last executing test programs: 5m15.823121319s ago: executing program 1 (id=677): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) ioprio_set$uid(0x3, 0x0, 0x2000000) 5m15.65352235s ago: executing program 1 (id=680): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r4) sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r6, 0x83625fc5352ba305, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x2000040) r7 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r9, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000380)={r10, 0x0, 0x1ff, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000080)={r11, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r12}) close_range(r0, 0xffffffffffffffff, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000002440)=""/116, 0x74) waitid(0x0, r1, 0x0, 0x8, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x3, @mcast1, 0x3}}}, 0x84) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1, 0xfffffffe}}, {{0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x100b}}}, 0x108) 5m15.053074898s ago: executing program 1 (id=681): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)={0x35, 0x1403, 0x20, 0x70bd2c, 0x25dfdbfc, "", [{{0x0, 0x2, 'syz2\x00'}, {0x0, 0x41, 'rxe\x00'}, {0x0, 0x33, 'veth0\x00'}}, {{0x0, 0x2, 'syz2\x00'}, {0x0, 0x41, 'siw\x00'}, {0x0, 0x33, 'pim6reg1\x00'}}, {{0x0, 0x2, 'syz1\x00'}, {0x0, 0x41, 'rxe\x00'}, {0x0, 0x33, 'veth1_vlan\x00'}}]}, 0xfffffc8a}, 0x1, 0x0, 0x0, 0x44}, 0x810) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x13}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) writev(r1, &(0x7f0000000200)=[{&(0x7f0000000000)="9ef692334a287a8ac91939ed322e3b988dcf889bf86c53f49cae5f548f8a6d0acb10f0cc5db7f5", 0x27}, {&(0x7f00000000c0)="5c8ea61ac3a8829e0cd76c3e2edf2b35d8efed407c044757e6c6dd97326d", 0x1e}, {0x0}], 0x3) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000021a880, 0x0) r3 = dup(r2) r4 = syz_io_uring_setup(0x423d, &(0x7f0000000600)={0x0, 0x11f7, 0xc6, 0x6, 0xe2}, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x1d, &(0x7f00000005c0)=ANY=[@ANYRES32=r3, @ANYRESHEX, @ANYRES32=r3], &(0x7f0000000240)='syzkaller\x00', 0x11, 0x0, 0x0, 0x40f00, 0x58, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f0000000080)=0xd71) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) r7 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x1c2c, 0x1000, 0x0, 0x387, 0x0, r4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r10, 0x802c550a, &(0x7f0000000000)=ANY=[]) ioctl$USBDEVFS_REAPURBNDELAY(r10, 0x4004550d, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000280)=@IORING_OP_MSG_RING={0x28, 0xe24b8cabdee17ba, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000480)="dc5044637a9da076cbbafd2b47d7d650b360730c9d72c79addd5c4629ba488fe6c38588d7e23041bb71ce324ffb76412169dcc8ca14d008c972d12884349d37029cd1d6351c3c2f76d5c84ad8f4b38fddaa04824c9e1400a0072a2a4b6490f92020a4eb02fe46a8e9f3d8b13614150df55221bc46ddb57119aff73289e03e838e5dabcdd632912d7647e05ee4c3739a7640e6222651e08503233de15e6ecd1c97a17774133b345e509ae3c93976aefcb49d6c3c99eb68de259a1fd26e270b47da29e40abd31dbae9c09d6e3809190f353bef6abd8d921a3d0f093fc3ebeeb254e27ca17f323b2a38dca620d494fb0697eba1e470c49021cc", 0xf8, 0x3, 0x1}) io_uring_enter(r7, 0x2ded, 0x4000, 0x0, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r11, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x28011, r11, 0x0) 5m14.484804785s ago: executing program 1 (id=685): syz_open_dev$usbmon(&(0x7f0000000fc0), 0xe2e2, 0x102000) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x81000, 0x0) getresuid(0x0, 0x0, &(0x7f0000000280)) prlimit64(0x0, 0xe, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r1, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890) setsockopt$sock_int(r1, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) recvmmsg(r1, &(0x7f0000006880)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000041c0)=""/76, 0x4c}], 0x1}, 0x3}, {{0x0, 0x0, 0x0}, 0x7f}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000006800)=""/104, 0x68}, 0xbd33}], 0x3, 0x40000003, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) setsockopt$sock_int(r3, 0x1, 0xc, &(0x7f00000002c0)=0x7, 0x4) sendmmsg(r3, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)='<', 0x1}], 0x1}}], 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}]}]}, 0x30}}, 0x10) 5m12.359855647s ago: executing program 1 (id=691): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x5, @mcast1, 0x2a}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000), 0x4) r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) lsetxattr$security_ima(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100), &(0x7f0000000380)=@v2={0x3, 0x2, 0xfe, 0xe79f, 0x1, 'J'}, 0xa, 0x1) r3 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r3, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r3, 0x29, 0x16, &(0x7f0000fcb000)=0x80, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x7, 0x20, 0xc7}, &(0x7f0000000080)=0x18) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000000c0)={r4, 0x2}, &(0x7f0000000140)=0x8) 5m11.982031309s ago: executing program 1 (id=693): io_setup(0x3, &(0x7f0000000480)) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@ipv4_newrule={0x2c, 0x20, 0x4, 0x70bd29, 0x25dfdbff, {0x2, 0x14, 0x20, 0x1, 0x5c, 0x0, 0x0, 0x1, 0x2}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x5d0a}, @FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0xd1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4e331af9434562eb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) mremap(&(0x7f00005a7000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f00004fe000/0x4000)=nil) mremap(&(0x7f0000ef9000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) mremap(&(0x7f000046b000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000769000/0x1000)=nil) mremap(&(0x7f0000b89000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00006e6000/0x3000)=nil) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f00000000c0)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x62881, 0x19d) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000001600)={0x20, r3, 0x1, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x60000}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@RTM_NEWMDB={0x38, 0x55, 0x1e5, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r7, 0x1, 0x1, 0x2, {@in6_addr=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x86dd}}}]}, 0x38}}, 0x20044050) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') 5m11.909267554s ago: executing program 32 (id=693): io_setup(0x3, &(0x7f0000000480)) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@ipv4_newrule={0x2c, 0x20, 0x4, 0x70bd29, 0x25dfdbff, {0x2, 0x14, 0x20, 0x1, 0x5c, 0x0, 0x0, 0x1, 0x2}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x5d0a}, @FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0xd1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4e331af9434562eb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) mremap(&(0x7f00005a7000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f00004fe000/0x4000)=nil) mremap(&(0x7f0000ef9000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) mremap(&(0x7f000046b000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000769000/0x1000)=nil) mremap(&(0x7f0000b89000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00006e6000/0x3000)=nil) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f00000000c0)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x62881, 0x19d) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000001600)={0x20, r3, 0x1, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x60000}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@RTM_NEWMDB={0x38, 0x55, 0x1e5, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r7, 0x1, 0x1, 0x2, {@in6_addr=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x86dd}}}]}, 0x38}}, 0x20044050) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') 8.147806955s ago: executing program 4 (id=2376): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040), 0xc) timer_create(0x7, &(0x7f0000000140)={0x0, 0x38, 0x4, @thr={&(0x7f0000000000)="740922f659f4317f4a67ca1544286b11915734934d762be6f7136210a90c5449174d75435fbc66255763d43cac9c2b9ae74c4bf0ed6931453f9e0af36484438e4f1541ca6837ee8e25aeeba1d077ce2574082f74e5e3e2d96aef8beb3890e415ce5eaa69ae74efd3d1d248679e24873bb4889c893b37f131a553b67c8d4b1fb266e459d033d238c5f4bac1ff6d8f4d82f0", 0x0}}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100000000000400048008000c8004000b800800020001000000a00008801c000780080077144ebb0000080006000000000008000500"], 0xd0}}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = dup(r5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r7 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r7, 0x2, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r8, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x600, 0x0, 0x0, 0x6}, [@IFLA_ADDRESS={0xa, 0x3, @random="08e7eebc872f"}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x44}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000) ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) 8.094377589s ago: executing program 3 (id=2379): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000005300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="100100002e00092027bd70000000000004"], 0x110}, 0x1, 0x0, 0x0, 0x42845}, 0x84) 7.999562502s ago: executing program 3 (id=2382): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$netlink(0x10, 0x3, 0x400000000000004) read(r3, &(0x7f0000000300)=""/250, 0xfa) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r4, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c0001800500020000000000080004000500000008000100020000002400"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={0x0, 0x20}}, 0x4000000) 7.03508724s ago: executing program 3 (id=2386): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_triestat\x00') read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000f00), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000540)={0x16, 0x98, 0xfa00, {0x0, 0x804, r2, 0x10, 0x1, @in6={0xa, 0x5e23, 0xf33, @loopback, 0xa9f}}}, 0xa0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r5, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x23, 0x28, 0x0, 0x20, 0xfd, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @timestamp_reply={0xe, 0x0, 0x0, 0x3, 0x6, 0x2, 0xd, 0x1}}}}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x1d, 0x3, @private=0xa010102, @local}}}}}}, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r3, &(0x7f0000000200)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000003c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4c80d}, 0x40) preadv2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000000040)=""/149, 0x95}, {&(0x7f0000000240)=""/173, 0xad}], 0x3, 0x100, 0x2, 0x4) 7.034687291s ago: executing program 3 (id=2387): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000140)=0x9, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e21, @local}, @in6={0xa, 0x4e22, 0x4, @ipv4={'\x00', '\xff\xff', @remote}, 0x8}], 0x2c) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x10) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000140)=0x9, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x4e20, 0x25, @rand_addr=' \x01\x00', 0x7}], 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = fsopen(&(0x7f0000000200)='affs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x0, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) r7 = syz_io_uring_setup(0xbc4, &(0x7f0000000400)={0x0, 0x7079, 0x8, 0x4, 0x28c}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f0000000180)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x4d, 0x0, 0xffffffffffffffff, 0x0, r7, 0x1, 0x0, 0x2}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 6.264207591s ago: executing program 4 (id=2392): r0 = syz_open_dev$radio(&(0x7f0000000280), 0x3, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'veth0_to_bridge\x00', @ifru_ivalue=0x6}) ioctl$sock_netdev_private(r1, 0x8948, &(0x7f0000000000)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x1, 0x12) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000002700)=""/102392, 0x18ff8) write$UHID_INPUT(r5, &(0x7f0000000000)={0xa, {"a2e39b214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324d078b089b3b0838681a0890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b343b0d076c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c30900004288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef7becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe505003d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6ae4effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d71eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d471c8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949d9a92587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15aa82000000000000a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000", 0x1000}}, 0x1020) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) io_uring_register$IORING_REGISTER_CLOCK(r3, 0x1d, &(0x7f0000001280)={0x7}, 0x0) sendmsg$SMC_PNETID_DEL(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000011c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="270e28bd700000000000040702005f38e625ba3c2dc9116f1cdfb1a36dd880661f769f5756"], 0x14}, 0x1, 0x40030000000000}, 0x4000) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f00000012c0)=ANY=[@ANYBLOB="48000000754add41739eacfd8ff783b184e81586b7c6aee2d37d499202627bf41142c2beb7fa3031dcea1e1125772c7561ada53384c843d15dbc16c7e658de7f496b0f2b877fd970bb61ef8177bbc95b50ea92937a01089afe6900"/101, @ANYRESOCT=r7, @ANYBLOB="00032abd7000fcdbdf25020000000500000000000000315f766972745f77696669000900010073797a320000000005000400010000000900012173797a3200000000"], 0x48}, 0x1, 0x0, 0x0, 0x20000010}, 0x80) readv(r3, &(0x7f0000000140)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r0], 0x0, 0xdb89, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000001040)={0x0, 0x7c, "13c185bcc4897626ce5c379af7a6261a23b642aeb624bb89cece1e4f824739556609c01282646cfee1ca4323e0422338c8ed5976bf957baec32507c5e6e48b4c768a598f442446afda70b62158b3c10397847018ac38fa74cea8c43c2ea43ce4857d8d74c42467db401bf0924de81ab0372e81d37e11531ba7cc4b5f"}, &(0x7f0000001100)=0x84) getsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000001200)={r8, 0x33, 0x10f400, 0xffffff00}, &(0x7f0000001240)=0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001140)=ANY=[@ANYRESDEC=r1, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000a7a7f24877dfd22bdf11cc28e06db1f710e0c94ce307090e09ce885aefba221edd43617e27829a81025a5c4e9314a774f7147f", @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r2], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86) fchmod(r10, 0xcc) r11 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r11, 0x0, 0x0) ftruncate(r2, 0x6000000) 5.069218174s ago: executing program 0 (id=2394): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$netlink(0x10, 0x3, 0x400000000000004) read(r3, &(0x7f0000000300)=""/250, 0xfa) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r4, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c0001800500020000000000080004000500000008000100020000002400"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={0x0, 0x20}}, 0x4000000) 4.46245641s ago: executing program 4 (id=2395): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0) r1 = syz_open_dev$vim2m(0x0, 0x20007, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0xc04c561a, &(0x7f0000000180)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0xf, &(0x7f0000000080)=0x5, 0xa) syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), r2) pipe2$9p(&(0x7f00000002c0), 0x800) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/bus/input/devices\x00', 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r4, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) r6 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r6, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc", 0x24}], 0x1) openat$vicodec1(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) 4.338893855s ago: executing program 3 (id=2397): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x18) ioctl$HIDIOCGNAME(0xffffffffffffffff, 0x80404806, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1500040006000000010000000100000000040000", @ANYRES32=0x1, @ANYBLOB="350100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200"/28], 0x50) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @broadcast}}}, 0x0, 0x0, 0xc, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4e1d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) fcntl$getownex(r3, 0x10, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x8, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000080), 0x3, 0x2) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f00000000c0)={0xf0f041}) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r7 = userfaultfd(0x80801) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x54d}) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f00003cd000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c9a000/0x2000)=nil) close_range(r7, 0xffffffffffffffff, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) 4.172529951s ago: executing program 0 (id=2398): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002400)=ANY=[@ANYBLOB="140000001000010000000000000000010100000a28000000000a03000000000000000000010000090900010073797a3000000000080002400000000228000000000a03000000000000000000010000090b00010073797a3000000000080002"], 0x78}}, 0x20000080) 4.093222436s ago: executing program 0 (id=2399): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x10, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async) prlimit64(0x0, 0xc, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000300), 0x4) r2 = io_uring_setup(0x8034b, &(0x7f0000000400)={0x0, 0x4, 0x40, 0x0, 0x10}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0x12, 0x20000019, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) (async) r6 = socket$netlink(0x10, 0x3, 0x15) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff000000", 0x46}], 0x1) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r5, 0x0) (async) memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0) (async) sendfile(r5, r5, 0x0, 0x40008) (async) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) (async) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x4, @mcast2, 0xd64b}, 0x1c) (async) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$VIDIOC_G_AUDOUT(0xffffffffffffffff, 0x80345631, &(0x7f0000000040)) (async) ioctl$int_in(r7, 0x5452, &(0x7f0000000280)=0x5) (async) ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000000)=0xe) (async) syz_open_dev$usbfs(&(0x7f0000000100), 0xe, 0x123100) syz_open_dev$video4linux(&(0x7f00000001c0), 0x4, 0x703340) 3.562665203s ago: executing program 4 (id=2400): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x3, r0, 0x3, &(0x7f0000000080)) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x4, 0x38e01) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x11}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x134}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) write$binfmt_format(r3, &(0x7f00000002c0)='0\x00', 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000031000000000000000000000034000100ffffffff9500ea0000000000"], &(0x7f0000000080)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x24}, 0x94) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r6, &(0x7f0000001240)=""/102400, 0x200000, 0x200000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f0000000100)) r7 = openat$vmci(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r7, 0x7af, &(0x7f0000000180)={@host, 0x100}) 3.011317317s ago: executing program 3 (id=2404): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x0, 0x0) syz_io_uring_setup(0x463e, &(0x7f00000003c0)={0x0, 0xda6e, 0x8, 0x2, 0x24b}, &(0x7f00000000c0)=0x0, &(0x7f0000000440)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000600)=0x9, 0x0, 0x4) bind$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfb, 0x20}, 0xc) close(0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000000, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) r3 = getpid() prlimit64(r3, 0x6, &(0x7f0000000140)={0x8, 0x4}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) r5 = getpid() read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_usb_connect(0x6, 0x24, &(0x7f00000005c0)=ANY=[@ANYRES32=r5], 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x15, 0x300}) r7 = open(&(0x7f0000000040)='./file0\x00', 0x84242, 0x1df2a23c5997fa7a) write$FUSE_CREATE_OPEN(r7, &(0x7f0000000500)={0xa0, 0xfffffffffffffffe, 0x0, {{0x80000004, 0x3, 0xfffffffffffffffb, 0xfffffffffedfff81, 0x3, 0x1, {0x2, 0x8, 0x20fb, 0x6d5300ae, 0xf7c, 0x800000000000d615, 0x3fb, 0x7fffffff, 0x9, 0x1000, 0x8, 0x0, 0x0, 0x3ff, 0x4008ea2}}, {0x0, 0x13}}}, 0xa0) sendfile(r7, r7, &(0x7f0000000080), 0x7f04) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) 3.011068793s ago: executing program 0 (id=2405): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) setsockopt$sock_int(r0, 0x1, 0x21, 0x0, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000000)=0x21, 0x4) write(r0, &(0x7f0000000000), 0x0) socket(0x1, 0x80000, 0x0) recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r1 = socket$inet6(0xa, 0x80000, 0x2) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c00000002060500000034e4fdff00000200000005000100060000000500040000000000000000070005000a00000011000300686173683a69702c706f727400000000"], 0x4c}}, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x18, 0x2, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(r3, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000380)={'wlan1\x00', 0x8000}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x0}, 0x94) 2.481427697s ago: executing program 4 (id=2406): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="06000000040000"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x28100, 0x0) setreuid(0xffffffffffffffff, 0xee01) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_PMU_CAPABILITY(r4, 0x4068aea3, &(0x7f0000000040)={0xdc, 0x0, 0x3}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000080)=0x40000) r6 = openat$cdrom(0xffffff9c, &(0x7f0000000100), 0x42, 0x0) ioctl$CDROM_NEXT_WRITABLE(r6, 0x2201, &(0x7f0000003f80)) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'salsa20-generic\x00'}, 0x58) r8 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(r8, &(0x7f00000000c0)={0x1d, r9, 0x8000000000000003, {}, 0xfd}, 0x18) sendmsg$nl_route_sched(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@getchain={0x24, 0x66, 0x400, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0xffff, 0x3}, {0xfff1, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004845}, 0x480c5) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000004c0), 0x0) accept4(r7, 0x0, 0x0, 0x800) 1.125533391s ago: executing program 2 (id=2407): r0 = openat$vicodec1(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000140)={0x0, @bt={0x0, 0x6, 0x1, 0x2, 0x14, 0x100, 0xb, 0x0, 0x7, 0x0, 0xfffffffc, 0x7, 0x6, 0xffff, 0x1, 0x18, {0x0, 0x2}, 0x9}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x6c}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1400000042ca360000000000008bc9440000000021748eb4d241eb37b52ad719b01d12ea011a6332a198d9617c70d635393dcf2700000000000000071c96f3ed7b6f26cf5bc4155c9733bd6678d80aa758376e3af3cc472ee2e418e43bc62b17fa6bd8babc487bb5de18d698d5bb3ccc80ffe63cffa4854d3e94456d97a734c22f40df807d4506f64a0ff3ebc87cc4cf89cf2032c3786821ddad4d373ed893a9c550cf127ea635ea5029d6109b7ed5aff002d24da478dd07b0aaf47e6340628d0f0782cabe90e977f31433195c27489061"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) sendmsg$IPCTNL_MSG_CT_GET_DYING(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010024bd7000fcdbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e0033123d923ed75b180000000000000079a7000000"], 0x30}, 0x1, 0x0, 0x0, 0x24014804}, 0x9590f6cc3aa711f2) 1.029088106s ago: executing program 2 (id=2408): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x20, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x8}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet(0x2, 0x1, 0x100) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f0000001400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2}}, &(0x7f00000014c0)=""/218, 0x1a, 0xda, 0x1}, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x4, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = fsopen(&(0x7f00000001c0)='hpfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r6 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) tkill(r6, 0xb) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'veth1_macvtap\x00', 0x1}, 0x18) utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sysfs$2(0x2, 0x19, 0x0) 631.567461ms ago: executing program 4 (id=2409): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) socket$inet6_icmp(0xa, 0x2, 0x3a) socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x497, 0x0, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 464.556537ms ago: executing program 0 (id=2410): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0, 0x0, 0x15d}, 0x18) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x4, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000240)=0x1) 367.138951ms ago: executing program 0 (id=2411): mkdir(0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES64], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getpid() socket$rxrpc(0x21, 0x2, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="d6381800e7ff0d0000000000000600207c00000000000005"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x40}, 0x94) socket(0x10, 0x3, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'ipvlan1\x00'}) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x8000, 0x8003, 0x283}, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000140)=[@request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) 140.221339ms ago: executing program 2 (id=2412): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000340), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r1, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}]}, 0x24}, 0x1, 0x0, 0x0, 0x5}, 0x24000040) 60.26239ms ago: executing program 2 (id=2413): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x810, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 60.119622ms ago: executing program 2 (id=2414): syz_emit_ethernet(0x42, &(0x7f0000000c40)={@multicast, @multicast, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @generic={0x0, 0x6, "2c96ed", 0x8, 0x3c, 0x0, @dev, @local, {[], "748880470afb932c"}}}}}, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x1f) 0s ago: executing program 2 (id=2415): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x2, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x5a0, 0x68}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000050}, 0x0) r2 = io_uring_setup(0x2cee, &(0x7f0000000200)={0x0, 0x93b0, 0x800, 0xfffffffd, 0x3da}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xcb94a5711210fa60, 0xf0}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @hsr={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_HSR_VERSION={0x5, 0x6, 0x8}]}}}, @IFLA_PHYS_PORT_ID={0x1c, 0x22, "03f18e849bdc4d4bf09a346fc2c73dd3211f70d623dd3bb9"}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x50) io_uring_register$IORING_REGISTER_CLOCK(r2, 0x1d, &(0x7f0000000000)={0x1}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$cuse(0xffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@default_ibss_ssid, 0x6, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) pipe2$watch_queue(0x0, 0x80) r6 = openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) sendfile(r6, r6, 0x0, 0x1b) 0s ago: executing program 3 (id=2416): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x8001, 0x4, 0x8, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0x1, 0xff, 0x2, 0x1, 0x8, 0x2, 0x6, 0x9, 0xfffffffe, 0x9, 0x43, 0x40000003, 0x89, 0x9, 0xf27, 0x6, 0x800b, 0x8, 0x5, 0x6, 0x8, 0x10000, 0xfffffff4]}) r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) r5 = getpid() r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x3c, r7, 0xc2ddb5edb7ba9069, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r7, 0x2, 0x70bd25, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$TIPC_NL_PUBL_GET(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="01002bbd70000000000002"], 0x18}}, 0x0) ioctl$VIDIOC_QUERYMENU(r1, 0xc008561c, &(0x7f00000001c0)={0x980903, 0x8081, @name="6736516728a5678c18a4ec047f3f1fa52fe9a9987d0406b3a0c705c611b66f06"}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETGEN(r8, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0xc004) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r9, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x80000001, 0x30, 0x30, 0x0, @ib={0x1b, 0x40, 0x80000009, {"42c566b29f536e030d6bbaecb62cfdf9"}, 0x2, 0xdb8, 0x7fff}, @in6={0xa, 0x4e22, 0x24e, @rand_addr=' \x01\x00', 0x21}}}, 0x118) kernel console output (not intermixed with test programs): 312.226278][T11947] vhci_hcd: connection closed [ 312.227166][ T1142] vhci_hcd: stop threads [ 312.230319][ T1142] vhci_hcd: release socket [ 312.231889][ T1142] vhci_hcd: disconnect device [ 312.439594][T11957] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 312.577715][T11957] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.051465][ T29] usb 42-1: device descriptor read/8, error -110 [ 313.246454][T11976] usb usb8: usbfs: process 11976 (syz.3.1767) did not claim interface 0 before use [ 313.405745][ T9] usb 5-1: USB disconnect, device number 13 [ 313.459252][ T29] usb usb42-port1: unable to enumerate USB device [ 315.488872][T12018] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 315.491080][T12018] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 315.494596][T12018] vhci_hcd vhci_hcd.0: Device attached [ 315.633058][T12025] FAULT_INJECTION: forcing a failure. [ 315.633058][T12025] name failslab, interval 1, probability 0, space 0, times 0 [ 315.643383][T12025] CPU: 0 UID: 0 PID: 12025 Comm: syz.3.1783 Not tainted syzkaller #0 PREEMPT(full) [ 315.643409][T12025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 315.643419][T12025] Call Trace: [ 315.643425][T12025] [ 315.643433][T12025] dump_stack_lvl+0x16c/0x1f0 [ 315.643456][T12025] should_fail_ex+0x512/0x640 [ 315.643481][T12025] should_failslab+0xc2/0x120 [ 315.643508][T12025] __kmalloc_cache_noprof+0x72/0x780 [ 315.643529][T12025] ? sctp_add_bind_addr+0xae/0x3f0 [ 315.643560][T12025] ? sctp_add_bind_addr+0xae/0x3f0 [ 315.643599][T12025] sctp_add_bind_addr+0xae/0x3f0 [ 315.643628][T12025] sctp_copy_local_addr_list+0x349/0x550 [ 315.643650][T12025] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 315.643671][T12025] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 315.643691][T12025] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 315.643714][T12025] sctp_bind_addr_copy+0xe0/0x530 [ 315.643748][T12025] sctp_connect_new_asoc+0x1c9/0x770 [ 315.643772][T12025] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 315.643820][T12025] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 315.643849][T12025] sctp_sendmsg+0x1557/0x1e00 [ 315.643880][T12025] ? __pfx_sctp_sendmsg+0x10/0x10 [ 315.643899][T12025] ? __pfx___might_resched+0x10/0x10 [ 315.643926][T12025] ? aa_sk_perm+0x2f4/0xb10 [ 315.643953][T12025] ? __pfx_aa_sk_perm+0x10/0x10 [ 315.643974][T12025] ? find_held_lock+0x2b/0x80 [ 315.644002][T12025] ? __pfx_sctp_sendmsg+0x10/0x10 [ 315.644025][T12025] inet_sendmsg+0x11c/0x140 [ 315.644048][T12025] ____sys_sendmsg+0x973/0xc70 [ 315.644069][T12025] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.644084][T12025] ? get_compat_msghdr+0x11a/0x170 [ 315.644119][T12025] ___sys_sendmsg+0x134/0x1d0 [ 315.644145][T12025] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.644195][T12025] ? find_held_lock+0x2b/0x80 [ 315.644235][T12025] __sys_sendmsg+0x16d/0x220 [ 315.644259][T12025] ? __pfx___sys_sendmsg+0x10/0x10 [ 315.644295][T12025] ? rcu_is_watching+0x12/0xc0 [ 315.644320][T12025] __do_fast_syscall_32+0x7c/0x300 [ 315.644343][T12025] do_fast_syscall_32+0x32/0x80 [ 315.644363][T12025] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 315.644384][T12025] RIP: 0023:0xf7f33579 [ 315.644398][T12025] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 315.644414][T12025] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 315.644430][T12025] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 315.644441][T12025] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 0000000000000000 [ 315.644451][T12025] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 315.644460][T12025] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 315.644470][T12025] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 315.644495][T12025] [ 315.837733][ T29] usb 46-1: SetAddress Request (8) to port 0 [ 315.839842][ T29] usb 46-1: new SuperSpeed USB device number 8 using vhci_hcd [ 315.894707][ T40] audit: type=1326 audit(1764670540.855:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 315.895604][T12027] FAULT_INJECTION: forcing a failure. [ 315.895604][T12027] name failslab, interval 1, probability 0, space 0, times 0 [ 315.905688][ T40] audit: type=1326 audit(1764670540.855:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 315.908642][T12027] CPU: 1 UID: 0 PID: 12027 Comm: syz.3.1784 Not tainted syzkaller #0 PREEMPT(full) [ 315.908658][T12027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 315.908664][T12027] Call Trace: [ 315.908669][T12027] [ 315.908673][T12027] dump_stack_lvl+0x16c/0x1f0 [ 315.908692][T12027] should_fail_ex+0x512/0x640 [ 315.908708][T12027] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 315.908727][T12027] should_failslab+0xc2/0x120 [ 315.908745][T12027] kmem_cache_alloc_noprof+0x75/0x6e0 [ 315.908757][T12027] ? rcu_watching_snap_stopped_since+0x70/0x110 [ 315.908771][T12027] ? do_epoll_ctl+0x1170/0x3790 [ 315.908793][T12027] ? do_epoll_ctl+0x1170/0x3790 [ 315.908805][T12027] do_epoll_ctl+0x1170/0x3790 [ 315.908825][T12027] ? __pfx_do_epoll_ctl+0x10/0x10 [ 315.908838][T12027] ? find_held_lock+0x2b/0x80 [ 315.908849][T12027] ? __might_fault+0xe3/0x190 [ 315.908867][T12027] ? __ia32_sys_epoll_ctl+0x15b/0x1e0 [ 315.908885][T12027] __ia32_sys_epoll_ctl+0x15b/0x1e0 [ 315.908899][T12027] ? __pfx___ia32_sys_epoll_ctl+0x10/0x10 [ 315.908914][T12027] ? __secure_computing+0x21c/0x320 [ 315.908932][T12027] __do_fast_syscall_32+0x7c/0x300 [ 315.908945][T12027] do_fast_syscall_32+0x32/0x80 [ 315.908957][T12027] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 315.908970][T12027] RIP: 0023:0xf7f33579 [ 315.908978][T12027] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 315.908988][T12027] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 00000000000000ff [ 315.908998][T12027] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001 [ 315.909005][T12027] RDX: 0000000000000003 RSI: 0000000080000400 RDI: 0000000000000000 [ 315.909011][T12027] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 315.909017][T12027] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 315.909022][T12027] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 315.909036][T12027] [ 316.005616][T12019] vhci_hcd: connection reset by peer [ 316.007962][ T12] vhci_hcd: stop threads [ 316.009519][ T12] vhci_hcd: release socket [ 316.011434][ T12] vhci_hcd: disconnect device [ 316.013234][ T40] audit: type=1326 audit(1764670540.855:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 316.020292][ T40] audit: type=1326 audit(1764670540.855:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 316.030473][ T40] audit: type=1326 audit(1764670540.855:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 316.042198][ T40] audit: type=1326 audit(1764670540.855:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=255 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 316.051051][ T40] audit: type=1326 audit(1764670540.865:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 316.059084][ T40] audit: type=1326 audit(1764670540.865:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 316.068993][ T40] audit: type=1326 audit(1764670540.865:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 316.079345][ T40] audit: type=1326 audit(1764670540.865:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12026 comm="syz.3.1784" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 316.875633][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.860454][T12064] autofs: Unknown parameter '°É%tïÀtC[þ'{ê¿›l#ïW8X<ÈÃÂa»%Ó¿w\TMç&:¹ÑžeëU¡Õ˜š[vš1r˜ÊQ$­Š8¢ÈŸ"¢çìćd¥WNîýË2äùÈ؇ÙÑpŠÞÈž^£m?'>90ZY&B' [ 318.190808][T12067] binder: 12066:12067 ioctl c0709411 80000180 returned -22 [ 318.415944][T12076] __nla_validate_parse: 1 callbacks suppressed [ 318.415956][T12076] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1797'. [ 319.388065][T12082] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 319.390355][T12082] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 319.393595][T12082] vhci_hcd vhci_hcd.0: Device attached [ 319.732405][T12083] vhci_hcd: connection closed [ 319.733115][ T12] vhci_hcd: stop threads [ 319.737248][ T12] vhci_hcd: release socket [ 319.739436][ T12] vhci_hcd: disconnect device [ 320.876559][ T29] usb 46-1: device descriptor read/8, error -110 [ 321.229799][T12104] ip6gretap0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 321.267368][ T29] usb usb46-port1: attempt power cycle [ 322.041953][ T29] usb usb46-port1: unable to enumerate USB device [ 322.069931][T12126] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 322.072769][T12126] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 322.076823][T12126] vhci_hcd vhci_hcd.0: Device attached [ 322.557542][T12134] tipc: Started in network mode [ 322.559403][T12134] tipc: Node identity 4, cluster identity 4711 [ 322.561490][T12134] tipc: Node number set to 4 [ 322.724119][T12128] vhci_hcd: connection closed [ 322.724355][ T1192] vhci_hcd: stop threads [ 322.727602][ T1192] vhci_hcd: release socket [ 322.729864][ T1192] vhci_hcd: disconnect device [ 323.395066][T12140] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1813'. [ 323.398274][T12140] ip6gre0: Master is either lo or non-ether device [ 323.477970][T12142] binder: 12139:12142 ioctl c0306201 80000280 returned -14 [ 323.537954][T12144] netlink: 'syz.0.1814': attribute type 1 has an invalid length. [ 323.541204][T12144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1814'. [ 324.143807][T12154] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 324.148232][T12154] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1817'. [ 324.151669][T12154] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1817'. [ 324.154798][T12154] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1817'. [ 324.410232][T12156] FAULT_INJECTION: forcing a failure. [ 324.410232][T12156] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.414932][T12156] CPU: 3 UID: 0 PID: 12156 Comm: syz.2.1818 Not tainted syzkaller #0 PREEMPT(full) [ 324.414946][T12156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 324.414953][T12156] Call Trace: [ 324.414957][T12156] [ 324.414962][T12156] dump_stack_lvl+0x16c/0x1f0 [ 324.414976][T12156] should_fail_ex+0x512/0x640 [ 324.414993][T12156] _copy_from_user+0x2e/0xd0 [ 324.415006][T12156] ia32_restore_sigcontext+0xc3/0x630 [ 324.415023][T12156] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 324.415042][T12156] ? rcu_is_watching+0x12/0xc0 [ 324.415054][T12156] ? _raw_spin_unlock_irq+0x23/0x50 [ 324.415070][T12156] ? lockdep_hardirqs_on+0x7c/0x110 [ 324.415083][T12156] __do_compat_sys_rt_sigreturn+0x18c/0x270 [ 324.415098][T12156] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 324.415116][T12156] ? rcu_is_watching+0x12/0xc0 [ 324.415128][T12156] do_int80_emulation+0x104/0x3e0 [ 324.415141][T12156] asm_int80_emulation+0x1a/0x20 [ 324.415152][T12156] RIP: 0023:0xf7f855a7 [ 324.415160][T12156] Code: 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 90 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 90 55 89 e5 57 8d 3d 2c dc ff ff 56 53 e8 [ 324.415170][T12156] RSP: 002b:00000000f5475940 EFLAGS: 00000286 ORIG_RAX: 00000000000000ad [ 324.415180][T12156] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f54759cc [ 324.415186][T12156] RDX: 00000000f547594c RSI: 0000000000000000 RDI: 0000000000000000 [ 324.415192][T12156] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 324.415198][T12156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.415204][T12156] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 324.415218][T12156] [ 324.772905][T12169] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 324.775780][T12169] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 324.779477][T12169] vhci_hcd vhci_hcd.0: Device attached [ 325.330878][T12179] netlink: zone id is out of range [ 325.410283][ T6033] usb 46-1: SetAddress Request (13) to port 0 [ 325.412635][ T6033] usb 46-1: new SuperSpeed USB device number 13 using vhci_hcd [ 325.420863][T12184] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 325.426305][T12184] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1826'. [ 325.430730][T12184] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1826'. [ 325.433789][T12184] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1826'. [ 325.506127][T12172] vhci_hcd: connection reset by peer [ 325.508201][ T12] vhci_hcd: stop threads [ 325.509660][ T12] vhci_hcd: release socket [ 325.511469][ T12] vhci_hcd: disconnect device [ 325.828416][T12194] ntfs3(nullb0): Primary boot signature is not NTFS. [ 325.839956][T12194] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 326.006063][T12196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1829'. [ 326.009144][T12196] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 326.859359][T12192] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.862662][T12192] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.940422][T12192] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 326.951644][T12192] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 327.018707][T12192] macvlan0: left promiscuous mode [ 327.095834][T12192] batadv1: left allmulticast mode [ 327.100256][ T6014] lo speed is unknown, defaulting to 1000 [ 327.151388][ T6014] syz: Port: 1 Link DOWN [ 327.154801][ T1145] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.157868][ T1145] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.161347][ T1145] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.180802][ T1145] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.283449][T12214] netlink: zone id is out of range [ 327.301046][T12212] random: crng reseeded on system resumption [ 327.902309][T12228] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 327.905552][T12228] UDF-fs: Scanning with blocksize 2048 failed [ 327.912114][T12228] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 327.914879][T12228] UDF-fs: Scanning with blocksize 4096 failed [ 328.508882][T12239] netlink: zone id is out of range [ 328.990947][T12255] lo speed is unknown, defaulting to 1000 [ 328.997811][T12255] lo speed is unknown, defaulting to 1000 [ 329.005444][T12255] wg2 speed is unknown, defaulting to 1000 [ 329.044641][T12257] lo: entered promiscuous mode [ 329.046526][T12257] lo: entered allmulticast mode [ 329.050302][ T6093] lo speed is unknown, defaulting to 1000 [ 329.052666][ T6093] syz: Port: 1 Link ACTIVE [ 329.551478][T12268] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1851'. [ 329.593275][T12268] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1851'. [ 329.820991][T12272] FAULT_INJECTION: forcing a failure. [ 329.820991][T12272] name failslab, interval 1, probability 0, space 0, times 0 [ 329.827116][T12272] CPU: 3 UID: 0 PID: 12272 Comm: syz.2.1852 Not tainted syzkaller #0 PREEMPT(full) [ 329.827138][T12272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 329.827147][T12272] Call Trace: [ 329.827153][T12272] [ 329.827160][T12272] dump_stack_lvl+0x16c/0x1f0 [ 329.827180][T12272] should_fail_ex+0x512/0x640 [ 329.827198][T12272] ? __kmalloc_noprof+0xca/0x880 [ 329.827214][T12272] should_failslab+0xc2/0x120 [ 329.827237][T12272] __kmalloc_noprof+0xdd/0x880 [ 329.827252][T12272] ? rcu_is_watching+0x12/0xc0 [ 329.827270][T12272] ? genl_sk_priv_get+0x71/0x230 [ 329.827292][T12272] ? genl_sk_priv_get+0x71/0x230 [ 329.827307][T12272] genl_sk_priv_get+0x71/0x230 [ 329.827321][T12272] devlink_nl_notify_filter_set_doit+0x338/0x620 [ 329.827346][T12272] genl_family_rcv_msg_doit+0x209/0x2f0 [ 329.827364][T12272] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 329.827380][T12272] ? genl_get_cmd+0x194/0x580 [ 329.827401][T12272] ? ____sys_sendmsg+0xa98/0xc70 [ 329.827412][T12272] ? ___sys_sendmsg+0x134/0x1d0 [ 329.827428][T12272] ? __radix_tree_lookup+0x21f/0x2c0 [ 329.827455][T12272] genl_rcv_msg+0x55c/0x800 [ 329.827474][T12272] ? __pfx_genl_rcv_msg+0x10/0x10 [ 329.827490][T12272] ? __pfx_devlink_nl_notify_filter_set_doit+0x10/0x10 [ 329.827512][T12272] ? __lock_acquire+0x622/0x1c90 [ 329.827536][T12272] netlink_rcv_skb+0x158/0x420 [ 329.827559][T12272] ? __pfx_genl_rcv_msg+0x10/0x10 [ 329.827575][T12272] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 329.827601][T12272] ? netlink_deliver_tap+0x1ae/0xd30 [ 329.827618][T12272] genl_rcv+0x28/0x40 [ 329.827627][T12272] netlink_unicast+0x5aa/0x870 [ 329.827644][T12272] ? __pfx_netlink_unicast+0x10/0x10 [ 329.827664][T12272] netlink_sendmsg+0x8c8/0xdd0 [ 329.827718][T12272] ? __pfx_netlink_sendmsg+0x10/0x10 [ 329.827744][T12272] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 329.827763][T12272] ____sys_sendmsg+0xa98/0xc70 [ 329.827780][T12272] ? __pfx_____sys_sendmsg+0x10/0x10 [ 329.827794][T12272] ? get_compat_msghdr+0x11a/0x170 [ 329.827825][T12272] ___sys_sendmsg+0x134/0x1d0 [ 329.827846][T12272] ? __pfx____sys_sendmsg+0x10/0x10 [ 329.827874][T12272] ? find_held_lock+0x2b/0x80 [ 329.827908][T12272] __sys_sendmsg+0x16d/0x220 [ 329.827928][T12272] ? __pfx___sys_sendmsg+0x10/0x10 [ 329.827959][T12272] ? rcu_is_watching+0x12/0xc0 [ 329.827976][T12272] __do_fast_syscall_32+0x7c/0x300 [ 329.827996][T12272] do_fast_syscall_32+0x32/0x80 [ 329.828013][T12272] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 329.828032][T12272] RIP: 0023:0xf7f85579 [ 329.828045][T12272] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 329.828060][T12272] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 329.828071][T12272] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000340 [ 329.828081][T12272] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 329.828089][T12272] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 329.828098][T12272] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 329.828107][T12272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 329.828130][T12272] [ 329.941771][T12277] netlink: 'syz.0.1853': attribute type 11 has an invalid length. [ 329.969800][T12277] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1853'. [ 330.073631][ T40] audit: type=1326 audit(1764670811.017:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 330.080701][ T40] audit: type=1326 audit(1764670811.017:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000 [ 330.088282][ T40] audit: type=1326 audit(1764670811.017:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000 [ 330.095826][ T40] audit: type=1326 audit(1764670811.017:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000 [ 330.103031][ T40] audit: type=1326 audit(1764670811.017:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000 [ 330.110139][ T40] audit: type=1326 audit(1764670811.017:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000 [ 330.117373][ T40] audit: type=1326 audit(1764670811.017:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000 [ 330.124469][ T40] audit: type=1326 audit(1764670811.017:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 330.131739][ T40] audit: type=1326 audit(1764670811.017:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 330.138937][ T40] audit: type=1326 audit(1764670811.017:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12278 comm="syz.2.1854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 330.162118][T12288] netlink: 'syz.4.1857': attribute type 10 has an invalid length. [ 330.277941][T12291] siw: device registration error -23 [ 330.296323][T12291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1855'. [ 330.388856][T12279] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1854'. [ 330.468596][T12295] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1858'. [ 330.485418][ T6033] usb 46-1: device descriptor read/8, error -110 [ 330.775892][T12314] FAULT_INJECTION: forcing a failure. [ 330.775892][T12314] name failslab, interval 1, probability 0, space 0, times 0 [ 330.781134][T12314] CPU: 3 UID: 0 PID: 12314 Comm: syz.4.1861 Not tainted syzkaller #0 PREEMPT(full) [ 330.781156][T12314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 330.781167][T12314] Call Trace: [ 330.781173][T12314] [ 330.781180][T12314] dump_stack_lvl+0x16c/0x1f0 [ 330.781203][T12314] should_fail_ex+0x512/0x640 [ 330.781223][T12314] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 330.781248][T12314] should_failslab+0xc2/0x120 [ 330.781274][T12314] kmem_cache_alloc_node_noprof+0x78/0x770 [ 330.781294][T12314] ? __alloc_skb+0x2b2/0x380 [ 330.781321][T12314] ? __alloc_skb+0x2b2/0x380 [ 330.781340][T12314] __alloc_skb+0x2b2/0x380 [ 330.781361][T12314] ? __pfx___alloc_skb+0x10/0x10 [ 330.781380][T12314] ? kernel_text_address+0x8d/0x100 [ 330.781407][T12314] ? kernel_text_address+0x30/0x100 [ 330.781436][T12314] ? __asan_memset+0x23/0x50 [ 330.781458][T12314] tipc_buf_acquire+0x26/0xe0 [ 330.781484][T12314] tipc_msg_build+0x853/0x1150 [ 330.781515][T12314] ? __pfx_tipc_msg_build+0x10/0x10 [ 330.781555][T12314] tipc_send_group_bcast+0x7cc/0xa50 [ 330.781587][T12314] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 330.781611][T12314] ? __pfx_woken_wake_function+0x10/0x10 [ 330.781642][T12314] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 330.781680][T12314] __tipc_sendmsg+0x4ab/0x19a0 [ 330.781712][T12314] ? __pfx___tipc_sendmsg+0x10/0x10 [ 330.781765][T12314] ? __local_bh_enable_ip+0xa4/0x120 [ 330.781789][T12314] tipc_sendmsg+0x4f/0x70 [ 330.781812][T12314] ____sys_sendmsg+0xa98/0xc70 [ 330.781831][T12314] ? __pfx_____sys_sendmsg+0x10/0x10 [ 330.781846][T12314] ? get_compat_msghdr+0x11a/0x170 [ 330.781873][T12314] ? __pfx__kstrtoull+0x10/0x10 [ 330.781904][T12314] ___sys_sendmsg+0x134/0x1d0 [ 330.781927][T12314] ? __pfx____sys_sendmsg+0x10/0x10 [ 330.781947][T12314] ? __lock_acquire+0x622/0x1c90 [ 330.782005][T12314] __sys_sendmmsg+0x2f9/0x420 [ 330.782032][T12314] ? __pfx___sys_sendmmsg+0x10/0x10 [ 330.782064][T12314] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 330.782095][T12314] ? fput+0x9b/0xd0 [ 330.782120][T12314] ? ksys_write+0x1ac/0x250 [ 330.782141][T12314] ? __pfx_ksys_write+0x10/0x10 [ 330.782166][T12314] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 330.782190][T12314] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 330.782210][T12314] __do_fast_syscall_32+0x7c/0x300 [ 330.782230][T12314] do_fast_syscall_32+0x32/0x80 [ 330.782247][T12314] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 330.782267][T12314] RIP: 0023:0xf70dd579 [ 330.782280][T12314] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 330.782295][T12314] RSP: 002b:00000000f548b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 330.782311][T12314] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000800030c0 [ 330.782323][T12314] RDX: 0000000000000181 RSI: 0000000000000000 RDI: 0000000000000000 [ 330.782335][T12314] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 330.782344][T12314] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 330.782353][T12314] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 330.782376][T12314] [ 331.026567][ T6033] usb usb46-port1: attempt power cycle [ 331.150145][T12318] mkiss: ax0: crc mode is auto. [ 331.598544][ T6033] usb usb46-port1: unable to enumerate USB device [ 331.759708][T12329] overlay: filesystem on ./bus not supported [ 332.146370][T12334] FAULT_INJECTION: forcing a failure. [ 332.146370][T12334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.166771][T12334] CPU: 3 UID: 0 PID: 12334 Comm: syz.3.1870 Not tainted syzkaller #0 PREEMPT(full) [ 332.166789][T12334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 332.166795][T12334] Call Trace: [ 332.166799][T12334] [ 332.166804][T12334] dump_stack_lvl+0x16c/0x1f0 [ 332.166833][T12334] should_fail_ex+0x512/0x640 [ 332.166849][T12334] _copy_from_user+0x2e/0xd0 [ 332.166863][T12334] ia32_restore_sigcontext+0xc3/0x630 [ 332.166881][T12334] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 332.166900][T12334] ? rcu_is_watching+0x12/0xc0 [ 332.166912][T12334] ? _raw_spin_unlock_irq+0x23/0x50 [ 332.166928][T12334] ? lockdep_hardirqs_on+0x7c/0x110 [ 332.166942][T12334] __do_compat_sys_sigreturn+0x1b5/0x280 [ 332.166957][T12334] ? __pfx___do_compat_sys_sigreturn+0x10/0x10 [ 332.166974][T12334] ? rcu_is_watching+0x12/0xc0 [ 332.166987][T12334] do_int80_emulation+0x104/0x3e0 [ 332.167000][T12334] asm_int80_emulation+0x1a/0x20 [ 332.167010][T12334] RIP: 0023:0xf7f33598 [ 332.167019][T12334] Code: 00 00 51 52 55 89 e5 0f 34 cd 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 <90> 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 90 90 90 90 90 90 90 [ 332.167029][T12334] RSP: 002b:00000000f5425774 EFLAGS: 00000296 ORIG_RAX: 0000000000000077 [ 332.167040][T12334] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 332.167046][T12334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 332.167051][T12334] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 332.167057][T12334] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 332.167063][T12334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 332.167076][T12334] [ 333.614161][T12341] block nbd4: shutting down sockets [ 334.713679][T12362] overlay: filesystem on ./file1 not supported [ 335.827396][T12379] ntfs3(nullb0): Primary boot signature is not NTFS. [ 335.833728][T12379] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 336.035300][T12379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1883'. [ 336.038492][T12379] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 337.221810][T12404] netlink: zone id is out of range [ 337.310285][T12407] overlay: filesystem on ./file1 not supported [ 337.667557][ T6093] hid_parser_main: 8 callbacks suppressed [ 337.667576][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.681878][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.688213][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.695585][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.703369][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.713382][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.719594][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.723356][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.726962][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.730336][ T6093] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 337.758322][ T6093] hid-generic 0003:0004:0000.0007: hidraw1: USB HID v0.00 Device [syz0] on syz1 [ 340.598130][T12453] overlay: filesystem on ./file1 not supported [ 340.810869][T12461] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1911'. [ 340.836785][T12461] 8021q: adding VLAN 0 to HW filter on device bond2 [ 340.857604][T12461] vlan2: entered allmulticast mode [ 340.860048][T12461] bond2: entered allmulticast mode [ 341.826747][T12479] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 341.829697][T12479] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 341.834081][T12479] vhci_hcd vhci_hcd.0: Device attached [ 341.977970][T12485] overlay: filesystem on ./file1 not supported [ 342.040372][T12487] FAULT_INJECTION: forcing a failure. [ 342.040372][T12487] name failslab, interval 1, probability 0, space 0, times 0 [ 342.045863][T12487] CPU: 2 UID: 0 PID: 12487 Comm: syz.3.1917 Not tainted syzkaller #0 PREEMPT(full) [ 342.045887][T12487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 342.045899][T12487] Call Trace: [ 342.045906][T12487] [ 342.045913][T12487] dump_stack_lvl+0x16c/0x1f0 [ 342.045937][T12487] should_fail_ex+0x512/0x640 [ 342.045959][T12487] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 342.045982][T12487] should_failslab+0xc2/0x120 [ 342.046003][T12487] kmem_cache_alloc_noprof+0x75/0x6e0 [ 342.046022][T12487] ? skb_clone+0x190/0x3f0 [ 342.046052][T12487] ? skb_clone+0x190/0x3f0 [ 342.046071][T12487] skb_clone+0x190/0x3f0 [ 342.046089][T12487] netlink_deliver_tap+0xabd/0xd30 [ 342.046120][T12487] netlink_unicast+0x64c/0x870 [ 342.046148][T12487] ? __pfx_netlink_unicast+0x10/0x10 [ 342.046183][T12487] netlink_sendmsg+0x8c8/0xdd0 [ 342.046214][T12487] ? __pfx_netlink_sendmsg+0x10/0x10 [ 342.046242][T12487] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 342.046268][T12487] ____sys_sendmsg+0xa98/0xc70 [ 342.046287][T12487] ? __pfx_____sys_sendmsg+0x10/0x10 [ 342.046303][T12487] ? get_compat_msghdr+0x11a/0x170 [ 342.046338][T12487] ___sys_sendmsg+0x134/0x1d0 [ 342.046361][T12487] ? __pfx____sys_sendmsg+0x10/0x10 [ 342.046398][T12487] ? find_held_lock+0x2b/0x80 [ 342.046430][T12487] __sys_sendmsg+0x16d/0x220 [ 342.046450][T12487] ? __pfx___sys_sendmsg+0x10/0x10 [ 342.046485][T12487] ? rcu_is_watching+0x12/0xc0 [ 342.046506][T12487] __do_fast_syscall_32+0x7c/0x300 [ 342.046531][T12487] do_fast_syscall_32+0x32/0x80 [ 342.046550][T12487] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 342.046570][T12487] RIP: 0023:0xf7f33579 [ 342.046584][T12487] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 342.046601][T12487] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 342.046632][T12487] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 342.046648][T12487] RDX: 0000000000040090 RSI: 0000000000000000 RDI: 0000000000000000 [ 342.046658][T12487] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 342.046667][T12487] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 342.046678][T12487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 342.046704][T12487] [ 342.149191][ T29] usb 38-1: SetAddress Request (34) to port 0 [ 342.152021][ T29] usb 38-1: new SuperSpeed USB device number 34 using vhci_hcd [ 343.676053][T12480] vhci_hcd: connection reset by peer [ 343.678731][ T81] vhci_hcd: stop threads [ 343.680621][ T81] vhci_hcd: release socket [ 343.688645][ T81] vhci_hcd: disconnect device [ 343.769775][T12515] netlink: zone id is out of range [ 344.116874][T12524] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1929'. [ 344.120125][T12524] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1929'. [ 344.156402][T12526] syzkaller0: entered promiscuous mode [ 344.158412][T12526] syzkaller0: entered allmulticast mode [ 344.464703][T12531] fuse: Invalid rootmode [ 344.529578][T12533] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 344.531823][T12533] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 344.540075][T12533] vhci_hcd vhci_hcd.0: Device attached [ 344.550707][T12533] overlay: Unknown parameter 'uid' [ 344.729420][ T6001] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 344.799464][ T5318] usb 43-1: new high-speed USB device number 3 using vhci_hcd [ 344.885421][ T6001] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb [ 344.889225][ T6001] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201 [ 344.892768][ T6001] usb 5-1: Product: syz [ 344.894382][ T6001] usb 5-1: Manufacturer: syz [ 344.896391][ T6001] usb 5-1: SerialNumber: syz [ 344.900265][ T6001] usb 5-1: config 0 descriptor?? [ 344.911235][ T6001] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state. [ 344.914892][ T6001] dvb-usb: bulk message failed: -22 (2/0) [ 344.920655][ T6001] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 344.924969][ T6001] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB) [ 344.928329][ T6001] usb 5-1: media controller created [ 344.943757][ T6001] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 345.116211][T12531] dvb-usb: bulk message failed: -22 (4/0) [ 345.118386][T12531] cxusb: i2c read failed [ 345.127549][ T6014] Process accounting resumed [ 345.149773][T12534] vhci_hcd: connection reset by peer [ 345.151906][ T81] vhci_hcd: stop threads [ 345.153794][ T81] vhci_hcd: release socket [ 345.155808][ T81] vhci_hcd: disconnect device [ 345.234472][ T6001] cxusb: set interface failed [ 345.236094][ T6001] dvb-usb: bulk message failed: -22 (1/0) [ 345.254796][ T6001] DVB: Unable to find symbol mt352_attach() [ 345.256862][ T6001] dvb-usb: bulk message failed: -22 (5/0) [ 345.258998][ T6001] zl10353_read_register: readreg error (reg=127, ret==-121) [ 345.267488][ T6001] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB' [ 345.309992][ T6001] rc_core: IR keymap rc-dvico-mce not found [ 345.312251][ T6001] Registered IR keymap rc-empty [ 345.314680][ T6001] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0 [ 345.318874][ T6001] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input27 [ 345.324671][ T6001] dvb-usb: schedule remote query interval to 100 msecs. [ 345.327006][ T6001] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected. [ 345.332295][ T6001] usb 5-1: USB disconnect, device number 14 [ 345.355751][ T6001] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected. [ 345.549332][T12547] sp0: Synchronizing with TNC [ 345.749394][T12531] Process accounting resumed [ 346.322851][T12573] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 347.204526][T12593] Cannot find del_set index 2 as target [ 347.221999][ T29] usb 38-1: device descriptor read/8, error -110 [ 347.305318][T12600] netlink: 'syz.2.1949': attribute type 10 has an invalid length. [ 347.308990][T12600] bond0: (slave virt_wifi0): The slave device specified does not support setting the MAC address [ 347.314707][T12600] bond0: (slave virt_wifi0): Error -95 calling set_mac_address [ 347.633656][ T29] usb usb38-port1: attempt power cycle [ 348.003358][T12618] ip6gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue [ 348.701300][ T29] usb usb38-port1: unable to enumerate USB device [ 349.197223][T12653] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 349.202831][T12653] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1968'. [ 349.206698][T12653] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1968'. [ 349.213712][T12653] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1968'. [ 349.524918][T12661] fuse: Bad value for 'user_id' [ 349.526685][T12661] fuse: Bad value for 'user_id' [ 349.571224][T12667] lo speed is unknown, defaulting to 1000 [ 349.575862][T12667] lo speed is unknown, defaulting to 1000 [ 349.578508][T12667] wg2 speed is unknown, defaulting to 1000 [ 349.844384][ T841] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 349.934433][ T5318] vhci_hcd: vhci_device speed not set [ 349.962859][T12651] [U] ÿ [ 350.006576][ T841] usb 5-1: config 0 has no interfaces? [ 350.015737][ T841] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 350.025659][ T841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.035646][ T841] usb 5-1: Product: syz [ 350.041282][ T841] usb 5-1: Manufacturer: syz [ 350.048051][ T841] usb 5-1: SerialNumber: syz [ 350.059460][ T841] usb 5-1: config 0 descriptor?? [ 350.286509][ T6016] usb 5-1: USB disconnect, device number 15 [ 350.476686][T12681] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1978'. [ 350.528261][T12681] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1978'. [ 350.647283][T12691] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1979'. [ 352.807386][T12734] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1994'. [ 353.001797][T12743] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 353.307332][T12755] FAULT_INJECTION: forcing a failure. [ 353.307332][T12755] name failslab, interval 1, probability 0, space 0, times 0 [ 353.311669][T12755] CPU: 3 UID: 0 PID: 12755 Comm: syz.3.1999 Not tainted syzkaller #0 PREEMPT(full) [ 353.311684][T12755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 353.311691][T12755] Call Trace: [ 353.311695][T12755] [ 353.311699][T12755] dump_stack_lvl+0x16c/0x1f0 [ 353.311714][T12755] should_fail_ex+0x512/0x640 [ 353.311728][T12755] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 353.311742][T12755] should_failslab+0xc2/0x120 [ 353.311758][T12755] kmem_cache_alloc_noprof+0x75/0x6e0 [ 353.311774][T12755] ? alloc_empty_file+0x55/0x1e0 [ 353.311795][T12755] ? alloc_empty_file+0x55/0x1e0 [ 353.311810][T12755] ? _raw_spin_unlock+0x28/0x50 [ 353.311825][T12755] alloc_empty_file+0x55/0x1e0 [ 353.311841][T12755] alloc_file_pseudo+0x13a/0x230 [ 353.311858][T12755] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 353.311875][T12755] ? _raw_spin_unlock+0x28/0x50 [ 353.311890][T12755] ? alloc_fd+0x471/0x7d0 [ 353.311903][T12755] __anon_inode_getfile+0xe8/0x280 [ 353.311921][T12755] anon_inode_getfd+0x52/0xb0 [ 353.311936][T12755] __ia32_sys_fsopen+0x18f/0x240 [ 353.311947][T12755] __do_fast_syscall_32+0x7c/0x300 [ 353.311960][T12755] do_fast_syscall_32+0x32/0x80 [ 353.311971][T12755] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 353.311985][T12755] RIP: 0023:0xf7f33579 [ 353.311994][T12755] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 353.312004][T12755] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 00000000000001ae [ 353.312015][T12755] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000000001 [ 353.312021][T12755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 353.312027][T12755] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 353.312033][T12755] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 353.312038][T12755] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 353.312052][T12755] [ 353.441568][T12757] tipc: Started in network mode [ 353.443239][T12757] tipc: Node identity 4, cluster identity 6 [ 353.445210][T12757] tipc: Node number set to 4 [ 353.455948][T12762] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 353.460129][T12762] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2002'. [ 353.463850][T12762] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2002'. [ 353.467495][T12762] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2002'. [ 353.536977][T12768] ubi: mtd0 is already attached to ubi31 [ 353.679162][T12779] comedi comedi1: c6xdigio: I/O port conflict (0xa08,3) [ 354.352805][T12795] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 354.357627][T12795] __nla_validate_parse: 1 callbacks suppressed [ 354.357637][T12795] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2011'. [ 354.364305][T12795] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2011'. [ 354.368071][T12795] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2011'. [ 354.425585][T12799] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2013'. [ 354.428642][T12799] FAULT_INJECTION: forcing a failure. [ 354.428642][T12799] name failslab, interval 1, probability 0, space 0, times 0 [ 354.433497][T12799] CPU: 1 UID: 0 PID: 12799 Comm: syz.4.2013 Not tainted syzkaller #0 PREEMPT(full) [ 354.433522][T12799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 354.433528][T12799] Call Trace: [ 354.433532][T12799] [ 354.433537][T12799] dump_stack_lvl+0x16c/0x1f0 [ 354.433552][T12799] should_fail_ex+0x512/0x640 [ 354.433565][T12799] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 354.433581][T12799] should_failslab+0xc2/0x120 [ 354.433597][T12799] kmem_cache_alloc_node_noprof+0x78/0x770 [ 354.433610][T12799] ? __alloc_skb+0x2b2/0x380 [ 354.433625][T12799] ? __alloc_skb+0x2b2/0x380 [ 354.433636][T12799] __alloc_skb+0x2b2/0x380 [ 354.433649][T12799] ? __pfx___alloc_skb+0x10/0x10 [ 354.433661][T12799] ? genl_rcv_msg+0x4c0/0x800 [ 354.433671][T12799] ? genl_rcv_msg+0x4bb/0x800 [ 354.433684][T12799] netlink_ack+0x15d/0xb80 [ 354.433704][T12799] netlink_rcv_skb+0x332/0x420 [ 354.433720][T12799] ? __pfx_genl_rcv_msg+0x10/0x10 [ 354.433731][T12799] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 354.433752][T12799] ? netlink_deliver_tap+0x1ae/0xd30 [ 354.433769][T12799] genl_rcv+0x28/0x40 [ 354.433777][T12799] netlink_unicast+0x5aa/0x870 [ 354.433794][T12799] ? __pfx_netlink_unicast+0x10/0x10 [ 354.433815][T12799] netlink_sendmsg+0x8c8/0xdd0 [ 354.433833][T12799] ? __pfx_netlink_sendmsg+0x10/0x10 [ 354.433850][T12799] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 354.433865][T12799] ____sys_sendmsg+0xa98/0xc70 [ 354.433877][T12799] ? __pfx_____sys_sendmsg+0x10/0x10 [ 354.433886][T12799] ? get_compat_msghdr+0x11a/0x170 [ 354.433906][T12799] ___sys_sendmsg+0x134/0x1d0 [ 354.433921][T12799] ? __pfx____sys_sendmsg+0x10/0x10 [ 354.433942][T12799] ? find_held_lock+0x2b/0x80 [ 354.433964][T12799] __sys_sendmsg+0x16d/0x220 [ 354.433977][T12799] ? __pfx___sys_sendmsg+0x10/0x10 [ 354.433998][T12799] ? rcu_is_watching+0x12/0xc0 [ 354.434012][T12799] __do_fast_syscall_32+0x7c/0x300 [ 354.434026][T12799] do_fast_syscall_32+0x32/0x80 [ 354.434038][T12799] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 354.434055][T12799] RIP: 0023:0xf70dd579 [ 354.434064][T12799] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 354.434074][T12799] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 354.434085][T12799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 354.434091][T12799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 354.434097][T12799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 354.434102][T12799] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 354.434108][T12799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 354.434122][T12799] [ 354.637535][T12805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2015'. [ 354.876419][T12816] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2020'. [ 354.937517][T12822] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 354.941983][T12822] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2023'. [ 354.944978][T12822] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2023'. [ 354.947881][T12822] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2023'. [ 355.207341][T12831] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2026'. [ 355.259370][T12841] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 355.335020][T12849] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 355.723142][T12873] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 356.821938][T12909] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 357.093222][T12930] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 357.122167][T12932] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 357.306649][T12937] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 357.308844][T12937] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 357.312274][T12937] vhci_hcd vhci_hcd.0: Device attached [ 357.396771][T12937] macvlan2: entered promiscuous mode [ 357.410714][T12937] bridge0: entered promiscuous mode [ 357.611879][ T29] usb 38-1: SetAddress Request (38) to port 0 [ 357.614087][ T29] usb 38-1: new SuperSpeed USB device number 38 using vhci_hcd [ 358.029746][T12946] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 358.041393][T12946] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 358.048248][T12946] bond0 (unregistering): Released all slaves [ 358.103309][T12950] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40 [ 358.564368][T12938] vhci_hcd: connection reset by peer [ 358.566309][ T1231] vhci_hcd: stop threads [ 358.568107][ T1231] vhci_hcd: release socket [ 358.569791][ T1231] vhci_hcd: disconnect device [ 358.593679][T12963] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 358.596050][T12963] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 358.598787][T12963] vhci_hcd vhci_hcd.0: Device attached [ 358.643445][T12967] sp0: Synchronizing with TNC [ 358.653311][T12967] sp0: Found TNC [ 358.668135][T12967] 9pnet_fd: Insufficient options for proto=fd [ 358.746773][T12971] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 358.853319][ T5318] usb 45-1: new low-speed USB device number 2 using vhci_hcd [ 358.929991][T12964] vhci_hcd: connection reset by peer [ 358.932063][ T12] vhci_hcd: stop threads [ 358.935816][ T12] vhci_hcd: release socket [ 358.937829][ T12] vhci_hcd: disconnect device [ 360.594443][T12991] __nla_validate_parse: 26 callbacks suppressed [ 360.594454][T12991] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2081'. [ 360.611631][T12995] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2080'. [ 360.630306][T12997] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 360.633663][T12997] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2082'. [ 360.636760][T12997] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2082'. [ 360.639701][T12997] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2082'. [ 360.685925][ T64] Bluetooth: hci3: unexpected event for opcode 0x2019 [ 360.917563][T13015] overlayfs: missing 'lowerdir' [ 361.095966][ T842] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 361.629510][T13019] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 361.718101][T13039] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 361.720373][T13039] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 361.724671][T13039] vhci_hcd vhci_hcd.0: Device attached [ 361.726270][T13046] ubi: mtd0 is already attached to ubi31 [ 361.816489][T13058] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 361.871093][T13060] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2094'. [ 361.874168][T13060] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2094'. [ 361.877391][T13060] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2094'. [ 361.908759][T13054] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2093'. [ 361.914234][T13047] vhci_hcd: connection closed [ 361.919854][ T12] vhci_hcd: stop threads [ 361.923633][ T12] vhci_hcd: release socket [ 361.927254][ T12] vhci_hcd: disconnect device [ 362.686708][ T29] usb 38-1: device descriptor read/8, error -110 [ 363.077508][ T29] usb usb38-port1: attempt power cycle [ 363.638073][ T29] usb usb38-port1: unable to enumerate USB device [ 363.947990][ T5318] vhci_hcd: vhci_device speed not set [ 368.328571][T13089] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2099'. [ 368.486986][T13090] netlink: 'syz.3.2100': attribute type 1 has an invalid length. [ 369.592897][T13098] loop9: detected capacity change from 0 to 7 [ 369.599628][T13100] Dev loop9: unable to read RDB block 7 [ 369.602083][T13100] loop9: unable to read partition table [ 369.605625][T13100] loop9: partition table beyond EOD, truncated [ 369.638129][T13098] Dev loop9: unable to read RDB block 7 [ 369.640373][T13098] loop9: unable to read partition table [ 369.642343][T13098] loop9: partition table beyond EOD, truncated [ 369.653355][T13098] loop_reread_partitions: partition scan of loop9 (þ被xüÿÿÿÿÿÿÿ ) failed (rc=-5) [ 369.753583][T13107] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 369.756917][T13107] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2105'. [ 369.760379][T13107] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2105'. [ 369.763724][T13107] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2105'. [ 369.772612][T13103] netlink: 'syz.0.2103': attribute type 1 has an invalid length. [ 369.784344][T13103] 8021q: adding VLAN 0 to HW filter on device bond4 [ 369.826378][T13116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2106'. [ 369.959647][T13125] digital: digital_start_poll: Unknown protocol [ 370.025273][T13136] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 370.057407][ T841] libceph: connect (1)[c::]:6789 error -101 [ 370.059510][ T841] libceph: mon0 (1)[c::]:6789 connect error [ 370.076503][T13143] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 370.080899][T13143] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2116'. [ 370.085346][T13143] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2116'. [ 370.089294][T13143] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2116'. [ 370.105934][T13135] ceph: No mds server is up or the cluster is laggy [ 370.137918][T13146] netlink: zone id is out of range [ 370.855996][T13169] netlink: zone id is out of range [ 370.928758][T13171] lo speed is unknown, defaulting to 1000 [ 370.932557][T13171] lo speed is unknown, defaulting to 1000 [ 370.937707][T13171] wg2 speed is unknown, defaulting to 1000 [ 371.491105][T13186] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2131'. [ 371.536485][T13189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2132'. [ 372.045398][ T5951] Bluetooth: hci3: command 0x0c1a tx timeout [ 372.662869][T13219] overlay: Unknown parameter 'hash' [ 373.784983][T13239] digital: digital_start_poll: Unknown protocol [ 373.878086][ T6016] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 373.923402][T13247] netlink: zone id is out of range [ 374.055436][T13255] lo speed is unknown, defaulting to 1000 [ 374.061115][T13255] lo speed is unknown, defaulting to 1000 [ 374.069229][T13255] wg2 speed is unknown, defaulting to 1000 [ 374.246570][ T40] kauditd_printk_skb: 710 callbacks suppressed [ 374.246679][ T40] audit: type=1800 audit(1764670855.144:1719): pid=13259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2147" name="file0" dev="9p" ino=72095633 res=0 errno=0 [ 375.245107][T13277] binder: 13268:13277 ioctl 0 80000040 returned -22 [ 375.275426][T13277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2152'. [ 375.279855][T13277] netlink: 'syz.4.2152': attribute type 6 has an invalid length. [ 375.283857][T13277] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2152'. [ 375.312125][ T1142] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.317568][ T1231] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.328632][ T1231] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.337710][ T1231] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 384.757052][T13301] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2154'. [ 384.760944][T13301] netlink: 'syz.0.2154': attribute type 5 has an invalid length. [ 384.763773][T13301] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2154'. [ 384.772782][T13301] geneve2: entered promiscuous mode [ 384.774814][T13301] geneve2: entered allmulticast mode [ 384.778170][ T1231] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 384.782151][ T1231] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 384.787494][ T12] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 384.790307][ T12] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 385.224297][T13300] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 391.227484][T13304] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 391.235908][T13305] lo speed is unknown, defaulting to 1000 [ 391.236964][T13304] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2155'. [ 391.240377][T13305] lo speed is unknown, defaulting to 1000 [ 391.243732][T13304] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2155'. [ 391.247072][T13305] wg2 speed is unknown, defaulting to 1000 [ 391.248934][T13304] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2155'. [ 391.510405][T13315] lo speed is unknown, defaulting to 1000 [ 391.516989][T13315] lo speed is unknown, defaulting to 1000 [ 391.538766][T13315] wg2 speed is unknown, defaulting to 1000 [ 392.863093][T13334] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 392.865358][T13334] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 392.868327][T13334] vhci_hcd vhci_hcd.0: Device attached [ 393.115488][T13340] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 393.118395][T13340] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 393.122090][T13340] vhci_hcd vhci_hcd.0: Device attached [ 393.195165][ T5318] usb 38-1: SetAddress Request (42) to port 0 [ 393.197412][ T5318] usb 38-1: new SuperSpeed USB device number 42 using vhci_hcd [ 393.401755][ T6001] usb 44-1: SetAddress Request (18) to port 0 [ 393.408255][ T6001] usb 44-1: new SuperSpeed USB device number 18 using vhci_hcd [ 393.525227][T13335] vhci_hcd: connection reset by peer [ 393.535274][ T1231] vhci_hcd: stop threads [ 393.536938][ T1231] vhci_hcd: release socket [ 393.538484][ T1231] vhci_hcd: disconnect device [ 393.827650][T13341] vhci_hcd: connection reset by peer [ 393.838559][ T81] vhci_hcd: stop threads [ 393.840160][ T81] vhci_hcd: release socket [ 393.842110][ T81] vhci_hcd: disconnect device [ 395.795232][T13367] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 395.798188][T13367] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.801421][T13367] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 395.803975][T13367] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 396.508149][ T842] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 396.774215][ T40] audit: type=1326 audit(1764670877.654:1720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 396.785117][ T40] audit: type=1326 audit(1764670877.654:1721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 396.794536][ T40] audit: type=1326 audit(1764670877.654:1722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 396.803826][ T40] audit: type=1326 audit(1764670877.654:1723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 396.814065][ T40] audit: type=1326 audit(1764670877.654:1724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=372 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 396.821908][ T40] audit: type=1326 audit(1764670877.654:1725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 396.829274][ T40] audit: type=1326 audit(1764670877.654:1726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 396.975564][ T40] audit: type=1326 audit(1764670877.854:1727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 396.985941][ T40] audit: type=1326 audit(1764670877.854:1728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.2.2173" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 398.229473][ T5318] usb 38-1: device descriptor read/8, error -110 [ 398.489366][ T6001] usb 44-1: device descriptor read/8, error -110 [ 398.585142][T13420] netlink: zone id is out of range [ 398.635272][ T5318] usb usb38-port1: attempt power cycle [ 398.930366][ T6001] usb usb44-port1: attempt power cycle [ 399.180027][ T6015] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 399.220700][ T5318] usb usb38-port1: unable to enumerate USB device [ 399.330256][ T6015] usb 7-1: Using ep0 maxpacket: 8 [ 399.333808][ T6015] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 399.336889][ T6015] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 399.339959][ T6015] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 399.343354][ T6015] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 399.347436][ T6015] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 399.350306][ T6015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.511608][ T6001] usb usb44-port1: unable to enumerate USB device [ 399.557468][T13423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.560631][T13423] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.567604][ T6015] usb 7-1: usb_control_msg returned -71 [ 399.570400][ T6015] usbtmc 7-1:16.0: can't read capabilities [ 399.577522][ T6015] usb 7-1: USB disconnect, device number 8 [ 403.884607][ T842] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 403.980745][ T40] audit: type=1326 audit(1764670884.838:1729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 403.988776][ T40] audit: type=1326 audit(1764670884.838:1730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 403.996451][ T40] audit: type=1326 audit(1764670884.848:1731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 404.003666][ T40] audit: type=1326 audit(1764670884.848:1732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 404.044471][ T40] audit: type=1326 audit(1764670884.848:1733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 404.056652][ T40] audit: type=1326 audit(1764670884.848:1734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 404.065404][ T40] audit: type=1326 audit(1764670884.848:1735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 404.096391][ T40] audit: type=1326 audit(1764670884.848:1736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 404.103570][ T40] audit: type=1326 audit(1764670884.848:1737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 404.133136][ T40] audit: type=1326 audit(1764670884.848:1738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13462 comm="syz.3.2187" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f33579 code=0x7ffc0000 [ 404.302209][T13476] loop6: detected capacity change from 0 to 524287999 [ 404.306059][T13476] buffer_io_error: 25 callbacks suppressed [ 404.306068][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.311758][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.316647][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.319880][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.322785][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.325576][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.328400][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.331318][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.334073][T13476] ldm_validate_partition_table(): Disk read failed. [ 404.336532][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.340569][T13476] Buffer I/O error on dev loop6, logical block 0, async page read [ 404.344036][T13476] Dev loop6: unable to read RDB block 0 [ 404.346966][T13476] loop6: unable to read partition table [ 404.349360][T13476] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 404.435268][T13476] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2183'. [ 404.438255][T13476] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2183'. [ 404.460626][T13480] ldm_validate_partition_table(): Disk read failed. [ 404.464298][T13480] Dev loop6: unable to read RDB block 0 [ 404.472966][T13476] batadv2: entered allmulticast mode [ 404.476304][T13480] loop6: unable to read partition table [ 404.478652][T13480] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 404.536451][T13487] netlink: zone id is out of range [ 404.694560][T13500] FAULT_INJECTION: forcing a failure. [ 404.694560][T13500] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 404.699659][T13500] CPU: 3 UID: 0 PID: 13500 Comm: syz.0.2191 Not tainted syzkaller #0 PREEMPT(full) [ 404.699675][T13500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 404.699681][T13500] Call Trace: [ 404.699721][T13500] [ 404.699726][T13500] dump_stack_lvl+0x16c/0x1f0 [ 404.699779][T13500] should_fail_ex+0x512/0x640 [ 404.699814][T13500] _copy_from_user+0x2e/0xd0 [ 404.699827][T13500] get_compat_msghdr+0xa7/0x170 [ 404.699842][T13500] ? __pfx_get_compat_msghdr+0x10/0x10 [ 404.699857][T13500] ? __lock_acquire+0x622/0x1c90 [ 404.699875][T13500] ___sys_recvmsg+0x191/0x1a0 [ 404.699890][T13500] ? __pfx____sys_recvmsg+0x10/0x10 [ 404.699905][T13500] ? find_held_lock+0x2b/0x80 [ 404.699921][T13500] ? __pfx___might_resched+0x10/0x10 [ 404.699936][T13500] do_recvmmsg+0x55d/0x750 [ 404.699952][T13500] ? __pfx_do_recvmmsg+0x10/0x10 [ 404.699975][T13500] ? __fget_files+0x20e/0x3c0 [ 404.699988][T13500] ? handle_mm_fault+0x2a0/0xd10 [ 404.700001][T13500] __sys_recvmmsg+0x21c/0x280 [ 404.700015][T13500] ? __pfx___sys_recvmmsg+0x10/0x10 [ 404.700030][T13500] ? __pfx_ksys_write+0x10/0x10 [ 404.700045][T13500] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 404.700059][T13500] ? lockdep_hardirqs_on+0x7c/0x110 [ 404.700070][T13500] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 404.700082][T13500] __do_fast_syscall_32+0x7c/0x300 [ 404.700094][T13500] do_fast_syscall_32+0x32/0x80 [ 404.700106][T13500] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 404.700119][T13500] RIP: 0023:0xf7f94579 [ 404.700128][T13500] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 404.700137][T13500] RSP: 002b:00000000f546555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 404.700148][T13500] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080002440 [ 404.700154][T13500] RDX: 00000000ffffff67 RSI: 0000000000000000 RDI: 0000000000000000 [ 404.700160][T13500] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 404.700166][T13500] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 404.700171][T13500] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 404.700184][T13500] [ 405.391480][T13510] tmpfs: Group quota block hardlimit too large. [ 406.223934][T13510] 9pnet_fd: p9_fd_create_tcp (13510): problem connecting socket to 127.0.0.1 [ 411.131118][T13525] syzkaller0: entered promiscuous mode [ 411.133778][T13525] syzkaller0: entered allmulticast mode [ 413.209350][T13553] netlink: zone id is out of range [ 413.292798][ T842] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 413.488888][ T40] kauditd_printk_skb: 23 callbacks suppressed [ 413.488901][ T40] audit: type=1800 audit(1764670894.349:1762): pid=13556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2203" name="file0" dev="9p" ino=72095633 res=0 errno=0 [ 413.627223][T13571] FAULT_INJECTION: forcing a failure. [ 413.627223][T13571] name failslab, interval 1, probability 0, space 0, times 0 [ 413.631722][T13571] CPU: 2 UID: 0 PID: 13571 Comm: syz.4.2205 Not tainted syzkaller #0 PREEMPT(full) [ 413.631738][T13571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 413.631744][T13571] Call Trace: [ 413.631748][T13571] [ 413.631752][T13571] dump_stack_lvl+0x16c/0x1f0 [ 413.631767][T13571] should_fail_ex+0x512/0x640 [ 413.631780][T13571] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 413.631794][T13571] should_failslab+0xc2/0x120 [ 413.631811][T13571] kmem_cache_alloc_noprof+0x75/0x6e0 [ 413.631824][T13571] ? skb_clone+0x190/0x3f0 [ 413.631841][T13571] ? skb_clone+0x190/0x3f0 [ 413.631853][T13571] skb_clone+0x190/0x3f0 [ 413.631868][T13571] netlink_deliver_tap+0xabd/0xd30 [ 413.631886][T13571] netlink_unicast+0x64c/0x870 [ 413.631904][T13571] ? __pfx_netlink_unicast+0x10/0x10 [ 413.631924][T13571] netlink_sendmsg+0x8c8/0xdd0 [ 413.631944][T13571] ? __pfx_netlink_sendmsg+0x10/0x10 [ 413.631965][T13571] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 413.631980][T13571] ____sys_sendmsg+0xa98/0xc70 [ 413.631991][T13571] ? __pfx_____sys_sendmsg+0x10/0x10 [ 413.632001][T13571] ? get_compat_msghdr+0x11a/0x170 [ 413.632021][T13571] ___sys_sendmsg+0x134/0x1d0 [ 413.632035][T13571] ? __pfx____sys_sendmsg+0x10/0x10 [ 413.632056][T13571] ? find_held_lock+0x2b/0x80 [ 413.632077][T13571] __sys_sendmsg+0x16d/0x220 [ 413.632091][T13571] ? __pfx___sys_sendmsg+0x10/0x10 [ 413.632111][T13571] ? rcu_is_watching+0x12/0xc0 [ 413.632126][T13571] __do_fast_syscall_32+0x7c/0x300 [ 413.632139][T13571] do_fast_syscall_32+0x32/0x80 [ 413.632150][T13571] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.632164][T13571] RIP: 0023:0xf70dd579 [ 413.632172][T13571] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 413.632182][T13571] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 413.632196][T13571] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 413.632202][T13571] RDX: 0000000000040090 RSI: 0000000000000000 RDI: 0000000000000000 [ 413.632208][T13571] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.632214][T13571] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 413.632220][T13571] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.632233][T13571] [ 414.068277][T13587] 9pnet_virtio: no channels available for device syz [ 414.537341][T13592] netlink: 'syz.2.2208': attribute type 1 has an invalid length. [ 420.651794][T13615] netlink: zone id is out of range [ 420.852406][T13624] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 420.855283][T13624] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 420.859484][T13624] vhci_hcd vhci_hcd.0: Device attached [ 420.989522][ T842] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 421.009374][T13632] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 421.129881][ T6015] usb 46-1: SetAddress Request (17) to port 0 [ 421.138336][ T6015] usb 46-1: new SuperSpeed USB device number 17 using vhci_hcd [ 421.155821][T13636] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2210'. [ 421.864428][T13625] vhci_hcd: connection reset by peer [ 421.878756][ T13] vhci_hcd: stop threads [ 421.880882][ T13] vhci_hcd: release socket [ 421.883072][ T13] vhci_hcd: disconnect device [ 421.985962][T13654] FAULT_INJECTION: forcing a failure. [ 421.985962][T13654] name failslab, interval 1, probability 0, space 0, times 0 [ 421.992118][T13654] CPU: 3 UID: 0 PID: 13654 Comm: syz.3.2217 Not tainted syzkaller #0 PREEMPT(full) [ 421.992142][T13654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 421.992153][T13654] Call Trace: [ 421.992159][T13654] [ 421.992165][T13654] dump_stack_lvl+0x16c/0x1f0 [ 421.992190][T13654] should_fail_ex+0x512/0x640 [ 421.992210][T13654] ? fs_reclaim_acquire+0xae/0x150 [ 421.992239][T13654] should_failslab+0xc2/0x120 [ 421.992265][T13654] __kmalloc_noprof+0xdd/0x880 [ 421.992284][T13654] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 421.992316][T13654] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 421.992339][T13654] tomoyo_realpath_from_path+0xc2/0x6e0 [ 421.992366][T13654] ? tomoyo_profile+0x47/0x60 [ 421.992383][T13654] tomoyo_path_number_perm+0x245/0x580 [ 421.992404][T13654] ? tomoyo_path_number_perm+0x237/0x580 [ 421.992427][T13654] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 421.992475][T13654] ? find_held_lock+0x2b/0x80 [ 421.992494][T13654] ? hook_file_ioctl_common+0x145/0x410 [ 421.992522][T13654] ? __fget_files+0x20e/0x3c0 [ 421.992546][T13654] security_file_ioctl_compat+0x9b/0x240 [ 421.992571][T13654] __ia32_compat_sys_ioctl+0xc3/0x370 [ 421.992593][T13654] __do_fast_syscall_32+0x7c/0x300 [ 421.992614][T13654] do_fast_syscall_32+0x32/0x80 [ 421.992633][T13654] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 421.992654][T13654] RIP: 0023:0xf7f33579 [ 421.992667][T13654] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 421.992683][T13654] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 421.992699][T13654] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000402c5639 [ 421.992710][T13654] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 421.992719][T13654] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 421.992728][T13654] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 421.992738][T13654] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 421.992763][T13654] [ 421.992770][T13654] ERROR: Out of memory at tomoyo_realpath_from_path. [ 422.136949][T13659] siw: device registration error -23 [ 426.173518][ T6015] usb 46-1: device descriptor read/8, error -110 [ 426.564552][ T6015] usb usb46-port1: attempt power cycle [ 427.125520][ T6015] usb usb46-port1: unable to enumerate USB device [ 427.664985][T13681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2224'. [ 427.668019][T13681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2224'. [ 427.671128][T13681] netlink: 'syz.2.2224': attribute type 13 has an invalid length. [ 427.673791][T13681] netlink: 'syz.2.2224': attribute type 11 has an invalid length. [ 427.686235][T13684] netlink: zone id is out of range [ 427.872110][T13697] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 427.874996][T13697] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 427.895164][T13697] vhci_hcd vhci_hcd.0: Device attached [ 428.062744][T13703] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2228'. [ 428.405491][ T6015] usb 38-1: SetAddress Request (46) to port 0 [ 428.407659][ T6015] usb 38-1: new SuperSpeed USB device number 46 using vhci_hcd [ 428.504152][T13698] vhci_hcd: connection reset by peer [ 428.507017][ T1231] vhci_hcd: stop threads [ 428.508493][ T1231] vhci_hcd: release socket [ 428.510047][ T1231] vhci_hcd: disconnect device [ 428.954581][T13735] netlink: zone id is out of range [ 428.984864][T13725] digital: digital_start_poll: Unknown protocol [ 429.397020][T13743] overlay: Unknown parameter 'subj_role' [ 430.115215][ T64] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 430.119531][ T64] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 430.122596][ T64] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 430.126793][ T64] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 430.136794][ T64] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 430.162314][T13750] lo speed is unknown, defaulting to 1000 [ 430.164968][T13750] lo speed is unknown, defaulting to 1000 [ 430.167767][T13750] wg2 speed is unknown, defaulting to 1000 [ 430.319461][T13750] chnl_net:caif_netlink_parms(): no params data found [ 430.375101][T13750] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.377557][T13750] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.380013][T13750] bridge_slave_0: entered allmulticast mode [ 430.382689][T13750] bridge_slave_0: entered promiscuous mode [ 430.386266][T13750] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.389020][T13750] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.391412][T13750] bridge_slave_1: entered allmulticast mode [ 430.394168][T13750] bridge_slave_1: entered promiscuous mode [ 430.410819][T13750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 430.416451][T13750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 430.441083][T13750] team0: Port device team_slave_0 added [ 430.444296][T13750] team0: Port device team_slave_1 added [ 430.457612][T13750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 430.459923][T13750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 430.468485][T13750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 430.472822][T13750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 430.475491][T13750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 430.484200][T13750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 430.508367][T13750] hsr_slave_0: entered promiscuous mode [ 430.510694][T13750] hsr_slave_1: entered promiscuous mode [ 430.513074][T13750] debugfs: 'hsr0' already exists in 'hsr' [ 430.514950][T13750] Cannot create hsr debugfs directory [ 431.043664][T13744] siw: device registration error -23 [ 431.216154][T13764] binder: 13762:13764 ioctl c0306201 80000640 returned -22 [ 431.412797][ T13] bridge_slave_1: left allmulticast mode [ 431.421184][ T13] bridge_slave_1: left promiscuous mode [ 431.437068][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.495610][T13778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2245'. [ 431.525945][ T13] bridge_slave_0: left allmulticast mode [ 431.542887][ T13] bridge_slave_0: left promiscuous mode [ 431.576998][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.200291][ T5951] Bluetooth: hci4: command tx timeout [ 432.270876][ T13] bond1 (unregistering): (slave ip6gretap1): Releasing active interface [ 432.710531][ T13] bond1 (unregistering): Released all slaves [ 432.793046][ T13] bond2 (unregistering): Released all slaves [ 432.815998][T13776] ip6gretap0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 432.844544][T13750] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 432.860208][T13750] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 432.866295][T13750] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 432.873055][T13750] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 432.966482][T13799] digital: digital_start_poll: Unknown protocol [ 432.978438][T13750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 433.010017][T13750] 8021q: adding VLAN 0 to HW filter on device team0 [ 433.047310][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.049657][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 433.052778][T13804] netlink: 'syz.3.2249': attribute type 3 has an invalid length. [ 433.112786][T13750] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 433.117261][T13750] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 433.125933][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.128516][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 433.163557][T13804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2249'. [ 433.169452][T13804] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2249'. [ 433.172814][T13804] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2249'. [ 433.262031][T13814] netlink: 'syz.0.2251': attribute type 3 has an invalid length. [ 433.265433][T13814] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 433.432438][T13750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 433.456138][T13818] bond4: ARP target 9.0.0.0 is already present [ 433.459293][T13818] bond4: option arp_ip_target: invalid value (9) [ 433.467530][T13818] bond4 (unregistering): Released all slaves [ 433.477978][ T6015] usb 38-1: device descriptor read/8, error -110 [ 433.488637][ T5951] Bluetooth: hci3: ACL packet for unknown connection handle 1481 [ 433.540190][T13750] veth0_vlan: entered promiscuous mode [ 433.553157][T13750] veth1_vlan: entered promiscuous mode [ 433.569899][T13750] veth0_macvtap: entered promiscuous mode [ 433.574177][T13750] veth1_macvtap: entered promiscuous mode [ 433.583527][T13750] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 433.593141][T13750] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 433.602376][ T1142] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.615295][ T1142] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.618272][ T1142] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.621701][ T1142] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.709258][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 433.712923][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.749002][ T13] hsr_slave_0: left promiscuous mode [ 433.759178][ T13] hsr_slave_1: left promiscuous mode [ 433.762139][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 433.770047][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 433.892274][ T6015] usb usb38-port1: attempt power cycle [ 434.260069][ T5951] Bluetooth: hci4: command tx timeout [ 434.793177][ T6015] usb usb38-port1: unable to enumerate USB device [ 434.831371][ T13] team0 (unregistering): Port device team_slave_1 removed [ 434.858007][ T13] team0 (unregistering): Port device team_slave_0 removed [ 435.127675][ T24] lo speed is unknown, defaulting to 1000 [ 435.129671][ T24] infiniband syz: ib_query_port failed (-19) [ 435.131974][ T1231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 435.145996][ T1231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 435.200085][T13838] FAULT_INJECTION: forcing a failure. [ 435.200085][T13838] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 435.204781][T13838] CPU: 3 UID: 0 PID: 13838 Comm: syz.2.2240 Not tainted syzkaller #0 PREEMPT(full) [ 435.204795][T13838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 435.204802][T13838] Call Trace: [ 435.204806][T13838] [ 435.204811][T13838] dump_stack_lvl+0x16c/0x1f0 [ 435.204825][T13838] should_fail_ex+0x512/0x640 [ 435.204840][T13838] should_fail_alloc_page+0xe7/0x130 [ 435.204858][T13838] prepare_alloc_pages+0x3c2/0x610 [ 435.204873][T13838] ? prep_compound_page+0x265/0x510 [ 435.204885][T13838] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 435.204905][T13838] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 435.204919][T13838] ? __alloc_frozen_pages_noprof+0x292/0x2470 [ 435.204934][T13838] ? __pfx_stack_trace_save+0x10/0x10 [ 435.204948][T13838] ? stack_depot_save_flags+0x29/0x9c0 [ 435.204963][T13838] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 435.204976][T13838] ? policy_nodemask+0xea/0x4e0 [ 435.204993][T13838] alloc_pages_mpol+0x1fb/0x550 [ 435.205009][T13838] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 435.205024][T13838] ? __lock_acquire+0xb8a/0x1c90 [ 435.205043][T13838] ___kmalloc_large_node+0xed/0x160 [ 435.205061][T13838] __kmalloc_large_node_noprof+0x1c/0x70 [ 435.205077][T13838] ? usb_hcd_link_urb_to_ep+0x2d0/0x3a0 [ 435.205093][T13838] __kmalloc_noprof.cold+0xc/0x62 [ 435.205110][T13838] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 435.205129][T13838] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 435.205144][T13838] usb_hcd_submit_urb+0x5cf/0x1c60 [ 435.205164][T13838] usb_submit_urb+0x89f/0x1990 [ 435.205180][T13838] proc_do_submiturb+0x18f5/0x3b10 [ 435.205197][T13838] ? find_held_lock+0x2b/0x80 [ 435.205211][T13838] usbdev_ioctl+0xad1/0x4070 [ 435.205224][T13838] ? __pfx_usbdev_ioctl+0x10/0x10 [ 435.205239][T13838] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 435.205251][T13838] ? do_vfs_ioctl+0x128/0x14f0 [ 435.205262][T13838] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 435.205276][T13838] ? find_held_lock+0x2b/0x80 [ 435.205287][T13838] ? hook_file_ioctl_common+0x145/0x410 [ 435.205304][T13838] ? __fget_files+0x20e/0x3c0 [ 435.205318][T13838] ? __pfx_usbdev_ioctl+0x10/0x10 [ 435.205328][T13838] compat_ptr_ioctl+0x6e/0xa0 [ 435.205337][T13838] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 435.205346][T13838] __ia32_compat_sys_ioctl+0x242/0x370 [ 435.205358][T13838] __do_fast_syscall_32+0x7c/0x300 [ 435.205371][T13838] do_fast_syscall_32+0x32/0x80 [ 435.205382][T13838] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 435.205395][T13838] RIP: 0023:0xf7f24579 [ 435.205403][T13838] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 435.205413][T13838] RSP: 002b:00000000f541655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 435.205423][T13838] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000802c550a [ 435.205430][T13838] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 435.205435][T13838] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 435.205442][T13838] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 435.205447][T13838] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 435.205461][T13838] [ 435.497755][T13841] digital: digital_start_poll: Unknown protocol [ 435.700863][T13847] netlink: zone id is out of range [ 436.661014][ T5951] Bluetooth: hci4: command tx timeout [ 436.720268][ T13] IPVS: stop unused estimator thread 0... [ 437.103912][T13865] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 437.106295][T13865] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 437.109319][T13865] vhci_hcd vhci_hcd.0: Device attached [ 437.193332][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 437.229722][ T6001] IPVS: starting estimator thread 0... [ 437.342750][T13872] IPVS: using max 45 ests per chain, 108000 per kthread [ 437.354996][T13866] vhci_hcd: connection closed [ 437.355771][ T12] vhci_hcd: stop threads [ 437.361641][ T12] vhci_hcd: release socket [ 437.363767][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 437.367351][ T12] vhci_hcd: disconnect device [ 437.412909][ T29] usb 44-1: enqueue for inactive port 0 [ 437.914238][ T29] usb usb44-port1: attempt power cycle [ 438.564021][ T29] usb usb44-port1: unable to enumerate USB device [ 438.777379][ T64] Bluetooth: hci4: command tx timeout [ 439.171060][T13909] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 439.182779][ T64] Bluetooth: hci0: unexpected event for opcode 0x0c26 [ 439.249690][T13913] syzkaller1: entered promiscuous mode [ 439.251620][T13913] syzkaller1: entered allmulticast mode [ 439.258087][T13913] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2271'. [ 439.335402][T13914] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2271'. [ 445.300281][T13937] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2276'. [ 445.362032][T13929] tmpfs: Bad value for 'nr_inodes' [ 446.170564][T13944] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 446.173593][T13944] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 446.257141][T13944] vhci_hcd vhci_hcd.0: Device attached [ 446.340462][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 446.817150][T13965] netlink: 'syz.3.2279': attribute type 1 has an invalid length. [ 446.840560][ T29] usb 38-1: SetAddress Request (50) to port 0 [ 446.840647][ T29] usb 38-1: new SuperSpeed USB device number 50 using vhci_hcd [ 447.510895][T13981] lo: left promiscuous mode [ 447.512549][T13981] lo: left allmulticast mode [ 447.625080][T13981] tunl0: left promiscuous mode [ 447.627349][T13981] tunl0: left allmulticast mode [ 447.637844][T13981] gre0: left promiscuous mode [ 447.640335][T13981] gre0: left allmulticast mode [ 447.661451][T13945] vhci_hcd: connection reset by peer [ 447.663434][ T1142] vhci_hcd: stop threads [ 447.664846][ T1142] vhci_hcd: release socket [ 447.666394][ T1142] vhci_hcd: disconnect device [ 447.752818][T13981] gretap0: left promiscuous mode [ 447.754706][T13981] gretap0: left allmulticast mode [ 447.765888][T13981] erspan0: left promiscuous mode [ 447.767703][T13981] erspan0: left allmulticast mode [ 447.772893][T13981] ip_vti0: left promiscuous mode [ 447.774553][T13981] ip_vti0: left allmulticast mode [ 447.777725][T13981] ip6_vti0: left promiscuous mode [ 447.779436][T13981] ip6_vti0: left allmulticast mode [ 447.783061][T13981] sit0: left promiscuous mode [ 447.784633][T13981] sit0: left allmulticast mode [ 447.788543][T13981] ip6tnl0: left promiscuous mode [ 447.790195][T13981] ip6tnl0: left allmulticast mode [ 447.793646][T13981] ip6gre0: left promiscuous mode [ 447.795340][T13981] ip6gre0: left allmulticast mode [ 447.799009][T13981] syz_tun: left promiscuous mode [ 447.821406][T13981] syz_tun: left allmulticast mode [ 447.830138][T13974] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2280'. [ 447.834305][T13974] nbd: must specify a size in bytes for the device [ 447.844259][T13981] ip6gretap0: left promiscuous mode [ 447.846287][T13981] ip6gretap0: left allmulticast mode [ 447.856499][T13981] vcan0: left promiscuous mode [ 447.858757][T13981] vcan0: left allmulticast mode [ 447.864315][T13981] bond0: left promiscuous mode [ 447.866704][T13981] bond_slave_0: left promiscuous mode [ 447.869325][T13981] bond_slave_1: left promiscuous mode [ 447.874786][T13981] bond0: left allmulticast mode [ 447.876983][T13981] bond_slave_0: left allmulticast mode [ 447.881483][T13981] bond_slave_1: left allmulticast mode [ 447.893767][T13981] team0: left promiscuous mode [ 447.895668][T13981] team_slave_0: left promiscuous mode [ 447.897656][T13981] team_slave_1: left promiscuous mode [ 447.900188][T13981] team0: left allmulticast mode [ 447.913824][T13981] team_slave_0: left allmulticast mode [ 447.915755][T13981] team_slave_1: left allmulticast mode [ 447.918347][T13981] dummy0: left promiscuous mode [ 447.920477][T13981] dummy0: left allmulticast mode [ 447.954131][T13990] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2280'. [ 448.701336][T13981] nlmon0: left promiscuous mode [ 448.706204][T13981] nlmon0: left allmulticast mode [ 448.734619][T13981] caif0: left promiscuous mode [ 448.736588][T13981] caif0: left allmulticast mode [ 449.042775][T13981] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 449.192005][T14007] 9pnet_fd: Insufficient options for proto=fd [ 449.562765][T13981] bond1: left allmulticast mode [ 449.634359][ T13] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 449.640049][ T13] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.652609][ T13] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 449.660924][ T13] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.673156][ T13] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 449.678149][ T13] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.690329][ T1231] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 449.694823][ T1231] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.821695][T14012] netlink: 'syz.4.2292': attribute type 1 has an invalid length. [ 450.060781][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'. [ 450.064783][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'. [ 450.068799][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'. [ 450.071943][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'. [ 450.075506][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'. [ 450.080298][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'. [ 450.084498][T14032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'. [ 450.139736][T14034] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 450.142085][T14034] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 450.150795][ T81] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 2048 - 0 [ 450.150809][T14034] vhci_hcd vhci_hcd.0: Device attached [ 450.361370][ T81] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 2048 - 0 [ 450.407840][ T81] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 2048 - 0 [ 450.413168][ T6093] usb 42-1: SetAddress Request (14) to port 0 [ 450.415277][ T6093] usb 42-1: new SuperSpeed USB device number 14 using vhci_hcd [ 450.466612][ T81] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 2048 - 0 [ 450.757820][T14035] vhci_hcd: connection reset by peer [ 450.761250][ T1142] vhci_hcd: stop threads [ 450.762749][ T1142] vhci_hcd: release socket [ 450.764755][ T1142] vhci_hcd: disconnect device [ 450.876507][ T81] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 450.880775][ T81] bond0 (unregistering): Released all slaves [ 450.959955][ T81] bond1 (unregistering): Released all slaves [ 451.500251][ T81] hsr_slave_0: left promiscuous mode [ 451.531960][ T81] hsr_slave_1: left promiscuous mode [ 451.956420][ T29] usb 38-1: device descriptor read/8, error -110 [ 452.274060][T14076] netlink: 'syz.2.2305': attribute type 1 has an invalid length. [ 452.355256][ T29] usb usb38-port1: attempt power cycle [ 452.956530][ T29] usb usb38-port1: unable to enumerate USB device [ 453.169502][T14138] FAULT_INJECTION: forcing a failure. [ 453.169502][T14138] name failslab, interval 1, probability 0, space 0, times 0 [ 453.175189][T14138] CPU: 2 UID: 0 PID: 14138 Comm: syz.3.2317 Not tainted syzkaller #0 PREEMPT(full) [ 453.175212][T14138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 453.175236][T14138] Call Trace: [ 453.175243][T14138] [ 453.175250][T14138] dump_stack_lvl+0x16c/0x1f0 [ 453.175271][T14138] should_fail_ex+0x512/0x640 [ 453.175289][T14138] ? __kmalloc_noprof+0xca/0x880 [ 453.175310][T14138] should_failslab+0xc2/0x120 [ 453.175333][T14138] __kmalloc_noprof+0xdd/0x880 [ 453.175348][T14138] ? rcu_is_watching+0x12/0xc0 [ 453.175366][T14138] ? genl_sk_priv_get+0x71/0x230 [ 453.175385][T14138] ? genl_sk_priv_get+0x71/0x230 [ 453.175400][T14138] genl_sk_priv_get+0x71/0x230 [ 453.175418][T14138] devlink_nl_notify_filter_set_doit+0x338/0x620 [ 453.175444][T14138] genl_family_rcv_msg_doit+0x209/0x2f0 [ 453.175478][T14138] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 453.175494][T14138] ? __dev_queue_xmit+0xaf1/0x4490 [ 453.175511][T14138] ? genl_get_cmd+0x194/0x580 [ 453.175533][T14138] ? __radix_tree_lookup+0x21f/0x2c0 [ 453.175556][T14138] genl_rcv_msg+0x55c/0x800 [ 453.175582][T14138] ? __pfx_genl_rcv_msg+0x10/0x10 [ 453.175598][T14138] ? __pfx_devlink_nl_notify_filter_set_doit+0x10/0x10 [ 453.175629][T14138] netlink_rcv_skb+0x158/0x420 [ 453.175648][T14138] ? __pfx_genl_rcv_msg+0x10/0x10 [ 453.175665][T14138] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 453.175698][T14138] ? netlink_deliver_tap+0x1ae/0xd30 [ 453.175725][T14138] genl_rcv+0x28/0x40 [ 453.175737][T14138] netlink_unicast+0x5aa/0x870 [ 453.175762][T14138] ? __pfx_netlink_unicast+0x10/0x10 [ 453.175792][T14138] netlink_sendmsg+0x8c8/0xdd0 [ 453.175819][T14138] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.175845][T14138] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 453.175865][T14138] ____sys_sendmsg+0xa98/0xc70 [ 453.175882][T14138] ? __pfx_____sys_sendmsg+0x10/0x10 [ 453.175896][T14138] ? get_compat_msghdr+0x11a/0x170 [ 453.175927][T14138] ___sys_sendmsg+0x134/0x1d0 [ 453.175945][T14138] ? __pfx____sys_sendmsg+0x10/0x10 [ 453.175978][T14138] ? find_held_lock+0x2b/0x80 [ 453.176012][T14138] __sys_sendmsg+0x16d/0x220 [ 453.176033][T14138] ? __pfx___sys_sendmsg+0x10/0x10 [ 453.176060][T14138] ? rcu_is_watching+0x12/0xc0 [ 453.176082][T14138] __do_fast_syscall_32+0x7c/0x300 [ 453.176102][T14138] do_fast_syscall_32+0x32/0x80 [ 453.176118][T14138] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.176137][T14138] RIP: 0023:0xf7f33579 [ 453.176149][T14138] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 453.176161][T14138] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 453.176176][T14138] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000340 [ 453.176187][T14138] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 453.176195][T14138] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 453.176204][T14138] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 453.176213][T14138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 453.176236][T14138] [ 453.349438][T14143] FAULT_INJECTION: forcing a failure. [ 453.349438][T14143] name failslab, interval 1, probability 0, space 0, times 0 [ 453.353725][T14143] CPU: 1 UID: 0 PID: 14143 Comm: syz.3.2318 Not tainted syzkaller #0 PREEMPT(full) [ 453.353740][T14143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 453.353746][T14143] Call Trace: [ 453.353750][T14143] [ 453.353755][T14143] dump_stack_lvl+0x16c/0x1f0 [ 453.353771][T14143] should_fail_ex+0x512/0x640 [ 453.353786][T14143] should_failslab+0xc2/0x120 [ 453.353802][T14143] kmem_cache_alloc_noprof+0x75/0x6e0 [ 453.353813][T14143] ? lock_acquire+0x179/0x350 [ 453.353829][T14143] ? skb_clone+0x190/0x3f0 [ 453.353845][T14143] ? skb_clone+0x190/0x3f0 [ 453.353857][T14143] skb_clone+0x190/0x3f0 [ 453.353871][T14143] dev_queue_xmit_nit+0x3e7/0xca0 [ 453.353895][T14143] dev_hard_start_xmit+0x5c3/0x740 [ 453.353910][T14143] __dev_queue_xmit+0xa46/0x4490 [ 453.353927][T14143] ? __pfx___dev_queue_xmit+0x10/0x10 [ 453.353951][T14143] ? __skb_clone+0x570/0x760 [ 453.353966][T14143] netlink_deliver_tap+0xa87/0xd30 [ 453.353984][T14143] netlink_unicast+0x64c/0x870 [ 453.354002][T14143] ? __pfx_netlink_unicast+0x10/0x10 [ 453.354022][T14143] netlink_sendmsg+0x8c8/0xdd0 [ 453.354040][T14143] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.354057][T14143] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 453.354072][T14143] __sys_sendto+0x4a3/0x520 [ 453.354085][T14143] ? __pfx___sys_sendto+0x10/0x10 [ 453.354097][T14143] ? __lock_acquire+0xb8a/0x1c90 [ 453.354125][T14143] __ia32_compat_sys_socketcall+0x625/0x770 [ 453.354141][T14143] ? __fget_files+0x20e/0x3c0 [ 453.354153][T14143] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 453.354170][T14143] ? fput+0x9b/0xd0 [ 453.354188][T14143] ? rcu_is_watching+0x12/0xc0 [ 453.354203][T14143] __do_fast_syscall_32+0x7c/0x300 [ 453.354215][T14143] do_fast_syscall_32+0x32/0x80 [ 453.354227][T14143] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.354241][T14143] RIP: 0023:0xf7f33579 [ 453.354250][T14143] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 453.354260][T14143] RSP: 002b:00000000f5425430 EFLAGS: 00000293 ORIG_RAX: 0000000000000066 [ 453.354270][T14143] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5425444 [ 453.354276][T14143] RDX: 0000000000000000 RSI: 00000000f5425560 RDI: 00000000f73c6ff4 [ 453.354282][T14143] RBP: 00000000f5425560 R08: 0000000000000000 R09: 0000000000000000 [ 453.354288][T14143] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 453.354294][T14143] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 453.354307][T14143] [ 453.536443][ T64] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 453.679313][T14165] loop5: detected capacity change from 0 to 7 [ 453.685173][T14039] Dev loop5: unable to read RDB block 7 [ 453.687348][T14039] loop5: AHDI p1 p2 [ 453.688979][T14039] loop5: partition table partially beyond EOD, truncated [ 453.692761][T14039] loop5: p1 start 1702000233 is beyond EOD, truncated [ 453.736866][T14166] __nla_validate_parse: 36 callbacks suppressed [ 453.736879][T14166] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2325'. [ 453.847014][T14169] netlink: 'syz.3.2326': attribute type 1 has an invalid length. [ 454.127662][T14165] Dev loop5: unable to read RDB block 7 [ 454.129658][T14165] loop5: AHDI p1 p2 [ 454.131303][T14165] loop5: partition table partially beyond EOD, truncated [ 454.133874][T14165] loop5: p1 start 1702000233 is beyond EOD, truncated [ 454.600498][T14185] sp0: Synchronizing with TNC [ 455.352480][T14176] [U] è` [ 455.540363][ T6093] usb 42-1: device descriptor read/8, error -110 [ 455.633813][T14188] netem: change failed [ 455.803024][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 455.807579][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 455.810609][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 455.813819][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 455.816407][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 455.842005][T14194] lo speed is unknown, defaulting to 1000 [ 455.844587][T14194] wg2 speed is unknown, defaulting to 1000 [ 455.938638][ T6093] usb usb42-port1: attempt power cycle [ 456.053233][T14203] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2335'. [ 456.139729][T14210] netlink: 'syz.0.2336': attribute type 12 has an invalid length. [ 456.142570][T14194] chnl_net:caif_netlink_parms(): no params data found [ 456.243141][T14194] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.246322][T14194] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.249973][T14194] bridge_slave_0: entered allmulticast mode [ 456.252940][T14194] bridge_slave_0: entered promiscuous mode [ 456.257207][T14194] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.260669][T14194] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.263320][T14194] bridge_slave_1: entered allmulticast mode [ 456.266988][T14194] bridge_slave_1: entered promiscuous mode [ 456.320915][ T5951] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 456.325288][ T5951] CPU: 1 UID: 0 PID: 5951 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 456.325315][ T5951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 456.325328][ T5951] Workqueue: hci4 hci_rx_work [ 456.325359][ T5951] Call Trace: [ 456.325367][ T5951] [ 456.325375][ T5951] dump_stack_lvl+0x16c/0x1f0 [ 456.325397][ T5951] sysfs_warn_dup+0x7f/0xa0 [ 456.325428][ T5951] sysfs_create_dir_ns+0x24b/0x2b0 [ 456.325457][ T5951] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 456.325501][ T5951] ? find_held_lock+0x2b/0x80 [ 456.325529][ T5951] ? do_raw_spin_unlock+0x172/0x230 [ 456.325552][ T5951] kobject_add_internal+0x2c4/0x9b0 [ 456.325581][ T5951] kobject_add+0x16e/0x240 [ 456.325602][ T5951] ? __pfx_kobject_add+0x10/0x10 [ 456.325624][ T5951] ? do_raw_spin_unlock+0x172/0x230 [ 456.325643][ T5951] ? kobject_put+0xab/0x5a0 [ 456.325671][ T5951] device_add+0x288/0x1aa0 [ 456.325695][ T5951] ? __pfx_dev_set_name+0x10/0x10 [ 456.325721][ T5951] ? __pfx_device_add+0x10/0x10 [ 456.325743][ T5951] ? mgmt_send_event_skb+0x2fb/0x460 [ 456.325780][ T5951] hci_conn_add_sysfs+0x17e/0x230 [ 456.325801][ T5951] le_conn_complete_evt+0x1260/0x2150 [ 456.325837][ T5951] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 456.325867][ T5951] ? hci_event_packet+0x459/0x11c0 [ 456.325901][ T5951] hci_le_conn_complete_evt+0x23c/0x370 [ 456.325935][ T5951] hci_le_meta_evt+0x357/0x5e0 [ 456.325952][ T5951] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 456.325984][ T5951] hci_event_packet+0x685/0x11c0 [ 456.326011][ T5951] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 456.326030][ T5951] ? __pfx_hci_event_packet+0x10/0x10 [ 456.326061][ T5951] ? kcov_remote_start+0x3c9/0x6d0 [ 456.326081][ T5951] ? lockdep_hardirqs_on+0x7c/0x110 [ 456.326105][ T5951] hci_rx_work+0x2c9/0xeb0 [ 456.326139][ T5951] process_one_work+0x9cf/0x1b70 [ 456.326179][ T5951] ? __pfx_process_one_work+0x10/0x10 [ 456.326216][ T5951] ? assign_work+0x1a0/0x250 [ 456.326245][ T5951] worker_thread+0x6c8/0xf10 [ 456.326288][ T5951] ? __pfx_worker_thread+0x10/0x10 [ 456.326315][ T5951] kthread+0x3c5/0x780 [ 456.326341][ T5951] ? __pfx_kthread+0x10/0x10 [ 456.326369][ T5951] ? rcu_is_watching+0x12/0xc0 [ 456.326390][ T5951] ? __pfx_kthread+0x10/0x10 [ 456.326417][ T5951] ret_from_fork+0x675/0x7d0 [ 456.326440][ T5951] ? __pfx_kthread+0x10/0x10 [ 456.326466][ T5951] ret_from_fork_asm+0x1a/0x30 [ 456.326504][ T5951] [ 456.416355][ T5951] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 456.421425][ T5951] Bluetooth: hci4: failed to register connection device [ 456.441448][ T81] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.465918][T14194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 456.472060][T14194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 456.513623][ T81] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.520336][ T6093] usb usb42-port1: unable to enumerate USB device [ 456.535210][T14194] team0: Port device team_slave_0 added [ 456.540960][T14194] team0: Port device team_slave_1 added [ 456.618237][ T81] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.666754][T14194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 456.670746][T14194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 456.683307][T14194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 456.687934][T14194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 456.690832][T14194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 456.699408][T14194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 456.731315][ T29] wg2 speed is unknown, defaulting to 1000 [ 456.734274][ T29] syz2: Port: 1 Link DOWN [ 456.744489][ T29] wg2 speed is unknown, defaulting to 1000 [ 456.757796][T14194] hsr_slave_0: entered promiscuous mode [ 456.761677][T14194] hsr_slave_1: entered promiscuous mode [ 456.764745][T14194] debugfs: 'hsr0' already exists in 'hsr' [ 456.767370][T14194] Cannot create hsr debugfs directory [ 456.792493][ T81] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.932682][ T81] bridge_slave_1: left allmulticast mode [ 456.934603][ T81] bridge_slave_1: left promiscuous mode [ 456.936586][ T81] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.940623][ T81] bridge_slave_0: left allmulticast mode [ 456.942608][ T81] bridge_slave_0: left promiscuous mode [ 456.944574][ T81] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.006738][ T81] bond1 (unregistering): (slave ip6erspan0): Releasing active interface [ 457.423726][ T81] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 457.452468][ T81] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 457.469592][ T81] bond0 (unregistering): Released all slaves [ 457.619454][T14240] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 457.622438][T14240] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 457.626133][T14240] vhci_hcd vhci_hcd.0: Device attached [ 457.779706][ T81] bond1 (unregistering): Released all slaves [ 457.836317][T14241] vhci_hcd: connection closed [ 457.837590][ T1192] vhci_hcd: stop threads [ 457.841894][ T1192] vhci_hcd: release socket [ 457.843557][ T1192] vhci_hcd: disconnect device [ 457.880308][ T81] tipc: Left network mode [ 457.889425][ T64] Bluetooth: hci2: command tx timeout [ 457.899187][ T6015] usb 42-1: enqueue for inactive port 0 [ 458.390559][ T6015] usb usb42-port1: attempt power cycle [ 458.548591][T14274] FAULT_INJECTION: forcing a failure. [ 458.548591][T14274] name failslab, interval 1, probability 0, space 0, times 0 [ 458.556549][T14274] CPU: 3 UID: 0 PID: 14274 Comm: syz.2.2344 Not tainted syzkaller #0 PREEMPT(full) [ 458.556569][T14274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 458.556579][T14274] Call Trace: [ 458.556584][T14274] [ 458.556590][T14274] dump_stack_lvl+0x16c/0x1f0 [ 458.556612][T14274] should_fail_ex+0x512/0x640 [ 458.556629][T14274] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 458.556653][T14274] should_failslab+0xc2/0x120 [ 458.556676][T14274] kmem_cache_alloc_noprof+0x75/0x6e0 [ 458.556694][T14274] ? __kernfs_new_node+0xd2/0x8e0 [ 458.556718][T14274] ? __kernfs_new_node+0xd2/0x8e0 [ 458.556734][T14274] __kernfs_new_node+0xd2/0x8e0 [ 458.556752][T14274] ? __pfx___kernfs_new_node+0x10/0x10 [ 458.556772][T14274] ? find_held_lock+0x2b/0x80 [ 458.556786][T14274] ? kernfs_root+0xee/0x2a0 [ 458.556798][T14274] kernfs_new_node+0x13c/0x1e0 [ 458.556812][T14274] kernfs_create_link+0xcc/0x240 [ 458.556827][T14274] sysfs_do_create_link_sd+0x90/0x140 [ 458.556844][T14274] sysfs_create_link+0x61/0xc0 [ 458.556860][T14274] driver_sysfs_add+0x112/0x2d0 [ 458.556878][T14274] device_bind_driver+0x16/0x70 [ 458.556888][T14274] mac80211_hwsim_new_radio+0x3e8/0x50b0 [ 458.556909][T14274] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 458.556923][T14274] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 458.556942][T14274] hwsim_new_radio_nl+0xba2/0x1330 [ 458.556958][T14274] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 458.556976][T14274] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 458.556989][T14274] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 458.557002][T14274] genl_family_rcv_msg_doit+0x209/0x2f0 [ 458.557014][T14274] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 458.557029][T14274] ? bpf_lsm_capable+0x9/0x10 [ 458.557044][T14274] ? security_capable+0x7e/0x260 [ 458.557056][T14274] ? ns_capable+0xd7/0x110 [ 458.557069][T14274] genl_rcv_msg+0x55c/0x800 [ 458.557081][T14274] ? __pfx_genl_rcv_msg+0x10/0x10 [ 458.557092][T14274] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 458.557111][T14274] netlink_rcv_skb+0x158/0x420 [ 458.557126][T14274] ? __pfx_genl_rcv_msg+0x10/0x10 [ 458.557137][T14274] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 458.557159][T14274] ? netlink_deliver_tap+0x1ae/0xd30 [ 458.557176][T14274] genl_rcv+0x28/0x40 [ 458.557184][T14274] netlink_unicast+0x5aa/0x870 [ 458.557202][T14274] ? __pfx_netlink_unicast+0x10/0x10 [ 458.557222][T14274] netlink_sendmsg+0x8c8/0xdd0 [ 458.557240][T14274] ? __pfx_netlink_sendmsg+0x10/0x10 [ 458.557257][T14274] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 458.557272][T14274] ____sys_sendmsg+0xa98/0xc70 [ 458.557284][T14274] ? __pfx_____sys_sendmsg+0x10/0x10 [ 458.557293][T14274] ? get_compat_msghdr+0x11a/0x170 [ 458.557313][T14274] ___sys_sendmsg+0x134/0x1d0 [ 458.557328][T14274] ? __pfx____sys_sendmsg+0x10/0x10 [ 458.557356][T14274] ? find_held_lock+0x2b/0x80 [ 458.557385][T14274] __sys_sendmsg+0x16d/0x220 [ 458.557403][T14274] ? __pfx___sys_sendmsg+0x10/0x10 [ 458.557431][T14274] ? rcu_is_watching+0x12/0xc0 [ 458.557453][T14274] __do_fast_syscall_32+0x7c/0x300 [ 458.557467][T14274] do_fast_syscall_32+0x32/0x80 [ 458.557478][T14274] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 458.557492][T14274] RIP: 0023:0xf7f24579 [ 458.557500][T14274] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 458.557510][T14274] RSP: 002b:00000000f541655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 458.557520][T14274] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 458.557527][T14274] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 458.557537][T14274] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 458.557543][T14274] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 458.557549][T14274] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 458.557564][T14274] [ 458.753170][T14194] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 458.757705][T14194] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 458.766323][T14194] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 458.776070][T14194] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 458.841173][T14194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 458.848051][ T81] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.850644][ T81] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 458.890980][ T81] veth1_vlan: left promiscuous mode [ 458.893881][ T81] veth0_vlan: left promiscuous mode [ 458.980939][ T6015] usb usb42-port1: unable to enumerate USB device [ 459.027560][ T81] pimreg3 (unregistering): left allmulticast mode [ 459.260638][ T81] team0 (unregistering): Port device team_slave_1 removed [ 459.290410][ T81] team0 (unregistering): Port device team_slave_0 removed [ 459.494636][ T1192] smc: removing ib device syz2 [ 459.962145][ T64] Bluetooth: hci2: command tx timeout [ 460.287271][T14194] 8021q: adding VLAN 0 to HW filter on device team0 [ 460.325277][T14194] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 460.329604][T14194] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 460.366848][ T1231] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.369295][ T1231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.394703][ T1231] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.397120][ T1231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 460.546216][T14194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 460.593606][T14194] veth0_vlan: entered promiscuous mode [ 460.604698][T14194] veth1_vlan: entered promiscuous mode [ 460.631952][T14194] veth0_macvtap: entered promiscuous mode [ 460.638264][T14316] digital: digital_start_poll: Unknown protocol [ 460.665532][T14194] veth1_macvtap: entered promiscuous mode [ 460.690327][T14194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 460.709248][T14194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 460.724262][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.729443][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.740066][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.750322][ T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.767608][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 460.771512][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.790236][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 460.794168][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.884705][ T81] IPVS: stop unused estimator thread 0... [ 461.200808][T14333] lo speed is unknown, defaulting to 1000 [ 461.797791][T14342] ubi: mtd0 is already attached to ubi31 [ 461.917485][T14342] infiniband qyz0: set active [ 461.919525][T14342] infiniband qyz0: added bridge_slave_1 [ 461.937572][T14342] RDS/IB: qyz0: added [ 461.939099][T14342] smc: adding ib device qyz0 with port count 1 [ 461.941271][T14342] smc: ib device qyz0 port 1 has no pnetid [ 462.052467][ T5951] Bluetooth: hci2: command tx timeout [ 462.424519][T14349] digital: digital_start_poll: Unknown protocol [ 462.601463][T14366] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2365'. [ 462.610167][T14366] binder_alloc: 14365: binder_alloc_buf, no vma [ 462.855099][ T6016] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 462.892688][ T5305] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 462.907532][ T5305] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 462.911585][ T5305] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 462.921972][ T5305] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 462.935655][ T5305] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 463.039345][T14376] lo speed is unknown, defaulting to 1000 [ 463.163383][ T5951] Bluetooth: hci4: command 0x0406 tx timeout [ 463.206667][T14376] chnl_net:caif_netlink_parms(): no params data found [ 463.253009][T14376] bridge0: port 1(bridge_slave_0) entered blocking state [ 463.255764][T14376] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.258147][T14376] bridge_slave_0: entered allmulticast mode [ 463.260856][T14376] bridge_slave_0: entered promiscuous mode [ 463.264390][T14376] bridge0: port 2(bridge_slave_1) entered blocking state [ 463.266775][T14376] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.269246][T14376] bridge_slave_1: entered allmulticast mode [ 463.271972][T14376] bridge_slave_1: entered promiscuous mode [ 463.288356][T14376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 463.293529][T14376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 463.310830][T14376] team0: Port device team_slave_0 added [ 463.315407][T14376] team0: Port device team_slave_1 added [ 463.329309][T14376] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.331698][T14376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.339968][T14376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.344382][T14376] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.346660][T14376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.355067][T14376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.380692][T14376] hsr_slave_0: entered promiscuous mode [ 463.383107][T14376] hsr_slave_1: entered promiscuous mode [ 463.385587][T14376] debugfs: 'hsr0' already exists in 'hsr' [ 463.387473][T14376] Cannot create hsr debugfs directory [ 463.472165][T14376] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.478377][T14376] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 463.572457][T14376] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.579042][T14376] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 463.611351][T14420] digital: digital_start_poll: Unknown protocol [ 463.683472][T14376] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.689209][T14376] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 463.729062][T14433] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2373'. [ 463.733903][T14433] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2373'. [ 463.793894][T14376] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.797401][T14376] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 463.941222][T14376] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 463.947551][T14376] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 463.956852][T14376] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 463.963705][T14376] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 464.076472][T14376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 464.124223][ T64] Bluetooth: hci2: command tx timeout [ 464.129928][T14376] 8021q: adding VLAN 0 to HW filter on device team0 [ 464.145249][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.147981][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.168507][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.171129][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 464.501800][T14376] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.522199][T14376] veth0_vlan: entered promiscuous mode [ 464.528511][T14376] veth1_vlan: entered promiscuous mode [ 464.542674][T14376] veth0_macvtap: entered promiscuous mode [ 464.547655][T14376] veth1_macvtap: entered promiscuous mode [ 464.556303][T14376] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.562187][T14376] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.568534][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.571567][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.575497][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.578425][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.613628][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.616379][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.627799][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.631534][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.164908][ T64] Bluetooth: hci1: command tx timeout [ 467.246607][ T64] Bluetooth: hci1: command tx timeout [ 469.328377][ T64] Bluetooth: hci1: command tx timeout [ 470.130228][T14476] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2376'. [ 470.132161][T14479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2375'. [ 470.135061][T14477] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2377'. [ 470.186051][T14486] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2379'. [ 470.212158][T14489] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2375'. [ 470.238929][T14479] overlay: filesystem on ./file1 not supported [ 470.389465][T14491] digital: digital_start_poll: Unknown protocol [ 471.280505][T14521] netlink: zone id is out of range [ 471.422127][ T64] Bluetooth: hci1: command tx timeout [ 471.632237][ T40] audit: type=1800 audit(1764670952.452:1763): pid=14530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2391" name="file0" dev="9p" ino=72095633 res=0 errno=0 [ 474.794886][T14555] vivid-002: disconnect [ 474.892779][T14555] vivid-002: reconnect [ 475.122966][T14574] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2401'. [ 475.337484][T14586] 9pnet_virtio: no channels available for device syz [ 475.388305][T14583] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2405'. [ 475.602925][T14590] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 477.169665][T14599] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2407'. [ 477.822805][T14608] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 478.457904][T14625] ================================================================== [ 478.461381][T14625] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70 [ 478.464825][T14625] Read of size 8 at addr ffff88804e81e830 by task syz.3.2416/14625 [ 478.469859][T14625] [ 478.470954][T14625] CPU: 0 UID: 0 PID: 14625 Comm: syz.3.2416 Not tainted syzkaller #0 PREEMPT(full) [ 478.470977][T14625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 478.470988][T14625] Call Trace: [ 478.470994][T14625] [ 478.471001][T14625] dump_stack_lvl+0x116/0x1f0 [ 478.471024][T14625] print_report+0xcd/0x630 [ 478.471049][T14625] ? __virt_addr_valid+0x81/0x610 [ 478.471070][T14625] ? __phys_addr+0xe8/0x180 [ 478.471091][T14625] ? sysfs_remove_file_ns+0x63/0x70 [ 478.471112][T14625] kasan_report+0xe0/0x110 [ 478.471134][T14625] ? sysfs_remove_file_ns+0x63/0x70 [ 478.471158][T14625] sysfs_remove_file_ns+0x63/0x70 [ 478.471178][T14625] driver_remove_file+0x4a/0x60 [ 478.471198][T14625] bus_remove_driver+0x224/0x2c0 [ 478.471224][T14625] driver_unregister+0x76/0xb0 [ 478.471241][T14625] comedi_device_detach_locked+0x12f/0xa50 [ 478.471265][T14625] do_devconfig_ioctl+0x555/0x710 [ 478.471288][T14625] ? __mutex_lock+0x1c5/0x1060 [ 478.471305][T14625] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 478.471334][T14625] ? kasan_save_stack+0x42/0x60 [ 478.471353][T14625] ? kasan_save_stack+0x33/0x60 [ 478.471372][T14625] ? kasan_save_track+0x14/0x30 [ 478.471392][T14625] ? __kasan_save_free_info+0x3b/0x60 [ 478.471408][T14625] ? __kasan_slab_free+0x5f/0x80 [ 478.471427][T14625] ? kfree+0x2b8/0x6d0 [ 478.471442][T14625] ? tomoyo_path_number_perm+0x470/0x580 [ 478.471462][T14625] ? security_file_ioctl_compat+0x9b/0x240 [ 478.471485][T14625] comedi_unlocked_ioctl+0x165d/0x2f00 [ 478.471505][T14625] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 478.471528][T14625] ? kasan_quarantine_put+0x10a/0x240 [ 478.471548][T14625] ? lockdep_hardirqs_on+0x7c/0x110 [ 478.471565][T14625] ? find_held_lock+0x2b/0x80 [ 478.471584][T14625] ? tomoyo_path_number_perm+0x295/0x580 [ 478.471606][T14625] ? tomoyo_path_number_perm+0x18d/0x580 [ 478.471626][T14625] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 478.471648][T14625] comedi_compat_ioctl+0x1d0/0x990 [ 478.471672][T14625] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 478.471690][T14625] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 478.471710][T14625] ? do_vfs_ioctl+0x128/0x14f0 [ 478.471726][T14625] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 478.471744][T14625] ? find_held_lock+0x2b/0x80 [ 478.471762][T14625] ? hook_file_ioctl_common+0x145/0x410 [ 478.471786][T14625] ? __fget_files+0x20e/0x3c0 [ 478.471803][T14625] ? __ia32_compat_sys_openat+0x110/0x210 [ 478.471822][T14625] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 478.471839][T14625] __ia32_compat_sys_ioctl+0x242/0x370 [ 478.471856][T14625] __do_fast_syscall_32+0x7c/0x300 [ 478.471875][T14625] do_fast_syscall_32+0x32/0x80 [ 478.471892][T14625] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 478.471912][T14625] RIP: 0023:0xf70dd579 [ 478.471925][T14625] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 478.471940][T14625] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 478.471957][T14625] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 478.471969][T14625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 478.471978][T14625] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 478.471989][T14625] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 478.471999][T14625] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 478.472014][T14625] [ 478.472020][T14625] [ 478.609868][T14625] Allocated by task 14221: [ 478.611830][T14625] kasan_save_stack+0x33/0x60 [ 478.613504][T14625] kasan_save_track+0x14/0x30 [ 478.615429][T14625] __kasan_kmalloc+0xaa/0xb0 [ 478.617397][T14625] __kmalloc_node_noprof+0x347/0x8a0 [ 478.619697][T14625] alloc_slab_obj_exts+0x43/0xf0 [ 478.621820][T14625] new_slab+0x283/0x360 [ 478.623522][T14625] ___slab_alloc+0xd79/0x1a50 [ 478.625209][T14625] __kmem_cache_alloc_bulk+0x225/0x770 [ 478.627697][T14625] kmem_cache_alloc_bulk_noprof+0x23d/0x5a0 [ 478.630262][T14625] __io_alloc_req_refill+0x9d/0x5e0 [ 478.632556][T14625] io_submit_sqes+0xe07/0x2710 [ 478.634227][T14625] __do_sys_io_uring_enter+0xd69/0x1630 [ 478.636596][T14625] __do_fast_syscall_32+0x7c/0x300 [ 478.638783][T14625] do_fast_syscall_32+0x32/0x80 [ 478.640886][T14625] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 478.643214][T14625] [ 478.644263][T14625] Freed by task 15: [ 478.645903][T14625] kasan_save_stack+0x33/0x60 [ 478.647932][T14625] kasan_save_track+0x14/0x30 [ 478.649944][T14625] __kasan_save_free_info+0x3b/0x60 [ 478.651832][T14625] __kasan_slab_free+0x5f/0x80 [ 478.653888][T14625] kfree+0x2b8/0x6d0 [ 478.655579][T14625] __free_slab+0x12f/0x180 [ 478.657501][T14625] rcu_core+0x79c/0x1530 [ 478.659331][T14625] handle_softirqs+0x219/0x8e0 [ 478.660924][T14625] run_ksoftirqd+0x3a/0x60 [ 478.662839][T14625] smpboot_thread_fn+0x3f7/0xae0 [ 478.665014][T14625] kthread+0x3c5/0x780 [ 478.666781][T14625] ret_from_fork+0x675/0x7d0 [ 478.668649][T14625] ret_from_fork_asm+0x1a/0x30 [ 478.670440][T14625] [ 478.671547][T14625] The buggy address belongs to the object at ffff88804e81e800 [ 478.671547][T14625] which belongs to the cache kmalloc-256 of size 256 [ 478.677227][T14625] The buggy address is located 48 bytes inside of [ 478.677227][T14625] freed 256-byte region [ffff88804e81e800, ffff88804e81e900) [ 478.682683][T14625] [ 478.683729][T14625] The buggy address belongs to the physical page: [ 478.686032][T14625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804e81e800 pfn:0x4e81e [ 478.690179][T14625] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 478.693488][T14625] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff) [ 478.696987][T14625] page_type: f5(slab) [ 478.698731][T14625] raw: 04fff00000000240 ffff88801b442b40 ffffea00012cca10 ffffea000104db90 [ 478.701993][T14625] raw: ffff88804e81e800 0000000000100001 00000000f5000000 0000000000000000 [ 478.705610][T14625] head: 04fff00000000240 ffff88801b442b40 ffffea00012cca10 ffffea000104db90 [ 478.709176][T14625] head: ffff88804e81e800 0000000000100001 00000000f5000000 0000000000000000 [ 478.712554][T14625] head: 04fff00000000001 ffffea00013a0781 00000000ffffffff 00000000ffffffff [ 478.716206][T14625] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 478.719479][T14625] page dumped because: kasan: bad access detected [ 478.722161][T14625] page_owner tracks the page as allocated [ 478.724582][T14625] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12011, tgid 12010 (syz.0.1779), ts 315364658537, free_ts 310210393917 [ 478.733052][T14625] post_alloc_hook+0x1af/0x220 [ 478.735130][T14625] get_page_from_freelist+0x10a3/0x3a30 [ 478.737414][T14625] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 478.739562][T14625] alloc_pages_mpol+0x1fb/0x550 [ 478.741668][T14625] new_slab+0x24a/0x360 [ 478.743466][T14625] ___slab_alloc+0xd79/0x1a50 [ 478.745467][T14625] __slab_alloc.constprop.0+0x63/0x110 [ 478.747505][T14625] __kmalloc_noprof+0x501/0x880 [ 478.749516][T14625] io_cache_alloc_new+0x45/0xf0 [ 478.751645][T14625] __io_prep_rw+0x21d/0x1060 [ 478.753624][T14625] io_prep_rw+0x76/0x2c0 [ 478.755393][T14625] io_prep_writev+0x23/0xa0 [ 478.756944][T14625] io_submit_sqes+0x855/0x2710 [ 478.759011][T14625] __do_sys_io_uring_enter+0xd69/0x1630 [ 478.761352][T14625] __do_fast_syscall_32+0x7c/0x300 [ 478.763533][T14625] do_fast_syscall_32+0x32/0x80 [ 478.765260][T14625] page last free pid 11904 tgid 11903 stack trace: [ 478.767963][T14625] __free_frozen_pages+0x7df/0x1160 [ 478.770176][T14625] qlist_free_all+0x4d/0x120 [ 478.772067][T14625] kasan_quarantine_reduce+0x195/0x1e0 [ 478.774114][T14625] __kasan_slab_alloc+0x69/0x90 [ 478.776147][T14625] kmem_cache_alloc_lru_noprof+0x254/0x6e0 [ 478.778655][T14625] alloc_inode+0xc3/0x240 [ 478.780381][T14625] new_inode+0x22/0x1c0 [ 478.781955][T14625] autofs_get_inode+0x20/0x330 [ 478.784031][T14625] autofs_dir_mkdir+0x28a/0x780 [ 478.786125][T14625] vfs_mkdir+0x593/0x8c0 [ 478.787958][T14625] do_mkdirat+0x304/0x3e0 [ 478.789771][T14625] __ia32_sys_mkdirat+0x82/0xb0 [ 478.791594][T14625] __do_fast_syscall_32+0x7c/0x300 [ 478.793766][T14625] do_fast_syscall_32+0x32/0x80 [ 478.795833][T14625] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 478.798534][T14625] [ 478.799581][T14625] Memory state around the buggy address: [ 478.802046][T14625] ffff88804e81e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 478.805399][T14625] ffff88804e81e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 478.808777][T14625] >ffff88804e81e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 478.812182][T14625] ^ [ 478.814515][T14625] ffff88804e81e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 478.817880][T14625] ffff88804e81e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 478.821195][T14625] ================================================================== [ 478.844139][T14625] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 478.847254][T14625] CPU: 0 UID: 0 PID: 14625 Comm: syz.3.2416 Not tainted syzkaller #0 PREEMPT(full) [ 478.850879][T14625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 SYZFAIL: failed to recv rpc [ 478.854833][T14625] Call Trace: [ 478.856236][T14625] [ 478.857306][T14625] dump_stack_lvl+0x3d/0x1f0 [ 478.858798][T14625] vpanic+0x640/0x6f0 [ 478.860026][T14625] panic+0xca/0xd0 [ 478.861136][T14625] ? __pfx_panic+0x10/0x10 [ 478.862492][T14625] ? sysfs_remove_file_ns+0x63/0x70 [ 478.864033][T14625] ? preempt_schedule_common+0x44/0xc0 [ 478.865673][T14625] ? preempt_schedule_thunk+0x16/0x30 [ 478.867281][T14625] check_panic_on_warn+0xab/0xb0 [ 478.868754][T14625] end_report+0x107/0x170 [ 478.870048][T14625] kasan_report+0xee/0x110 [ 478.871449][T14625] ? sysfs_remove_file_ns+0x63/0x70 [ 478.872991][T14625] sysfs_remove_file_ns+0x63/0x70 [ 478.874670][T14625] driver_remove_file+0x4a/0x60 [ 478.876524][T14625] bus_remove_driver+0x224/0x2c0 [ 478.878341][T14625] driver_unregister+0x76/0xb0 [ 478.880184][T14625] comedi_device_detach_locked+0x12f/0xa50 [ 478.882308][T14625] do_devconfig_ioctl+0x555/0x710 [ 478.884052][T14625] ? __mutex_lock+0x1c5/0x1060 [ 478.885886][T14625] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 478.887998][T14625] ? kasan_save_stack+0x42/0x60 [ 478.889816][T14625] ? kasan_save_stack+0x33/0x60 [ 478.891653][T14625] ? kasan_save_track+0x14/0x30 [ 478.893468][T14625] ? __kasan_save_free_info+0x3b/0x60 [ 478.895547][T14625] ? __kasan_slab_free+0x5f/0x80 [ 478.897401][T14625] ? kfree+0x2b8/0x6d0 [ 478.899040][T14625] ? tomoyo_path_number_perm+0x470/0x580 [ 478.901257][T14625] ? security_file_ioctl_compat+0x9b/0x240 [ 478.903540][T14625] comedi_unlocked_ioctl+0x165d/0x2f00 [ 478.905754][T14625] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 478.907940][T14625] ? kasan_quarantine_put+0x10a/0x240 [ 478.909933][T14625] ? lockdep_hardirqs_on+0x7c/0x110 [ 478.911969][T14625] ? find_held_lock+0x2b/0x80 [ 478.913941][T14625] ? tomoyo_path_number_perm+0x295/0x580 [ 478.916043][T14625] ? tomoyo_path_number_perm+0x18d/0x580 [ 478.918413][T14625] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 478.920630][T14625] comedi_compat_ioctl+0x1d0/0x990 [ 478.922632][T14625] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 478.924776][T14625] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 478.927038][T14625] ? do_vfs_ioctl+0x128/0x14f0 [ 478.928872][T14625] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 478.930765][T14625] ? find_held_lock+0x2b/0x80 [ 478.932553][T14625] ? hook_file_ioctl_common+0x145/0x410 [ 478.934754][T14625] ? __fget_files+0x20e/0x3c0 [ 478.936426][T14625] ? __ia32_compat_sys_openat+0x110/0x210 [ 478.938479][T14625] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 478.940569][T14625] __ia32_compat_sys_ioctl+0x242/0x370 [ 478.942524][T14625] __do_fast_syscall_32+0x7c/0x300 [ 478.944353][T14625] do_fast_syscall_32+0x32/0x80 [ 478.946205][T14625] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 478.948555][T14625] RIP: 0023:0xf70dd579 [ 478.950082][T14625] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 478.957343][T14625] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 478.960460][T14625] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 478.963447][T14625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 478.966403][T14625] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 478.969463][T14625] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 478.972373][T14625] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 478.975245][T14625] [ 478.977105][T14625] Kernel Offset: disabled [ 478.978728][T14625] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:05:35 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85288f55 RDI=ffffffff9add4de0 RBP=ffffffff9add4da0 RSP=ffffc900045d71f0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3430383838666666 R12=0000000000000000 R13=0000000000000064 R14=ffffffff9add4da0 R15=ffffffff85288ef0 RIP=ffffffff85288f7f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977fe000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000056f224c0 CR3=0000000065279000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000011514df RBX=0000000000000001 RCX=ffffffff8b6032a9 RDX=0000000000000000 RSI=ffffffff8da2bee9 RDI=ffffffff8bf08840 RBP=ffffed1003b5e490 RSP=ffffc9000046fde8 R8 =0000000000000001 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001 R12=0000000000000001 R13=ffff88801daf2480 R14=ffffffff90826cd0 R15=0000000000000000 RIP=ffffffff8b601d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978fe000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000034322ffc CR3=0000000051848000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff95a97bb8 RBX=0000000000000001 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff88802b424088 RBP=ffff888049d48000 RSP=ffffc900037bf820 R8 =0000000000000001 R9 =0000000000000001 R10=ffff888049d48007 R11=0000000000000001 R12=000000002b224001 R13=0000000000000000 R14=0000000000000000 R15=ffff88802b424088 RIP=ffffffff819896d7 RFL=00000097 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979fe000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c38e392 CR3=0000000066f02000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff888025dd2500 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff8db1b6bd RDI=ffffffff8bf08840 RBP=ffff88802b43a4d8 RSP=ffffc90003ac7788 R8 =0000000000000000 R9 =fffffbfff2104d9a R10=ffffffff90826cd7 R11=0000000000000001 R12=ffff888025dd2480 R13=ffff888025dd2fb0 R14=00000000ffffffff R15=0000000000000000 RIP=ffffffff8b603a30 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097afe000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000030702ffc CR3=000000006523c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000