ebb36511bbfa7551e1e3fa6d2271d5854e51e885d2404d3597c38d633db1883870a800a0e6d3420bbe7373a556d8aafcc21fa4116efa9a2606ed5fa534520ce644765f041b087180275276a09a14608d64cf372aa823adf35c8e1b02d8097f668bba31ee5050a5c76e6ad0307c76deb42eef2171a34fceca5dd21dc751bb6d9184f79d7ec56c8311aac6acc9d4ce711e2335ae554695488409cd1c0753f770fef30463fc3f31e29bc355732f710846155f88a59dc933671f2ddfffa63c6c4f67b1f51f8325c305cb15fab82dea7cdb5cd440377dac40805b7adb5b2a62ffbf35dee3f8a1e9edee2961f6b3cf6231a1cb76672225b588d89d35fd8bcd6bbb1b020401ead0efdbbd4a0ea67a226dc17bc78489ec73713845b254367b4800229801cda0e8f4f83333b13a04f328bcd05a6e9f9fb6d4276250261484530e691f36d7e0008359754ec9a42e36b2f3d05732e9476bb8e1037d878a35f8210c1bb436b4a56bf1de02d4b4c66d6c5e242caf5a616d1b8f35a7d3b817da64b50cc81fc08e318d891933bbacba02a1d4a2f0f59297741ad49ab7110145ff0234b79cf257ca2f9a1f36013b11ea8d5007ae2c60c7498c2f1277f1fc4b7d614106fd77cda451519957ef06d4456fb201377f5359f9711b98ae296a8a9608029e970e126ecc907e20e5c0cf23d3ee813db0c0df182bed02fea4fb027ff58f99f1daf2550c77222a7d127ca963889d793478f5df2028e9cc28e521669d1d4895eca24829c489ee76fc17c58c1c4cea90f364028605cb9a47804e1491a3d4117d65b176d86d45b1f60e16c53aa0ba309ac778836cac0a6753e01c975d3f98b3025c99fd8970d01d9dac7c73db79cf696e3066447ef13a85068df1c41f4f094c89facf9bd5b5e8ca096dbc7609e9de778b4e090ce5731b82aed59ff814cde2b2a8624709f5fddcd60ed41fefa22892289875a2cfcbfc7fbc9a66c5c759af2f6e79a953dfb7acc75304bd1d62c896c4b9e7327283735582d341720afa3ed59ea241d0c9893bc1ea7d69b8167395ed9b40ceae686bdd838cefc52d762b5617a8dcbb9d4404b84f161ef266fae42ce51ab8e40c204cfa9b21d6aad01bdcb01082b67d79dbb4612e87d9deecac0ae56c6932424d1a8cc405215e2ead7ac3050c77c7c6eb1dc602463aaa7d4022370280cc3507313514a77939bb191934cc4d133def2d2594e33e88ae0e683db10b731a8aa6597d7e07be043755a78920eeac212b239fea78676716f30825ee81eaf7520144507d238c6c3023876ac042e3d8590ff3fbdf5d722b1b4bfc83312e1446dd7110e85b55176027e62341c6b6236d2ab3c721b981be8402b124278b45c79c0e769cdbd7cd7f8f110d346e93f2c53681ae9f1e9c3e3aa233e4b360ca8c3db5eb90a1441673b97fcd585f983e52ce8596339a430365045e344dbc8ae56378666801352dc24b71657f99a24d04deece077627bfaeb0a97199fec727002bf22b0f58035b8b5f82e0e5aa0a3728c1616947b746bd1da5c2cfb90959f7f146e49e7d8faf80476acfcdf2d343da9223b24b7f80f6626e2238a201f9c64392b96dd2fd6b0b724a51b740467717b374d5f17a990631f93fcc5a7cb48f3ad52be4ead0af90bbb1704ecff6c32b13b887303138dcb647fa902f3fbf9b2e21a9681857d839389a9ba7362c91f35829edc9fc98c54de91746c8258de87314583d0be3a919c3d9322f788fdffb0be87b8b219506517a55a0096ab73a33577dc17a22b09fbae15f83aee27a823adbeb69289ffc2a00b979d39038b2068b65ba46734b72df5f617bfcb10e6d23101ddf0e7234facbd2895d67ade80a2031d2cd29d606b67a783a53149ae6d6e7eed9b732de57bfcfef84e98c205813f34f0f8d8095c89ffab0430bc431a39453aaf87805bccf640c4608fb5b696497b644cf64b26a4a3066709d1b1f473472e1e2542f64634550846eeb18c2e30ff5a7da38c414f67e358458312c3a56dad8989aceca7215bcc8254ba82c0d1a735caee46a7dd2e7cabab06935a016bb0de169b75336efb34ca4dd390c183b7cf4f57a151cd44eadc8daa3ca6de85ebf1ea8917e2bf86ec0df1ace7b3c760330c70ef6416a4c6aca7340347b718e9ab7db937e0d359ff47d8e40ee255be08f4194b9ad43ef9ba3ac4b814097e7da8869458a280909c7fe62deada9b1faadee18592a55634b3021873681648cb9e32b252ac0032152b60413152309d2831444fe6eca711b2d14fd3f871b9b2e989efdcd9783bbe0249587148af57844237cbff467f3da36ffd440a40306ea72c62c5e279e2bae0e4e599992b828fe7df6b4dace07ede48be12b46649f478b83c6ee744e3292e68d8432fb3dc7df9edc0f87e9480c9d9841a428c2636ca156a2db57bc4485432a91c7ae48650b7cf62ffa3c1284ed46937bb1197a727caa87ca94178a75debc45b08c2497b383ca553cd0afd18e7b7925560d56dd8ab5c9eb7e0be837837f9705c97c7e04f20aa4890131c9793ad71b53192b67495c85e619276df68c3677b15b90ac19797d98e4469e80ff21509ed362ab1d6204fa4687c77d9b3ccd66a83915615bb6bb432c3ce2dee269ec85dc54f36aaf243026c3b4edfb3216b32778f1055d06964d8d3bb12c44987c2f268f9e1f11aa6b08d2876a44e9b0203dbe618b13e815fe56759eded973d03dda4631be6d70cb783f9049229128c11b5fb194efdcbe4314099e245f27006d530ecc6225d1e61b14d8c3ddc29fd1e7d3b98cdc504890b9a9e591c768e76fae26b120dc4b87ea067a0882a571fd934b098346f7cf28e79b158ccfd2f11962e366fa9a7b76867e74912b05f9181296691b06bc570403f4207f7c9a52eb05839a0902bad02e8b60374f65cfacbb1dbea15874872c40c2a6400b1a8601631f254f9963713bf1d67874eac742584caeb486dfae400920419ea38c22d40514f2f3f3ae7d8475ae7a8fadb6812e8350b8646d8d11c8295a5238fa9391ce77b1da39dbc15847e11634f4e8ba32990e8c49042f20e574b0b79718e998ddd770311c4f87ae4896d8b6fe5f1837859d07036b9356fb63050634dfb036df9b44b352f5244d1609ce8c160af9d3305390b9bf7dcf9f6b2096401e16067ba22953b94616c35e97d81180b6973874fa4df8a8b1dbbd9bfc5e4f4c7a49d643901cb0bb93eff45825d78b34ec5b0a12e18a1c175e74d04157b53d2d62041aa17fdef2e597e4221e42530359ff55b82ce2d2d93bb98de0eb565d97fe0ac0430e8fa4713ca2eb07fac3dd51cdbfbc83bfca8d9720892db33cda0f423d71a252ad0cae4b0cbd898f54686e29b92e764ef57116e89df0830eec2b21fd2b7b67f70da2b89bd30c51fa2de6b7e8d37c738d9043f027a490e9382057f7d0093cb6d10e6227db7d452aca03407174482352b47aee83246f47beb78c4514e0cffe284a15d37aa1d9e9d24e0d33713f5a099f8ee467065ef9914e373b004d72bf8163119010bd8f41e604164bce91a0246f3fb0618474b0be0e3fd6f39c5639aca4aead36db7fecd78225abfb7642800da9fb154e732065e35ccca10fb7d76c7b019a9e2e2c7fbe6b3e6ee223502417530f482f2f8a43acb58579cbf5c7df3f6392800f521284aa4223293c079c7729d385e4c6cd171249e33a4626117e0ad520f6a757a94c8a509839fc111a27648ac8c3e026f3c81297631f43e29a5b14c52dcd22a6be620b69c3a3842d07fed6021bb6dbaf3673626556e0cb0342926dd429a622b388baca018ac3b628d193d933c1dfa53bcbd5a480182bf9a1a9b1807aa489b1f640adc29839624ba255f9d98a9f4a8dd600a6f20e02924e4fcb1efbaa99bc329a1276258e10d3db29f893482e98f4865bcbc2b9cc1b9aea233721335257cb8819493f6be4e1da5db7753c233ef09b03c6e4cc6876e033158ca75e7b58c4ed6a21f4d9c7e3b8e87119c709766372760b7dce71cd396de90e0e5d43f664357905c3c148ee0cf2cc48d863cdd96ff5facb0509a00b2d6c2de0b52865ebb3a42d5c3856e9d7cdedd32e9e4be8f94fb17bf0ca392358a1af1d1a4d68cf6491ecccde91a6d2cb083f47415234ed5e6eb483754f89914b371351846f735586c40cdbf9ea3eeae4af0831f8b5c71ff43b83e629d28e0641fa9ab876f2f2e0d606a5643242486a20b13d91ab5e1a07db49a92ad8a77757866098cc6137cd77f704f5f7319b78b932c51a648c6c268307df170d39c2de12adda1efa1c0b71f063516b4fd594bde39e37113664fd73b8957b75ba8ff307dc63cb3ca081ea0c9a2cf33d18d5299a6f7e3260c28112c0289dd552546c4e990b38b185071fbc1a048c35f4e5879b9e8bf11f1f61ff49ccfee42ad36529774835f9ac0b22933c64ca07760494a7f1d0898ce2af91d9dc2b7af5e96daf42aaab874fbb2aba842e46235564415c1a1ee6b8d1c3d01dff3d9d8ce6b7a"}) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x5412, 0x800, 0x12) dup2(0xffffffffffffffff, 0xffffffffffffffff) r7 = dup(r3) r8 = socket$key(0xf, 0x3, 0x2) ioctl$BLKOPENZONE(r7, 0x40101286, 0x0) sendmsg$key(r8, 0x0, 0x0) sendmsg$key(r8, 0x0, 0x0) write$qrtrtun(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00') ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'wlan1\x00', @random="0100c3201000"}) 2.521171385s ago: executing program 1 (id=3095): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="10"], 0x10) r3 = openat$rdma_cm(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000180)={0xffffffffffffffff}, 0x106, 0xd}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r3, &(0x7f0000000280)={0xa, 0x4, 0xfa00, {r4}}, 0xc) getresuid(&(0x7f0000000000), &(0x7f0000000200), &(0x7f0000000400)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r5]) syz_open_pts(r1, 0x801) chdir(&(0x7f0000000240)='./file0\x00') creat(&(0x7f00000000c0)='./file0\x00', 0x17) mkdir(&(0x7f00000002c0)='./file0\x00', 0xf0) 2.50378156s ago: executing program 1 (id=3096): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pipe(0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4c899}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x9c}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) sendmsg$IPCTNL_MSG_CT_GET_DYING(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32=r8, @ANYBLOB="14000100ff05000000000000dfce00000000000108000800026e"], 0x34}}, 0x0) r9 = socket(0x10, 0x803, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1092010, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800) 2.092856654s ago: executing program 1 (id=3097): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, 0x0) syz_open_dev$ndb(&(0x7f0000000300), 0x0, 0x149440) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = dup3(0xffffffffffffffff, r1, 0x80000) r3 = socket$rxrpc(0x21, 0x2, 0x2) poll(&(0x7f0000000000)=[{r3, 0x2002}], 0x1, 0x7f) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r5 = ioctl$USERFAULTFD_IOC_NEW(r2, 0xaa00) recvmmsg(0xffffffffffffffff, &(0x7f00000086c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000540)=""/216, 0xd8}], 0x1}, 0x80000000}], 0x1, 0x40008062, 0x0) syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x10000, 0x2000000}, &(0x7f0000002000), &(0x7f0000000000)) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000018c0)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000040)=[r0, r0, r1, r4, r0, r5, r1], 0x7) close_range(r4, r4, 0x2) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r7 = fanotify_init(0x4, 0x1000) fanotify_mark(r7, 0x1, 0x800002b, r6, 0x0) readv(r7, &(0x7f0000001480)=[{&(0x7f0000000100)=""/70, 0x46}], 0x1) creat(&(0x7f0000000400)='./bus\x00', 0x0) setsockopt$sock_int(r3, 0x1, 0x7, &(0x7f0000000240), 0x4) 1.975249756s ago: executing program 4 (id=3100): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x800, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3fff, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc) r4 = socket$packet(0x11, 0x2, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) recvmmsg(r4, &(0x7f0000000480), 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x0, 0x1, 0x0, 0x4}, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r6, 0x541b, &(0x7f0000000100)) r7 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x3fe, 0xde, 0xd, 0x1, 0x6, 0x6}, 0x1c) recvmmsg$unix(r7, &(0x7f0000000380)=[{{&(0x7f0000000000), 0x6e, &(0x7f0000000080)}}], 0x1, 0x0, 0x0) sendmmsg(r7, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) getsockopt$inet_opts(r7, 0x0, 0x0, 0x0, &(0x7f0000000040)) socket$pppl2tp(0x18, 0x1, 0x1) 1.751095379s ago: executing program 1 (id=3101): epoll_create(0x80) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x20000) syz_io_uring_setup(0x70ca, &(0x7f0000001380)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100), &(0x7f00000007c0)) r0 = syz_io_uring_setup(0xee9, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x0, 0x7}, &(0x7f00000011c0), &(0x7f0000000140)) io_uring_enter(r0, 0x567, 0x1, 0x4, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="020e0000140000000000000000000000030005000000000002004000ac1e040100000000000000000300060000000000020000000000000000000000000000000800120000000200000000000000000006000000000000000000000000000000ff0200000000000000000000000000010000000000000000000000000000000004000300000000000000000000000000fdffffffffffffff0000000000000000bf8aae65f8c41bfc1b3df94e00484ddd077dc95b40aafdc20015ebf871620110a6a5c354c02111395b34571e8bb201234d4e8c9cc2f9"], 0xa0}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000040000900fffffffffddbdf25020000fd03001f000800018004001f80080004"], 0x28}, 0x1, 0x0, 0x0, 0x4084}, 0x0) r4 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f00000001c0)='.dead\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000500)="919589260730b273f496cf06d990644c39b2b5adebdec2b0a12e329ac75eead5f8fced16747cdce6d710084f3aade2c451d95955973c2b65b231f587a371a9cab101299202b71fbe33da6bfbaa25a9c03f18387293418acbf1b13e010105ee5149a8ae811d7aea21fb1d2512f9351684105e0e6a30675e080ab3e125cce8a6914774813581b054a142b39292cd328e466de72453a4dc6499f9be1f1b05311375bc66dc770279b27ae818e6890d2edce313b23959d2a0c51b26529f60066271dcf69ba503d0f85a0cf3191e6b5b7793e03f00e0e34a46c8b1cd10c1", 0xdb, r4) ioctl$CDROMSTART(0xffffffffffffffff, 0x5308) socket(0x15, 0x5, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000040)={'veth1_to_bond\x00', 0x200}) r6 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000003c0), &(0x7f0000000440)=0x8) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x3, 0x6, 0xd2}, {0x9, 0x8, 0xcb, 0x3000000}, {0x0, 0x20, 0x8, 0x6}]}) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 826.658602ms ago: executing program 1 (id=3104): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000680)={@map=0x1, 0x7, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000004300)=""/102400, 0x19000) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x2, 0x16, &(0x7f0000001600)=ANY=[@ANYRES64=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) r2 = syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x101000, 0x0) setsockopt$inet_int(r0, 0x0, 0x5, &(0x7f0000000040)=0x3, 0x4) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRESOCT=r3], 0x0, 0x7, 0x0, 0x0, 0x41100}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r5, 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x800) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r6, 0x6, 0x2a, 0x0, &(0x7f0000000000)) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) unshare(0x6a040000) mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) epoll_create1(0x80000) 649.007462ms ago: executing program 2 (id=3106): r0 = openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x260903) write$sndseq(r0, &(0x7f0000000180)=[{0x2, 0x83, 0x77, 0xb, @time={0x10001, 0x4}, {0x40, 0xf2}, {0x1, 0xd8}, @note={0x9, 0x40, 0x4, 0x3, 0x3}}, {0x3, 0x6, 0x3, 0x8, @tick=0xe94, {0xc1, 0x1d}, {0x9, 0x1c}, @connect={{0x5, 0x6}, {0x81, 0x3}}}, {0xf, 0x6, 0x9, 0xae, @time={0x4, 0x2}, {0x9, 0x2}, {0x8, 0xfa}, @control={0x6, 0x80000001, 0x8}}, {0x4, 0x53, 0xfe, 0x30, @time={0x0, 0x8001}, {0xf, 0xff}, {0xf, 0x6}, @control={0x3, 0xffffffff, 0xb37}}], 0x70) syz_emit_ethernet(0x32, &(0x7f0000000400)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x7, 0x4, 0x0, 0x0, 0x24, 0xfffd, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, {[@ssrr={0x89, 0x3, 0xe2}, @lsrr={0x83, 0x3, 0x78}]}}, {0x2001, 0x880b, 0x8}}}}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0xa4}}, 0x0) 648.723781ms ago: executing program 2 (id=3107): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0xdc}}, 0x0) (fail_nth: 27) 380.55181ms ago: executing program 2 (id=3108): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000240)={0x24, 0x0, 0x8, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xca}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000014}, 0x1400c000) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0xe}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x59}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000200)={0x4, &(0x7f0000000180)=[{0x4, 0xa7, 0x4, 0x8}, {0x200, 0xf6, 0xec, 0x4}, {0x3, 0x5, 0x7, 0x80000001}, {0x3, 0x9, 0x4, 0x8001}]}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r4 = socket$unix(0x1, 0x1, 0x0) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SW_SYNC_IOC_INC(r5, 0xc0105702, &(0x7f0000000100)) ioctl$VIDIOC_G_STD(0xffffffffffffffff, 0x80085617, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = openat$autofs(0xffffff9c, &(0x7f00000000c0), 0x2b02, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r7, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x5, '\x00', 0x401, 0x63bd6847, 0x4, 0x3}}}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x3}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4008080) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x67, 0x5}}}}}, 0x0) 215.788036ms ago: executing program 2 (id=3109): r0 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f000033c000/0x2000)=nil, 0x2000, 0x1000, 0x6, &(0x7f0000003000/0x1000)=nil) 209.223859ms ago: executing program 3 (id=3110): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x92) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000003c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x3000001, &(0x7f0000000740)=ANY=[@ANYBLOB='f ', @ANYBLOB="20d2c41af86641a2c5ca75199fdf18b96bf3d522f9359c02cfcb0ed0ac549ac938c54020eb9a04fa63ed62cefaed5e0b8fed8d738e87b07ac9458bcb3aa81b6034a0712e18159927a700c1d8031b596d57ab73448f8fb61597754d1726e4e07ea3810a27a190bef4bc7e88da8856e3206b6d4806cacc2e6a698a8b7c0b36e30f280f6050b846fb0a36eab08b2aaeb3c43545a5fbe39dda976f022d04a2b592b0c8047b6227aff2586bd5f125a4e19c5586a79c563f7676cc873f25795e50ecd7e98f8fcb4edafec92c311b09f33e7fe9763a358b8c1d6e0145d2935a955f612f0d20c22dc3b399253176e29bedb825447dd97e", @ANYRES16=r0, @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="1830c39d8ac91f3d485971cfb8e969794059963504eb79513bc3819e57ad3b9e6bbcb663c9099bc79672b8fc63f1e709f62dc591a75961505224abba000800007a4f00c1fe3ebeb7f725bd2259932cad290202b993ba1c4d77618d58108aae280e5a3843d5e4f446e4894beb4a0b95893f"]) syz_clone(0x150000, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0) syz_io_uring_setup(0x186, 0x0, 0x0, &(0x7f0000000000)) syz_io_uring_setup(0x239, 0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xb, 0x5, 0x10001, 0xa, 0x1, 0xffffffffffffffff, 0x3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_io_uring_submit(r1, r2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) chdir(0x0) execve(&(0x7f0000000200)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000640)) r5 = socket$unix(0x1, 0x1, 0x0) bind$unix(r5, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x60000000000, 0x0) ioctl$VT_RESIZE(r6, 0x5609, &(0x7f0000000080)={0x1, 0xf, 0xf}) 90.65853ms ago: executing program 2 (id=3111): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@datasec={0x1, 0x1, 0x0, 0xf, 0x3, [{}], "aafada"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], "92"}]}, {0x0, [0x2e]}}, 0x0, 0x43, 0x0, 0x8}, 0x20) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)={0x28, r2, 0x223, 0x0, 0x4, {0x3}, [@SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x28}}, 0x440d6) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c000b8018"], 0x44}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) 0s ago: executing program 2 (id=3112): epoll_create(0x80) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x20000) syz_io_uring_setup(0x70ca, &(0x7f0000001380)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100), &(0x7f00000007c0)) r0 = syz_io_uring_setup(0xee9, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x0, 0x7}, &(0x7f00000011c0), &(0x7f0000000140)) io_uring_enter(r0, 0x567, 0x1, 0x4, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="020e0000140000000000000000000000030005000000000002004000ac1e040100000000000000000300060000000000020000000000000000000000000000000800120000000200000000000000000006000000000000000000000000000000ff0200000000000000000000000000010000000000000000000000000000000004000300000000000000000000000000fdffffffffffffff0000000000000000bf8aae65f8c41bfc1b3df94e00484ddd077dc95b40aafdc20015ebf871620110a6a5c354c02111395b34571e8bb201234d4e8c9cc2f9"], 0xa0}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000040000900fffffffffddbdf25020000fd03001f000800018004001f80080004"], 0x28}, 0x1, 0x0, 0x0, 0x4084}, 0x0) r4 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f00000001c0)='.dead\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000500)="919589260730b273f496cf06d990644c39b2b5adebdec2b0a12e329ac75eead5f8fced16747cdce6d710084f3aade2c451d95955973c2b65b231f587a371a9cab101299202b71fbe33da6bfbaa25a9c03f18387293418acbf1b13e010105ee5149a8ae811d7aea21fb1d2512f9351684105e0e6a30675e080ab3e125cce8a6914774813581b054a142b39292cd328e466de72453a4dc6499f9be1f1b05311375bc66dc770279b27ae818e6890d2edce313b23959d2a0c51b26529f60066271dcf69ba503d0f85a0cf3191e6b5b7793e03f00e0e34a46c8b1cd10c1", 0xdb, r4) ioctl$CDROMSTART(0xffffffffffffffff, 0x5308) socket(0x15, 0x5, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000040)={'veth1_to_bond\x00', 0x200}) r6 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000003c0), &(0x7f0000000440)=0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x3, 0x6, 0xd2}, {0x9, 0x8, 0xcb, 0x3000000}, {0x0, 0x20, 0x8, 0x6}]}) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 0s ago: executing program 4 (id=3113): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'mpc624\x00', [0xee, 0x80008000, 0x1, 0x2, 0x0, 0x0, 0x8000000, 0x13, 0x1004, 0xffffffff, 0x4, 0x7, 0x4, 0x4, 0x7ad, 0x200006, 0xffffffa7, 0x9, 0x0, 0x65c, 0x3ff, 0x11000, 0x800, 0xe2df, 0x9, 0x4e, 0x5, 0x3, 0x3, 0x5, 0x45]}) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_int(r1, 0x0, 0x6, &(0x7f0000000080), &(0x7f0000000100)=0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x11, 0x3, 0x0) r3 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x4) syz_usb_connect(0x4, 0x0, 0x0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xf0ff}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) ioctl$COMEDI_UNLOCK(r3, 0x6406) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='afs_cb_miss\x00', r4, 0x0, 0x86c800000000000}, 0x18) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000140)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRESOCT=r2], 0x2b) sendfile(r7, r3, 0x0, 0x4000000053d2) kernel console output (not intermixed with test programs): 80013][T16527] ? hook_file_ioctl_common+0x145/0x410 [ 632.780038][T16527] ? __fget_files+0x20e/0x3c0 [ 632.780059][T16527] security_file_ioctl_compat+0x9b/0x240 [ 632.780083][T16527] __ia32_compat_sys_ioctl+0xc3/0x370 [ 632.780114][T16527] __do_fast_syscall_32+0x7c/0x3a0 [ 632.780138][T16527] do_fast_syscall_32+0x32/0x80 [ 632.780160][T16527] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 632.780179][T16527] RIP: 0023:0xf70ce579 [ 632.780192][T16527] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 632.780207][T16527] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 632.780222][T16527] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008953 [ 632.780232][T16527] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 632.780241][T16527] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 632.780251][T16527] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 632.780260][T16527] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 632.780283][T16527] [ 632.780305][T16527] ERROR: Out of memory at tomoyo_realpath_from_path. [ 632.931760][T16529] loop7: detected capacity change from 0 to 7 [ 632.939182][ C3] blk_print_req_error: 5 callbacks suppressed [ 632.939194][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 632.944094][ C3] buffer_io_error: 5 callbacks suppressed [ 632.944104][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 632.949819][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 632.952929][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 632.955810][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 632.958621][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 632.961326][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 632.964362][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 632.967194][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 632.970211][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 632.973136][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 632.976074][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 632.979142][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 632.982689][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 632.985993][T16529] ldm_validate_partition_table(): Disk read failed. [ 632.996167][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 632.999260][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 633.005627][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 633.008669][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 633.011714][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 633.014781][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 633.021471][T16529] Dev loop7: unable to read RDB block 0 [ 633.024859][T16529] loop7: unable to read partition table [ 633.026961][T16529] loop7: partition table beyond EOD, truncated [ 633.029684][T16529] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 634.341384][T16545] lo speed is unknown, defaulting to 1000 [ 635.019514][T16549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2725'. [ 635.314272][T16557] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2730'. [ 635.993342][T16568] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2732'. [ 636.147599][ T6038] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 636.252549][T15239] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 636.326002][ T6038] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 636.341798][ T6038] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 636.369910][ T6038] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 636.380607][ T6038] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 636.394433][ T6038] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 636.424810][T16578] lo speed is unknown, defaulting to 1000 [ 636.425147][ T6038] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 636.433071][ T6038] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 636.437658][T15239] usb 6-1: Using ep0 maxpacket: 16 [ 636.440271][ T6038] usb 7-1: Product: syz [ 636.443212][ T6038] usb 7-1: Manufacturer: syz [ 636.446004][T15239] usb 6-1: config 0 has no interfaces? [ 636.451538][T15239] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 636.455528][T15239] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.466880][T15239] usb 6-1: Product: syz [ 636.469740][T15239] usb 6-1: Manufacturer: syz [ 636.472203][T15239] usb 6-1: SerialNumber: syz [ 636.480119][ T6038] cdc_wdm 7-1:1.0: skipping garbage [ 636.482391][ T6038] cdc_wdm 7-1:1.0: skipping garbage [ 636.490714][T15239] usb 6-1: config 0 descriptor?? [ 636.507132][ T6038] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 636.523258][ T6038] cdc_wdm 7-1:1.0: Unknown control protocol [ 636.653876][T16582] FAULT_INJECTION: forcing a failure. [ 636.653876][T16582] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 636.659839][T16582] CPU: 2 UID: 0 PID: 16582 Comm: syz.3.2738 Not tainted syzkaller #0 PREEMPT(full) [ 636.659858][T16582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 636.659866][T16582] Call Trace: [ 636.659871][T16582] [ 636.659877][T16582] dump_stack_lvl+0x16c/0x1f0 [ 636.659898][T16582] should_fail_ex+0x512/0x640 [ 636.659920][T16582] should_fail_alloc_page+0xe7/0x130 [ 636.659939][T16582] prepare_alloc_pages+0x3c2/0x610 [ 636.659959][T16582] ? rcu_is_watching+0x12/0xc0 [ 636.659982][T16582] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 636.660001][T16582] ? rcu_is_watching+0x12/0xc0 [ 636.660014][T16582] ? trace_mm_page_alloc+0x11f/0x1a0 [ 636.660034][T16582] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 636.660052][T16582] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 636.660075][T16582] ? get_il_weight+0xea/0x290 [ 636.660094][T16582] ? get_il_weight+0xf4/0x290 [ 636.660111][T16582] alloc_pages_bulk_noprof+0x71c/0x1410 [ 636.660130][T16582] ? policy_nodemask+0xea/0x4e0 [ 636.660148][T16582] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 636.660164][T16582] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 636.660188][T16582] kasan_populate_vmalloc+0xf1/0x1f0 [ 636.660206][T16582] alloc_vmap_area+0x959/0x29c0 [ 636.660232][T16582] ? __pfx_alloc_vmap_area+0x10/0x10 [ 636.660254][T16582] __get_vm_area_node+0x1ca/0x330 [ 636.660277][T16582] __vmalloc_node_range_noprof+0x271/0x14b0 [ 636.660291][T16582] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 636.660310][T16582] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 636.660327][T16582] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 636.660345][T16582] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 636.660358][T16582] vmalloc_user_noprof+0x9e/0xe0 [ 636.660370][T16582] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 636.660384][T16582] vb2_vmalloc_alloc+0x135/0x3f0 [ 636.660401][T16582] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 636.660414][T16582] __vb2_queue_alloc+0x8c9/0x1280 [ 636.660443][T16582] vb2_core_reqbufs+0xa90/0xfe0 [ 636.660459][T16582] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 636.660472][T16582] ? __pfx___might_resched+0x10/0x10 [ 636.660489][T16582] ? __mutex_lock+0x1c5/0x1060 [ 636.660510][T16582] vb2_reqbufs+0x1a3/0x1f0 [ 636.660528][T16582] ? __pfx_vb2_reqbufs+0x10/0x10 [ 636.660548][T16582] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 636.660569][T16582] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 636.660590][T16582] v4l_reqbufs+0x152/0x1e0 [ 636.660606][T16582] __video_do_ioctl+0xb3d/0xfc0 [ 636.660625][T16582] ? __might_fault+0xe3/0x190 [ 636.660640][T16582] ? __pfx___video_do_ioctl+0x10/0x10 [ 636.660666][T16582] video_usercopy+0x47c/0x1440 [ 636.660685][T16582] ? __pfx___video_do_ioctl+0x10/0x10 [ 636.660702][T16582] ? __pfx_video_usercopy+0x10/0x10 [ 636.660729][T16582] ? hook_file_ioctl_common+0x145/0x410 [ 636.660754][T16582] v4l2_ioctl+0x1ba/0x250 [ 636.660772][T16582] v4l2_compat_ioctl32+0x214/0x2c0 [ 636.660787][T16582] ? __pfx_v4l2_compat_ioctl32+0x10/0x10 [ 636.660802][T16582] __ia32_compat_sys_ioctl+0x242/0x370 [ 636.660826][T16582] __do_fast_syscall_32+0x7c/0x3a0 [ 636.660846][T16582] do_fast_syscall_32+0x32/0x80 [ 636.660864][T16582] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 636.660880][T16582] RIP: 0023:0xf7fc7579 [ 636.660891][T16582] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 636.660904][T16582] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 636.660917][T16582] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0145608 [ 636.660925][T16582] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 636.660934][T16582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 636.660941][T16582] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 636.660948][T16582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 636.660964][T16582] [ 636.661083][T16582] warn_alloc: 1 callbacks suppressed [ 636.661091][T16582] syz.3.2738: vmalloc error: size 2768896, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 636.805126][T16582] CPU: 2 UID: 0 PID: 16582 Comm: syz.3.2738 Not tainted syzkaller #0 PREEMPT(full) [ 636.805143][T16582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 636.805151][T16582] Call Trace: [ 636.805156][T16582] [ 636.805161][T16582] dump_stack_lvl+0x16c/0x1f0 [ 636.805179][T16582] warn_alloc+0x248/0x3a0 [ 636.805200][T16582] ? __pfx_warn_alloc+0x10/0x10 [ 636.805222][T16582] ? kfree+0x2b4/0x4d0 [ 636.805236][T16582] ? __get_vm_area_node+0x208/0x330 [ 636.805256][T16582] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 636.805275][T16582] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 636.805299][T16582] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 636.805323][T16582] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 636.805336][T16582] vmalloc_user_noprof+0x9e/0xe0 [ 636.805346][T16582] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 636.805362][T16582] vb2_vmalloc_alloc+0x135/0x3f0 [ 636.805401][T16582] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 636.805418][T16582] __vb2_queue_alloc+0x8c9/0x1280 [ 636.805456][T16582] vb2_core_reqbufs+0xa90/0xfe0 [ 636.805479][T16582] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 636.805495][T16582] ? __pfx___might_resched+0x10/0x10 [ 636.805514][T16582] ? __mutex_lock+0x1c5/0x1060 [ 636.805553][T16582] vb2_reqbufs+0x1a3/0x1f0 [ 636.805581][T16582] ? __pfx_vb2_reqbufs+0x10/0x10 [ 636.805604][T16582] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 636.805629][T16582] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 636.805656][T16582] v4l_reqbufs+0x152/0x1e0 [ 636.805677][T16582] __video_do_ioctl+0xb3d/0xfc0 [ 636.805697][T16582] ? __might_fault+0xe3/0x190 [ 636.805716][T16582] ? __pfx___video_do_ioctl+0x10/0x10 [ 636.805745][T16582] video_usercopy+0x47c/0x1440 [ 636.805767][T16582] ? __pfx___video_do_ioctl+0x10/0x10 [ 636.805788][T16582] ? __pfx_video_usercopy+0x10/0x10 [ 636.805822][T16582] ? hook_file_ioctl_common+0x145/0x410 [ 636.805848][T16582] v4l2_ioctl+0x1ba/0x250 [ 636.805866][T16582] v4l2_compat_ioctl32+0x214/0x2c0 [ 636.805885][T16582] ? __pfx_v4l2_compat_ioctl32+0x10/0x10 [ 636.805904][T16582] __ia32_compat_sys_ioctl+0x242/0x370 [ 636.805939][T16582] __do_fast_syscall_32+0x7c/0x3a0 [ 636.805960][T16582] do_fast_syscall_32+0x32/0x80 [ 636.805981][T16582] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 636.806001][T16582] RIP: 0023:0xf7fc7579 [ 636.806014][T16582] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 636.806027][T16582] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 636.806041][T16582] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0145608 [ 636.806052][T16582] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 636.806061][T16582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 636.806070][T16582] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 636.806080][T16582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 636.806102][T16582] [ 636.806686][T16582] Mem-Info: [ 636.905411][T16582] active_anon:11431 inactive_anon:5020 isolated_anon:0 [ 636.905411][T16582] active_file:3841 inactive_file:621 isolated_file:0 [ 636.905411][T16582] unevictable:1768 dirty:533 writeback:0 [ 636.905411][T16582] slab_reclaimable:7567 slab_unreclaimable:73634 [ 636.905411][T16582] mapped:24365 shmem:13196 pagetables:1279 [ 636.905411][T16582] sec_pagetables:336 bounce:0 [ 636.905411][T16582] kernel_misc_reclaimable:0 [ 636.905411][T16582] free:55207 free_pcp:20140 free_cma:0 [ 636.922293][T16582] Node 0 active_anon:696kB inactive_anon:4kB active_file:0kB inactive_file:4kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7536kB pagetables:1072kB sec_pagetables:1144kB all_unreclaimable? yes Balloon:0kB [ 636.932270][T16582] Node 1 active_anon:45028kB inactive_anon:20076kB active_file:15364kB inactive_file:2480kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:97440kB dirty:2132kB writeback:0kB shmem:49248kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6384kB pagetables:4044kB sec_pagetables:200kB all_unreclaimable? no Balloon:0kB [ 636.943003][T16582] Node 0 DMA free:2652kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:224kB local_pcp:64kB free_cma:0kB [ 636.954562][T16582] lowmem_reserve[]: 0 288 288 288 288 [ 636.956832][T16582] Node 0 DMA32 free:36952kB boost:18432kB min:31652kB low:34956kB high:38260kB reserved_highatomic:4096KB free_highatomic:2156KB active_anon:696kB inactive_anon:4kB active_file:0kB inactive_file:4kB unevictable:3536kB writepending:0kB present:1032196kB managed:295136kB mlocked:0kB bounce:0kB free_pcp:13236kB local_pcp:3780kB free_cma:0kB [ 636.970503][T16582] lowmem_reserve[]: 0 0 0 0 0 [ 636.972638][T16582] Node 1 DMA32 free:181224kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:10240KB free_highatomic:5024KB active_anon:45028kB inactive_anon:20076kB active_file:15364kB inactive_file:2480kB unevictable:3536kB writepending:2132kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:67340kB local_pcp:18656kB free_cma:0kB [ 636.987211][T16582] lowmem_reserve[]: 0 0 0 0 0 [ 636.989497][T16582] Node 0 DMA: 39*4kB (UM) 24*8kB (UM) 12*16kB (UM) 14*32kB (UM) 0*64kB 1*128kB (M) 2*256kB (M) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2652kB [ 636.995238][T16582] Node 0 DMA32: 884*4kB (UMEH) 419*8kB (UMEH) 109*16kB (UMEH) 301*32kB (UMEH) 134*64kB (UMEH) 39*128kB (UMEH) 14*256kB (UMH) 3*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 36952kB [ 637.002521][T16582] Node 1 DMA32: 648*4kB [ 637.004966][ T6038] usb 7-1: USB disconnect, device number 26 [ 637.013752][T16582] (UMEH) 897*8kB (UMEH) 460*16kB (UMEH) 410*32kB (UMEH) 174*64kB (UMEH) 144*128kB (UMEH) 81*256kB (UMEH) 51*512kB (ME) 25*1024kB (M) 16*2048kB (UM) 4*4096kB (UM) = 181416kB [ 637.019954][T16582] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 637.023186][T16582] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 637.026341][T16582] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 637.030750][T16582] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 637.034794][T16582] 17735 total pagecache pages [ 637.036961][T16582] 81 pages in swap cache [ 637.039372][T16582] Free swap = 21920kB [ 637.041446][T16582] Total swap = 124996kB [ 637.043538][T16582] 524155 pages RAM [ 637.045287][T16582] 0 pages HighMem/MovableOnly [ 637.047251][T16582] 209476 pages reserved [ 637.051408][T16582] 0 pages cma reserved [ 637.238104][T16587] block nbd0: server does not support multiple connections per device. [ 637.241763][T16587] block nbd0: shutting down sockets [ 637.368377][T16587] syz.3.2740 (16587): drop_caches: 1 [ 637.441585][T16587] syz.3.2740 (16587): drop_caches: 1 [ 637.582776][T15239] usb 6-1: USB disconnect, device number 22 [ 637.778167][ T6038] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 637.930010][ T6038] usb 7-1: Using ep0 maxpacket: 32 [ 637.941231][ T6038] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 637.943867][ T6038] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 637.947404][ T6038] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 637.952542][ T6038] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 637.956741][ T6038] usb 7-1: config 0 interface 0 has no altsetting 0 [ 637.962383][ T6038] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 637.965496][ T6038] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 637.969933][ T6038] usb 7-1: Product: syz [ 637.971365][ T6038] usb 7-1: Manufacturer: syz [ 637.972859][ T6038] usb 7-1: SerialNumber: syz [ 637.975502][ T6038] usb 7-1: config 0 descriptor?? [ 637.992084][ T6038] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 637.998121][ T6038] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 638.216572][T15359] usb 7-1: USB disconnect, device number 27 [ 638.228184][T15359] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 638.233028][T16598] input: syz1 as /devices/virtual/input/input42 [ 638.711733][T16605] input: syz1 as /devices/virtual/input/input43 [ 638.714441][T16605] input: failed to attach handler leds to device input43, error: -6 [ 638.720811][T16605] FAULT_INJECTION: forcing a failure. [ 638.720811][T16605] name failslab, interval 1, probability 0, space 0, times 0 [ 638.725299][T16605] CPU: 0 UID: 0 PID: 16605 Comm: syz.4.2745 Not tainted syzkaller #0 PREEMPT(full) [ 638.725315][T16605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 638.725322][T16605] Call Trace: [ 638.725326][T16605] [ 638.725331][T16605] dump_stack_lvl+0x16c/0x1f0 [ 638.725349][T16605] should_fail_ex+0x512/0x640 [ 638.725391][T16605] ? fs_reclaim_acquire+0xae/0x150 [ 638.725409][T16605] should_failslab+0xc2/0x120 [ 638.725424][T16605] __kmalloc_cache_noprof+0x6a/0x3e0 [ 638.725436][T16605] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 638.725451][T16605] ? kobject_uevent_env+0x265/0x1870 [ 638.725469][T16605] kobject_uevent_env+0x265/0x1870 [ 638.725498][T16605] ? __pfx_dev_uevent_name+0x10/0x10 [ 638.725515][T16605] ? bus_to_subsys+0x131/0x160 [ 638.725529][T16605] device_del+0x623/0x9f0 [ 638.725544][T16605] ? __pfx_device_del+0x10/0x10 [ 638.725567][T16605] cdev_device_del+0x1d/0x110 [ 638.725582][T16605] evdev_disconnect+0x40/0xb0 [ 638.725594][T16605] __input_unregister_device+0x226/0x4d0 [ 638.725607][T16605] input_unregister_device+0xb9/0x100 [ 638.725619][T16605] uinput_destroy_device+0x1f4/0x260 [ 638.725636][T16605] uinput_ioctl_handler.isra.0+0x8a9/0x1df0 [ 638.725651][T16605] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 638.725668][T16605] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 638.725686][T16605] ? find_held_lock+0x2b/0x80 [ 638.725703][T16605] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 638.725720][T16605] ? __pfx_uinput_compat_ioctl+0x10/0x10 [ 638.725738][T16605] __ia32_compat_sys_ioctl+0x242/0x370 [ 638.725757][T16605] __do_fast_syscall_32+0x7c/0x3a0 [ 638.725773][T16605] do_fast_syscall_32+0x32/0x80 [ 638.725788][T16605] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 638.725801][T16605] RIP: 0023:0xf70ce579 [ 638.725810][T16605] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 638.725821][T16605] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 638.725832][T16605] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005502 [ 638.725839][T16605] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 638.725845][T16605] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 638.725851][T16605] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 638.725857][T16605] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 638.725871][T16605] [ 639.257635][T15477] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 639.407574][T15477] usb 9-1: Using ep0 maxpacket: 8 [ 639.689300][T16623] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 639.690547][T15477] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 639.692929][T16623] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.707580][T15477] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 639.716137][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 639.726171][T15477] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 639.734627][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 639.748590][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 639.752782][T15477] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 639.757985][T15477] usb 9-1: config 168 interface 0 has no altsetting 0 [ 639.761589][T15477] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 639.764418][T15477] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 639.769303][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 639.773284][T15477] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 639.777003][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 639.781467][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 639.784951][T15477] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 639.789878][T15477] usb 9-1: config 168 interface 0 has no altsetting 0 [ 639.792687][T15477] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 639.795380][T15477] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 639.800271][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 639.804701][T15477] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 639.809887][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 639.814562][T15477] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 639.821599][T15477] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 639.826962][T15477] usb 9-1: config 168 interface 0 has no altsetting 0 [ 639.839090][T15477] usb 9-1: string descriptor 0 read error: -22 [ 639.842052][T15477] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 639.845821][T15477] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.879169][T15477] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 639.879433][T16623] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 639.895759][T16623] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.029228][T16623] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 640.035456][T16623] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.064787][T16636] block nbd2: Attempted send on invalid socket [ 640.068058][T16636] blk_print_req_error: 5 callbacks suppressed [ 640.068072][T16636] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 640.074879][T16636] block nbd2: Attempted send on invalid socket [ 640.080031][T16636] I/O error, dev nbd2, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 640.084041][T16636] Mount JFS Failure: -5 [ 640.085938][T16636] jfs_mount failed w/return code = -5 [ 640.103965][T15359] usb 9-1: USB disconnect, device number 17 [ 640.145419][T16623] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 640.152708][T16623] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.297389][ T13] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 640.303422][ T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.340768][ T13] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 640.343811][ T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.359952][ T13] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 640.362762][ T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.367356][ T13] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 640.373771][ T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.384357][T16622] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 640.398697][T16622] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.430325][T16613] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 640.485221][T16622] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 640.490189][T16622] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.624270][T16622] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 640.631297][T16622] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.846115][T16622] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 640.856462][T16622] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.069799][T16652] veth1_to_bond: entered allmulticast mode [ 641.106736][T16652] FAULT_INJECTION: forcing a failure. [ 641.106736][T16652] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 641.112402][T16652] CPU: 1 UID: 0 PID: 16652 Comm: syz.4.2760 Not tainted syzkaller #0 PREEMPT(full) [ 641.112439][T16652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 641.112450][T16652] Call Trace: [ 641.112458][T16652] [ 641.112465][T16652] dump_stack_lvl+0x16c/0x1f0 [ 641.112493][T16652] should_fail_ex+0x512/0x640 [ 641.112522][T16652] _copy_from_user+0x2e/0xd0 [ 641.112551][T16652] get_compat_msghdr+0xa7/0x170 [ 641.112574][T16652] ? __pfx_get_compat_msghdr+0x10/0x10 [ 641.112598][T16652] ? __lock_acquire+0x62e/0x1ce0 [ 641.112626][T16652] ___sys_sendmsg+0x1ae/0x1d0 [ 641.112652][T16652] ? __pfx____sys_sendmsg+0x10/0x10 [ 641.112704][T16652] __sys_sendmmsg+0x2f9/0x420 [ 641.112732][T16652] ? __pfx___sys_sendmmsg+0x10/0x10 [ 641.112774][T16652] ? fput+0x9b/0xd0 [ 641.112799][T16652] ? ksys_write+0x1ac/0x250 [ 641.112831][T16652] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 641.112853][T16652] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 641.112874][T16652] __do_fast_syscall_32+0x7c/0x3a0 [ 641.112900][T16652] do_fast_syscall_32+0x32/0x80 [ 641.112924][T16652] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 641.112946][T16652] RIP: 0023:0xf70ce579 [ 641.112958][T16652] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 641.112974][T16652] RSP: 002b:00000000f515c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 641.112994][T16652] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 0000000080003cc0 [ 641.113007][T16652] RDX: 0000000000000172 RSI: 0000000004001c00 RDI: 0000000000000000 [ 641.113018][T16652] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 641.113029][T16652] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 641.113038][T16652] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 641.113059][T16652] [ 642.893287][T16664] fuse: Unknown parameter '' [ 642.899985][T16664] l2tp_ppp: sess 2/0: no socket in recv [ 642.970823][T16672] FAULT_INJECTION: forcing a failure. [ 642.970823][T16672] name failslab, interval 1, probability 0, space 0, times 0 [ 642.974799][T16672] CPU: 3 UID: 0 PID: 16672 Comm: syz.3.2768 Not tainted syzkaller #0 PREEMPT(full) [ 642.974815][T16672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 642.974822][T16672] Call Trace: [ 642.974827][T16672] [ 642.974831][T16672] dump_stack_lvl+0x16c/0x1f0 [ 642.974850][T16672] should_fail_ex+0x512/0x640 [ 642.974866][T16672] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 642.974882][T16672] should_failslab+0xc2/0x120 [ 642.974896][T16672] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 642.974911][T16672] ? vfs_parse_fs_string+0xc3/0x150 [ 642.974926][T16672] kmemdup_nul+0x49/0xf0 [ 642.974940][T16672] vfs_parse_fs_string+0xc3/0x150 [ 642.974953][T16672] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 642.974969][T16672] ? lockdep_init_map_type+0x5c/0x280 [ 642.974984][T16672] ? ovl_next_opt+0x143/0x1c0 [ 642.974996][T16672] ? __pfx_ovl_next_opt+0x10/0x10 [ 642.975006][T16672] vfs_parse_monolithic_sep+0x16f/0x1f0 [ 642.975019][T16672] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 642.975033][T16672] ? alloc_fs_context+0x59b/0x9c0 [ 642.975048][T16672] path_mount+0x14c9/0x2000 [ 642.975065][T16672] ? __pfx_path_mount+0x10/0x10 [ 642.975079][T16672] ? kmem_cache_free+0x2d1/0x4d0 [ 642.975091][T16672] ? putname+0x154/0x1a0 [ 642.975105][T16672] ? getname_flags.part.0+0x1c5/0x550 [ 642.975125][T16672] ? __ia32_sys_mount+0x28b/0x310 [ 642.975138][T16672] __ia32_sys_mount+0x28b/0x310 [ 642.975152][T16672] ? __pfx___ia32_sys_mount+0x10/0x10 [ 642.975167][T16672] ? rcu_is_watching+0x12/0xc0 [ 642.975180][T16672] __do_fast_syscall_32+0x7c/0x3a0 [ 642.975196][T16672] do_fast_syscall_32+0x32/0x80 [ 642.975210][T16672] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 642.975224][T16672] RIP: 0023:0xf7fc7579 [ 642.975232][T16672] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 642.975243][T16672] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 642.975254][T16672] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800000c0 [ 642.975261][T16672] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000080000380 [ 642.975267][T16672] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 642.975274][T16672] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 642.975280][T16672] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 642.975292][T16672] [ 643.056706][ C3] vkms_vblank_simulate: vblank timer overrun [ 644.476243][ T79] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 644.488898][ T79] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.511403][ T79] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 644.519735][ T79] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.537942][ T1231] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 644.541395][ T1231] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.585237][ T79] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 644.591198][ T79] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.751908][T16697] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2775'. [ 645.576282][T16702] ALSA: mixer_oss: invalid OSS volume 'u' [ 645.804638][T16718] netlink: 'syz.1.2780': attribute type 10 has an invalid length. [ 645.859048][T16718] 8021q: adding VLAN 0 to HW filter on device team0 [ 645.870277][T16718] team_slave_0: entered promiscuous mode [ 645.873599][T16718] team_slave_1: entered promiscuous mode [ 645.878449][T16718] bond0: (slave team0): Enslaving as an active interface with an up link [ 646.329524][ T40] audit: type=1326 audit(1756140436.568:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.357869][ T40] audit: type=1326 audit(1756140436.578:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.368866][ T40] audit: type=1326 audit(1756140436.578:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.397621][ T40] audit: type=1326 audit(1756140436.578:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.409872][ T40] audit: type=1326 audit(1756140436.578:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.418379][ T40] audit: type=1326 audit(1756140436.578:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.426048][ T40] audit: type=1326 audit(1756140436.578:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.434014][ T40] audit: type=1326 audit(1756140436.588:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.442744][ T40] audit: type=1326 audit(1756140436.588:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.457674][ T40] audit: type=1326 audit(1756140436.588:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16720 comm="syz.2.2781" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 646.610267][T16729] block nbd3: Attempted send on invalid socket [ 646.612288][T16729] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 646.615388][T16729] block nbd3: Attempted send on invalid socket [ 646.622014][T16729] I/O error, dev nbd3, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 646.625033][T16729] Mount JFS Failure: -5 [ 646.626383][T16729] jfs_mount failed w/return code = -5 [ 647.427708][ T6046] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 647.587774][ T6046] usb 8-1: Using ep0 maxpacket: 8 [ 647.624071][ T6046] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 647.631572][ T6046] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 647.644537][ T6046] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 647.652250][ T6046] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 647.662223][ T6046] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 647.665194][ T6046] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 648.247708][ T6922] usb 9-1: new full-speed USB device number 18 using dummy_hcd [ 648.403485][ T6922] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 648.410754][ T6922] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 648.415685][ T6922] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 648.422860][ T6922] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 648.431593][ T6922] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 648.435468][ T6922] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 648.441968][ T6922] usb 9-1: Manufacturer: syz [ 648.449047][ T6922] usb 9-1: config 0 descriptor?? [ 648.700124][ T6922] rc_core: IR keymap rc-hauppauge not found [ 648.702158][ T6922] Registered IR keymap rc-empty [ 648.703853][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.717766][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.738569][ T6922] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0 [ 648.746742][ T6922] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input45 [ 648.753878][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.767644][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.787692][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.809376][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.828041][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.848581][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.867837][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.888220][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.908063][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.927563][ T6922] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 648.950764][ T6922] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 648.954468][ T6922] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 648.963914][ T6922] usb 9-1: USB disconnect, device number 18 [ 648.971439][T16735] [U]  [ 648.972383][T16735] [U] K{ [ 648.973511][T16735] [U] T 1ŠFFˊ`GJǘGO/MC [ 648.976051][T16735] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 648.983206][T16735] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 648.986979][T16735] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 649.005182][T16735] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 649.016165][T16735] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 649.024031][T16735] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 649.033878][T16735] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 649.081126][T16735] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 649.099229][T16735] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 649.105687][T16735] [U] 22Ʃ۩X?0;3U [ 649.109563][T16735] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 649.121748][T16735] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 649.125884][T16735] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 649.130160][T16735] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 649.133586][T16735] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 649.138909][T16735] [U] EC [ 649.142454][T16735] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 649.217899][T16764] block nbd0: server does not support multiple connections per device. [ 649.221282][T16764] block nbd0: shutting down sockets [ 649.499528][T16764] syz.2.2797 (16764): drop_caches: 1 [ 649.615770][T16764] syz.2.2797 (16764): drop_caches: 1 [ 649.804120][T16773] block nbd4: Attempted send on invalid socket [ 649.806349][T16773] I/O error, dev nbd4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 649.811936][T16773] block nbd4: Attempted send on invalid socket [ 649.814657][T16773] I/O error, dev nbd4, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 649.818952][T16773] Mount JFS Failure: -5 [ 649.820379][T16773] jfs_mount failed w/return code = -5 [ 650.295938][ T6046] usb 8-1: usb_control_msg returned -71 [ 650.299338][ T6046] usbtmc 8-1:16.0: can't read capabilities [ 650.308127][T16731] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 650.311133][ T6046] usb 8-1: USB disconnect, device number 16 [ 652.167637][ T841] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 652.297891][ T841] usb 7-1: device descriptor read/64, error -71 [ 652.537633][ T841] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 652.677622][ T841] usb 7-1: device descriptor read/64, error -71 [ 652.787857][ T841] usb usb7-port1: attempt power cycle [ 653.097644][ T5972] Bluetooth: hci1: command 0x0406 tx timeout [ 653.137639][ T841] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 653.160040][ T841] usb 7-1: device descriptor read/8, error -71 [ 653.407569][ T841] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 653.441385][ T841] usb 7-1: device descriptor read/8, error -71 [ 653.557785][ T841] usb usb7-port1: unable to enumerate USB device [ 654.500821][T16826] befs: (nbd4): No write support. Marking filesystem read-only [ 654.507102][T16826] block nbd4: Attempted send on invalid socket [ 654.511675][T16826] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 654.519760][T16826] befs: (nbd4): unable to read superblock [ 654.607420][T16828] input: syz1 as /devices/virtual/input/input46 [ 654.684815][T16830] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2815'. [ 654.701073][T16830] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2815'. [ 656.108606][T16846] lo speed is unknown, defaulting to 1000 [ 656.313539][T16853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2821'. [ 656.714690][T16857] openvswitch: netlink: ct_state flags 01010164 unsupported [ 656.723700][T16857] netlink: 21 bytes leftover after parsing attributes in process `syz.4.2822'. [ 658.031784][T16871] loop7: detected capacity change from 0 to 7 [ 658.035025][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.038838][ C2] buffer_io_error: 5 callbacks suppressed [ 658.038852][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.045530][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.049395][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.064166][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.068047][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.073530][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.077242][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.081085][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.085037][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.094109][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.097553][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.113523][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.116914][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.120941][T16871] ldm_validate_partition_table(): Disk read failed. [ 658.123593][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.126612][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.137395][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 658.140367][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.147656][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 658.151248][T16871] Dev loop7: unable to read RDB block 0 [ 658.161846][T16871] loop7: unable to read partition table [ 658.164567][T16871] loop7: partition table beyond EOD, truncated [ 658.167209][T16871] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 658.328378][T16877] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 658.340482][T16877] UDF-fs: Scanning with blocksize 2048 failed [ 658.346794][T16877] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 658.350048][T16877] UDF-fs: Scanning with blocksize 4096 failed [ 658.476534][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.230853][T16887] lo speed is unknown, defaulting to 1000 [ 660.070839][T16899] input: syz1 as /devices/virtual/input/input48 [ 661.142669][T16908] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2835'. [ 661.153628][T16908] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2835'. [ 661.156920][T16908] openvswitch: netlink: Unknown nsh attribute 0 [ 661.174224][T16908] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 661.187094][T16908] comedi comedi0: Minor 7 could not be opened [ 662.188527][T16923] tipc: Started in network mode [ 662.190716][T16923] tipc: Node identity ba8a9ec0f951, cluster identity 4711 [ 662.193559][T16923] tipc: Enabled bearer , priority 0 [ 662.196269][T16923] syzkaller0: entered promiscuous mode [ 662.198516][T16923] syzkaller0: entered allmulticast mode [ 662.219456][T16923] tipc: Resetting bearer [ 662.225110][T16922] tipc: Resetting bearer [ 662.268783][T16922] tipc: Disabling bearer [ 662.494835][T16928] block nbd1: Attempted send on invalid socket [ 662.497295][T16928] blk_print_req_error: 6 callbacks suppressed [ 662.497311][T16928] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 662.504599][T16927] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2841'. [ 662.508201][T16927] openvswitch: netlink: Unknown nsh attribute 0 [ 662.510400][T16927] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 662.515016][T16927] comedi comedi0: Minor 7 could not be opened [ 662.518812][T16928] block nbd1: Attempted send on invalid socket [ 662.521260][T16928] I/O error, dev nbd1, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 662.525955][T16928] Mount JFS Failure: -5 [ 662.527370][T16928] jfs_mount failed w/return code = -5 [ 664.000761][ T63] Bluetooth: hci1: unexpected event for opcode 0x202d [ 664.752694][T16961] block nbd2: Attempted send on invalid socket [ 664.756328][T16961] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 664.763044][T16961] block nbd2: Attempted send on invalid socket [ 664.765200][T16961] I/O error, dev nbd2, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 664.770487][T16961] Mount JFS Failure: -5 [ 664.771825][T16961] jfs_mount failed w/return code = -5 [ 664.878526][T16967] sg_write: data in/out 91/154 bytes for SCSI command 0x0-- guessing data in; [ 664.878526][T16967] program syz.3.2853 not setting count and/or reply_len properly [ 664.888895][T16969] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2854'. [ 664.959401][T16970] vivid-007: ================= START STATUS ================= [ 664.963218][T16970] vivid-007: Enable Output Cropping: true [ 664.966604][T16970] vivid-007: Enable Output Composing: true [ 664.969788][T16970] vivid-007: Enable Output Scaler: true [ 664.971739][T16970] vivid-007: Tx RGB Quantization Range: Automatic [ 664.976491][T16970] vivid-007: Transmit Mode: HDMI [ 664.978711][T16970] vivid-007: Hotplug Present: 0x00000000 [ 664.981061][T16970] vivid-007: RxSense Present: 0x00000000 [ 664.983582][T16970] vivid-007: EDID Present: 0x00000000 [ 664.986100][T16970] vivid-007: ================== END STATUS ================== [ 665.024739][T16970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2852'. [ 665.593620][T16976] lo speed is unknown, defaulting to 1000 [ 665.994954][T16981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2857'. [ 665.999343][T16981] openvswitch: netlink: Unknown nsh attribute 0 [ 666.002050][T16981] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 666.007869][T16981] comedi comedi0: Minor 7 could not be opened [ 666.841012][T16988] openvswitch: netlink: Message has 16 unknown bytes. [ 667.047915][T16999] block nbd0: server does not support multiple connections per device. [ 667.050681][T16999] block nbd0: shutting down sockets [ 667.146277][T16999] syz.4.2862 (16999): drop_caches: 1 [ 667.239244][T16999] syz.4.2862 (16999): drop_caches: 1 [ 667.737708][T17011] ptrace attach of "/syz-executor exec"[14988] was attempted by " \x0cH;'Sde/Ȑ|zPиW\x0bPt5QI0kp;t>?7~՞8)>\x0a.Fv\x5c0CP{\x07ԭ4OT)%DkfCkF 籥;m\x0cv\x0cTʪz5m֢vī'c^تg_\x0bƍ8)c,(qeB㑻SPt4o IHwL#@mUpE^agh~d_9\x07r|GJj+&ҽk(\x07rnE4(#ë\x0b YβB\x0aЦ&R`?L1tիw.M=3|Gsmg4`|\x22{б춋1[{ȯw/B_g6-qyk*o\x0d\x5cc8\x5 [ 667.889375][T17011] input input49: cannot allocate more than FF_MAX_EFFECTS effects [ 667.930722][ T40] kauditd_printk_skb: 54 callbacks suppressed [ 667.930735][ T40] audit: type=1326 audit(1756140457.146:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 667.945749][ T40] audit: type=1326 audit(1756140457.146:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 667.955601][ T40] audit: type=1326 audit(1756140457.146:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 667.967987][ T40] audit: type=1326 audit(1756140457.146:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 667.975728][ T40] audit: type=1326 audit(1756140457.146:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 667.995774][ T40] audit: type=1326 audit(1756140457.146:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 668.008941][ T40] audit: type=1326 audit(1756140457.146:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 668.020191][ T40] audit: type=1326 audit(1756140457.146:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 668.030744][ T40] audit: type=1326 audit(1756140457.146:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 668.043285][ T40] audit: type=1326 audit(1756140457.146:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.1.2864" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7fc00000 [ 668.427704][T17020] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 668.430213][T17020] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 668.454741][T17020] vhci_hcd vhci_hcd.0: Device attached [ 668.707634][T15239] usb 41-1: new high-speed USB device number 3 using vhci_hcd [ 669.295511][T17021] vhci_hcd: connection reset by peer [ 669.337555][ T1149] vhci_hcd: stop threads [ 669.339050][ T1149] vhci_hcd: release socket [ 669.344332][ T1149] vhci_hcd: disconnect device [ 669.487426][T17017] ubi: mtd0 is already attached to ubi31 [ 670.157883][ T6046] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 670.287741][ T6046] usb 7-1: device descriptor read/64, error -71 [ 670.557836][ T6046] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 670.585835][T17048] block nbd1: Attempted send on invalid socket [ 670.588718][T17048] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 670.593179][T17048] block nbd1: Attempted send on invalid socket [ 670.596296][T17048] I/O error, dev nbd1, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 670.600895][T17048] Mount JFS Failure: -5 [ 670.602789][T17048] jfs_mount failed w/return code = -5 [ 670.707699][ T6046] usb 7-1: device descriptor read/64, error -71 [ 670.817817][ T6046] usb usb7-port1: attempt power cycle [ 670.875712][T17059] fuse: Unknown parameter '' [ 670.943242][T17061] l2tp_ppp: sess 2/0: no socket in recv [ 671.167746][ T6046] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 671.220156][ T6046] usb 7-1: device descriptor read/8, error -71 [ 671.355611][T17064] lo speed is unknown, defaulting to 1000 [ 671.479383][ T6046] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 671.501356][ T6046] usb 7-1: device descriptor read/8, error -71 [ 671.537843][T17069] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2878'. [ 671.545745][T17069] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2878'. [ 671.549899][T17069] openvswitch: netlink: Unknown nsh attribute 0 [ 671.552631][T17069] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 671.558649][T17069] comedi comedi0: Minor 7 could not be opened [ 671.612385][ T6046] usb usb7-port1: unable to enumerate USB device [ 672.057649][ T5972] Bluetooth: hci4: command 0x0406 tx timeout [ 673.653656][T17090] block nbd1: Attempted send on invalid socket [ 673.655763][T17090] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 673.661199][T17090] block nbd1: Attempted send on invalid socket [ 673.664514][T17090] I/O error, dev nbd1, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 673.668447][T17090] Mount JFS Failure: -5 [ 673.670120][T17090] jfs_mount failed w/return code = -5 [ 673.679826][T17092] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 673.682545][T17092] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 673.685334][T17092] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 673.688133][T17092] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 673.703906][T17092] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 673.706821][T17092] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 673.710081][T17092] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 673.713955][T17092] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 673.855982][T17102] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2883'. [ 673.893185][ T63] Bluetooth: hci0: link tx timeout [ 673.897763][ T63] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 673.902906][ T63] Bluetooth: hci0: link tx timeout [ 673.905145][ T63] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 674.059747][T17109] tipc: Started in network mode [ 674.061308][T17109] tipc: Node identity be5c8a823b47, cluster identity 4711 [ 674.064496][T17109] tipc: Enabled bearer , priority 0 [ 674.091857][T17109] syzkaller0: entered promiscuous mode [ 674.094132][T17109] syzkaller0: entered allmulticast mode [ 674.131230][T17109] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 674.159608][T17109] tipc: Resetting bearer [ 674.163929][T17108] tipc: Resetting bearer [ 674.177215][T17108] tipc: Disabling bearer [ 674.220956][T17115] loop7: detected capacity change from 0 to 7 [ 674.224355][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 674.227779][ C2] buffer_io_error: 5 callbacks suppressed [ 674.227789][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.234755][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 674.239163][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.242818][T15239] vhci_hcd: vhci_device speed not set [ 674.254527][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 674.258520][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.263614][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 674.267595][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.271779][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 674.275655][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.284066][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 674.288113][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.292993][ T63] Bluetooth: hci0: link tx timeout [ 674.294171][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.294886][ T63] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 674.298491][T17115] ldm_validate_partition_table(): Disk read failed. [ 674.301636][ T63] Bluetooth: hci0: link tx timeout [ 674.305371][ T63] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 674.305378][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.316100][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.321633][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 674.329364][T17115] Dev loop7: unable to read RDB block 0 [ 674.333199][T17115] loop7: unable to read partition table [ 674.335771][T17115] loop7: partition table beyond EOD, truncated [ 674.341355][T17115] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 674.728951][T17123] lo speed is unknown, defaulting to 1000 [ 675.459240][T17141] block nbd2: Attempted send on invalid socket [ 675.462377][T17141] block nbd2: Attempted send on invalid socket [ 675.465136][T17141] Mount JFS Failure: -5 [ 675.466942][T17141] jfs_mount failed w/return code = -5 [ 675.535432][T17137] block nbd0: server does not support multiple connections per device. [ 675.552220][T17137] block nbd0: shutting down sockets [ 675.987712][ T63] Bluetooth: hci0: command 0x0000 tx timeout [ 676.354618][T17138] syz.3.2894 (17138): drop_caches: 1 [ 676.553242][T17162] fuse: Bad value for 'fd' [ 676.583573][T17162] batman_adv: batadv0: Adding interface: gretap1 [ 676.586358][T17162] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.597330][T17162] batman_adv: batadv0: Interface activated: gretap1 [ 676.675681][T17168] block nbd4: Attempted send on invalid socket [ 676.680540][T17168] blk_print_req_error: 11 callbacks suppressed [ 676.680559][T17168] I/O error, dev nbd4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 676.687187][T17168] block nbd4: Attempted send on invalid socket [ 676.690110][T17168] I/O error, dev nbd4, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 676.697347][T17168] Mount JFS Failure: -5 [ 676.702779][T17168] jfs_mount failed w/return code = -5 [ 677.208902][T17182] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2909'. [ 677.490343][T17188] block nbd0: server does not support multiple connections per device. [ 677.494203][T17188] block nbd0: shutting down sockets [ 677.534212][T17195] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2913'. [ 677.583587][T17199] IPVS: set_ctl: invalid protocol: 46 172.20.20.170:0 [ 677.703543][T17188] syz.4.2910 (17188): drop_caches: 1 [ 677.845198][T17188] syz.4.2910 (17188): drop_caches: 1 [ 677.867694][ T6922] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 678.057915][ T63] Bluetooth: hci0: command 0x0000 tx timeout [ 678.563948][T17213] loop7: detected capacity change from 0 to 7 [ 678.567052][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 678.579591][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 678.586610][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 678.594405][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 678.599588][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 678.604675][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 678.609253][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 678.613441][T17213] ldm_validate_partition_table(): Disk read failed. [ 678.638568][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 678.649531][T17213] Dev loop7: unable to read RDB block 0 [ 678.654669][T17213] loop7: unable to read partition table [ 678.656720][T17213] loop7: partition table beyond EOD, truncated [ 678.679770][T17216] lo speed is unknown, defaulting to 1000 [ 678.690042][T17213] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 678.858016][ T6046] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 679.515812][ T6046] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 679.537715][ T6046] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 679.582264][ T6046] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 679.586466][ T6046] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 679.589669][ T6046] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.608565][ T6046] usb 8-1: config 0 descriptor?? [ 679.696670][T17217] net_ratelimit: 124 callbacks suppressed [ 679.696687][T17217] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 680.213687][ T6046] plantronics 0003:047F:FFFF.0007: reserved main item tag 0xd [ 680.235376][ T6046] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 680.403677][T17208] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2917'. [ 680.433229][ T841] usb 8-1: USB disconnect, device number 17 [ 680.573004][ T29] IPVS: starting estimator thread 0... [ 680.660753][T17232] IPVS: using max 41 ests per chain, 98400 per kthread [ 680.810218][ C1] buffer_io_error: 20 callbacks suppressed [ 680.810236][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.818657][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.822743][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.826635][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.829422][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.832152][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.834986][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.837553][ T5383] ldm_validate_partition_table(): Disk read failed. [ 680.846910][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.850226][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.853812][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 680.859445][ T5383] Dev loop7: unable to read RDB block 0 [ 680.878263][ T5383] loop7: unable to read partition table [ 680.880849][ T5383] loop7: partition table beyond EOD, truncated [ 681.138066][T17239] block nbd0: server does not support multiple connections per device. [ 681.150811][T17239] block nbd0: shutting down sockets [ 681.455347][T17239] syz.3.2926 (17239): drop_caches: 1 [ 681.707907][T17250] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2929'. [ 681.711887][T17250] netlink: 'syz.2.2929': attribute type 18 has an invalid length. [ 681.736417][T17250] vxlan0: entered promiscuous mode [ 681.747436][ T1142] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 681.752513][ T1142] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 681.756900][ T1142] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 681.763825][ T1142] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 681.828368][T17239] syz.3.2926 (17239): drop_caches: 1 [ 682.006929][T17255] overlayfs: failed to resolve './file0': -2 [ 682.084977][T17259] fuse: Unknown parameter '' [ 682.195282][T17268] l2tp_ppp: sess 2/0: no socket in recv [ 682.300067][ T5972] Bluetooth: hci3: command 0x0406 tx timeout [ 682.342436][T17272] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 683.460125][T17279] loop7: detected capacity change from 0 to 7 [ 683.462644][ C2] blk_print_req_error: 22 callbacks suppressed [ 683.462654][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.467911][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.471751][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.474853][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.477996][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.483192][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.486891][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.490053][T17279] ldm_validate_partition_table(): Disk read failed. [ 683.493027][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.497428][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.501635][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 683.504762][T17279] Dev loop7: unable to read RDB block 0 [ 683.507064][T17279] loop7: unable to read partition table [ 683.509575][T17279] loop7: partition table beyond EOD, truncated [ 683.511564][T17279] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 683.841811][T17284] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2939'. [ 685.246700][T17304] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2945'. [ 685.343190][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.625200][T17304] hsr_slave_1 (unregistering): left promiscuous mode [ 686.687644][T17317] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2949'. [ 686.692645][T17317] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2949'. [ 686.696738][T17317] openvswitch: netlink: Unknown nsh attribute 0 [ 686.700013][T17317] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 686.704807][T17317] comedi comedi0: Minor 7 could not be opened [ 686.733820][T17319] netlink: 'syz.2.2951': attribute type 1 has an invalid length. [ 686.736895][T17319] netlink: 'syz.2.2951': attribute type 4 has an invalid length. [ 686.740201][T17319] FAULT_INJECTION: forcing a failure. [ 686.740201][T17319] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 686.745327][T17319] CPU: 1 UID: 0 PID: 17319 Comm: syz.2.2951 Not tainted syzkaller #0 PREEMPT(full) [ 686.745343][T17319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 686.745355][T17319] Call Trace: [ 686.745360][T17319] [ 686.745365][T17319] dump_stack_lvl+0x16c/0x1f0 [ 686.745384][T17319] should_fail_ex+0x512/0x640 [ 686.745406][T17319] _copy_to_user+0x32/0xd0 [ 686.745425][T17319] simple_read_from_buffer+0xcb/0x170 [ 686.745446][T17319] proc_fail_nth_read+0x197/0x240 [ 686.745465][T17319] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 686.745480][T17319] ? rw_verify_area+0xcf/0x6c0 [ 686.745491][T17319] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 686.745502][T17319] vfs_read+0x1e4/0xcf0 [ 686.745517][T17319] ? __pfx_vfs_read+0x10/0x10 [ 686.745528][T17319] ? find_held_lock+0x2b/0x80 [ 686.745543][T17319] ? __fget_files+0x20e/0x3c0 [ 686.745559][T17319] ksys_read+0x12a/0x250 [ 686.745570][T17319] ? __pfx_ksys_read+0x10/0x10 [ 686.745584][T17319] ? rcu_is_watching+0x12/0xc0 [ 686.745597][T17319] __do_fast_syscall_32+0x7c/0x3a0 [ 686.745613][T17319] do_fast_syscall_32+0x32/0x80 [ 686.745631][T17319] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 686.745649][T17319] RIP: 0023:0xf7f86579 [ 686.745659][T17319] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 686.745670][T17319] RSP: 002b:00000000f54a6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 686.745680][T17319] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54a6620 [ 686.745688][T17319] RDX: 000000000000000f RSI: 00000000f7414ff4 RDI: 0000000000000000 [ 686.745694][T17319] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 686.745700][T17319] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 686.745706][T17319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 686.745719][T17319] [ 687.415185][T17329] netdevsim netdevsim4: Direct firmware load for 0PqD"2NktTWj%N failed with error -2 [ 687.424815][T17329] netdevsim netdevsim4: Falling back to sysfs fallback for: 0PqD"2NktTWj%N [ 687.555262][T17339] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 687.617573][ T841] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 687.777614][ T841] usb 7-1: Using ep0 maxpacket: 8 [ 687.781213][ T841] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 687.784604][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 687.792082][ T841] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 687.795846][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 687.801362][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 687.807749][ T841] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 687.810264][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 687.813754][ T841] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 687.821575][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 687.825250][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 687.832025][ T841] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 687.834397][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 687.838496][ T841] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 687.842336][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 687.846144][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 687.853179][ T841] usb 7-1: string descriptor 0 read error: -22 [ 687.855294][ T841] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 687.859208][ T841] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.866500][ T841] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 688.131543][T17346] loop7: detected capacity change from 0 to 7 [ 688.134739][ C3] buffer_io_error: 20 callbacks suppressed [ 688.134755][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.145688][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.151012][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.155532][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.159222][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.166018][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.169586][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.172948][T17346] ldm_validate_partition_table(): Disk read failed. [ 688.176040][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.183962][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.193143][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 688.205027][T17346] Dev loop7: unable to read RDB block 0 [ 688.207436][T17346] loop7: unable to read partition table [ 688.216477][T17346] loop7: partition table beyond EOD, truncated [ 688.222496][T17346] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 688.820258][T17358] bridge_slave_0: left allmulticast mode [ 688.823402][T17358] bridge_slave_0: left promiscuous mode [ 688.825750][T17358] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.102709][T17358] bridge_slave_1: left allmulticast mode [ 689.110204][T17358] bridge_slave_1: left promiscuous mode [ 689.112597][T17358] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.143461][T17358] bond0: (slave bond_slave_0): Releasing backup interface [ 689.155894][T17358] bond0: (slave bond_slave_1): Releasing backup interface [ 689.177876][T17358] team0: Port device team_slave_0 removed [ 689.197963][T17358] team0: Port device team_slave_1 removed [ 689.201237][T17358] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 689.204573][T17358] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 689.219463][T17358] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 689.223106][T17358] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 689.271419][T17358] bond0: (slave netdevsim0): Releasing backup interface [ 689.282204][T17358] batman_adv: batadv0: Interface deactivated: gretap1 [ 689.322856][T17358] batman_adv: batadv0: Removing interface: gretap1 [ 689.328520][T17361] team0: Mode changed to "broadcast" [ 689.332690][T17363] vlan0: entered promiscuous mode [ 689.361609][T17363] team0: Port device vlan0 added [ 689.575977][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f47f800: rx timeout, send abort [ 689.581934][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f47f800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 690.448693][T17378] tipc: Enabled bearer , priority 0 [ 690.451561][T17378] syzkaller0: entered promiscuous mode [ 690.456405][T17378] syzkaller0: entered allmulticast mode [ 690.507980][T17378] syzkaller0: mtu less than device minimum [ 690.545078][T17378] overlayfs: missing 'lowerdir' [ 690.566570][T17377] tipc: Resetting bearer [ 690.589748][T17377] tipc: Disabling bearer [ 690.647063][T17380] loop7: detected capacity change from 0 to 7 [ 690.652446][ C2] blk_print_req_error: 20 callbacks suppressed [ 690.652457][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.658838][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.662833][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.667321][T15477] usb 7-1: USB disconnect, device number 36 [ 690.676496][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.680124][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.683899][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.690483][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.694395][T17380] ldm_validate_partition_table(): Disk read failed. [ 690.696976][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.701483][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.705129][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 690.720289][T17380] Dev loop7: unable to read RDB block 0 [ 690.723013][T17380] loop7: unable to read partition table [ 690.725110][T17380] loop7: partition table beyond EOD, truncated [ 690.727283][T17380] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 690.878041][T17387] lo speed is unknown, defaulting to 1000 [ 693.249692][ T40] kauditd_printk_skb: 56 callbacks suppressed [ 693.249709][ T40] audit: type=1326 audit(1756140482.486:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17404 comm="syz.2.2970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 693.269899][ T40] audit: type=1326 audit(1756140482.486:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17404 comm="syz.2.2970" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 693.280836][ T40] audit: type=1326 audit(1756140482.486:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17404 comm="syz.2.2970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 693.290481][ T40] audit: type=1326 audit(1756140482.486:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17404 comm="syz.2.2970" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 693.304360][ T40] audit: type=1326 audit(1756140482.486:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17404 comm="syz.2.2970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 693.314659][ T40] audit: type=1326 audit(1756140482.486:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17404 comm="syz.2.2970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86579 code=0x7ffc0000 [ 694.290369][T17417] loop7: detected capacity change from 0 to 7 [ 694.292841][ C0] buffer_io_error: 20 callbacks suppressed [ 694.292886][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.299290][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.303526][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.306979][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.312195][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.315883][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.319278][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.327619][T17417] ldm_validate_partition_table(): Disk read failed. [ 694.330620][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.334402][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.338134][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 694.341748][T17417] Dev loop7: unable to read RDB block 0 [ 694.371435][T17417] loop7: unable to read partition table [ 694.373403][T17417] loop7: partition table beyond EOD, truncated [ 694.376252][T17417] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 694.996621][T17436] lo speed is unknown, defaulting to 1000 [ 696.152105][T17441] FAULT_INJECTION: forcing a failure. [ 696.152105][T17441] name failslab, interval 1, probability 0, space 0, times 0 [ 696.167543][T17441] CPU: 0 UID: 0 PID: 17441 Comm: syz.1.2979 Not tainted syzkaller #0 PREEMPT(full) [ 696.167570][T17441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 696.167583][T17441] Call Trace: [ 696.167589][T17441] [ 696.167597][T17441] dump_stack_lvl+0x16c/0x1f0 [ 696.167627][T17441] should_fail_ex+0x512/0x640 [ 696.167651][T17441] ? fs_reclaim_acquire+0xae/0x150 [ 696.167680][T17441] should_failslab+0xc2/0x120 [ 696.167705][T17441] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 696.167724][T17441] ? security_inode_alloc+0x3b/0x2b0 [ 696.167747][T17441] security_inode_alloc+0x3b/0x2b0 [ 696.167768][T17441] inode_init_always_gfp+0xce4/0x1030 [ 696.167796][T17441] alloc_inode+0x86/0x240 [ 696.167822][T17441] new_inode+0x22/0x1c0 [ 696.167851][T17441] __debugfs_create_file+0x11c/0x6b0 [ 696.167878][T17441] debugfs_create_file_short+0x41/0x60 [ 696.167903][T17441] ieee80211_debugfs_recreate_netdev+0x2e5/0x17e0 [ 696.167931][T17441] ? __pfx_ieee80211_debugfs_recreate_netdev+0x10/0x10 [ 696.167954][T17441] ? __pfx___might_resched+0x10/0x10 [ 696.167980][T17441] drv_remove_interface+0x2bf/0x640 [ 696.168011][T17441] ieee80211_do_stop+0x18a6/0x2520 [ 696.168028][T17441] ? __pfx___mutex_trylock_common+0x10/0x10 [ 696.168065][T17441] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 696.168091][T17441] ? do_raw_spin_lock+0x12c/0x2b0 [ 696.168127][T17441] ? mark_held_locks+0x49/0x80 [ 696.168155][T17441] ieee80211_stop+0x169/0x320 [ 696.168177][T17441] ? __pfx_ieee80211_stop+0x10/0x10 [ 696.168198][T17441] __dev_close_many+0x29b/0x760 [ 696.168217][T17441] ? __pfx___dev_close_many+0x10/0x10 [ 696.168237][T17441] ? rcu_is_watching+0x12/0xc0 [ 696.168260][T17441] netif_close_many+0x233/0x630 [ 696.168278][T17441] ? nl80211_del_interface+0xb9/0x190 [ 696.168303][T17441] ? __pfx_netif_close_many+0x10/0x10 [ 696.168324][T17441] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 696.168358][T17441] netif_close+0x17f/0x230 [ 696.168376][T17441] ? __pfx_netif_close+0x10/0x10 [ 696.168401][T17441] dev_close+0xaa/0x240 [ 696.168437][T17441] nl80211_del_interface+0xec/0x190 [ 696.168464][T17441] genl_family_rcv_msg_doit+0x206/0x2f0 [ 696.168495][T17441] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 696.168532][T17441] ? bpf_lsm_capable+0x9/0x10 [ 696.168549][T17441] ? security_capable+0x7e/0x260 [ 696.168569][T17441] ? ns_capable+0xd7/0x110 [ 696.168592][T17441] genl_rcv_msg+0x55c/0x800 [ 696.168621][T17441] ? __pfx_genl_rcv_msg+0x10/0x10 [ 696.168647][T17441] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 696.168667][T17441] ? __pfx_nl80211_del_interface+0x10/0x10 [ 696.168690][T17441] ? __pfx_nl80211_post_doit+0x10/0x10 [ 696.168721][T17441] netlink_rcv_skb+0x155/0x420 [ 696.168747][T17441] ? __pfx_genl_rcv_msg+0x10/0x10 [ 696.168775][T17441] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 696.168811][T17441] ? netlink_deliver_tap+0x1ae/0xd30 [ 696.168858][T17441] genl_rcv+0x28/0x40 [ 696.168883][T17441] netlink_unicast+0x5aa/0x870 [ 696.168913][T17441] ? __pfx_netlink_unicast+0x10/0x10 [ 696.168934][T17441] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 696.168968][T17441] netlink_sendmsg+0x8d1/0xdd0 [ 696.168996][T17441] ? __pfx_netlink_sendmsg+0x10/0x10 [ 696.169019][T17441] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 696.169044][T17441] ____sys_sendmsg+0xa95/0xc70 [ 696.169066][T17441] ? __pfx_____sys_sendmsg+0x10/0x10 [ 696.169083][T17441] ? get_compat_msghdr+0x11a/0x170 [ 696.169118][T17441] ___sys_sendmsg+0x134/0x1d0 [ 696.169144][T17441] ? __pfx____sys_sendmsg+0x10/0x10 [ 696.169177][T17441] ? find_held_lock+0x2b/0x80 [ 696.169213][T17441] __sys_sendmsg+0x16d/0x220 [ 696.169235][T17441] ? __pfx___sys_sendmsg+0x10/0x10 [ 696.169267][T17441] ? rcu_is_watching+0x12/0xc0 [ 696.169290][T17441] __do_fast_syscall_32+0x7c/0x3a0 [ 696.169316][T17441] do_fast_syscall_32+0x32/0x80 [ 696.169341][T17441] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 696.169368][T17441] RIP: 0023:0xf7f65579 [ 696.169382][T17441] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 696.169399][T17441] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 696.169420][T17441] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 696.169431][T17441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 696.169440][T17441] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 696.169449][T17441] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 696.169460][T17441] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 696.169486][T17441] [ 696.172662][T17441] debugfs: out of free dentries, can not create file 'state' [ 697.683772][T17449] netlink: 'syz.4.2984': attribute type 1 has an invalid length. [ 697.686822][T17449] netlink: 'syz.4.2984': attribute type 4 has an invalid length. [ 697.696874][T17449] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2984'. [ 698.725428][T17468] comedi comedi3: bad chanlist[0]=0x00008992 chan=35218 range length=1 [ 700.713246][T17495] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2996'. [ 701.081780][T17503] lo speed is unknown, defaulting to 1000 [ 702.331032][T17516] comedi comedi3: bad chanlist[0]=0x00008992 chan=35218 range length=1 [ 702.523061][T17526] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3003'. [ 704.106754][T17548] ip6gretap0: entered promiscuous mode [ 704.114425][T17548] 9pnet_fd: Insufficient options for proto=fd [ 705.311186][T17571] random: crng reseeded on system resumption [ 705.775556][T17583] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 706.057624][ T6046] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 706.238142][ T6046] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 706.252206][ T6046] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 706.265605][ T6046] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.312254][ T6046] usb 8-1: config 0 descriptor?? [ 706.574945][ T6046] usbhid 8-1:0.0: can't add hid device: -71 [ 706.593719][ T6046] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 706.611915][ T6046] usb 8-1: USB disconnect, device number 18 [ 707.257838][ T6046] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 707.338373][T17608] FAULT_INJECTION: forcing a failure. [ 707.338373][T17608] name failslab, interval 1, probability 0, space 0, times 0 [ 707.343816][T17608] CPU: 1 UID: 0 PID: 17608 Comm: syz.2.3026 Not tainted syzkaller #0 PREEMPT(full) [ 707.343856][T17608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 707.343868][T17608] Call Trace: [ 707.343875][T17608] [ 707.343883][T17608] dump_stack_lvl+0x16c/0x1f0 [ 707.343914][T17608] should_fail_ex+0x512/0x640 [ 707.343939][T17608] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 707.343970][T17608] should_failslab+0xc2/0x120 [ 707.343994][T17608] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 707.344015][T17608] ? __alloc_skb+0x2b2/0x380 [ 707.344042][T17608] __alloc_skb+0x2b2/0x380 [ 707.344064][T17608] ? __pfx___alloc_skb+0x10/0x10 [ 707.344086][T17608] ? rcu_watching_snap_stopped_since+0xf0/0x110 [ 707.344108][T17608] ? lockdep_hardirqs_on+0x7c/0x110 [ 707.344136][T17608] alloc_skb_with_frags+0xe0/0x860 [ 707.344163][T17608] ? sock_alloc_send_pskb+0x18d/0x990 [ 707.344189][T17608] sock_alloc_send_pskb+0x7fb/0x990 [ 707.344219][T17608] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 707.344241][T17608] ? find_held_lock+0x2b/0x80 [ 707.344262][T17608] ? sock_def_readable+0x1d9/0x600 [ 707.344292][T17608] unix_dgram_sendmsg+0x3e9/0x17f0 [ 707.344327][T17608] ? tomoyo_socket_sendmsg_permission+0x14c/0x3c0 [ 707.344356][T17608] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 707.344395][T17608] unix_seqpacket_sendmsg+0x12a/0x1c0 [ 707.344426][T17608] ____sys_sendmsg+0xa95/0xc70 [ 707.344448][T17608] ? __pfx_____sys_sendmsg+0x10/0x10 [ 707.344466][T17608] ? get_compat_msghdr+0x11a/0x170 [ 707.344501][T17608] ___sys_sendmsg+0x134/0x1d0 [ 707.344529][T17608] ? __pfx____sys_sendmsg+0x10/0x10 [ 707.344579][T17608] ? __pfx___might_resched+0x10/0x10 [ 707.344604][T17608] __sys_sendmmsg+0x2f9/0x420 [ 707.344633][T17608] ? __pfx___sys_sendmmsg+0x10/0x10 [ 707.344667][T17608] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 707.344704][T17608] ? fput+0x9b/0xd0 [ 707.344753][T17608] ? ksys_write+0x1ac/0x250 [ 707.344776][T17608] ? __pfx_ksys_write+0x10/0x10 [ 707.344803][T17608] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 707.344829][T17608] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 707.344855][T17608] __do_fast_syscall_32+0x7c/0x3a0 [ 707.344884][T17608] do_fast_syscall_32+0x32/0x80 [ 707.344911][T17608] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 707.344935][T17608] RIP: 0023:0xf7f86579 [ 707.344952][T17608] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 707.344975][T17608] RSP: 002b:00000000f546455c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 707.344995][T17608] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080001c00 [ 707.345007][T17608] RDX: 0000000000000159 RSI: 0000000000040840 RDI: 0000000000000000 [ 707.345019][T17608] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 707.345030][T17608] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 707.345041][T17608] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 707.345066][T17608] [ 707.487748][ T6046] usb 8-1: Using ep0 maxpacket: 32 [ 707.491858][ T6046] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 707.496887][ T6046] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 707.500994][ T6046] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 707.511009][ T6046] usb 8-1: config 0 descriptor?? [ 707.515883][ T6046] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 707.521573][ T6046] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 707.917921][T17622] block nbd0: server does not support multiple connections per device. [ 707.923694][T17622] block nbd0: shutting down sockets [ 708.063249][T17634] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3031'. [ 708.261453][T17622] syz.1.3029 (17622): drop_caches: 1 [ 708.555760][T17622] syz.1.3029 (17622): drop_caches: 1 [ 708.629012][T17647] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 708.635413][T17647] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.635497][T17646] ubi: mtd0 is already attached to ubi31 [ 708.858058][T17647] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 708.862959][T17647] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.871437][ T841] usb 8-1: USB disconnect, device number 19 [ 708.903479][ T841] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 708.984927][T17647] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 708.990112][T17647] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.002345][T17657] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3034'. [ 709.005210][T17657] openvswitch: netlink: Unknown nsh attribute 0 [ 709.007190][T17657] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 709.013341][T17657] comedi comedi0: Minor 7 could not be opened [ 709.055036][T17669] tipc: Enabled bearer , priority 0 [ 709.134689][T17647] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 709.139634][T17647] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.159561][T17669] syzkaller0: entered promiscuous mode [ 709.162026][T17669] syzkaller0: entered allmulticast mode [ 709.197963][T17669] tipc: Resetting bearer [ 709.209374][T17668] tipc: Resetting bearer [ 709.226908][T17668] tipc: Disabling bearer [ 709.407267][ T1149] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 709.410888][ T1149] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.414390][ T1149] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 709.419969][ T1149] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.423607][T17673] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3039'. [ 709.454504][ T13] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 709.456005][T17673] ubi: mtd0 is already attached to ubi31 [ 709.490598][ T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.514554][ T1141] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 709.528902][ T1141] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.517653][T17685] loop7: detected capacity change from 0 to 7 [ 710.520324][ C0] blk_print_req_error: 20 callbacks suppressed [ 710.520334][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.525338][ C0] buffer_io_error: 5 callbacks suppressed [ 710.525347][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.530160][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.533010][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.535615][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.538597][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.541545][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.544386][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.548723][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.551565][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.578796][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.582216][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.606798][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.610061][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.615581][T17689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3044'. [ 710.652019][T17685] ldm_validate_partition_table(): Disk read failed. [ 710.657179][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.660900][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.687124][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.690910][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.698007][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 710.702579][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 710.707628][T17685] Dev loop7: unable to read RDB block 0 [ 710.735755][T17685] loop7: unable to read partition table [ 710.746870][T17685] loop7: partition table beyond EOD, truncated [ 710.750932][T17685] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 710.833390][T17697] tipc: Enabled bearer , priority 0 [ 710.836765][T17697] syzkaller0: entered promiscuous mode [ 710.838870][T17697] syzkaller0: entered allmulticast mode [ 710.848261][T17697] tipc: Resetting bearer [ 710.872520][T17696] tipc: Resetting bearer [ 710.883238][T17696] tipc: Disabling bearer [ 711.256138][T17705] sch_tbf: burst 1821 is lower than device lo mtu (39799) ! [ 711.282182][T17705] FAULT_INJECTION: forcing a failure. [ 711.282182][T17705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 711.286278][T17705] CPU: 0 UID: 0 PID: 17705 Comm: syz.3.3048 Not tainted syzkaller #0 PREEMPT(full) [ 711.286293][T17705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 711.286300][T17705] Call Trace: [ 711.286305][T17705] [ 711.286310][T17705] dump_stack_lvl+0x16c/0x1f0 [ 711.286328][T17705] should_fail_ex+0x512/0x640 [ 711.286347][T17705] _copy_from_user+0x2e/0xd0 [ 711.286364][T17705] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 711.286381][T17705] snd_rawmidi_write+0x26e/0xc10 [ 711.286396][T17705] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 711.286409][T17705] ? __pfx_default_wake_function+0x10/0x10 [ 711.286421][T17705] ? bpf_lsm_file_permission+0x9/0x10 [ 711.286437][T17705] ? security_file_permission+0x71/0x210 [ 711.286452][T17705] ? rw_verify_area+0xcf/0x6c0 [ 711.286465][T17705] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 711.286476][T17705] vfs_writev+0x5dc/0xde0 [ 711.286491][T17705] ? __pfx_vfs_writev+0x10/0x10 [ 711.286503][T17705] ? find_held_lock+0x2b/0x80 [ 711.286521][T17705] ? __fget_files+0x20e/0x3c0 [ 711.286532][T17705] ? __fget_files+0x1b0/0x3c0 [ 711.286546][T17705] ? do_writev+0x28c/0x340 [ 711.286557][T17705] do_writev+0x28c/0x340 [ 711.286568][T17705] ? __pfx_do_writev+0x10/0x10 [ 711.286580][T17705] ? rcu_is_watching+0x12/0xc0 [ 711.286593][T17705] __do_fast_syscall_32+0x7c/0x3a0 [ 711.286610][T17705] do_fast_syscall_32+0x32/0x80 [ 711.286624][T17705] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 711.286638][T17705] RIP: 0023:0xf7fc7579 [ 711.286647][T17705] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 711.286657][T17705] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 711.286668][T17705] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000840 [ 711.286675][T17705] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 711.286681][T17705] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 711.286687][T17705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 711.286693][T17705] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 711.286706][T17705] [ 712.730900][T17722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3053'. [ 712.734807][T17722] openvswitch: netlink: Unknown nsh attribute 0 [ 712.737621][T17722] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 713.107827][T17723] lo speed is unknown, defaulting to 1000 [ 713.526934][T17713] comedi comedi2: reset error (fatal) [ 713.542792][T17722] comedi comedi0: Minor 7 could not be opened [ 713.751826][T17727] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3055'. [ 713.788108][T17738] netlink: 'syz.3.3058': attribute type 5 has an invalid length. [ 713.837862][T17732] block nbd0: server does not support multiple connections per device. [ 713.843051][T17732] block nbd0: shutting down sockets [ 714.387283][T17734] syz.2.3056 (17734): drop_caches: 1 [ 714.752496][T17734] syz.2.3056 (17734): drop_caches: 1 [ 714.767633][T17747] loop7: detected capacity change from 0 to 7 [ 714.779027][T17747] ldm_validate_partition_table(): Disk read failed. [ 714.781451][T17747] Dev loop7: unable to read RDB block 0 [ 714.783587][T17747] loop7: unable to read partition table [ 714.785534][T17747] loop7: partition table beyond EOD, truncated [ 714.787546][T17747] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 714.799669][T17750] fuse: Unknown parameter '' [ 714.931670][T15239] hid_parser_main: 5 callbacks suppressed [ 714.931683][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.936642][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.939313][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.941785][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.944175][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.946643][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.949202][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.951499][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.953914][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.956355][T15239] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0 [ 714.961950][T15239] hid-generic 0003:0004:0000.0008: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 715.081230][T17759] random: crng reseeded on system resumption [ 715.379547][T17765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3065'. [ 715.383818][T17765] openvswitch: netlink: Unknown nsh attribute 0 [ 715.387075][T17765] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 715.401009][T17765] comedi comedi0: Minor 7 could not be opened [ 716.072419][T17782] input: syz1 as /devices/virtual/input/input53 [ 716.429908][T17782] netlink: 'syz.1.3070': attribute type 4 has an invalid length. [ 716.432533][T17782] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3070'. [ 716.994052][T17791] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 716.996567][T17791] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 717.012246][T17791] vhci_hcd vhci_hcd.0: Device attached [ 717.142762][T17799] fuse: Unknown parameter '' [ 717.280279][T17793] vhci_hcd: connection closed [ 717.286866][ T1141] vhci_hcd: stop threads [ 717.294129][ T1141] vhci_hcd: release socket [ 717.297762][ T29] usb 44-1: SetAddress Request (11) to port 0 [ 717.300482][ T29] usb 44-1: new SuperSpeed USB device number 11 using vhci_hcd [ 717.310207][ T1141] vhci_hcd: disconnect device [ 717.317935][ T29] usb 44-1: enqueue for inactive port 0 [ 717.409357][T17804] loop7: detected capacity change from 0 to 7 [ 717.412341][ C1] blk_print_req_error: 20 callbacks suppressed [ 717.412352][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.417579][ C1] buffer_io_error: 20 callbacks suppressed [ 717.417593][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.426118][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.429110][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.431758][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.434638][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.437275][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.440196][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.443648][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.447602][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.458628][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.461601][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.464705][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.467716][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.471232][T17804] ldm_validate_partition_table(): Disk read failed. [ 717.473441][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.476382][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.481656][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.484616][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.487621][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.490699][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 717.493974][T17804] Dev loop7: unable to read RDB block 0 [ 717.496512][T17804] loop7: unable to read partition table [ 717.498840][T17804] loop7: partition table beyond EOD, truncated [ 717.500771][T17804] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 717.738358][ T29] usb usb44-port1: attempt power cycle [ 718.204233][T17821] fuse: Unknown parameter '' [ 718.308526][ T29] usb usb44-port1: unable to enumerate USB device [ 718.702718][T17834] tipc: Started in network mode [ 718.718113][T17834] tipc: Node identity 320836509311, cluster identity 4711 [ 718.740068][T17834] tipc: Enabled bearer , priority 0 [ 718.778019][T17835] syzkaller0: entered promiscuous mode [ 718.779843][T17835] syzkaller0: entered allmulticast mode [ 719.312740][T17837] tipc: Resetting bearer [ 719.597784][T17829] tipc: Resetting bearer [ 719.606949][T17829] tipc: Disabling bearer [ 720.378152][T17858] fuse: Unknown parameter 'f 0x0000000000000003' [ 720.590565][T17858] FAULT_INJECTION: forcing a failure. [ 720.590565][T17858] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 720.590585][T17858] CPU: 0 UID: 0 PID: 17858 Comm: syz.3.3086 Not tainted syzkaller #0 PREEMPT(full) [ 720.590598][T17858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 720.590605][T17858] Call Trace: [ 720.590609][T17858] [ 720.590614][T17858] dump_stack_lvl+0x16c/0x1f0 [ 720.590632][T17858] should_fail_ex+0x512/0x640 [ 720.590650][T17858] should_fail_alloc_page+0xe7/0x130 [ 720.590665][T17858] prepare_alloc_pages+0x3c2/0x610 [ 720.590684][T17858] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 720.590700][T17858] ? find_held_lock+0x2b/0x80 [ 720.590712][T17858] ? is_bpf_text_address+0x8a/0x1a0 [ 720.590726][T17858] ? bpf_ksym_find+0x124/0x1c0 [ 720.590737][T17858] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 720.590750][T17858] ? is_bpf_text_address+0x94/0x1a0 [ 720.590781][T17858] ? __kernel_text_address+0xd/0x40 [ 720.590792][T17858] ? unwind_get_return_address+0x59/0xa0 [ 720.590810][T17858] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 720.590827][T17858] ? policy_nodemask+0xea/0x4e0 [ 720.590842][T17858] alloc_pages_mpol+0x1fb/0x550 [ 720.590857][T17858] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 720.590870][T17858] ? kasan_save_stack+0x33/0x60 [ 720.590882][T17858] ? __kasan_kmalloc+0xaa/0xb0 [ 720.590892][T17858] ? __get_vm_area_node+0x101/0x330 [ 720.590917][T17858] alloc_pages_noprof+0x131/0x390 [ 720.590931][T17858] get_free_pages_noprof+0x10/0xb0 [ 720.590946][T17858] kasan_populate_vmalloc+0x89/0x1f0 [ 720.590961][T17858] alloc_vmap_area+0x959/0x29c0 [ 720.590982][T17858] ? __pfx_alloc_vmap_area+0x10/0x10 [ 720.591001][T17858] __get_vm_area_node+0x1ca/0x330 [ 720.591020][T17858] __vmalloc_node_range_noprof+0x271/0x14b0 [ 720.591031][T17858] ? vc_do_resize+0x24d/0x10e0 [ 720.591049][T17858] ? vc_do_resize+0x24d/0x10e0 [ 720.591065][T17858] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 720.591080][T17858] ? vc_do_resize+0x24d/0x10e0 [ 720.591093][T17858] __vmalloc_node_noprof+0xad/0xf0 [ 720.591103][T17858] ? vc_do_resize+0x24d/0x10e0 [ 720.591117][T17858] vc_do_resize+0x24d/0x10e0 [ 720.591136][T17858] ? __pfx_vc_do_resize+0x10/0x10 [ 720.591151][T17858] ? rcu_is_watching+0x12/0xc0 [ 720.591165][T17858] vt_ioctl+0x2e2a/0x30a0 [ 720.591178][T17858] ? __pfx_vt_ioctl+0x10/0x10 [ 720.591188][T17858] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 720.591206][T17858] ? rcu_is_watching+0x12/0xc0 [ 720.591217][T17858] ? aa_get_newest_label+0xd2/0x250 [ 720.591230][T17858] ? apparmor_capable+0x114/0x1d0 [ 720.591242][T17858] ? bpf_lsm_capable+0x9/0x10 [ 720.591253][T17858] ? security_capable+0x7e/0x260 [ 720.591265][T17858] vt_compat_ioctl+0x1c2/0x4e0 [ 720.591277][T17858] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 720.591288][T17858] ? hook_file_ioctl_common+0x145/0x410 [ 720.591305][T17858] ? __fget_files+0x20e/0x3c0 [ 720.591317][T17858] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 720.591329][T17858] tty_compat_ioctl+0x2ee/0x4d0 [ 720.591344][T17858] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 720.591359][T17858] __ia32_compat_sys_ioctl+0x242/0x370 [ 720.591378][T17858] __do_fast_syscall_32+0x7c/0x3a0 [ 720.591394][T17858] do_fast_syscall_32+0x32/0x80 [ 720.591410][T17858] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 720.591425][T17858] RIP: 0023:0xf7fc7579 [ 720.591434][T17858] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 720.591445][T17858] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 720.591455][T17858] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000005609 [ 720.591462][T17858] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 720.591468][T17858] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 720.591474][T17858] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 720.591480][T17858] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 720.591494][T17858] [ 720.591551][T17858] syz.3.3086: vmalloc error: size 68, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 720.591726][T17858] CPU: 0 UID: 0 PID: 17858 Comm: syz.3.3086 Not tainted syzkaller #0 PREEMPT(full) [ 720.591738][T17858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 720.591744][T17858] Call Trace: [ 720.591748][T17858] [ 720.591752][T17858] dump_stack_lvl+0x16c/0x1f0 [ 720.591779][T17858] warn_alloc+0x248/0x3a0 [ 720.591793][T17858] ? __pfx_warn_alloc+0x10/0x10 [ 720.591807][T17858] ? kfree+0x2b4/0x4d0 [ 720.591820][T17858] ? __get_vm_area_node+0x208/0x330 [ 720.591839][T17858] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 720.591854][T17858] ? vc_do_resize+0x24d/0x10e0 [ 720.591871][T17858] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 720.591886][T17858] ? vc_do_resize+0x24d/0x10e0 [ 720.591902][T17858] __vmalloc_node_noprof+0xad/0xf0 [ 720.591912][T17858] ? vc_do_resize+0x24d/0x10e0 [ 720.591926][T17858] vc_do_resize+0x24d/0x10e0 [ 720.591945][T17858] ? __pfx_vc_do_resize+0x10/0x10 [ 720.591960][T17858] ? rcu_is_watching+0x12/0xc0 [ 720.591973][T17858] vt_ioctl+0x2e2a/0x30a0 [ 720.591985][T17858] ? __pfx_vt_ioctl+0x10/0x10 [ 720.591996][T17858] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 720.592012][T17858] ? rcu_is_watching+0x12/0xc0 [ 720.592024][T17858] ? aa_get_newest_label+0xd2/0x250 [ 720.592036][T17858] ? apparmor_capable+0x114/0x1d0 [ 720.592048][T17858] ? bpf_lsm_capable+0x9/0x10 [ 720.592058][T17858] ? security_capable+0x7e/0x260 [ 720.592069][T17858] vt_compat_ioctl+0x1c2/0x4e0 [ 720.592081][T17858] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 720.592093][T17858] ? hook_file_ioctl_common+0x145/0x410 [ 720.592109][T17858] ? __fget_files+0x20e/0x3c0 [ 720.592121][T17858] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 720.592133][T17858] tty_compat_ioctl+0x2ee/0x4d0 [ 720.592147][T17858] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 720.592163][T17858] __ia32_compat_sys_ioctl+0x242/0x370 [ 720.592181][T17858] __do_fast_syscall_32+0x7c/0x3a0 [ 720.592197][T17858] do_fast_syscall_32+0x32/0x80 [ 720.592212][T17858] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 720.592224][T17858] RIP: 0023:0xf7fc7579 [ 720.592232][T17858] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 720.592243][T17858] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 720.592252][T17858] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000005609 [ 720.592259][T17858] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 720.592266][T17858] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 720.592272][T17858] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 720.592278][T17858] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 720.592291][T17858] [ 720.592328][T17858] Mem-Info: [ 720.592335][T17858] active_anon:29424 inactive_anon:830 isolated_anon:0 [ 720.592335][T17858] active_file:1659 inactive_file:2664 isolated_file:0 [ 720.592335][T17858] unevictable:1768 dirty:1935 writeback:0 [ 720.592335][T17858] slab_reclaimable:7224 slab_unreclaimable:75197 [ 720.592335][T17858] mapped:26275 shmem:26781 pagetables:1316 [ 720.592335][T17858] sec_pagetables:339 bounce:0 [ 720.592335][T17858] kernel_misc_reclaimable:0 [ 720.592335][T17858] free:39857 free_pcp:20572 free_cma:0 [ 720.592362][T17858] Node 0 active_anon:36kB inactive_anon:36kB active_file:0kB inactive_file:12kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:4kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7536kB pagetables:1072kB sec_pagetables:1144kB all_unreclaimable? yes Balloon:0kB [ 720.592428][T17858] Node 1 active_anon:117660kB inactive_anon:3284kB active_file:6636kB inactive_file:10644kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:105080kB dirty:7736kB writeback:0kB shmem:103584kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6316kB pagetables:4192kB sec_pagetables:212kB all_unreclaimable? no Balloon:0kB [ 720.592457][T17858] Node 0 DMA free:2600kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:88kB local_pcp:8kB free_cma:0kB [ 720.592529][T17858] lowmem_reserve[]: 0 288 288 288 288 [ 720.592553][T17858] Node 0 DMA32 free:39504kB boost:20480kB min:33700kB low:37004kB high:40308kB reserved_highatomic:4096KB free_highatomic:2588KB active_anon:36kB inactive_anon:36kB active_file:0kB inactive_file:8kB unevictable:3536kB writepending:4kB present:1032196kB managed:295136kB mlocked:0kB bounce:0kB free_pcp:12000kB local_pcp:3324kB free_cma:0kB [ 720.592637][T17858] lowmem_reserve[]: 0 0 0 0 0 [ 720.592660][T17858] Node 1 DMA32 free:117324kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:6144KB free_highatomic:2964KB active_anon:117660kB inactive_anon:3284kB active_file:6636kB inactive_file:10644kB unevictable:3536kB writepending:7736kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:70168kB local_pcp:13784kB free_cma:0kB [ 720.592730][T17858] lowmem_reserve[]: 0 0 0 0 0 [ 720.592753][T17858] Node 0 DMA: 64*4kB (UM) 27*8kB (UM) 13*16kB (UM) 14*32kB (UM) 1*64kB (M) 1*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2600kB [ 720.592958][T17858] Node 0 DMA32: 1188*4kB (UMEH) 646*8kB (UMH) 205*16kB (UMEH) 312*32kB (UMEH) 109*64kB (UMH) 23*128kB (UMEH) 17*256kB (UMEH) 4*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 39504kB [ 720.593115][T17858] Node 1 DMA32: 114*4kB (UH) 663*8kB (UMEH) 368*16kB (UMH) 248*32kB (UMEH) 118*64kB (UMEH) 146*128kB (UMEH) 79*256kB (UMEH) 46*512kB (UM) 17*1024kB (UM) 3*2048kB (UM) 1*4096kB (U) = 117248kB [ 720.593323][T17858] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 720.593333][T17858] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 720.593381][T17858] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 720.593391][T17858] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 720.593400][T17858] 31323 total pagecache pages [ 720.593404][T17858] 223 pages in swap cache [ 720.593409][T17858] Free swap = 152kB [ 720.593458][T17858] Total swap = 124996kB [ 720.593464][T17858] 524155 pages RAM [ 720.593468][T17858] 0 pages HighMem/MovableOnly [ 720.593473][T17858] 209476 pages reserved [ 720.593477][T17858] 0 pages cma reserved [ 720.660481][T17869] loop7: detected capacity change from 0 to 7 [ 720.965852][T17869] ldm_validate_partition_table(): Disk read failed. [ 720.969037][T17869] Dev loop7: unable to read RDB block 0 [ 720.971310][T17869] loop7: unable to read partition table [ 720.973383][T17869] loop7: partition table beyond EOD, truncated [ 720.975387][T17869] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 722.017543][T17891] loop9: detected capacity change from 0 to 7 [ 722.047922][T17891] ldm_validate_partition_table(): Disk read failed. [ 722.056017][T17891] Dev loop9: unable to read RDB block 0 [ 722.068429][T17891] loop9: unable to read partition table [ 722.070688][T17891] loop9: partition table beyond EOD, truncated [ 722.073533][T17891] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 722.073533][T17891] ) failed (rc=-5) [ 722.942444][T17921] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3100'. [ 723.147780][T17921] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 724.001398][T17937] FAULT_INJECTION: forcing a failure. [ 724.001398][T17937] name failslab, interval 1, probability 0, space 0, times 0 [ 724.017352][T17937] CPU: 2 UID: 0 PID: 17937 Comm: syz.2.3107 Not tainted syzkaller #0 PREEMPT(full) [ 724.017370][T17937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 724.017377][T17937] Call Trace: [ 724.017381][T17937] [ 724.017386][T17937] dump_stack_lvl+0x16c/0x1f0 [ 724.017404][T17937] should_fail_ex+0x512/0x640 [ 724.017419][T17937] ? __kmalloc_noprof+0xbf/0x510 [ 724.017433][T17937] ? nla_strdup+0xc6/0x150 [ 724.017448][T17937] should_failslab+0xc2/0x120 [ 724.017477][T17937] __kmalloc_noprof+0xd2/0x510 [ 724.017493][T17937] nla_strdup+0xc6/0x150 [ 724.017510][T17937] nf_tables_addchain.constprop.0+0x483/0x1c90 [ 724.017530][T17937] ? nft_chain_lookup+0x204/0x3e0 [ 724.017548][T17937] ? __pfx_nf_tables_addchain.constprop.0+0x10/0x10 [ 724.017565][T17937] ? __lock_acquire+0x62e/0x1ce0 [ 724.017591][T17937] ? nla_strcmp+0xff/0x130 [ 724.017602][T17937] ? nft_table_lookup.part.0+0x1e3/0x230 [ 724.017619][T17937] nf_tables_newchain+0x206a/0x2d90 [ 724.017632][T17937] ? __print_lock_name+0x71/0xe0 [ 724.017643][T17937] ? net_generic+0xea/0x2a0 [ 724.017658][T17937] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 724.017677][T17937] ? __nla_validate_parse+0x600/0x2880 [ 724.017690][T17937] ? __pfx_nf_tables_newchain+0x10/0x10 [ 724.017705][T17937] ? __pfx___nla_validate_parse+0x10/0x10 [ 724.017723][T17937] ? __nla_parse+0x40/0x60 [ 724.017741][T17937] nfnetlink_rcv_batch+0x18ed/0x2330 [ 724.017768][T17937] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 724.017785][T17937] ? __local_bh_enable_ip+0xa4/0x120 [ 724.017803][T17937] ? __dev_queue_xmit+0xaf1/0x4490 [ 724.017818][T17937] ? __dev_queue_xmit+0xb12/0x4490 [ 724.017841][T17937] ? __pfx___dev_queue_xmit+0x10/0x10 [ 724.017866][T17937] ? __nla_parse+0x40/0x60 [ 724.017878][T17937] nfnetlink_rcv+0x3c1/0x430 [ 724.017889][T17937] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 724.017904][T17937] netlink_unicast+0x5aa/0x870 [ 724.017922][T17937] ? __pfx_netlink_unicast+0x10/0x10 [ 724.017937][T17937] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 724.017956][T17937] netlink_sendmsg+0x8d1/0xdd0 [ 724.017973][T17937] ? __pfx_netlink_sendmsg+0x10/0x10 [ 724.017990][T17937] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 724.018005][T17937] ____sys_sendmsg+0xa95/0xc70 [ 724.018018][T17937] ? __pfx_____sys_sendmsg+0x10/0x10 [ 724.018027][T17937] ? get_compat_msghdr+0x11a/0x170 [ 724.018048][T17937] ___sys_sendmsg+0x134/0x1d0 [ 724.018063][T17937] ? __pfx____sys_sendmsg+0x10/0x10 [ 724.018085][T17937] ? find_held_lock+0x2b/0x80 [ 724.018105][T17937] __sys_sendmsg+0x16d/0x220 [ 724.018120][T17937] ? __pfx___sys_sendmsg+0x10/0x10 [ 724.018140][T17937] ? rcu_is_watching+0x12/0xc0 [ 724.018154][T17937] __do_fast_syscall_32+0x7c/0x3a0 [ 724.018170][T17937] do_fast_syscall_32+0x32/0x80 [ 724.018185][T17937] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 724.018198][T17937] RIP: 0023:0xf7f86579 [ 724.018207][T17937] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 724.018218][T17937] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 724.018229][T17937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 724.018236][T17937] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 724.018242][T17937] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 724.018249][T17937] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 724.018257][T17937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 724.018278][T17937] [ 724.033100][T17931] lo speed is unknown, defaulting to 1000 [ 724.520964][T17947] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 725.250204][T17954] comedi comedi0: mpc624: I/O port conflict (0xee,16) [ 725.255356][T17954] [ 725.256181][T17954] ===================================================== [ 725.258394][T17954] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 725.260747][T17954] syzkaller #0 Not tainted [ 725.262320][T17954] ----------------------------------------------------- [ 725.266217][T17954] syz.4.3113/17954 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 725.269054][T17954] ffff8880234962b8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 725.271848][T17954] [ 725.271848][T17954] and this task is already holding: [ 725.274239][T17954] ffff8880249a4028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 725.277291][T17954] which would create a new lock dependency: [ 725.279386][T17954] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 725.281924][T17954] [ 725.281924][T17954] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 725.284786][T17954] (&dev->event_lock#2){..-.}-{3:3} [ 725.284806][T17954] [ 725.284806][T17954] ... which became SOFTIRQ-irq-safe at: [ 725.288822][T17954] lock_acquire+0x179/0x350 [ 725.290281][T17954] _raw_spin_lock_irqsave+0x3a/0x60 [ 725.291944][T17954] input_inject_event+0x9f/0x3b0 [ 725.293546][T17954] led_set_brightness+0x217/0x290 [ 725.295165][T17954] led_trigger_event+0xda/0x270 [ 725.296742][T17954] kbd_bh+0x21b/0x300 [ 725.298049][T17954] tasklet_action_common+0x284/0x400 [ 725.299936][T17954] handle_softirqs+0x219/0x8e0 [ 725.301549][T17954] run_ksoftirqd+0x3a/0x60 [ 725.303052][T17954] smpboot_thread_fn+0x3f4/0xae0 [ 725.304598][T17954] kthread+0x3c5/0x780 [ 725.305942][T17954] ret_from_fork+0x5d4/0x6f0 [ 725.307463][T17954] ret_from_fork_asm+0x1a/0x30 [ 725.309053][T17954] [ 725.309053][T17954] to a SOFTIRQ-irq-unsafe lock: [ 725.311252][T17954] (tasklist_lock){.+.+}-{3:3} [ 725.311270][T17954] [ 725.311270][T17954] ... which became SOFTIRQ-irq-unsafe at: [ 725.315247][T17954] ... [ 725.315252][T17954] lock_acquire+0x179/0x350 [ 725.317605][T17954] _raw_read_lock+0x5f/0x70 [ 725.319089][T17954] __do_wait+0x105/0x890 [ 725.320473][T17954] do_wait+0x21e/0x5a0 [ 725.321832][T17954] kernel_wait+0x9f/0x160 [ 725.323284][T17954] call_usermodehelper_exec_work+0xf1/0x170 [ 725.325188][T17954] process_one_work+0x9cf/0x1b70 [ 725.326790][T17954] worker_thread+0x6c8/0xf10 [ 725.328283][T17954] kthread+0x3c5/0x780 [ 725.329630][T17954] ret_from_fork+0x5d4/0x6f0 [ 725.331124][T17954] ret_from_fork_asm+0x1a/0x30 [ 725.332684][T17954] [ 725.332684][T17954] other info that might help us debug this: [ 725.332684][T17954] [ 725.335845][T17954] Chain exists of: [ 725.335845][T17954] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 725.335845][T17954] [ 725.340054][T17954] Possible interrupt unsafe locking scenario: [ 725.340054][T17954] [ 725.340060][T17954] CPU0 CPU1 [ 725.340064][T17954] ---- ---- [ 725.340071][T17954] lock(tasklist_lock); [ 725.340080][T17954] local_irq_disable(); [ 725.340084][T17954] lock(&dev->event_lock#2); [ 725.340097][T17954] lock(&client->buffer_lock); [ 725.340106][T17954] [ 725.340109][T17954] lock(&dev->event_lock#2); [ 725.340120][T17954] [ 725.340120][T17954] *** DEADLOCK *** [ 725.340120][T17954] [ 725.340123][T17954] 7 locks held by syz.4.3113/17954: [ 725.340131][T17954] #0: ffff8880275f9118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440 [ 725.340159][T17954] #1: ffff888023038230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 725.340188][T17954] #2: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 725.340214][T17954] #3: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 725.340238][T17954] #4: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 725.340262][T17954] #5: ffff8880249a4028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 725.340288][T17954] #6: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 725.340318][T17954] [ 725.340318][T17954] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 725.340324][T17954] -> (&dev->event_lock#2){..-.}-{3:3} { [ 725.340341][T17954] IN-SOFTIRQ-W at: [ 725.340347][T17954] lock_acquire+0x179/0x350 [ 725.340361][T17954] _raw_spin_lock_irqsave+0x3a/0x60 [ 725.340374][T17954] input_inject_event+0x9f/0x3b0 [ 725.340384][T17954] led_set_brightness+0x217/0x290 [ 725.340400][T17954] led_trigger_event+0xda/0x270 [ 725.340411][T17954] kbd_bh+0x21b/0x300 [ 725.340425][T17954] tasklet_action_common+0x284/0x400 [ 725.340438][T17954] handle_softirqs+0x219/0x8e0 [ 725.340450][T17954] run_ksoftirqd+0x3a/0x60 [ 725.340462][T17954] smpboot_thread_fn+0x3f4/0xae0 [ 725.340476][T17954] kthread+0x3c5/0x780 [ 725.340490][T17954] ret_from_fork+0x5d4/0x6f0 [ 725.340506][T17954] ret_from_fork_asm+0x1a/0x30 [ 725.340518][T17954] INITIAL USE at: [ 725.340525][T17954] lock_acquire+0x179/0x350 [ 725.340537][T17954] _raw_spin_lock_irqsave+0x3a/0x60 [ 725.340549][T17954] input_inject_event+0x9f/0x3b0 [ 725.340559][T17954] led_set_brightness+0x217/0x290 [ 725.340593][T17954] kbd_led_trigger_activate+0xcb/0x110 [ 725.340609][T17954] led_trigger_set+0x59a/0xc50 [ 725.340620][T17954] led_trigger_set_default+0x1e0/0x2e0 [ 725.340632][T17954] led_classdev_register_ext+0x7b8/0xa10 [ 725.340643][T17954] input_leds_connect+0x552/0x8e0 [ 725.340658][T17954] input_attach_handler.isra.0+0x173/0x250 [ 725.340676][T17954] input_register_device+0xab9/0x1180 [ 725.340687][T17954] atkbd_connect+0x5f8/0xa40 [ 725.340701][T17954] serio_driver_probe+0x7f/0xd0 [ 725.340717][T17954] really_probe+0x241/0xa90 [ 725.340732][T17954] __driver_probe_device+0x1de/0x440 [ 725.340746][T17954] driver_probe_device+0x4c/0x1b0 [ 725.340760][T17954] __driver_attach+0x283/0x580 [ 725.340774][T17954] bus_for_each_dev+0x13e/0x1d0 [ 725.340785][T17954] serio_handle_event+0x335/0xc30 [ 725.340793][T17954] process_one_work+0x9cf/0x1b70 [ 725.340809][T17954] worker_thread+0x6c8/0xf10 [ 725.340818][T17954] kthread+0x3c5/0x780 [ 725.340832][T17954] ret_from_fork+0x5d4/0x6f0 [ 725.340847][T17954] ret_from_fork_asm+0x1a/0x30 [ 725.340860][T17954] } [ 725.340863][T17954] ... key at: [] __key.7+0x0/0x40 [ 725.340878][T17954] -> (&client->buffer_lock){....}-{3:3} { [ 725.340894][T17954] INITIAL USE at: [ 725.340900][T17954] lock_acquire+0x179/0x350 [ 725.340913][T17954] _raw_spin_lock+0x2e/0x40 [ 725.340923][T17954] evdev_pass_values+0x10e/0x9b0 [ 725.340933][T17954] evdev_events+0x1bb/0x390 [ 725.340943][T17954] input_pass_values+0x74b/0x880 [ 725.340953][T17954] input_handle_event+0xf00/0x14d0 [ 725.340963][T17954] input_event+0x8e/0xd0 [ 725.340972][T17954] uinput_write+0xb20/0xff0 [ 725.340986][T17954] vfs_write+0x2a0/0x11d0 [ 725.340999][T17954] ksys_write+0x1f8/0x250 [ 725.341010][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.341024][T17954] do_fast_syscall_32+0x32/0x80 [ 725.341038][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.341051][T17954] } [ 725.341054][T17954] ... key at: [] __key.1+0x0/0x40 [ 725.341075][T17954] ... acquired at: [ 725.341079][T17954] _raw_spin_lock+0x2e/0x40 [ 725.341090][T17954] evdev_pass_values+0x10e/0x9b0 [ 725.341100][T17954] evdev_events+0x1bb/0x390 [ 725.341110][T17954] input_pass_values+0x74b/0x880 [ 725.341121][T17954] input_handle_event+0xf00/0x14d0 [ 725.341131][T17954] input_event+0x8e/0xd0 [ 725.341141][T17954] uinput_write+0xb20/0xff0 [ 725.341154][T17954] vfs_write+0x2a0/0x11d0 [ 725.341166][T17954] ksys_write+0x1f8/0x250 [ 725.341177][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.341193][T17954] do_fast_syscall_32+0x32/0x80 [ 725.341208][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.341221][T17954] [ 725.341224][T17954] [ 725.341224][T17954] the dependencies between the lock to be acquired [ 725.341228][T17954] and SOFTIRQ-irq-unsafe lock: [ 725.341241][T17954] -> (tasklist_lock){.+.+}-{3:3} { [ 725.341257][T17954] HARDIRQ-ON-R at: [ 725.341264][T17954] lock_acquire+0x179/0x350 [ 725.341277][T17954] _raw_read_lock+0x5f/0x70 [ 725.341289][T17954] __do_wait+0x105/0x890 [ 725.341305][T17954] do_wait+0x21e/0x5a0 [ 725.341320][T17954] kernel_wait+0x9f/0x160 [ 725.341336][T17954] call_usermodehelper_exec_work+0xf1/0x170 [ 725.341348][T17954] process_one_work+0x9cf/0x1b70 [ 725.341365][T17954] worker_thread+0x6c8/0xf10 [ 725.341374][T17954] kthread+0x3c5/0x780 [ 725.341392][T17954] ret_from_fork+0x5d4/0x6f0 [ 725.341407][T17954] ret_from_fork_asm+0x1a/0x30 [ 725.341419][T17954] SOFTIRQ-ON-R at: [ 725.341425][T17954] lock_acquire+0x179/0x350 [ 725.341438][T17954] _raw_read_lock+0x5f/0x70 [ 725.341449][T17954] __do_wait+0x105/0x890 [ 725.341464][T17954] do_wait+0x21e/0x5a0 [ 725.341478][T17954] kernel_wait+0x9f/0x160 [ 725.341493][T17954] call_usermodehelper_exec_work+0xf1/0x170 [ 725.341504][T17954] process_one_work+0x9cf/0x1b70 [ 725.341521][T17954] worker_thread+0x6c8/0xf10 [ 725.341530][T17954] kthread+0x3c5/0x780 [ 725.341544][T17954] ret_from_fork+0x5d4/0x6f0 [ 725.341559][T17954] ret_from_fork_asm+0x1a/0x30 [ 725.341571][T17954] INITIAL USE at: [ 725.341577][T17954] lock_acquire+0x179/0x350 [ 725.341590][T17954] _raw_write_lock_irq+0x36/0x50 [ 725.341602][T17954] copy_process+0x4caf/0x7690 [ 725.341615][T17954] kernel_clone+0xfc/0x930 [ 725.341638][T17954] user_mode_thread+0xc7/0x110 [ 725.341651][T17954] rest_init+0x23/0x2b0 [ 725.341660][T17954] start_kernel+0x3ee/0x4d0 [ 725.341671][T17954] x86_64_start_reservations+0x18/0x30 [ 725.341682][T17954] x86_64_start_kernel+0x130/0x190 [ 725.341693][T17954] common_startup_64+0x13e/0x148 [ 725.341705][T17954] INITIAL READ USE at: [ 725.341711][T17954] lock_acquire+0x179/0x350 [ 725.341724][T17954] _raw_read_lock+0x5f/0x70 [ 725.341736][T17954] __do_wait+0x105/0x890 [ 725.341752][T17954] do_wait+0x21e/0x5a0 [ 725.341766][T17954] kernel_wait+0x9f/0x160 [ 725.341781][T17954] call_usermodehelper_exec_work+0xf1/0x170 [ 725.341792][T17954] process_one_work+0x9cf/0x1b70 [ 725.341809][T17954] worker_thread+0x6c8/0xf10 [ 725.341818][T17954] kthread+0x3c5/0x780 [ 725.341833][T17954] ret_from_fork+0x5d4/0x6f0 [ 725.341848][T17954] ret_from_fork_asm+0x1a/0x30 [ 725.341861][T17954] } [ 725.341864][T17954] ... key at: [] tasklist_lock+0x18/0x40 [ 725.341879][T17954] ... acquired at: [ 725.341882][T17954] _raw_read_lock+0x5f/0x70 [ 725.341893][T17954] send_sigio+0xb8/0x3e0 [ 725.341907][T17954] dnotify_handle_event+0x15e/0x2b0 [ 725.341920][T17954] fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0 [ 725.341932][T17954] fsnotify+0x13d6/0x1dc0 [ 725.341941][T17954] path_openat+0x1b50/0x2cb0 [ 725.341952][T17954] do_filp_open+0x20b/0x470 [ 725.341963][T17954] do_sys_openat2+0x11b/0x1d0 [ 725.341978][T17954] __ia32_compat_sys_openat+0x16d/0x210 [ 725.341988][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.342002][T17954] do_fast_syscall_32+0x32/0x80 [ 725.342015][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.342028][T17954] [ 725.342031][T17954] -> (&f_owner->lock){....}-{3:3} { [ 725.342045][T17954] INITIAL USE at: [ 725.342051][T17954] lock_acquire+0x179/0x350 [ 725.342064][T17954] _raw_write_lock_irq+0x36/0x50 [ 725.342081][T17954] __f_setown+0x61/0x3c0 [ 725.342095][T17954] do_fcntl+0x1098/0x15a0 [ 725.342110][T17954] do_compat_fcntl64+0x367/0x710 [ 725.342125][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.342140][T17954] do_fast_syscall_32+0x32/0x80 [ 725.342155][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.342169][T17954] INITIAL READ USE at: [ 725.342176][T17954] lock_acquire+0x179/0x350 [ 725.342190][T17954] _raw_read_lock_irqsave+0x74/0x90 [ 725.342203][T17954] send_sigio+0x31/0x3e0 [ 725.342218][T17954] dnotify_handle_event+0x15e/0x2b0 [ 725.342233][T17954] fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0 [ 725.342245][T17954] fsnotify+0x13d6/0x1dc0 [ 725.342255][T17954] vfs_symlink+0x564/0x680 [ 725.342264][T17954] do_symlinkat+0x261/0x310 [ 725.342277][T17954] __ia32_sys_symlink+0x74/0x90 [ 725.342290][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.342305][T17954] do_fast_syscall_32+0x32/0x80 [ 725.342318][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.342331][T17954] } [ 725.342335][T17954] ... key at: [] __key.1+0x0/0x40 [ 725.342348][T17954] ... acquired at: [ 725.342352][T17954] _raw_read_lock_irqsave+0x74/0x90 [ 725.342364][T17954] send_sigio+0x31/0x3e0 [ 725.342377][T17954] kill_fasync+0x214/0x510 [ 725.342391][T17954] lease_break_callback+0x23/0x30 [ 725.342405][T17954] __break_lease+0x671/0x1810 [ 725.342414][T17954] do_dentry_open+0x91f/0x1530 [ 725.342425][T17954] vfs_open+0x82/0x3f0 [ 725.342439][T17954] path_openat+0x1de4/0x2cb0 [ 725.342450][T17954] do_filp_open+0x20b/0x470 [ 725.342461][T17954] do_sys_openat2+0x11b/0x1d0 [ 725.342476][T17954] __ia32_sys_creat+0xcb/0x120 [ 725.342485][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.342499][T17954] do_fast_syscall_32+0x32/0x80 [ 725.342514][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.342527][T17954] [ 725.342529][T17954] -> (&new->fa_lock){....}-{3:3} { [ 725.342545][T17954] INITIAL USE at: [ 725.342551][T17954] lock_acquire+0x179/0x350 [ 725.342564][T17954] _raw_write_lock_irq+0x36/0x50 [ 725.342576][T17954] fasync_remove_entry+0xb2/0x1e0 [ 725.342591][T17954] fasync_helper+0xaf/0xd0 [ 725.342605][T17954] lease_modify+0x232/0x500 [ 725.342620][T17954] locks_remove_file+0x29e/0x5c0 [ 725.342629][T17954] __fput+0x351/0xb70 [ 725.342643][T17954] task_work_run+0x14d/0x240 [ 725.342658][T17954] exit_to_user_mode_loop+0xeb/0x110 [ 725.342673][T17954] __do_fast_syscall_32+0x2ac/0x3a0 [ 725.342687][T17954] do_fast_syscall_32+0x32/0x80 [ 725.342701][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.342714][T17954] INITIAL READ USE at: [ 725.342720][T17954] lock_acquire+0x179/0x350 [ 725.342733][T17954] _raw_read_lock_irqsave+0x74/0x90 [ 725.342745][T17954] kill_fasync+0x138/0x510 [ 725.342759][T17954] lease_break_callback+0x23/0x30 [ 725.342773][T17954] __break_lease+0x671/0x1810 [ 725.342782][T17954] do_dentry_open+0x91f/0x1530 [ 725.342794][T17954] vfs_open+0x82/0x3f0 [ 725.342808][T17954] path_openat+0x1de4/0x2cb0 [ 725.342820][T17954] do_filp_open+0x20b/0x470 [ 725.342831][T17954] do_sys_openat2+0x11b/0x1d0 [ 725.342846][T17954] __ia32_sys_creat+0xcb/0x120 [ 725.342855][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.342869][T17954] do_fast_syscall_32+0x32/0x80 [ 725.342883][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.342896][T17954] } [ 725.342899][T17954] ... key at: [] __key.0+0x0/0x40 [ 725.342912][T17954] ... acquired at: [ 725.342916][T17954] lock_acquire+0x179/0x350 [ 725.342928][T17954] _raw_read_lock_irqsave+0x74/0x90 [ 725.342940][T17954] kill_fasync+0x138/0x510 [ 725.342953][T17954] evdev_pass_values+0x619/0x9b0 [ 725.342964][T17954] evdev_events+0x1bb/0x390 [ 725.342973][T17954] input_pass_values+0x74b/0x880 [ 725.342983][T17954] input_handle_event+0xf00/0x14d0 [ 725.342992][T17954] input_inject_event+0x1e8/0x3b0 [ 725.343002][T17954] evdev_write+0x2e1/0x440 [ 725.343011][T17954] vfs_write+0x2a0/0x11d0 [ 725.343022][T17954] ksys_write+0x1f8/0x250 [ 725.343033][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.343046][T17954] do_fast_syscall_32+0x32/0x80 [ 725.343060][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.343075][T17954] [ 725.343078][T17954] [ 725.343078][T17954] stack backtrace: [ 725.343085][T17954] CPU: 1 UID: 0 PID: 17954 Comm: syz.4.3113 Not tainted syzkaller #0 PREEMPT(full) [ 725.343097][T17954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 725.343104][T17954] Call Trace: [ 725.343108][T17954] [ 725.343112][T17954] dump_stack_lvl+0x116/0x1f0 [ 725.343127][T17954] check_irq_usage+0x7dc/0x920 [ 725.343139][T17954] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 725.343158][T17954] ? check_path.constprop.0+0x24/0x50 [ 725.343172][T17954] ? __lock_acquire+0x12bc/0x1ce0 [ 725.343185][T17954] __lock_acquire+0x12bc/0x1ce0 [ 725.343200][T17954] lock_acquire+0x179/0x350 [ 725.343214][T17954] ? kill_fasync+0x138/0x510 [ 725.343230][T17954] _raw_read_lock_irqsave+0x74/0x90 [ 725.343242][T17954] ? kill_fasync+0x138/0x510 [ 725.343256][T17954] kill_fasync+0x138/0x510 [ 725.343271][T17954] evdev_pass_values+0x619/0x9b0 [ 725.343283][T17954] evdev_events+0x1bb/0x390 [ 725.343293][T17954] input_pass_values+0x74b/0x880 [ 725.343304][T17954] input_handle_event+0xf00/0x14d0 [ 725.343314][T17954] ? _copy_from_user+0x59/0xd0 [ 725.343332][T17954] input_inject_event+0x1e8/0x3b0 [ 725.343343][T17954] evdev_write+0x2e1/0x440 [ 725.343354][T17954] ? __pfx_evdev_write+0x10/0x10 [ 725.343363][T17954] ? common_file_perm+0x1a9/0x340 [ 725.343377][T17954] ? bpf_lsm_file_permission+0x9/0x10 [ 725.343392][T17954] ? security_file_permission+0x71/0x210 [ 725.343407][T17954] ? rw_verify_area+0xcf/0x6c0 [ 725.343417][T17954] ? __pfx_evdev_write+0x10/0x10 [ 725.343427][T17954] vfs_write+0x2a0/0x11d0 [ 725.343439][T17954] ? __pfx_vfs_write+0x10/0x10 [ 725.343451][T17954] ? find_held_lock+0x2b/0x80 [ 725.343460][T17954] ? __fget_files+0x204/0x3c0 [ 725.343472][T17954] ? __fget_files+0x20e/0x3c0 [ 725.343485][T17954] ksys_write+0x1f8/0x250 [ 725.343496][T17954] ? __pfx_ksys_write+0x10/0x10 [ 725.343509][T17954] ? rcu_is_watching+0x12/0xc0 [ 725.343520][T17954] __do_fast_syscall_32+0x7c/0x3a0 [ 725.343535][T17954] do_fast_syscall_32+0x32/0x80 [ 725.343549][T17954] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.343562][T17954] RIP: 0023:0xf70ce579 [ 725.343571][T17954] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 725.343581][T17954] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 725.343591][T17954] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000040 [ 725.343598][T17954] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000 [ 725.343604][T17954] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 725.343610][T17954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 725.343617][T17954] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 725.343626][T17954] [ 726.105521][T17944] tty tty1: ldisc open failed (-12), clearing slot 0 VM DIAGNOSIS: 16:48:36 Registers: info registers vcpu 0 CPU#0 RAX=000000000121a8ec RBX=0000000000000000 RCX=ffffffff8b90abf9 RDX=ffffed1005646656 RSI=ffffffff8c162c80 RDI=ffffffff8190ccb1 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000000 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab8190 R15=0000000000000000 RIP=ffffffff8b90975f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000034f02ff8 CR3=000000004b745000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=000000000000000c Opmask01=0000000000000000 Opmask02=00000000effffdff Opmask03=0000000001041000 Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000557531882a00 0000557531882a00 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005575318704a0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055753186e630 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f16b57f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00 ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffff00000000ff ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73001605121f0073 431e161e035c1810 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6961660064657373 65636f727020756c 6c2520716573006e 6f69746974726170 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30302c443230302c 433230302c423230 302c393200003132 3d5145534b534944 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d0d11440f0d0d11 430f0d0d11420f0d 0d11040f00000c0f 005145534b534944 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f30737562646e2f 30303a3231303049 5043412f30303a53 55425953584e4c2f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000557531881b40 0000557531882410 0000000000000031 6467756c70007974 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85617045 RDI=ffffffff9b0f9700 RBP=ffffffff9b0f96c0 RSP=ffffc900032e72f0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff9b0f96c0 R15=ffffffff85616fe0 RIP=ffffffff8561706f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880975c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f738f3b0 CR3=000000005e109000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000002 RBX=ffffc90003117a58 RCX=ffffffff81a76386 RDX=ffff88801d7c4880 RSI=ffffffff81a763b8 RDI=0000000000000001 RBP=ffff88802b425b00 RSP=ffffc90003117970 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=1ffff92000622f2f R13=0000000000000000 R14=0000000000000001 R15=0000000000000000 RIP=ffffffff81bb08a8 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880976c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080002000 CR3=000000006bb19000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000000 RBX=ffff88801c340000 RCX=ffffffff818861cf RDX=0000000000000000 RSI=fffff5200065aece RDI=ffffffff8df58e78 RBP=ffffc900032d7758 RSP=ffffc900032d75a0 R8 =0000000000000000 R9 =fffffbfff2157032 R10=ffffffff90ab8197 R11=0000000000000001 R12=0000000000000000 R13=ffff88801c340558 R14=ffff88802b43a440 R15=ffff888028f28000 RIP=ffffffff8b91820e RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ff800fbfc80 ffffffff 00c00000 GS =0000 ffff8880977c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ff801193a90 CR3=0000000063a5a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000