last executing test programs: 3.600275805s ago: executing program 2 (id=789): socket$inet6_tcp(0xa, 0x1, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000300)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0, 0x0, 0x3}, 0x18) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x2, 0xa, 0x0, 0x0, 0x2, 0x0, 0x0, 0x400000}, 0x10}}, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x400) socket$unix(0x1, 0x2, 0x0) r2 = fsopen(&(0x7f00000000c0)='nfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000005c0)='\r\xe9$\x15\xb0yl8\xc2\x1a\xe5\xa1\xe2\xf5b4R;-b\xcbK\xec;6\xb6<\xf5q\x89\xf2\x10B\x92d\xa5\xcc \t\x13\xff\xef\xe6\xd5\xc7\xfb\xca\a(\x87\x03\xa2L\xb1wy\x06\xf1\xf3\x11\xec\xac\x93=\xfds@\xf0a\xb9/\x93\x01\v\xa8C\xf0E\x14\'\xa5\x03\x06\xa6\xd3\xec\xeaa\vZ\t\x91\xd0\x17:N\xe6\xf5\xf0\x05p\x00o\n?\xd9\xb2\xbb\xc1\x1ae\xf3Y.\xe7b\xd9\xf9m\xd0\xbe\a\x80\xbf\r\x94\x1aG\xe8\x8f\xaf\xd0n\xefmM\x17\x9a\x00\xff\x04\xa2\xe3\x8b\x18\xa5\x9e\xef\xce\t\noW\x99s_\x9a\xd3:\x10:,\x18PM\x9b\x1d\x84\xac\xe35\x06\xb8\xfdR\xbd\xaf\x03\xcd\x87\x85 \xb9ly\x7f\x17\x7f\x8dTG\xbfM\xb5\xa8I\xd4\x83\a\xf4\xb5/\xcb-m\x12cy\xe8\xad\x8bi\xcd\xa3,R9_\x9e\x00M\x00Jj\x1a\x19\xc4#\x04\xb8S+\x92\xb4\x11\xeaD\x83\xd5\x96\x8b\xd78\xa3\x9d8$\xdf\xea\xe6\x10V%\x1e\xbd\xd5\xcbg\xb6oWQ\xea\xc9\x91\xcd\xd8xL\xd8\xfe6\xff\xbd\x9f\xec\xb6\x83\xac\xaf;\x04\x00DG\x86\xd821\x92Wq\xe7\xb6\xf3\xadd_vV\xb4x\x85Y\xb5\xf0\xe9\xaa$\r\xbdE\x83\xf6\xd30x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffebe, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r4, 0xcccccccc}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_open_dev$hidraw(0x0, 0x3ff, 0x1b3548891d479433) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newtaction={0x18, 0x30, 0x1, 0x70bd2c, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x895}, 0xfcbd7da8eb397c75) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x2) syz_open_dev$dri(0x0, 0x1f, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) 1.959473848s ago: executing program 2 (id=808): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8001}, 0x4) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f0000000100)=""/148, &(0x7f0000000040)=0x94) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, 0x0, r1, 0x0, 0x256) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0x5}}, './file0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r2) 1.910365061s ago: executing program 0 (id=809): syz_80211_inject_frame(0x0, 0x0, 0x0) (fail_nth: 14) 1.906356911s ago: executing program 2 (id=810): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_usb_connect(0x6, 0x36, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r0, &(0x7f0000003740)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0) r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x20000004, 0x2) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r2, 0xc4c03d09, &(0x7f0000000140)) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0c0000000408000004000000018000000000000012c8b21e088f9e90f3e59a6066a9fb2f581d7a72a1a20a9ae865c386c2689b4e366d978a67ec54ff3baaf0ca2f0c711dd07a2978c794118f131236b8484adee277f2fdfaf06afe3db8f1e8a00ecc9441e611b6e5cd7f8c64fba631c39889a27b48ada185ed56be2608829c6eb0c4090764e93cfb0e08b65f37bee14ab4afdb9d31968177613d9f6f61675cc12f1c3c20c05ab5542d5cbfff5e6bfc656a29158727936feb76de0aa02a5c034867edd2400e37841e101759e3fbb51c1e7f56b7b402e4e812a26a5429d72cd0e62e9a497c1bde8f", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r5}, 0x38) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)=0x1) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0xffffffffffffffff, 0x0}) io_uring_enter(0xffffffffffffffff, 0xdc7, 0xe4bd, 0x1, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000140)) 1.768049071s ago: executing program 3 (id=812): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x1, 0x19, 0x1f, 0x200, &(0x7f0000000140)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000011b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd01802e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c1758585757144e5ee3f7f4dcecc98123f9ded3afdebe13d79a7a101ef8bc6e6fb853111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd7974a3a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294dfc88cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb8a5869e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d6ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af962462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 1.659363262s ago: executing program 3 (id=814): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4) r0 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f0000114140)={0xfff, [], 0x8, "72da3e00e8a9cd"}) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x30313953, 0x4, 0xa, [{0x0, 0x8000000}, {0x10, 0xa4b}, {}, {}, {}, {}, {}, {0x0, 0x80000}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000800)={0x1ff, 0xffff, 0x6, 0x9, 0xa, "094a9e02c70c4c50"}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"]) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x200) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44881) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) recvmsg(r6, &(0x7f0000000440)={&(0x7f0000000300)=@qipcrtr, 0xce, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/173, 0xffffffffffffff82}, {&(0x7f00000004c0)=""/118, 0x77}, {&(0x7f0000000540)=""/199, 0xc7}, {&(0x7f0000000640)=""/98, 0x62}, {&(0x7f0000000740)=""/82}, {&(0x7f00000025c0)=""/4096}], 0x1fffffffffffffa1, &(0x7f00000006c0)=""/111, 0x71}, 0x142) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e21, 0x800004, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}, 0x7) r7 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r7, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) r8 = epoll_create1(0x80000) mount(&(0x7f0000000180)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='hfsplus\x00', 0x8002, 0x0) close_range(r8, r1, 0x2) 1.44940963s ago: executing program 1 (id=816): r0 = socket(0x11, 0x2, 0x0) setsockopt(r0, 0x107, 0x1, &(0x7f0000000080)="010000000000060000071a80000001cc", 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r1) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r2, 0x201, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x40800) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{0x1, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)}, 0x1c) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fchdir(r5) writev(r5, &(0x7f0000001400)=[{0x0}, {&(0x7f0000000200)="479972c47636a38654eeb12f5e946a3e0dfc73272c6e88f50f64acba798a4b859c364f61f4398c61202ebe9a50370849ddac7267a60b7d73c8ab7e32cef90225cc70ec53440b521c790da553e7859d47da9395cd77664000cd76fd4e", 0x5c}, {&(0x7f00000012c0)}, {&(0x7f0000001340)="869fb72978315fb6882ccabc40a2854d75bd248e27a7598d743be2deea92c329e6c16b2cefe7b192d891", 0x2a}], 0x4) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000380)=@raw=[@map_fd={0x18, 0x0, 0x1, 0x0, r5}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffa}, @map_fd={0x18, 0xb, 0x1, 0x0, r3}, @printk={@llx}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}], &(0x7f0000000100)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000440)='contention_end\x00', r6}, 0x18) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r7) close(r0) 1.427628069s ago: executing program 1 (id=817): mmap(&(0x7f00007ed000/0x800000)=nil, 0x800000, 0x1000000, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0x3}, 0x10) write(r2, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000000100000000000004080009000b000000", 0x24) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f00002b3000/0x2000)=nil, 0x1000}) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="04230d00c90001de6d"], 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bond0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e000100"/20, @ANYRES32=r6, @ANYBLOB="036b"], 0x1c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SG_IO(r7, 0x2285, &(0x7f00000001c0)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f00000005c0)="1a6c05073bc6", 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r3, &(0x7f0000000100)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x8000}}, 0x50) syz_fuse_handle_req(r3, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dedb505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d5e02bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdc9e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705079f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff759fc677a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e402b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10fd534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb75bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eec747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0xfffffffffffffffc, {0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) mmap(&(0x7f0000ed8000/0x3000)=nil, 0x3000, 0x2000000, 0x11, r0, 0xdb728000) io_setup(0x1fd, &(0x7f0000000480)=0x0) io_submit(r9, 0x4, &(0x7f0000000580)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r8, &(0x7f0000000240)="8116b40b38f3af1b75b26a4731217d1eaf53cef201000000000000001d6a2a8f1ae3a3a25d81", 0x26}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x7, 0x0, r7, &(0x7f00000002c0)="916f05d792727fd84d72e6fea7da718d7f8bbdc8b655f870a14a0efa4b755ba55b8dbac47d6febee7127324d", 0x2c, 0x2, 0x0, 0x1}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0xfffc, r0, &(0x7f0000000380)="cf52511505006c373e7114b9e61c703b0c19818acaa215fb47ddba2222d2670803f5f847703ed1b9b615cbfd34a63d311b68431a31cf282213da81cd4a8405fa6765081627e552c9f87566439d4e3b083963e3c9861728f0cb1c6e73cae6fb1021e5703beb949e0ddc48617b5c309549281f0dc8d6b8c38d3f0ce9b34e914904e734fcedfbdcc04b64", 0x89, 0x7fffffff, 0x0, 0x1}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x6, 0xe, r5, &(0x7f0000000600)="4ffe8bec317d7a21dc43944f5c39cd0ec12ace363ce3d57b820cdf2f4914a3184100e8d8ddace2c38310f9cab310185fa641f2bdfdf30bad1666691442188ed640457400a8167822424d905fd791d1986f8d0784150cda51b47859fb68b1961e71b8fa7f7f968362421a63091f4c985ab7054c5acc0fca358171cdc197cc3641a594e4c6e7606957b5eb11189205de396865a3467c0a4b55fc1a12b386206b98a2b864e72072f6647ec04a974ee86ba842ef93900a93d95e4dcf079eff4ed8a145d6667abe45374c3fc9c95797", 0xcd, 0x8, 0x0, 0x2, r8}]) openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x101000, 0x0) dup3(r8, r3, 0x80000) 1.360127886s ago: executing program 0 (id=818): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0xff00, &(0x7f0000000280)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d083910000000000000a1180015000600142603600e120900210000000401a80016000400144006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) 1.260407668s ago: executing program 0 (id=819): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) io_uring_enter(0xffffffffffffffff, 0x6252, 0xc09b, 0x0, 0x0, 0x0) ptrace$ARCH_FORCE_TAGGED_SVA(0x1e, r0, 0x0, 0x4004) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='smaps\x00') read$FUSE(r2, &(0x7f0000000180)={0x2020}, 0x2020) mmap(&(0x7f0000a24000/0x3000)=nil, 0x3000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f00000009c0)=@framed={{}, [@printk, @printk={@p, {0x3, 0x0, 0x6, 0xa, 0x1, 0xfff8, 0x41}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_clone(0x100400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x5, 0x400) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) 1.099668094s ago: executing program 1 (id=820): socket$inet(0x2, 0x3, 0x2) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x4, 0x0, 0x4, 0xfffffffe}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f0000000100)) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet6(0xa, 0x6, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x48340) socketpair(0x1e, 0x80805, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r3, 0xab00, r4) r5 = semget$private(0x0, 0x1, 0x80) semctl$IPC_STAT(r5, 0x0, 0x2, &(0x7f0000000000)=""/255) r6 = semget$private(0x0, 0x0, 0x628) semctl$SETALL(r6, 0x0, 0x11, &(0x7f0000000180)=[0x2, 0x26e, 0xa75, 0x7, 0x8]) semctl$IPC_INFO(r6, 0x0, 0x3, &(0x7f00000001c0)=""/4096) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000011c0)={0xe, 0x3, 0x3, 0x0, 0x1}) r7 = socket$inet6_icmp(0xa, 0x2, 0x3a) listen(r7, 0x800) semctl$SEM_STAT(r5, 0x1, 0x12, &(0x7f0000001200)=""/65) semctl$GETALL(r6, 0x0, 0xd, &(0x7f0000001280)=""/98) getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000001340)={{{@in6=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@mcast1}}, &(0x7f0000000140)=0xe4) semctl$IPC_SET(r6, 0x0, 0x1, &(0x7f00000035c0)={{0x1, r8, 0x0, r8, 0xffffffffffffffff, 0x42, 0x3}, 0x4, 0x800003, 0x0, 0x0, 0x0, 0x0, 0x401}) semctl$IPC_RMID(r6, 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r3, 0xab09, 0x4) ioctl$NBD_DO_IT(0xffffffffffffffff, 0xab03) close_range(r2, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="11000000040000000400000002"], 0x48) 810.297953ms ago: executing program 1 (id=821): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680)=0x1) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0xd, &(0x7f0000000080)=0x1) socket(0x28, 0x5, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='oom_adj\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r6 = openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff) socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) ioperm(0x83, 0x6, 0x8) execveat$binfmt(0xffffffffffffff9c, r5, 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000780)=[{&(0x7f0000000280)=""/86, 0x56}], 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x168) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014020000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x481e) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') 809.273254ms ago: executing program 3 (id=822): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) r3 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r3, 0x0, 0xd0, &(0x7f0000000200), &(0x7f0000000380)=0x4) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x40, r2, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd380}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}]}]}]}, 0x40}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000020001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)={0x34, r6, 0x1, 0x0, 0xffffffff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x34}}, 0x0) openat$fb0(0xffffff9c, &(0x7f0000000000), 0x2200, 0x0) 709.302398ms ago: executing program 3 (id=823): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d083910000000000000a1180015000600142603600e120900210000000401a80016000400144006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) (fail_nth: 5) 630.209907ms ago: executing program 0 (id=824): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874b790642c6163638173733d653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000300)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) sendto$inet6(r0, &(0x7f00000000c0)="b2", 0x5f65bd31, 0x20008840, &(0x7f0000000040)={0xa, 0x2, 0x80398, @loopback, 0xfffffffe}, 0x1c) close(0x3) 629.941823ms ago: executing program 3 (id=825): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) setreuid(0x0, 0x0) r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69) close(r2) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 629.774929ms ago: executing program 0 (id=826): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8}]}}}]}, 0x38}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0x3f}, {0x400, 0xa, [{0xc9, 0x40, 0xfff}, {0xc8, 0x5, 0x400}, {0xc9, 0x2, 0xe471}, {0xc8, 0x7, 0x10}, {0xc8, 0x5, 0x8}, {0xc9, 0x6, 0x2}, {0x0, 0x200, 0x8}, {0xc9, 0x3, 0x3}, {0xc9, 0x0, 0x6}, {0xc8, 0x96ad, 0xffff}]}}}, 0x42) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x9, 0x0, 0x8, 0x8, 0xd0, 0x876, 0x3}, &(0x7f0000000000)=0x9c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000000c0)={r3, 0x4e}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) ioctl$USBDEVFS_CONNECTINFO(r4, 0x80045503, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r8 = dup(r7) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) r9 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xb1ea, 0x10100, 0x0, 0x0, 0x0, r8}, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_enter(r9, 0x2ded, 0xef92, 0x0, 0x0, 0x0) gettid() r10 = eventfd2(0x0, 0x0) read$eventfd(r10, &(0x7f0000000040), 0x8) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000340)) r11 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r11, 0x40047438, &(0x7f0000000180)=""/246) 580.400019ms ago: executing program 3 (id=827): socket$nl_generic(0x10, 0x3, 0x10) capset(0x0, &(0x7f0000000140)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x1ad7, &(0x7f0000000400)={0x0, 0x400f691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) socket$alg(0x26, 0x5, 0x0) r4 = dup(0xffffffffffffffff) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x80042, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x31, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r6, 0x40047438, &(0x7f0000000180)=""/246) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r8 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r8, 0x400448c8, &(0x7f0000000480)={r7, r7, 0x8, 0x0, 0x0, 0x86, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f0000000100)={@none, 0x7}) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x41, 0x0) ioctl$TCSETS(r9, 0x40045431, 0x0) ioctl$PPPIOCGIDLE32(r6, 0x8008743f, 0x0) write$RDMA_USER_CM_CMD_BIND(r4, 0x0, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r10, 0x0, 0x0) recvfrom$inet6(r10, &(0x7f0000000080)=""/121, 0x79, 0x40010122, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x12000) 323.672093ms ago: executing program 1 (id=828): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x1c, 0x4, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc080}, 0xe821651e0a1b45fc) 323.159013ms ago: executing program 2 (id=829): r0 = socket(0x10, 0x2, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0x4c) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f00000004c0)=ANY=[@ANYRES16=r2, @ANYRESDEC=r2, @ANYRES32=r2, @ANYRESDEC], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) r7 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) close(r6) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) 0s ago: executing program 1 (id=830): timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) inotify_init1(0x0) (fail_nth: 5) kernel console output (not intermixed with test programs): !!! [ 55.334264][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.337144][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.534256][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.545603][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.664430][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.789483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.891878][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.994318][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 56.342756][ T6041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9'. [ 56.349528][ T6041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9'. [ 56.575782][ T1142] team0: Port device team_slave_0 removed [ 56.594568][ T5294] Bluetooth: hci1: command tx timeout [ 56.596879][ T5943] Bluetooth: hci2: command tx timeout [ 56.596892][ T5948] Bluetooth: hci0: command tx timeout [ 56.604873][ T5948] Bluetooth: hci3: command tx timeout [ 56.813631][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 56.942912][ T6047] openvswitch: netlink: Flow key attr not present in new flow. [ 57.291492][ T6057] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12'. [ 57.308500][ T6057] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12'. [ 58.475501][ T6065] block device autoloading is deprecated and will be removed. [ 58.674548][ T5948] Bluetooth: hci3: command tx timeout [ 58.674855][ T5294] Bluetooth: hci1: command tx timeout [ 58.676930][ T5948] Bluetooth: hci2: command tx timeout [ 58.684224][ T5948] Bluetooth: hci0: command tx timeout [ 59.987395][ T6086] Zero length message leads to an empty skb [ 60.035796][ T6088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19'. [ 60.045519][ T6088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19'. [ 60.205039][ T6093] netlink: 28 bytes leftover after parsing attributes in process `syz.3.17'. [ 60.754278][ T5943] Bluetooth: hci1: command tx timeout [ 60.754295][ T67] Bluetooth: hci3: command tx timeout [ 60.756127][ T5294] Bluetooth: hci0: command tx timeout [ 60.759626][ T5948] Bluetooth: hci2: command tx timeout [ 60.817578][ T834] cfg80211: failed to load regulatory.db [ 60.978447][ T5294] Bluetooth: hci3: Unknown advertising packet type: 0x70 [ 61.032378][ C3] sr 2:0:0:0: [sr0] tag#22 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 61.039124][ C3] sr 2:0:0:0: [sr0] tag#22 CDB: ATA command pass through(12)/Blank a1 36 b6 0b fa d6 [ 61.273862][ T6109] netlink: 'syz.1.24': attribute type 10 has an invalid length. [ 61.284211][ T57] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 61.339685][ T6109] syz_tun: entered promiscuous mode [ 61.409007][ T6113] netlink: 56 bytes leftover after parsing attributes in process `syz.3.25'. [ 61.409741][ T6109] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 61.444201][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 61.452170][ T57] usb 5-1: config 0 has no interfaces? [ 61.456175][ T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 61.459805][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.467957][ T57] usb 5-1: config 0 descriptor?? [ 61.683629][ T57] usb 5-1: USB disconnect, device number 2 [ 61.716878][ T6120] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.727538][ T6120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.27'. [ 61.731177][ T6120] bridge_slave_1: left allmulticast mode [ 61.732986][ T6120] bridge_slave_1: left promiscuous mode [ 61.736098][ T6120] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.827999][ T6120] bridge_slave_0: left allmulticast mode [ 61.830511][ T6120] bridge_slave_0: left promiscuous mode [ 61.835569][ T6120] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.128475][ T6124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.28'. [ 62.132867][ T6124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.28'. [ 62.372544][ T6131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30'. [ 62.378329][ T6131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30'. [ 62.546432][ T6130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.31'. [ 62.776428][ T6138] netlink: 12 bytes leftover after parsing attributes in process `syz.3.32'. [ 62.795788][ T6138] netlink: 'syz.3.32': attribute type 1 has an invalid length. [ 62.798233][ T6138] netlink: 'syz.3.32': attribute type 2 has an invalid length. [ 62.832791][ T6142] netlink: 16 bytes leftover after parsing attributes in process `syz.1.33'. [ 62.988185][ T6145] openvswitch: netlink: Flow key attr not present in new flow. [ 63.742252][ T6182] netlink: 4 bytes leftover after parsing attributes in process `syz.1.43'. [ 63.834808][ T6181] openvswitch: netlink: Flow key attr not present in new flow. [ 63.898529][ T6188] netlink: 'syz.2.46': attribute type 1 has an invalid length. [ 63.902051][ T6188] nbd: error processing sock list [ 64.414823][ T6203] netlink: 'syz.2.47': attribute type 1 has an invalid length. [ 64.417486][ T6203] netlink: 'syz.2.47': attribute type 2 has an invalid length. [ 64.908008][ T6214] openvswitch: netlink: Flow key attr not present in new flow. [ 65.614983][ T6250] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 65.617966][ T6250] overlayfs: missing 'lowerdir' [ 65.633216][ T6244] openvswitch: netlink: Flow key attr not present in new flow. [ 65.669957][ T6253] netlink: 'syz.1.63': attribute type 1 has an invalid length. [ 65.673206][ T6253] netlink: 'syz.1.63': attribute type 2 has an invalid length. [ 66.730278][ T40] audit: type=1800 audit(1747358343.143:2): pid=6279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.75" name="/newroot/21/bus" dev="tmpfs" ino=127 res=0 errno=0 [ 66.888384][ T6283] openvswitch: netlink: Flow key attr not present in new flow. [ 67.189123][ T6310] __nla_validate_parse: 9 callbacks suppressed [ 67.189139][ T6310] netlink: 12 bytes leftover after parsing attributes in process `syz.1.82'. [ 67.203985][ T6310] netlink: 'syz.1.82': attribute type 1 has an invalid length. [ 67.207153][ T6310] netlink: 'syz.1.82': attribute type 2 has an invalid length. [ 67.760212][ T6320] netlink: 4 bytes leftover after parsing attributes in process `syz.0.86'. [ 67.770840][ T6320] netlink: 4 bytes leftover after parsing attributes in process `syz.0.86'. [ 67.911577][ T6321] netlink: 16 bytes leftover after parsing attributes in process `syz.3.87'. [ 68.794019][ T6357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.98'. [ 68.799231][ T6357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.98'. [ 68.834331][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 68.835586][ T5948] Bluetooth: hci4: command 0x1003 tx timeout [ 68.902222][ T6360] netlink: 12 bytes leftover after parsing attributes in process `syz.1.96'. [ 68.912910][ T6360] netlink: 'syz.1.96': attribute type 1 has an invalid length. [ 68.916142][ T6360] netlink: 'syz.1.96': attribute type 2 has an invalid length. [ 69.837815][ T6386] netlink: 16 bytes leftover after parsing attributes in process `syz.0.105'. [ 69.843183][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.1.107'. [ 69.843958][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.1.107'. [ 70.844626][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.847170][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.968441][ T6428] netlink: 'syz.1.116': attribute type 1 has an invalid length. [ 70.976319][ T6428] netlink: 'syz.1.116': attribute type 2 has an invalid length. [ 72.310876][ T6487] __nla_validate_parse: 4 callbacks suppressed [ 72.310886][ T6487] netlink: 4 bytes leftover after parsing attributes in process `syz.2.137'. [ 72.319582][ T6487] netlink: 4 bytes leftover after parsing attributes in process `syz.2.137'. [ 72.345490][ T6488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.134'. [ 72.356484][ T6488] netlink: 'syz.1.134': attribute type 1 has an invalid length. [ 72.358998][ T6488] netlink: 'syz.1.134': attribute type 2 has an invalid length. [ 72.571862][ T6494] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.140'. [ 73.692387][ T6508] netlink: 16 bytes leftover after parsing attributes in process `syz.1.143'. [ 74.477000][ T6542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.152'. [ 74.481824][ T6542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.152'. [ 74.507675][ T6543] netlink: 12 bytes leftover after parsing attributes in process `syz.3.151'. [ 74.513335][ T6543] netlink: 'syz.3.151': attribute type 1 has an invalid length. [ 74.515979][ T6543] netlink: 'syz.3.151': attribute type 2 has an invalid length. [ 75.297035][ T6574] netlink: 16 bytes leftover after parsing attributes in process `syz.2.160'. [ 75.615443][ T6548] delete_channel: no stack [ 75.751215][ T6589] netlink: 4 bytes leftover after parsing attributes in process `syz.0.166'. [ 76.465076][ T6612] netlink: 'syz.0.171': attribute type 1 has an invalid length. [ 76.467699][ T6612] netlink: 'syz.0.171': attribute type 2 has an invalid length. [ 77.278287][ T6631] openvswitch: netlink: Flow key attr not present in new flow. [ 78.053678][ T6672] __nla_validate_parse: 5 callbacks suppressed [ 78.053718][ T6672] netlink: 12 bytes leftover after parsing attributes in process `syz.2.187'. [ 78.059699][ T6673] openvswitch: netlink: Flow key attr not present in new flow. [ 78.061197][ T6672] netlink: 'syz.2.187': attribute type 1 has an invalid length. [ 78.064797][ T6672] netlink: 'syz.2.187': attribute type 2 has an invalid length. [ 78.160229][ T6676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'. [ 78.172456][ T6676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'. [ 78.767362][ T6697] netlink: 16 bytes leftover after parsing attributes in process `syz.1.194'. [ 78.871116][ T6699] openvswitch: netlink: Flow key attr not present in new flow. [ 79.685115][ T6729] netlink: 4 bytes leftover after parsing attributes in process `syz.0.205'. [ 79.703733][ T6729] netlink: 4 bytes leftover after parsing attributes in process `syz.0.205'. [ 80.396806][ T6740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.209'. [ 80.399670][ T6740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.209'. [ 80.402511][ T6740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.209'. [ 80.405433][ T6740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.209'. [ 80.914092][ T6750] syzkaller0: mtu less than device minimum [ 82.489848][ T6792] capability: warning: `syz.1.222' uses deprecated v2 capabilities in a way that may be insecure [ 82.730434][ T6798] veth0: entered promiscuous mode [ 82.954408][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 83.019747][ T6795] veth0: left promiscuous mode [ 83.444266][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 83.453692][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 83.457582][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 83.461172][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 83.464694][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 83.469168][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 83.472555][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.766027][ T10] usb 5-1: GET_CAPABILITIES returned 44 [ 83.768063][ T10] usbtmc 5-1:16.0: can't read capabilities [ 84.202778][ T6828] input: syz0 as /devices/virtual/input/input5 [ 84.433773][ T6833] netlink: 'syz.2.234': attribute type 10 has an invalid length. [ 84.742810][ T6847] __nla_validate_parse: 50 callbacks suppressed [ 84.742822][ T6847] netlink: 4 bytes leftover after parsing attributes in process `syz.2.238'. [ 84.752894][ T6847] netlink: 4 bytes leftover after parsing attributes in process `syz.2.238'. [ 85.563711][ T6870] bond0: (slave syz_tun): Releasing backup interface [ 85.572193][ T6870] bridge_slave_0: left allmulticast mode [ 85.574045][ T6870] bridge_slave_0: left promiscuous mode [ 85.576074][ T6870] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.582286][ T6870] bridge_slave_1: left allmulticast mode [ 85.584490][ T6870] bridge_slave_1: left promiscuous mode [ 85.586372][ T6870] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.592109][ T6870] bond0: (slave bond_slave_0): Releasing backup interface [ 85.599049][ T6870] bond0: (slave bond_slave_1): Releasing backup interface [ 85.607739][ T6870] team0: Port device team_slave_0 removed [ 85.613272][ T6870] team0: Port device team_slave_1 removed [ 85.616344][ T6870] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.618703][ T6870] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.622035][ T6870] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.625229][ T6870] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.647336][ T6872] (syz.2.244,6872,3):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 85.650736][ T6872] (syz.2.244,6872,3):ocfs2_fill_super:1177 ERROR: status = -22 [ 85.709452][ T34] usb 5-1: USB disconnect, device number 3 [ 85.742377][ T6885] FAULT_INJECTION: forcing a failure. [ 85.742377][ T6885] name failslab, interval 1, probability 0, space 0, times 1 [ 85.748946][ T6885] CPU: 2 UID: 0 PID: 6885 Comm: syz.0.248 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 85.748961][ T6885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.748967][ T6885] Call Trace: [ 85.748971][ T6885] [ 85.748975][ T6885] dump_stack_lvl+0x16c/0x1f0 [ 85.748994][ T6885] should_fail_ex+0x512/0x640 [ 85.749010][ T6885] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 85.749022][ T6885] should_failslab+0xc2/0x120 [ 85.749036][ T6885] __kmalloc_cache_noprof+0x6a/0x3e0 [ 85.749045][ T6885] ? snd_pcm_hw_param_first+0x30d/0x6f0 [ 85.749061][ T6885] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 85.749077][ T6885] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 85.749095][ T6885] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 85.749114][ T6885] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 85.749130][ T6885] ? __asan_memset+0x23/0x50 [ 85.749139][ T6885] ? calc_src_frames.isra.0+0x187/0x1d0 [ 85.749151][ T6885] snd_pcm_oss_change_params_locked+0x1398/0x3b40 [ 85.749174][ T6885] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 85.749199][ T6885] ? get_pid_task+0xfc/0x250 [ 85.749216][ T6885] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 85.749233][ T6885] snd_pcm_oss_read+0x39b/0x760 [ 85.749250][ T6885] ? security_file_permission+0x71/0x210 [ 85.749266][ T6885] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 85.749283][ T6885] vfs_read+0x1de/0xc70 [ 85.749296][ T6885] ? __pfx_vfs_read+0x10/0x10 [ 85.749305][ T6885] ? find_held_lock+0x2b/0x80 [ 85.749316][ T6885] ? __fget_files+0x204/0x3c0 [ 85.749328][ T6885] ? __fget_files+0x20e/0x3c0 [ 85.749341][ T6885] ksys_read+0x12a/0x240 [ 85.749351][ T6885] ? __pfx_ksys_read+0x10/0x10 [ 85.749360][ T6885] ? rcu_is_watching+0x12/0xc0 [ 85.749371][ T6885] ? rcu_is_watching+0x12/0xc0 [ 85.749383][ T6885] __do_fast_syscall_32+0x73/0x120 [ 85.749400][ T6885] do_fast_syscall_32+0x32/0x80 [ 85.749416][ T6885] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.749428][ T6885] RIP: 0023:0xf7fb4579 [ 85.749437][ T6885] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 85.749446][ T6885] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 85.749456][ T6885] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800001c0 [ 85.749462][ T6885] RDX: 00000000000000d4 RSI: 0000000000000000 RDI: 0000000000000000 [ 85.749468][ T6885] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 85.749473][ T6885] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 85.749479][ T6885] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 85.749511][ T6885] [ 85.900065][ T6891] capability: warning: `syz.3.251' uses 32-bit capabilities (legacy support in use) [ 85.911053][ T6891] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.972670][ T6895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.250'. [ 85.987277][ T6895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.250'. [ 86.017067][ T6893] netlink: 'syz.1.252': attribute type 10 has an invalid length. [ 86.084914][ T6898] netlink: 'syz.3.253': attribute type 10 has an invalid length. [ 86.148642][ T6909] netlink: 'syz.3.256': attribute type 2 has an invalid length. [ 86.158402][ T6909] trusted_key: encrypted_key: master key parameter 'ecryptfstrusted:trusted:' is invalid [ 86.583295][ T6920] FAULT_INJECTION: forcing a failure. [ 86.583295][ T6920] name failslab, interval 1, probability 0, space 0, times 0 [ 86.589910][ T6920] CPU: 1 UID: 0 PID: 6920 Comm: syz.2.261 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 86.589924][ T6920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.589930][ T6920] Call Trace: [ 86.589933][ T6920] [ 86.589938][ T6920] dump_stack_lvl+0x16c/0x1f0 [ 86.589958][ T6920] should_fail_ex+0x512/0x640 [ 86.589973][ T6920] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 86.589993][ T6920] should_failslab+0xc2/0x120 [ 86.590006][ T6920] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 86.590017][ T6920] ? rcu_is_watching+0x12/0xc0 [ 86.590027][ T6920] ? prepare_creds+0x2c/0x7d0 [ 86.590045][ T6920] prepare_creds+0x2c/0x7d0 [ 86.590061][ T6920] copy_creds+0xa7/0xa50 [ 86.590090][ T6920] copy_process+0x10b1/0x91a0 [ 86.590105][ T6920] ? __lock_acquire+0x5ca/0x1ba0 [ 86.590128][ T6920] ? __pfx_copy_process+0x10/0x10 [ 86.590143][ T6920] ? find_held_lock+0x2b/0x80 [ 86.590152][ T6920] ? __might_fault+0xe3/0x190 [ 86.590164][ T6920] ? __might_fault+0xe3/0x190 [ 86.590175][ T6920] ? __might_fault+0x13b/0x190 [ 86.590191][ T6920] ? _copy_from_user+0x59/0xd0 [ 86.590209][ T6920] kernel_clone+0xfc/0x960 [ 86.590221][ T6920] ? get_pid_task+0xfc/0x250 [ 86.590236][ T6920] ? __pfx_kernel_clone+0x10/0x10 [ 86.590258][ T6920] __do_sys_clone3+0x212/0x290 [ 86.590271][ T6920] ? __pfx___do_sys_clone3+0x10/0x10 [ 86.590292][ T6920] ? __fget_files+0x20e/0x3c0 [ 86.590309][ T6920] ? rcu_is_watching+0x12/0xc0 [ 86.590321][ T6920] __do_fast_syscall_32+0x73/0x120 [ 86.590338][ T6920] do_fast_syscall_32+0x32/0x80 [ 86.590354][ T6920] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.590367][ T6920] RIP: 0023:0xf7f32579 [ 86.590375][ T6920] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 86.590384][ T6920] RSP: 002b:00000000f505642c EFLAGS: 00000286 ORIG_RAX: 00000000000001b3 [ 86.590394][ T6920] RAX: ffffffffffffffda RBX: 00000000f5056460 RCX: 0000000000000058 [ 86.590401][ T6920] RDX: 0000000000000000 RSI: 000000000a224400 RDI: 0000000000000000 [ 86.590406][ T6920] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 86.590412][ T6920] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 86.590417][ T6920] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 86.590430][ T6920] [ 87.132622][ T6944] raw_sendmsg: syz.3.268 forgot to set AF_INET. Fix it! [ 87.297963][ T40] audit: type=1326 audit(1747358363.713:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6952 comm="syz.2.271" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f32579 code=0x0 [ 87.666558][ T6961] ipt_REJECT: TCP_RESET invalid for non-tcp [ 87.721584][ T6967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.275'. [ 87.890521][ T6963] lo speed is unknown, defaulting to 1000 [ 87.892468][ T6963] lo speed is unknown, defaulting to 1000 [ 87.895691][ T6963] lo speed is unknown, defaulting to 1000 [ 87.899942][ T6963] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 87.905915][ T6963] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 87.922510][ T6963] lo speed is unknown, defaulting to 1000 [ 87.926736][ T6963] lo speed is unknown, defaulting to 1000 [ 87.929220][ T6963] lo speed is unknown, defaulting to 1000 [ 87.931807][ T6963] lo speed is unknown, defaulting to 1000 [ 88.071227][ T6973] netlink: 'syz.1.276': attribute type 10 has an invalid length. [ 88.076880][ T6973] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 88.107313][ T6963] lo speed is unknown, defaulting to 1000 [ 88.768469][ T6996] netlink: 12 bytes leftover after parsing attributes in process `syz.2.280'. [ 88.777497][ T6996] netlink: 'syz.2.280': attribute type 1 has an invalid length. [ 88.780762][ T6996] netlink: 'syz.2.280': attribute type 2 has an invalid length. [ 89.251713][ T7012] netlink: 4 bytes leftover after parsing attributes in process `syz.3.287'. [ 89.266950][ T7012] netlink: 4 bytes leftover after parsing attributes in process `syz.3.287'. [ 89.663992][ T7024] syz.1.289 uses obsolete (PF_INET,SOCK_PACKET) [ 89.734227][ T7029] netlink: 'syz.2.290': attribute type 10 has an invalid length. [ 89.747874][ T7029] syz_tun: entered promiscuous mode [ 89.764865][ T7029] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 90.435601][ T7043] netlink: 'syz.1.295': attribute type 10 has an invalid length. [ 90.455807][ T7043] team0: Port device wlan1 added [ 90.746643][ T7059] lo speed is unknown, defaulting to 1000 [ 90.821612][ T7059] netlink: 'syz.1.300': attribute type 10 has an invalid length. [ 90.919822][ T7069] IPv6: Can't replace route, no match found [ 90.946787][ T7072] netlink: 12 bytes leftover after parsing attributes in process `syz.3.299'. [ 90.953504][ T7072] netlink: 'syz.3.299': attribute type 1 has an invalid length. [ 90.961633][ T7072] netlink: 'syz.3.299': attribute type 2 has an invalid length. [ 91.594831][ T7090] FAULT_INJECTION: forcing a failure. [ 91.594831][ T7090] name failslab, interval 1, probability 0, space 0, times 0 [ 91.598791][ T7090] CPU: 3 UID: 0 PID: 7090 Comm: syz.0.308 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 91.598816][ T7090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.598822][ T7090] Call Trace: [ 91.598826][ T7090] [ 91.598830][ T7090] dump_stack_lvl+0x16c/0x1f0 [ 91.598849][ T7090] should_fail_ex+0x512/0x640 [ 91.598867][ T7090] should_failslab+0xc2/0x120 [ 91.598881][ T7090] __kvmalloc_node_noprof+0x135/0x600 [ 91.598893][ T7090] ? page_pool_list+0x1ca/0x240 [ 91.598909][ T7090] ? __veth_napi_enable_range+0x333/0xab0 [ 91.598927][ T7090] ? __veth_napi_enable_range+0x333/0xab0 [ 91.598941][ T7090] __veth_napi_enable_range+0x333/0xab0 [ 91.598956][ T7090] ? preempt_schedule_thunk+0x16/0x30 [ 91.598973][ T7090] ? __xdp_reg_mem_model+0x348/0x680 [ 91.598987][ T7090] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 91.599003][ T7090] ? __pfx___xdp_reg_mem_model+0x10/0x10 [ 91.599018][ T7090] ? __pfx___veth_napi_enable_range+0x10/0x10 [ 91.599037][ T7090] ? veth_enable_xdp_range+0x1e3/0x3f0 [ 91.599054][ T7090] veth_enable_xdp+0x2f2/0x570 [ 91.599072][ T7090] veth_xdp+0x524/0x8c0 [ 91.599087][ T7090] dev_xdp_install+0x4a1/0x9b0 [ 91.599100][ T7090] ? __pfx_veth_xdp+0x10/0x10 [ 91.599114][ T7090] ? __pfx_dev_xdp_install+0x10/0x10 [ 91.599132][ T7090] ? __pfx_veth_xdp+0x10/0x10 [ 91.599145][ T7090] dev_xdp_attach+0x6d1/0x16a0 [ 91.599161][ T7090] ? __pfx_dev_xdp_attach+0x10/0x10 [ 91.599173][ T7090] ? idr_preload_end+0xe1/0x230 [ 91.599187][ T7090] bpf_xdp_link_attach+0x345/0x910 [ 91.599202][ T7090] ? __pfx_bpf_xdp_link_attach+0x10/0x10 [ 91.599217][ T7090] ? find_held_lock+0x2b/0x80 [ 91.599236][ T7090] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 91.599253][ T7090] __sys_bpf+0x19ef/0x4d80 [ 91.599270][ T7090] ? __pfx___sys_bpf+0x10/0x10 [ 91.599286][ T7090] ? ksys_write+0x190/0x240 [ 91.599299][ T7090] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 91.599323][ T7090] ? fput+0x70/0xf0 [ 91.599335][ T7090] ? ksys_write+0x1b9/0x240 [ 91.599345][ T7090] ? __pfx_ksys_write+0x10/0x10 [ 91.599358][ T7090] __ia32_sys_bpf+0x76/0xe0 [ 91.599374][ T7090] __do_fast_syscall_32+0x73/0x120 [ 91.599391][ T7090] do_fast_syscall_32+0x32/0x80 [ 91.599407][ T7090] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 91.599419][ T7090] RIP: 0023:0xf7fb4579 [ 91.599427][ T7090] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 91.599437][ T7090] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 91.599447][ T7090] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000080000240 [ 91.599453][ T7090] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 91.599459][ T7090] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 91.599465][ T7090] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 91.599470][ T7090] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 91.599484][ T7090] [ 91.866255][ T7098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.310'. [ 92.104709][ T7112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.315'. [ 92.107625][ T7112] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 92.156337][ T7112] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 92.226684][ T7117] trusted_key: encrypted_key: insufficient parameters specified [ 92.267652][ T7123] netlink: 48 bytes leftover after parsing attributes in process `syz.2.318'. [ 92.341165][ T7128] block device autoloading is deprecated and will be removed. [ 92.345343][ T7125] md: md2 stopped. [ 92.640279][ T7133] netlink: 12 bytes leftover after parsing attributes in process `syz.1.320'. [ 92.646443][ T7133] netlink: 'syz.1.320': attribute type 1 has an invalid length. [ 92.649772][ T7133] netlink: 'syz.1.320': attribute type 2 has an invalid length. [ 92.691908][ T7139] netlink: 'syz.0.323': attribute type 10 has an invalid length. [ 92.696039][ T7139] syz_tun: entered promiscuous mode [ 92.700762][ T7139] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 92.793222][ T7142] netlink: 'syz.2.324': attribute type 10 has an invalid length. [ 93.104192][ T6006] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 93.264183][ T6006] usb 8-1: Using ep0 maxpacket: 8 [ 93.268476][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.1.327'. [ 93.268793][ T6006] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 93.272579][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.1.327'. [ 93.273942][ T6006] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 93.280494][ T6006] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 93.283552][ T6006] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 93.286814][ T6006] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 93.291020][ T6006] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 93.293858][ T6006] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.492067][ T7153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.328'. [ 93.512131][ T7153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.328'. [ 93.513242][ T6006] usb 8-1: GET_CAPABILITIES returned 0 [ 93.518761][ T6006] usbtmc 8-1:16.0: can't read capabilities [ 93.732490][ T6000] usb 8-1: USB disconnect, device number 2 [ 93.932733][ T5294] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 94.149608][ T7174] netlink: 12 bytes leftover after parsing attributes in process `syz.0.335'. [ 94.158493][ T7171] netlink: 'syz.0.335': attribute type 1 has an invalid length. [ 94.526138][ T40] audit: type=1326 audit(1747358370.943:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.534438][ T40] audit: type=1326 audit(1747358370.943:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.538084][ T7178] warning: `syz.3.337' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 94.541236][ T40] audit: type=1326 audit(1747358370.943:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.551245][ T40] audit: type=1326 audit(1747358370.943:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.559361][ T40] audit: type=1326 audit(1747358370.943:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.566649][ T40] audit: type=1326 audit(1747358370.943:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.575815][ T40] audit: type=1326 audit(1747358370.943:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.584729][ T40] audit: type=1326 audit(1747358370.943:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.591895][ T40] audit: type=1326 audit(1747358370.943:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 94.599758][ T40] audit: type=1326 audit(1747358370.943:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.3.337" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7fc7579 code=0x7ffc0000 [ 95.024159][ T24] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 95.113181][ T7204] gtp0: entered promiscuous mode [ 95.114886][ T7204] gtp0: entered allmulticast mode [ 95.195696][ T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 95.199778][ T24] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 95.205092][ T24] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 95.207910][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.210571][ T24] usb 8-1: Product: syz [ 95.211907][ T24] usb 8-1: Manufacturer: syz [ 95.213640][ T24] usb 8-1: SerialNumber: syz [ 95.547025][ T7220] can0: slcan on pty26. [ 96.088379][ T7243] __nla_validate_parse: 3 callbacks suppressed [ 96.088420][ T7243] netlink: 12 bytes leftover after parsing attributes in process `syz.2.350'. [ 96.094475][ T7243] validate_nla: 2 callbacks suppressed [ 96.094484][ T7243] netlink: 'syz.2.350': attribute type 1 has an invalid length. [ 96.098591][ T7243] netlink: 'syz.2.350': attribute type 2 has an invalid length. [ 96.710748][ T7250] netlink: 'syz.1.353': attribute type 10 has an invalid length. [ 97.036816][ T7261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.358'. [ 97.040700][ T7261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.358'. [ 97.970103][ T7292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.368'. [ 97.980463][ T7292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.368'. [ 98.029379][ T7293] netlink: 12 bytes leftover after parsing attributes in process `syz.2.366'. [ 98.042914][ T7293] netlink: 'syz.2.366': attribute type 1 has an invalid length. [ 98.045537][ T7293] netlink: 'syz.2.366': attribute type 2 has an invalid length. [ 98.593449][ T7303] lo speed is unknown, defaulting to 1000 [ 98.670592][ T7303] openvswitch: netlink: Flow key attr not present in new flow. [ 99.134571][ T7322] netlink: 4 bytes leftover after parsing attributes in process `syz.1.377'. [ 99.138457][ T7322] netlink: 4 bytes leftover after parsing attributes in process `syz.1.377'. [ 99.381688][ T7327] FAULT_INJECTION: forcing a failure. [ 99.381688][ T7327] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 99.387045][ T7327] CPU: 1 UID: 0 PID: 7327 Comm: syz.1.379 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 99.387060][ T7327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 99.387066][ T7327] Call Trace: [ 99.387069][ T7327] [ 99.387074][ T7327] dump_stack_lvl+0x16c/0x1f0 [ 99.387107][ T7327] should_fail_ex+0x512/0x640 [ 99.387125][ T7327] __kvm_read_guest_page+0x16b/0x220 [ 99.387144][ T7327] kvm_fetch_guest_virt+0x128/0x1a0 [ 99.387159][ T7327] __do_insn_fetch_bytes+0x41e/0x6d0 [ 99.387173][ T7327] ? __pfx___do_insn_fetch_bytes+0x10/0x10 [ 99.387185][ T7327] ? folio_mark_accessed+0xc1/0xc00 [ 99.387205][ T7327] x86_decode_insn+0xb90/0x5540 [ 99.387226][ T7327] ? vmx_segment_cache_test_set+0x14b/0x400 [ 99.387238][ T7327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 99.387253][ T7327] ? __pfx_x86_decode_insn+0x10/0x10 [ 99.387269][ T7327] ? vmx_cache_reg+0x333/0x5e0 [ 99.387285][ T7327] ? kvm_register_read_raw+0xe9/0x240 [ 99.387299][ T7327] ? init_decode_cache+0xd/0x210 [ 99.387314][ T7327] ? init_emulate_ctxt+0x337/0x510 [ 99.387329][ T7327] ? __pfx_init_emulate_ctxt+0x10/0x10 [ 99.387348][ T7327] ? trace_sched_exit_tp+0xde/0x130 [ 99.387363][ T7327] x86_emulate_instruction+0x9b2/0x1a90 [ 99.387384][ T7327] handle_ud+0x103/0x280 [ 99.387396][ T7327] ? __pfx_handle_ud+0x10/0x10 [ 99.387413][ T7327] ? rcu_is_watching+0x12/0xc0 [ 99.387423][ T7327] ? __vmx_complete_interrupts+0x111/0x4e0 [ 99.387436][ T7327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 99.387452][ T7327] handle_exception_nmi+0x856/0x1740 [ 99.387467][ T7327] ? __pfx_handle_exception_nmi+0x10/0x10 [ 99.387479][ T7327] vmx_handle_exit+0x6ab/0x1cc0 [ 99.387494][ T7327] vcpu_run+0x30ba/0x5390 [ 99.387515][ T7327] ? __pfx_vcpu_run+0x10/0x10 [ 99.387532][ T7327] ? fpu_swap_kvm_fpstate+0x235/0x4a0 [ 99.387545][ T7327] ? __local_bh_enable_ip+0xa4/0x120 [ 99.387561][ T7327] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 99.387576][ T7327] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 99.387595][ T7327] kvm_vcpu_ioctl+0x5e9/0x1680 [ 99.387612][ T7327] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 99.387627][ T7327] ? tomoyo_path_number_perm+0x18d/0x580 [ 99.387642][ T7327] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 99.387660][ T7327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 99.387675][ T7327] ? do_vfs_ioctl+0x512/0x1990 [ 99.387690][ T7327] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 99.387716][ T7327] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 99.387733][ T7327] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 99.387748][ T7327] ? __fget_files+0x20e/0x3c0 [ 99.387757][ T7327] ? fput+0x50/0xf0 [ 99.387772][ T7327] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 99.387788][ T7327] __ia32_compat_sys_ioctl+0x24c/0x360 [ 99.387805][ T7327] __do_fast_syscall_32+0x73/0x120 [ 99.387822][ T7327] do_fast_syscall_32+0x32/0x80 [ 99.387838][ T7327] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 99.387851][ T7327] RIP: 0023:0xf7f44579 [ 99.387860][ T7327] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 99.387869][ T7327] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 99.387879][ T7327] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 99.387885][ T7327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.387891][ T7327] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.387896][ T7327] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 99.387902][ T7327] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 99.387915][ T7327] [ 99.704730][ T7335] lo speed is unknown, defaulting to 1000 [ 99.718237][ T7336] netlink: 12 bytes leftover after parsing attributes in process `syz.0.380'. [ 99.790122][ T7335] openvswitch: netlink: Flow key attr not present in new flow. [ 100.035482][ T7342] 9pnet_virtio: no channels available for device 127.0.0.1 [ 100.070195][ T7345] netlink: 12 bytes leftover after parsing attributes in process `syz.1.381'. [ 100.075316][ T7345] netlink: 'syz.1.381': attribute type 1 has an invalid length. [ 100.077828][ T7345] netlink: 'syz.1.381': attribute type 2 has an invalid length. [ 100.096123][ T7341] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 100.288115][ T24] cdc_ncm 8-1:1.0: bind() failure [ 100.292092][ T24] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found [ 100.294370][ T24] cdc_ncm 8-1:1.1: bind() failure [ 100.496710][ T7180] can0 (unregistered): slcan off pty26. [ 100.500157][ T34] usb 8-1: USB disconnect, device number 3 [ 101.153739][ T7372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.389'. [ 101.627747][ T7399] sp0: Synchronizing with TNC [ 101.631692][ T7399] 9pnet: Unknown protocol version 9p20\++} [ 102.198423][ T7399] lo speed is unknown, defaulting to 1000 [ 102.202500][ T7399] lo speed is unknown, defaulting to 1000 [ 102.205191][ T7399] lo speed is unknown, defaulting to 1000 [ 102.327677][ T7399] infiniband sz1: set active [ 102.329483][ T7399] infiniband sz1: added lo [ 102.350599][ T7399] RDS/IB: sz1: added [ 102.352009][ T7399] smc: adding ib device sz1 with port count 1 [ 102.353803][ T7399] smc: ib device sz1 port 1 has pnetid [ 102.356959][ T5940] lo speed is unknown, defaulting to 1000 [ 102.359223][ T7399] lo speed is unknown, defaulting to 1000 [ 102.445734][ T7399] lo speed is unknown, defaulting to 1000 [ 102.530186][ T7399] lo speed is unknown, defaulting to 1000 [ 102.616843][ T7399] lo speed is unknown, defaulting to 1000 [ 102.722818][ T5940] lo speed is unknown, defaulting to 1000 [ 103.004258][ T5940] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 103.134197][ T5940] usb 5-1: device descriptor read/64, error -71 [ 103.292607][ T7417] netlink: 12 bytes leftover after parsing attributes in process `syz.1.397'. [ 103.299092][ T7417] netlink: 'syz.1.397': attribute type 1 has an invalid length. [ 103.301498][ T7417] netlink: 'syz.1.397': attribute type 2 has an invalid length. [ 103.374201][ T5940] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 103.495665][ T7424] netlink: 4 bytes leftover after parsing attributes in process `syz.2.400'. [ 103.500531][ T7424] netlink: 4 bytes leftover after parsing attributes in process `syz.2.400'. [ 103.524177][ T5940] usb 5-1: device descriptor read/64, error -71 [ 103.639171][ T5940] usb usb5-port1: attempt power cycle [ 103.994218][ T5940] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 104.015038][ T5940] usb 5-1: device descriptor read/8, error -71 [ 104.264258][ T5940] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 104.284737][ T5940] usb 5-1: device descriptor read/8, error -71 [ 104.405513][ T5940] usb usb5-port1: unable to enumerate USB device [ 104.624926][ T7398] [U] è [ 104.814369][ T7445] netlink: 16 bytes leftover after parsing attributes in process `syz.3.406'. [ 105.219418][ T7459] netlink: 12 bytes leftover after parsing attributes in process `syz.1.409'. [ 105.228581][ T7459] netlink: 'syz.1.409': attribute type 1 has an invalid length. [ 105.234164][ T7459] netlink: 'syz.1.409': attribute type 2 has an invalid length. [ 105.577908][ T7468] netlink: 3 bytes leftover after parsing attributes in process `syz.3.413'. [ 105.581330][ T7468] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 106.549338][ T7493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.418'. [ 106.554310][ T7493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.418'. [ 106.952647][ T7505] tipc: Can't bind to reserved service type 0 [ 107.012805][ T7507] netlink: 16 bytes leftover after parsing attributes in process `syz.3.421'. [ 107.871082][ T7521] netlink: 12 bytes leftover after parsing attributes in process `syz.1.423'. [ 107.890027][ T7521] netlink: 'syz.1.423': attribute type 1 has an invalid length. [ 107.893319][ T7521] netlink: 'syz.1.423': attribute type 2 has an invalid length. [ 108.228914][ T7527] Dead loop on virtual device ip6_vti0, fix it urgently! [ 108.231552][ T7527] Dead loop on virtual device ip6_vti0, fix it urgently! [ 108.233982][ T7527] Dead loop on virtual device ip6_vti0, fix it urgently! [ 108.237587][ T7527] Dead loop on virtual device ip6_vti0, fix it urgently! [ 108.240040][ T7527] Dead loop on virtual device ip6_vti0, fix it urgently! [ 108.242487][ T7527] Dead loop on virtual device ip6_vti0, fix it urgently! [ 108.253014][ T7527] binder: 7526:7527 ioctl c0306201 80001440 returned -14 [ 108.762183][ T7547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.432'. [ 108.765704][ T7547] bridge_slave_1: left allmulticast mode [ 108.767625][ T7547] bridge_slave_1: left promiscuous mode [ 108.769691][ T7547] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.777041][ T7547] bridge_slave_0: left allmulticast mode [ 108.784221][ T7547] bridge_slave_0: left promiscuous mode [ 108.786741][ T7547] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.114797][ T7553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.433'. [ 109.120012][ T7553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.433'. [ 109.135118][ T7535] [U] .ú [ 109.915773][ T7569] netlink: 16 bytes leftover after parsing attributes in process `syz.2.436'. [ 109.945678][ T7574] FAULT_INJECTION: forcing a failure. [ 109.945678][ T7574] name failslab, interval 1, probability 0, space 0, times 0 [ 109.950403][ T7574] CPU: 2 UID: 0 PID: 7574 Comm: syz.3.438 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 109.950423][ T7574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 109.950433][ T7574] Call Trace: [ 109.950438][ T7574] [ 109.950445][ T7574] dump_stack_lvl+0x16c/0x1f0 [ 109.950472][ T7574] should_fail_ex+0x512/0x640 [ 109.950494][ T7574] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 109.950508][ T7574] should_failslab+0xc2/0x120 [ 109.950528][ T7574] __kmalloc_cache_noprof+0x6a/0x3e0 [ 109.950544][ T7574] ? nfnl_err_add+0x4e/0x2d0 [ 109.950569][ T7574] nfnl_err_add+0x4e/0x2d0 [ 109.950591][ T7574] nfnetlink_rcv_batch+0xca3/0x2350 [ 109.950620][ T7574] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 109.950640][ T7574] ? consume_skb+0xcc/0x100 [ 109.950662][ T7574] ? find_held_lock+0x2b/0x80 [ 109.950680][ T7574] ? __local_bh_enable_ip+0xa4/0x120 [ 109.950698][ T7574] ? lockdep_hardirqs_on+0x7c/0x110 [ 109.950728][ T7574] ? __pfx___dev_queue_xmit+0x10/0x10 [ 109.950768][ T7574] ? __nla_parse+0x40/0x60 [ 109.950792][ T7574] nfnetlink_rcv+0x3c1/0x430 [ 109.950814][ T7574] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 109.950838][ T7574] netlink_unicast+0x53a/0x7f0 [ 109.950862][ T7574] ? __pfx_netlink_unicast+0x10/0x10 [ 109.950889][ T7574] netlink_sendmsg+0x8d1/0xdd0 [ 109.950913][ T7574] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.950932][ T7574] ? __import_iovec+0x1c8/0x660 [ 109.950950][ T7574] ____sys_sendmsg+0xa98/0xc70 [ 109.950975][ T7574] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.950997][ T7574] ? get_compat_msghdr+0x11a/0x170 [ 109.951027][ T7574] ___sys_sendmsg+0x134/0x1d0 [ 109.951043][ T7574] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.951092][ T7574] __sys_sendmsg+0x16d/0x220 [ 109.951111][ T7574] ? __pfx___sys_sendmsg+0x10/0x10 [ 109.951141][ T7574] ? rcu_is_watching+0x12/0xc0 [ 109.951155][ T7574] __do_fast_syscall_32+0x73/0x120 [ 109.951180][ T7574] do_fast_syscall_32+0x32/0x80 [ 109.951202][ T7574] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 109.951221][ T7574] RIP: 0023:0xf7fc7579 [ 109.951233][ T7574] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 109.951247][ T7574] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 109.951259][ T7574] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 109.951267][ T7574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.951275][ T7574] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 109.951284][ T7574] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 109.951292][ T7574] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 109.951314][ T7574] [ 110.122540][ T7563] netlink: 'syz.1.434': attribute type 1 has an invalid length. [ 110.125184][ T7563] netlink: 'syz.1.434': attribute type 2 has an invalid length. [ 110.759224][ T7594] xt_CT: You must specify a L4 protocol and not use inversions on it [ 110.800421][ T7599] gtp0: entered promiscuous mode [ 110.802608][ T7599] gtp0: entered allmulticast mode [ 110.828029][ T40] kauditd_printk_skb: 43 callbacks suppressed [ 110.828044][ T40] audit: type=1326 audit(1747358387.243:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.1.444" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x0 [ 111.345018][ T7615] fuse: Unknown parameter '|d' [ 111.692702][ T7619] Bluetooth: MGMT ver 1.23 [ 111.696239][ T7619] FAULT_INJECTION: forcing a failure. [ 111.696239][ T7619] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.701072][ T7619] CPU: 3 UID: 0 PID: 7619 Comm: syz.0.448 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 111.701088][ T7619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.701095][ T7619] Call Trace: [ 111.701098][ T7619] [ 111.701103][ T7619] dump_stack_lvl+0x16c/0x1f0 [ 111.701122][ T7619] should_fail_ex+0x512/0x640 [ 111.701140][ T7619] _copy_to_user+0x32/0xd0 [ 111.701158][ T7619] simple_read_from_buffer+0xcb/0x170 [ 111.701176][ T7619] proc_fail_nth_read+0x197/0x270 [ 111.701191][ T7619] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 111.701207][ T7619] ? rw_verify_area+0xcf/0x680 [ 111.701223][ T7619] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 111.701238][ T7619] vfs_read+0x1de/0xc70 [ 111.701250][ T7619] ? __pfx___mutex_lock+0x10/0x10 [ 111.701301][ T7619] ? __pfx_vfs_read+0x10/0x10 [ 111.701315][ T7619] ? __fget_files+0x20e/0x3c0 [ 111.701329][ T7619] ksys_read+0x12a/0x240 [ 111.701338][ T7619] ? __pfx_ksys_read+0x10/0x10 [ 111.701349][ T7619] ? rcu_is_watching+0x12/0xc0 [ 111.701362][ T7619] __do_fast_syscall_32+0x73/0x120 [ 111.701379][ T7619] do_fast_syscall_32+0x32/0x80 [ 111.701395][ T7619] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.701408][ T7619] RIP: 0023:0xf7fb4579 [ 111.701417][ T7619] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 111.701426][ T7619] RSP: 002b:00000000f50d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 111.701436][ T7619] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50d6620 [ 111.701442][ T7619] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000 [ 111.701448][ T7619] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 111.701453][ T7619] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 111.701459][ T7619] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.701477][ T7619] [ 112.206244][ T7639] netlink: 'syz.2.454': attribute type 10 has an invalid length. [ 112.280316][ T7638] netlink: 12 bytes leftover after parsing attributes in process `syz.1.453'. [ 112.285426][ T7638] netlink: 'syz.1.453': attribute type 1 has an invalid length. [ 112.288156][ T7638] netlink: 'syz.1.453': attribute type 2 has an invalid length. [ 112.398547][ T7640] netlink: 16 bytes leftover after parsing attributes in process `syz.0.452'. [ 112.600028][ T7644] ceph: Path missing in source [ 112.817673][ T7656] Dead loop on virtual device ip6_vti0, fix it urgently! [ 112.820163][ T7656] Dead loop on virtual device ip6_vti0, fix it urgently! [ 112.822515][ T7656] Dead loop on virtual device ip6_vti0, fix it urgently! [ 112.827582][ T7656] Dead loop on virtual device ip6_vti0, fix it urgently! [ 112.829977][ T7656] Dead loop on virtual device ip6_vti0, fix it urgently! [ 112.832188][ T7656] Dead loop on virtual device ip6_vti0, fix it urgently! [ 112.842120][ T7656] binder: 7655:7656 ioctl c0306201 80001440 returned -14 [ 112.978173][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.1.465'. [ 112.983395][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.1.465'. [ 113.522188][ T7686] netlink: 'syz.0.468': attribute type 10 has an invalid length. [ 113.635871][ T7690] netlink: 24 bytes leftover after parsing attributes in process `syz.2.470'. [ 113.694418][ T7694] netlink: 16 bytes leftover after parsing attributes in process `syz.1.469'. [ 114.173768][ T7719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.477'. [ 114.186822][ T7719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.477'. [ 114.373966][ T7726] random: crng reseeded on system resumption [ 114.604213][ T834] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 114.774171][ T834] usb 6-1: Using ep0 maxpacket: 8 [ 114.789613][ T834] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 114.793326][ T834] usb 6-1: config 179 has no interface number 0 [ 114.798623][ T834] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 114.803368][ T834] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 114.816388][ T834] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 114.821252][ T834] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 114.834242][ T834] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 114.839828][ T834] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 114.843050][ T834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.847385][ T7725] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 115.079575][ T834] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:179.65/input/input7 [ 115.267518][ T7725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.481'. [ 115.283065][ T10] usb 6-1: USB disconnect, device number 2 [ 115.283117][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 115.288154][ T10] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 115.288168][ C1] dummy_hcd dummy_hcd.1: timer fired with no URBs pending? [ 115.947598][ T7750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.488'. [ 115.987946][ T7752] netlink: 'syz.3.486': attribute type 10 has an invalid length. [ 115.992194][ T7752] syz_tun: entered promiscuous mode [ 116.030071][ T7757] orangefs_mount: mount request failed with -4 [ 116.088720][ T7752] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 116.428853][ T7779] netlink: 'syz.1.491': attribute type 1 has an invalid length. [ 116.431233][ T7779] netlink: 'syz.1.491': attribute type 2 has an invalid length. [ 117.502128][ T7811] netlink: 'syz.2.502': attribute type 10 has an invalid length. [ 117.952404][ T7814] __nla_validate_parse: 2 callbacks suppressed [ 117.952416][ T7814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.505'. [ 117.970225][ T7809] netlink: 16 bytes leftover after parsing attributes in process `syz.3.504'. [ 118.322106][ T7825] netlink: 12 bytes leftover after parsing attributes in process `syz.0.506'. [ 118.332052][ T7825] netlink: 'syz.0.506': attribute type 1 has an invalid length. [ 118.337720][ T7825] netlink: 'syz.0.506': attribute type 2 has an invalid length. [ 119.135399][ T7849] netlink: 'syz.1.515': attribute type 10 has an invalid length. [ 119.570468][ T7856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.517'. [ 119.599182][ T7856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.517'. [ 119.937578][ T7861] netlink: 16 bytes leftover after parsing attributes in process `syz.0.518'. [ 120.407485][ T7876] netlink: 'syz.1.520': attribute type 10 has an invalid length. [ 120.855973][ T7887] Unknown options in mask 7 [ 120.860364][ T7888] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 121.047502][ T7895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.524'. [ 121.051500][ T7895] netlink: 'syz.2.524': attribute type 1 has an invalid length. [ 121.053854][ T7895] netlink: 'syz.2.524': attribute type 2 has an invalid length. [ 121.172597][ T7893] netlink: 'syz.3.528': attribute type 10 has an invalid length. [ 121.616689][ T7901] netlink: 12 bytes leftover after parsing attributes in process `syz.0.530'. [ 121.654058][ T7906] FAULT_INJECTION: forcing a failure. [ 121.654058][ T7906] name failslab, interval 1, probability 0, space 0, times 0 [ 121.658594][ T7906] CPU: 0 UID: 0 PID: 7906 Comm: syz.0.532 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 121.658609][ T7906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 121.658615][ T7906] Call Trace: [ 121.658619][ T7906] [ 121.658624][ T7906] dump_stack_lvl+0x16c/0x1f0 [ 121.658643][ T7906] should_fail_ex+0x512/0x640 [ 121.658659][ T7906] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 121.658673][ T7906] should_failslab+0xc2/0x120 [ 121.658686][ T7906] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 121.658698][ T7906] ? ptlock_alloc+0x1f/0x70 [ 121.658711][ T7906] ptlock_alloc+0x1f/0x70 [ 121.658721][ T7906] pte_alloc_one+0x6d/0x380 [ 121.658734][ T7906] __pte_alloc+0x6d/0x3c0 [ 121.658748][ T7906] ? __pfx___pte_alloc+0x10/0x10 [ 121.658763][ T7906] ? do_raw_spin_lock+0x12c/0x2b0 [ 121.658780][ T7906] ? find_held_lock+0x2b/0x80 [ 121.658791][ T7906] do_pte_missing+0x2925/0x3fb0 [ 121.658803][ T7906] ? _raw_spin_unlock+0x28/0x50 [ 121.658816][ T7906] ? __pmd_alloc+0x3c2/0x870 [ 121.658830][ T7906] ? find_held_lock+0x2b/0x80 [ 121.658841][ T7906] __handle_mm_fault+0x103d/0x2a40 [ 121.658856][ T7906] ? __pfx___handle_mm_fault+0x10/0x10 [ 121.658874][ T7906] ? find_vma+0xbf/0x140 [ 121.658889][ T7906] ? __pfx_find_vma+0x10/0x10 [ 121.658903][ T7906] ? find_held_lock+0x2b/0x80 [ 121.658913][ T7906] handle_mm_fault+0x3fe/0xad0 [ 121.658926][ T7906] do_user_addr_fault+0x7a6/0x1370 [ 121.658939][ T7906] ? rcu_is_watching+0x12/0xc0 [ 121.658950][ T7906] exc_page_fault+0x5c/0xc0 [ 121.658965][ T7906] asm_exc_page_fault+0x26/0x30 [ 121.658975][ T7906] RIP: 0010:_copy_to_user+0xb6/0xd0 [ 121.658992][ T7906] Code: 89 ee 48 89 ef e8 5a d7 ec fc 4d 85 ff 75 a8 e8 a0 dc ec fc 89 de 4c 89 e7 e8 96 69 51 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 a4 0f 1f 00 0f 01 ca 48 89 cb eb 80 66 2e 0f 1f 84 00 00 00 00 [ 121.659001][ T7906] RSP: 0018:ffffc900261e7ca0 EFLAGS: 00050246 [ 121.659010][ T7906] RAX: 0000000000000001 RBX: 0000000000000040 RCX: 0000000000000040 [ 121.659016][ T7906] RDX: fffff52004c3cfa7 RSI: ffffc900261e7cf8 RDI: 0000000080000400 [ 121.659022][ T7906] RBP: 0000000080000400 R08: 0000000000000000 R09: fffff52004c3cfa6 [ 121.659028][ T7906] R10: ffffc900261e7d37 R11: 0000000000000000 R12: ffffc900261e7cf8 [ 121.659034][ T7906] R13: 0000000080000440 R14: 00007ffffffff000 R15: 0000000000000000 [ 121.659049][ T7906] cp_compat_stat+0x571/0x850 [ 121.659062][ T7906] ? __pfx_cp_compat_stat+0x10/0x10 [ 121.659074][ T7906] ? generic_fillattr+0x660/0x940 [ 121.659089][ T7906] ? fput+0x70/0xf0 [ 121.659103][ T7906] __do_compat_sys_newfstat+0xfe/0x110 [ 121.659117][ T7906] ? __pfx___do_compat_sys_newfstat+0x10/0x10 [ 121.659138][ T7906] ? __pfx_ksys_write+0x10/0x10 [ 121.659150][ T7906] ? rcu_is_watching+0x12/0xc0 [ 121.659159][ T7906] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 121.659177][ T7906] __do_fast_syscall_32+0x73/0x120 [ 121.659194][ T7906] do_fast_syscall_32+0x32/0x80 [ 121.659210][ T7906] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 121.659222][ T7906] RIP: 0023:0xf7fb4579 [ 121.659230][ T7906] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 121.659239][ T7906] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 000000000000006c [ 121.659248][ T7906] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400 [ 121.659254][ T7906] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 121.659259][ T7906] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 121.659265][ T7906] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 121.659270][ T7906] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 121.659283][ T7906] [ 121.680617][ T7907] netlink: 4 bytes leftover after parsing attributes in process `syz.1.531'. [ 121.719135][ T7908] netlink: 'syz.2.529': attribute type 10 has an invalid length. [ 121.740218][ T7907] netlink: 4 bytes leftover after parsing attributes in process `syz.1.531'. [ 121.773853][ T7910] binder: 7909:7910 ioctl 4018620d 0 returned -22 [ 122.814623][ T7932] IPVS: Error connecting to the multicast addr [ 122.846061][ T7930] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 123.030811][ T7938] __nla_validate_parse: 2 callbacks suppressed [ 123.030821][ T7938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.537'. [ 123.038702][ T7938] netlink: 'syz.1.537': attribute type 1 has an invalid length. [ 123.041076][ T7938] netlink: 'syz.1.537': attribute type 2 has an invalid length. [ 123.839148][ T7947] netlink: 'syz.1.542': attribute type 10 has an invalid length. [ 124.213573][ T7955] lo speed is unknown, defaulting to 1000 [ 124.218403][ T7955] lo speed is unknown, defaulting to 1000 [ 124.270917][ T7958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.545'. [ 124.280046][ T7958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.545'. [ 125.099771][ T7976] ======================================================= [ 125.099771][ T7976] WARNING: The mand mount option has been deprecated and [ 125.099771][ T7976] and is ignored by this kernel. Remove the mand [ 125.099771][ T7976] option from the mount to silence this warning. [ 125.099771][ T7976] ======================================================= [ 125.147404][ T7976] overlay: Unknown parameter 'appraise_type' [ 125.278795][ T7979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.549'. [ 125.568865][ T7984] netlink: 12 bytes leftover after parsing attributes in process `syz.2.549'. [ 125.583899][ T7990] gtp1: entered promiscuous mode [ 125.586528][ T7990] gtp1: entered allmulticast mode [ 125.698701][ T40] audit: type=1326 audit(2000000010.389:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7992 comm="syz.3.553" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc7579 code=0x0 [ 126.434636][ T5948] Bluetooth: hci2: command 0x0406 tx timeout [ 126.583000][ T8010] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input8 [ 126.637381][ T8011] netlink: 40 bytes leftover after parsing attributes in process `syz.3.557'. [ 126.682347][ T34] libceph: connect (1)[c::]:6789 error -101 [ 126.686439][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 126.694734][ T34] libceph: connect (1)[c::]:6789 error -101 [ 126.699182][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 126.716978][ T8011] ceph: No mds server is up or the cluster is laggy [ 126.747812][ T8017] netlink: 'syz.1.556': attribute type 10 has an invalid length. [ 127.724158][ T5948] Bluetooth: hci3: command tx timeout [ 128.912521][ T8051] gtp1: entered promiscuous mode [ 128.914275][ T8051] gtp1: entered allmulticast mode [ 129.057794][ T8052] FAULT_INJECTION: forcing a failure. [ 129.057794][ T8052] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.061947][ T8052] CPU: 1 UID: 0 PID: 8052 Comm: syz.3.566 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 129.061962][ T8052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 129.061968][ T8052] Call Trace: [ 129.061972][ T8052] [ 129.061976][ T8052] dump_stack_lvl+0x16c/0x1f0 [ 129.061995][ T8052] should_fail_ex+0x512/0x640 [ 129.062014][ T8052] strncpy_from_user+0x3b/0x2e0 [ 129.062030][ T8052] strncpy_from_user_nofault+0x7f/0x180 [ 129.062047][ T8052] bpf_probe_read_user_str+0x26/0x70 [ 129.062059][ T8052] bpf_prog_7acee76fef7300d9+0x64/0x6c [ 129.062069][ T8052] bpf_trace_run2+0x230/0x590 [ 129.062082][ T8052] ? __pfx_bpf_trace_run2+0x10/0x10 [ 129.062095][ T8052] ? policy_nodemask+0xea/0x4e0 [ 129.062110][ T8052] ? alloc_pages_mpol+0x25a/0x550 [ 129.062124][ T8052] __bpf_trace_tlb_flush+0xd1/0x110 [ 129.062140][ T8052] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 129.062173][ T8052] ? alloc_pages_noprof+0x23c/0x390 [ 129.062187][ T8052] ? get_free_pages_noprof+0xc/0x40 [ 129.062202][ T8052] trace_tlb_flush+0xe4/0x160 [ 129.062218][ T8052] native_flush_tlb_multi+0x6c/0x190 [ 129.062234][ T8052] kvm_flush_tlb_multi+0x266/0x3b0 [ 129.062250][ T8052] ? __pfx_kvm_flush_tlb_multi+0x10/0x10 [ 129.062264][ T8052] ? get_flush_tlb_info+0x192/0x2b0 [ 129.062280][ T8052] flush_tlb_mm_range+0x322/0x1780 [ 129.062297][ T8052] ? __pfx_free_pgtables+0x10/0x10 [ 129.062313][ T8052] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 129.062331][ T8052] tlb_finish_mmu+0x3c9/0x7b0 [ 129.062344][ T8052] vms_clear_ptes+0x55e/0x770 [ 129.062357][ T8052] ? __pfx_vms_clear_ptes+0x10/0x10 [ 129.062377][ T8052] __mmap_region+0x4be/0x27c0 [ 129.062391][ T8052] ? __pfx___mmap_region+0x10/0x10 [ 129.062408][ T8052] ? __lock_acquire+0x5ca/0x1ba0 [ 129.062424][ T8052] ? __lock_acquire+0xaa4/0x1ba0 [ 129.062436][ T8052] ? _parse_integer_limit+0x17f/0x1d0 [ 129.062466][ T8052] ? rcu_is_watching+0x12/0xc0 [ 129.062480][ T8052] mmap_region+0x1ab/0x3f0 [ 129.062495][ T8052] do_mmap+0xd8e/0x11b0 [ 129.062513][ T8052] ? __pfx_do_mmap+0x10/0x10 [ 129.062529][ T8052] ? __pfx_down_write_killable+0x10/0x10 [ 129.062542][ T8052] vm_mmap_pgoff+0x281/0x450 [ 129.062560][ T8052] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 129.062578][ T8052] ? __fget_files+0x20e/0x3c0 [ 129.062590][ T8052] ksys_mmap_pgoff+0x32c/0x5c0 [ 129.062606][ T8052] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 129.062623][ T8052] __do_fast_syscall_32+0x73/0x120 [ 129.062640][ T8052] do_fast_syscall_32+0x32/0x80 [ 129.062659][ T8052] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 129.062672][ T8052] RIP: 0023:0xf7fc7579 [ 129.062680][ T8052] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 129.062689][ T8052] RSP: 002b:00000000f50a455c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 129.062699][ T8052] RAX: ffffffffffffffda RBX: 0000000080200000 RCX: 0000000000400000 [ 129.062705][ T8052] RDX: 000000000000000b RSI: 0000000000002012 RDI: 000000000000000c [ 129.062711][ T8052] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 129.062716][ T8052] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 129.062721][ T8052] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 129.062734][ T8052] [ 129.623323][ T8058] netlink: 16 bytes leftover after parsing attributes in process `syz.0.568'. [ 129.714695][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 129.844796][ T834] libceph: connect (1)[c::]:6789 error -101 [ 129.846850][ T834] libceph: mon0 (1)[c::]:6789 connect error [ 129.878205][ T8070] ceph: No mds server is up or the cluster is laggy [ 129.930687][ T8078] netlink: 48 bytes leftover after parsing attributes in process `syz.1.574'. [ 129.944990][ T8079] netlink: 'syz.0.571': attribute type 10 has an invalid length. [ 130.692008][ T8091] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 130.694886][ T8091] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 130.701501][ T8091] vhci_hcd vhci_hcd.0: Device attached [ 130.935590][ T8099] netlink: 'syz.0.585': attribute type 10 has an invalid length. [ 130.954271][ T4350] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 131.122004][ T8106] gtp2: entered promiscuous mode [ 131.123635][ T8106] gtp2: entered allmulticast mode [ 131.224510][ T8095] vhci_hcd: connection reset by peer [ 131.238646][ T12] vhci_hcd: stop threads [ 131.241067][ T12] vhci_hcd: release socket [ 131.243113][ T12] vhci_hcd: disconnect device [ 131.931814][ T8126] netlink: 12 bytes leftover after parsing attributes in process `syz.0.587'. [ 131.945649][ T8126] netlink: 12 bytes leftover after parsing attributes in process `syz.0.587'. [ 131.950104][ T8126] netlink: 72 bytes leftover after parsing attributes in process `syz.0.587'. [ 132.089341][ T8133] netlink: 4 bytes leftover after parsing attributes in process `syz.2.588'. [ 132.146879][ T8133] netlink: 4 bytes leftover after parsing attributes in process `syz.2.588'. [ 132.278986][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.281889][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.785713][ T8142] autofs: Bad value for 'fd' [ 133.399086][ T8158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.595'. [ 133.428096][ T8158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.595'. [ 133.605741][ T8156] netlink: 'syz.2.594': attribute type 10 has an invalid length. [ 134.019108][ T8170] netlink: 4 bytes leftover after parsing attributes in process `syz.3.597'. [ 134.075021][ T8171] ebtables: wrong size: *len 264, entries_size 144, replsz 144 [ 134.334535][ T8177] netlink: 'syz.1.599': attribute type 1 has an invalid length. [ 134.337024][ T8177] netlink: 'syz.1.599': attribute type 2 has an invalid length. [ 134.980306][ T8186] __nla_validate_parse: 2 callbacks suppressed [ 134.980326][ T8186] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.604'. [ 135.001310][ T8187] netlink: 40 bytes leftover after parsing attributes in process `syz.1.603'. [ 135.028676][ T1466] libceph: connect (1)[c::]:6789 error -101 [ 135.031471][ T1466] libceph: mon0 (1)[c::]:6789 connect error [ 135.235085][ T8195] 9pnet_virtio: no channels available for device syz [ 135.237846][ T8195] 9pnet_virtio: no channels available for device syz [ 135.240757][ T8195] 9pnet_virtio: no channels available for device syz [ 135.243207][ T8195] 9pnet_virtio: no channels available for device syz [ 135.250964][ T8195] 9pnet_virtio: no channels available for device syz [ 135.256233][ T8195] 9pnet_virtio: no channels available for device syz [ 135.259417][ T8195] 9pnet_virtio: no channels available for device syz [ 135.262226][ T8195] 9pnet_virtio: no channels available for device syz [ 135.264705][ T8195] 9pnet_virtio: no channels available for device syz [ 135.267098][ T8195] 9pnet_virtio: no channels available for device syz [ 135.269451][ T8195] 9pnet_virtio: no channels available for device syz [ 135.271895][ T8195] 9pnet_virtio: no channels available for device syz [ 135.274533][ T8195] 9pnet_virtio: no channels available for device syz [ 135.277423][ T8195] 9pnet_virtio: no channels available for device syz [ 135.282708][ T8195] 9pnet_virtio: no channels available for device syz [ 135.286057][ T1466] libceph: connect (1)[c::]:6789 error -101 [ 135.290992][ T1466] libceph: mon0 (1)[c::]:6789 connect error [ 135.469087][ T8194] netfs: Couldn't get user pages (rc=-14) [ 135.639771][ T8200] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'. [ 135.649316][ T8200] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'. [ 135.747227][ T8187] ceph: No mds server is up or the cluster is laggy [ 135.966703][ T8209] gtp0: entered promiscuous mode [ 135.969215][ T8209] gtp0: entered allmulticast mode [ 136.073948][ T8214] netlink: 'syz.3.609': attribute type 10 has an invalid length. [ 136.104285][ T4350] vhci_hcd: vhci_device speed not set [ 136.331291][ T8224] mmap: syz.2.614 (8224) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 136.381449][ T40] audit: type=1326 audit(2000000021.009:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.419742][ T40] audit: type=1326 audit(2000000021.009:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.434684][ T8227] process 'syz.0.615' launched './file0' with NULL argv: empty string added [ 136.439750][ T8227] 8021q: VLANs not supported on ipvlan0 [ 136.545356][ T40] audit: type=1326 audit(2000000021.019:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.577596][ T40] audit: type=1326 audit(2000000021.019:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.589425][ T40] audit: type=1326 audit(2000000021.019:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.600057][ T40] audit: type=1326 audit(2000000021.019:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.610910][ T40] audit: type=1326 audit(2000000021.019:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.630823][ T40] audit: type=1326 audit(2000000021.019:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.639753][ T40] audit: type=1326 audit(2000000021.019:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=257 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 136.656910][ T40] audit: type=1326 audit(2000000021.029:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.2.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 137.217547][ T8242] bond1: entered promiscuous mode [ 137.382589][ T8253] autofs: Unknown parameter '0x0000000000000000' [ 137.597351][ T8256] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 137.599402][ T8256] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 137.606668][ T8256] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 137.614611][ T8256] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 137.616576][ T8256] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 137.621838][ T8256] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 137.626943][ T8256] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 137.628896][ T8256] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 137.633753][ T8256] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 137.636519][ T8256] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 137.639180][ T8256] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 137.650366][ T8267] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 137.676737][ T8269] netlink: 16 bytes leftover after parsing attributes in process `syz.1.626'. [ 137.928505][ T8275] FAULT_INJECTION: forcing a failure. [ 137.928505][ T8275] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.933094][ T8275] CPU: 0 UID: 0 PID: 8275 Comm: syz.3.628 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 137.933108][ T8275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 137.933114][ T8275] Call Trace: [ 137.933118][ T8275] [ 137.933123][ T8275] dump_stack_lvl+0x16c/0x1f0 [ 137.933143][ T8275] should_fail_ex+0x512/0x640 [ 137.933161][ T8275] _copy_to_user+0x32/0xd0 [ 137.933179][ T8275] simple_read_from_buffer+0xcb/0x170 [ 137.933197][ T8275] proc_fail_nth_read+0x197/0x270 [ 137.933213][ T8275] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 137.933229][ T8275] ? rw_verify_area+0xcf/0x680 [ 137.933245][ T8275] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 137.933260][ T8275] vfs_read+0x1de/0xc70 [ 137.933272][ T8275] ? __pfx___mutex_lock+0x10/0x10 [ 137.933288][ T8275] ? __pfx_vfs_read+0x10/0x10 [ 137.933302][ T8275] ? __fget_files+0x20e/0x3c0 [ 137.933310][ T8275] ? __print_lock_name+0x80/0xe0 [ 137.933325][ T8275] ksys_read+0x12a/0x240 [ 137.933334][ T8275] ? __pfx_ksys_read+0x10/0x10 [ 137.933346][ T8275] ? rcu_is_watching+0x12/0xc0 [ 137.933358][ T8275] __do_fast_syscall_32+0x73/0x120 [ 137.933375][ T8275] do_fast_syscall_32+0x32/0x80 [ 137.933391][ T8275] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 137.933404][ T8275] RIP: 0023:0xf7fc7579 [ 137.933413][ T8275] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 137.933422][ T8275] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 137.933431][ T8275] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50e6620 [ 137.933438][ T8275] RDX: 000000000000000f RSI: 00000000f7452ff4 RDI: 0000000000000000 [ 137.933443][ T8275] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 137.933449][ T8275] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 137.933455][ T8275] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 137.933467][ T8275] [ 138.678835][ T8289] autofs: Unknown parameter '0x0000000000000000' [ 138.893770][ T8296] netlink: 4 bytes leftover after parsing attributes in process `syz.0.635'. [ 138.926675][ T8296] netlink: 4 bytes leftover after parsing attributes in process `syz.0.635'. [ 139.634466][ T5948] Bluetooth: hci2: command 0x0406 tx timeout [ 139.634529][ T67] Bluetooth: hci1: command 0x0c1a tx timeout [ 139.634594][ T5943] Bluetooth: hci0: command 0x0c1a tx timeout [ 139.636479][ T5294] Bluetooth: hci3: command 0x0405 tx timeout [ 139.993884][ T8317] netlink: 'syz.3.639': attribute type 1 has an invalid length. [ 139.997134][ T8317] netlink: 120 bytes leftover after parsing attributes in process `syz.3.639'. [ 140.460375][ T8325] tmpfs: Bad value for 'mpol' [ 140.499700][ T8327] lo speed is unknown, defaulting to 1000 [ 140.502430][ T8327] lo speed is unknown, defaulting to 1000 [ 140.673860][ T8333] autofs: Unknown parameter '0x0000000000000000' [ 140.754925][ T8331] netlink: 'syz.2.640': attribute type 10 has an invalid length. [ 140.870221][ T8342] gtp1: entered promiscuous mode [ 140.872244][ T8342] gtp1: entered allmulticast mode [ 141.630879][ T8358] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.715914][ T5948] Bluetooth: hci2: command 0x0406 tx timeout [ 141.718458][ T5294] Bluetooth: hci3: command 0x0405 tx timeout [ 141.723632][ T8358] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.724218][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout [ 141.724292][ T5948] Bluetooth: hci0: command 0x0c1a tx timeout [ 141.780248][ T8358] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.835089][ T8358] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.930749][ T8358] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.938354][ T8358] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.945777][ T8358] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.956107][ T8358] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.991319][ T8364] autofs: Unknown parameter '0x0000000000000000' [ 142.106415][ T8372] netlink: 80 bytes leftover after parsing attributes in process `syz.2.654'. [ 142.111377][ T8372] netlink: 80 bytes leftover after parsing attributes in process `syz.2.654'. [ 142.225531][ T8374] netlink: 40 bytes leftover after parsing attributes in process `syz.3.653'. [ 142.244394][ T5982] libceph: connect (1)[c::]:6789 error -101 [ 142.244486][ T5982] libceph: mon0 (1)[c::]:6789 connect error [ 142.333490][ T8389] gtp3: entered promiscuous mode [ 142.336123][ T8389] gtp3: entered allmulticast mode [ 142.346711][ T8385] FAULT_INJECTION: forcing a failure. [ 142.346711][ T8385] name failslab, interval 1, probability 0, space 0, times 0 [ 142.350869][ T8385] CPU: 0 UID: 0 PID: 8385 Comm: syz.0.658 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 142.350884][ T8385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.350889][ T8385] Call Trace: [ 142.350894][ T8385] [ 142.350908][ T8385] dump_stack_lvl+0x16c/0x1f0 [ 142.350929][ T8385] should_fail_ex+0x512/0x640 [ 142.350958][ T8385] should_failslab+0xc2/0x120 [ 142.350972][ T8385] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 142.350985][ T8385] ? skb_clone+0x190/0x3f0 [ 142.351000][ T8385] skb_clone+0x190/0x3f0 [ 142.351013][ T8385] netlink_deliver_tap+0xabd/0xd30 [ 142.351030][ T8385] netlink_unicast+0x5df/0x7f0 [ 142.351046][ T8385] ? __pfx_netlink_unicast+0x10/0x10 [ 142.351064][ T8385] netlink_sendmsg+0x8d1/0xdd0 [ 142.351080][ T8385] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.351095][ T8385] ? __import_iovec+0x1c8/0x660 [ 142.351109][ T8385] ____sys_sendmsg+0xa98/0xc70 [ 142.351126][ T8385] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.351141][ T8385] ? get_compat_msghdr+0x11a/0x170 [ 142.351167][ T8385] ___sys_sendmsg+0x134/0x1d0 [ 142.351184][ T8385] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.351216][ T8385] __sys_sendmsg+0x16d/0x220 [ 142.351229][ T8385] ? __pfx___sys_sendmsg+0x10/0x10 [ 142.351255][ T8385] ? rcu_is_watching+0x12/0xc0 [ 142.351274][ T8385] __do_fast_syscall_32+0x73/0x120 [ 142.351291][ T8385] do_fast_syscall_32+0x32/0x80 [ 142.351308][ T8385] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 142.351322][ T8385] RIP: 0023:0xf7fb4579 [ 142.351330][ T8385] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 142.351340][ T8385] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 142.351350][ T8385] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 142.351356][ T8385] RDX: 0000000020044050 RSI: 0000000000000000 RDI: 0000000000000000 [ 142.351362][ T8385] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 142.351367][ T8385] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 142.351373][ T8385] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 142.351386][ T8385] [ 142.365561][ T8390] netlink: 16 bytes leftover after parsing attributes in process `syz.1.655'. [ 142.504389][ T5982] libceph: connect (1)[c::]:6789 error -101 [ 142.506708][ T5982] libceph: mon0 (1)[c::]:6789 connect error [ 143.019440][ T8374] ceph: No mds server is up or the cluster is laggy [ 143.024577][ T5982] libceph: connect (1)[c::]:6789 error -101 [ 143.026605][ T5982] libceph: mon0 (1)[c::]:6789 connect error [ 143.056871][ T8407] netlink: 'syz.0.661': attribute type 10 has an invalid length. [ 143.112380][ T8409] autofs: Unknown parameter '0x0000000000000000' [ 143.206230][ T8415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.663'. [ 143.209495][ T8414] netlink: 'syz.3.664': attribute type 1 has an invalid length. [ 143.219759][ T8414] bond1: entered promiscuous mode [ 143.221416][ T8414] bond1: entered allmulticast mode [ 143.225543][ T8415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.663'. [ 143.228587][ T8416] bond1: (slave erspan1): making interface the new active one [ 143.230945][ T8416] erspan1: entered promiscuous mode [ 143.234758][ T8416] erspan1: entered allmulticast mode [ 143.237101][ T8416] bond1: (slave erspan1): Enslaving as an active interface with an up link [ 143.628817][ T5294] Bluetooth: hci0: unexpected event for opcode 0x0402 [ 143.710301][ T1466] libceph: connect (1)[c::]:6789 error -101 [ 143.716668][ T1466] libceph: mon0 (1)[c::]:6789 connect error [ 143.794328][ T5948] Bluetooth: hci3: command 0x0405 tx timeout [ 143.796374][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout [ 143.975412][ T1466] libceph: connect (1)[c::]:6789 error -101 [ 143.977422][ T1466] libceph: mon0 (1)[c::]:6789 connect error [ 144.063814][ T8442] autofs: Unknown parameter 'fd0x0000000000000000' [ 144.411877][ T8452] FAULT_INJECTION: forcing a failure. [ 144.411877][ T8452] name failslab, interval 1, probability 0, space 0, times 0 [ 144.417586][ T8452] CPU: 1 UID: 0 PID: 8452 Comm: syz.3.675 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 144.417610][ T8452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 144.417621][ T8452] Call Trace: [ 144.417627][ T8452] [ 144.417633][ T8452] dump_stack_lvl+0x16c/0x1f0 [ 144.417664][ T8452] should_fail_ex+0x512/0x640 [ 144.417694][ T8452] should_failslab+0xc2/0x120 [ 144.417718][ T8452] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 144.417739][ T8452] ? __alloc_skb+0x2b2/0x380 [ 144.417766][ T8452] __alloc_skb+0x2b2/0x380 [ 144.417785][ T8452] ? __pfx___alloc_skb+0x10/0x10 [ 144.417808][ T8452] ? __lock_acquire+0x5ca/0x1ba0 [ 144.417837][ T8452] xfrm_send_state_notify+0x7d6/0x1fb0 [ 144.417869][ T8452] ? __pfx_xfrm_send_state_notify+0x10/0x10 [ 144.417902][ T8452] ? __pfx_xfrm_send_state_notify+0x10/0x10 [ 144.417929][ T8452] km_state_notify+0xab/0x230 [ 144.417953][ T8452] pfkey_add+0x172b/0x2ec0 [ 144.417980][ T8452] ? __pfx_pfkey_add+0x10/0x10 [ 144.417996][ T8452] ? kfree_skbmem+0x1a4/0x1f0 [ 144.418023][ T8452] ? sk_skb_reason_drop+0x136/0x1a0 [ 144.418047][ T8452] ? pfkey_broadcast+0x2af/0x460 [ 144.418067][ T8452] ? __pfx_pfkey_add+0x10/0x10 [ 144.418084][ T8452] pfkey_process+0x6d9/0x840 [ 144.418108][ T8452] ? __pfx_pfkey_process+0x10/0x10 [ 144.418123][ T8452] ? trace_contention_end+0xdd/0x130 [ 144.418169][ T8452] ? __pfx_aa_sk_perm+0x10/0x10 [ 144.418196][ T8452] pfkey_sendmsg+0x435/0x850 [ 144.418219][ T8452] ____sys_sendmsg+0xa98/0xc70 [ 144.418255][ T8452] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.418278][ T8452] ? get_compat_msghdr+0x11a/0x170 [ 144.418303][ T8452] ? __pfx__kstrtoull+0x10/0x10 [ 144.418327][ T8452] ___sys_sendmsg+0x134/0x1d0 [ 144.418349][ T8452] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.418382][ T8452] ? find_held_lock+0x2b/0x80 [ 144.418414][ T8452] __sys_sendmmsg+0x2f9/0x420 [ 144.418435][ T8452] ? __pfx___sys_sendmmsg+0x10/0x10 [ 144.418467][ T8452] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 144.418504][ T8452] ? fput+0x70/0xf0 [ 144.418525][ T8452] ? ksys_write+0x1b9/0x240 [ 144.418544][ T8452] ? __pfx_ksys_write+0x10/0x10 [ 144.418567][ T8452] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 144.418586][ T8452] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 144.418612][ T8452] __do_fast_syscall_32+0x73/0x120 [ 144.418640][ T8452] do_fast_syscall_32+0x32/0x80 [ 144.418667][ T8452] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 144.418688][ T8452] RIP: 0023:0xf7fc7579 [ 144.418703][ T8452] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 144.418718][ T8452] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 144.418736][ T8452] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180 [ 144.418746][ T8452] RDX: 000000000400008a RSI: 0000000000000000 RDI: 0000000000000000 [ 144.418757][ T8452] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 144.418766][ T8452] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 144.418774][ T8452] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 144.418797][ T8452] [ 144.495216][ T1466] libceph: connect (1)[c::]:6789 error -101 [ 144.495553][ C1] vkms_vblank_simulate: vblank timer overrun [ 144.497544][ T1466] libceph: mon0 (1)[c::]:6789 connect error [ 144.514466][ T8433] ceph: No mds server is up or the cluster is laggy [ 144.598920][ T8456] gre1: entered promiscuous mode [ 144.618085][ T8457] netlink: 4 bytes leftover after parsing attributes in process `syz.3.676'. [ 144.628039][ T8457] netlink: 4 bytes leftover after parsing attributes in process `syz.3.676'. [ 144.783242][ T8465] netlink: 11562 bytes leftover after parsing attributes in process `syz.2.680'. [ 145.602084][ T8473] autofs: Unknown parameter 'fd0x0000000000000000' [ 145.679125][ T8480] netlink: 12 bytes leftover after parsing attributes in process `syz.1.684'. [ 145.705934][ T8480] bond1: entered promiscuous mode [ 145.707967][ T8480] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 145.716451][ T8480] bond1: left promiscuous mode [ 145.803187][ T8457] syz.3.676 (8457) used greatest stack depth: 21048 bytes left [ 145.890291][ T8490] netlink: 40 bytes leftover after parsing attributes in process `syz.0.685'. [ 145.915077][ T24] libceph: connect (1)[c::]:6789 error -101 [ 145.917548][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 145.969062][ T8490] ceph: No mds server is up or the cluster is laggy [ 146.915862][ T8508] autofs: Unknown parameter 'fd0x0000000000000000' [ 146.971369][ T8510] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 146.971393][ T8516] netlink: 8 bytes leftover after parsing attributes in process `syz.0.695'. [ 146.980221][ T8516] ucma_write: process 574 (syz.0.695) changed security contexts after opening file descriptor, this is not allowed. [ 147.020195][ T8520] netlink: 11562 bytes leftover after parsing attributes in process `syz.0.697'. [ 147.190678][ T8533] netlink: 40 bytes leftover after parsing attributes in process `syz.3.701'. [ 147.219633][ T65] libceph: connect (1)[c::]:6789 error -101 [ 147.221680][ T65] libceph: mon0 (1)[c::]:6789 connect error [ 147.225188][ T65] libceph: connect (1)[c::]:6789 error -101 [ 147.227716][ T65] libceph: mon0 (1)[c::]:6789 connect error [ 147.271144][ T8533] ceph: No mds server is up or the cluster is laggy [ 147.460049][ T8547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.706'. [ 147.650618][ T8553] FAULT_INJECTION: forcing a failure. [ 147.650618][ T8553] name failslab, interval 1, probability 0, space 0, times 0 [ 147.654657][ T8553] CPU: 2 UID: 0 PID: 8553 Comm: syz.1.708 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 147.654672][ T8553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 147.654678][ T8553] Call Trace: [ 147.654683][ T8553] [ 147.654687][ T8553] dump_stack_lvl+0x16c/0x1f0 [ 147.654707][ T8553] should_fail_ex+0x512/0x640 [ 147.654723][ T8553] ? __kvmalloc_node_noprof+0x122/0x600 [ 147.654737][ T8553] should_failslab+0xc2/0x120 [ 147.654750][ T8553] __kvmalloc_node_noprof+0x135/0x600 [ 147.654762][ T8553] ? lockdep_init_map_type+0x5c/0x280 [ 147.654777][ T8553] ? alloc_netdev_mqs+0xcf8/0x1570 [ 147.654794][ T8553] ? alloc_netdev_mqs+0xcf8/0x1570 [ 147.654806][ T8553] alloc_netdev_mqs+0xcf8/0x1570 [ 147.654822][ T8553] rtnl_create_link+0xc10/0xfa0 [ 147.654839][ T8553] rtnl_newlink+0xb69/0x2000 [ 147.654856][ T8553] ? __pfx_rtnl_newlink+0x10/0x10 [ 147.654876][ T8553] ? kfree_skbmem+0x1a4/0x1f0 [ 147.654897][ T8553] ? rcu_is_watching+0x12/0xc0 [ 147.654907][ T8553] ? trace_cap_capable+0x18d/0x200 [ 147.654922][ T8553] ? find_held_lock+0x2b/0x80 [ 147.654932][ T8553] ? __pfx_rtnl_newlink+0x10/0x10 [ 147.654944][ T8553] ? __pfx_rtnl_newlink+0x10/0x10 [ 147.654956][ T8553] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 147.654970][ T8553] ? __pfx_rtnl_newlink+0x10/0x10 [ 147.654983][ T8553] rtnetlink_rcv_msg+0x95b/0xe90 [ 147.654998][ T8553] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 147.655019][ T8553] netlink_rcv_skb+0x16d/0x440 [ 147.655033][ T8553] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 147.655047][ T8553] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 147.655069][ T8553] ? netlink_deliver_tap+0x1ae/0xd30 [ 147.655085][ T8553] netlink_unicast+0x53a/0x7f0 [ 147.655100][ T8553] ? __pfx_netlink_unicast+0x10/0x10 [ 147.655119][ T8553] netlink_sendmsg+0x8d1/0xdd0 [ 147.655135][ T8553] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.655150][ T8553] ? __import_iovec+0x1c8/0x660 [ 147.655163][ T8553] ____sys_sendmsg+0xa98/0xc70 [ 147.655181][ T8553] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.655196][ T8553] ? get_compat_msghdr+0x11a/0x170 [ 147.655215][ T8553] ___sys_sendmsg+0x134/0x1d0 [ 147.655229][ T8553] ? __pfx____sys_sendmsg+0x10/0x10 [ 147.655260][ T8553] __sys_sendmsg+0x16d/0x220 [ 147.655273][ T8553] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.655301][ T8553] ? rcu_is_watching+0x12/0xc0 [ 147.655317][ T8553] __do_fast_syscall_32+0x73/0x120 [ 147.655339][ T8553] do_fast_syscall_32+0x32/0x80 [ 147.655359][ T8553] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 147.655372][ T8553] RIP: 0023:0xf7f44579 [ 147.655381][ T8553] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 147.655391][ T8553] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 147.655402][ T8553] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 147.655409][ T8553] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 147.655414][ T8553] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 147.655420][ T8553] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 147.655426][ T8553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 147.655439][ T8553] [ 147.914589][ T8560] FAULT_INJECTION: forcing a failure. [ 147.914589][ T8560] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 147.919060][ T8560] CPU: 0 UID: 0 PID: 8560 Comm: syz.2.711 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 147.919074][ T8560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 147.919081][ T8560] Call Trace: [ 147.919085][ T8560] [ 147.919089][ T8560] dump_stack_lvl+0x16c/0x1f0 [ 147.919109][ T8560] should_fail_ex+0x512/0x640 [ 147.919128][ T8560] save_fsave_header+0x17b/0x2e0 [ 147.919144][ T8560] ? __pfx_save_fsave_header+0x10/0x10 [ 147.919166][ T8560] ? copy_fpstate_to_sigframe+0x2ca/0xb10 [ 147.919186][ T8560] ? rcu_is_watching+0x12/0xc0 [ 147.919196][ T8560] ? __local_bh_enable_ip+0xa4/0x120 [ 147.919210][ T8560] copy_fpstate_to_sigframe+0x7a0/0xb10 [ 147.919229][ T8560] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 147.919247][ T8560] ? __sigqueue_free+0xba/0x2a0 [ 147.919262][ T8560] ? collect_signal+0x263/0x540 [ 147.919280][ T8560] get_sigframe+0x4a8/0x9c0 [ 147.919296][ T8560] ? __pfx_get_sigframe+0x10/0x10 [ 147.919311][ T8560] ? _raw_spin_unlock_irq+0x23/0x50 [ 147.919325][ T8560] ? siginfo_layout+0x1d2/0x290 [ 147.919338][ T8560] ia32_setup_rt_frame+0xe3/0xb30 [ 147.919352][ T8560] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 147.919362][ T8560] ? find_held_lock+0x2b/0x80 [ 147.919372][ T8560] ? __might_fault+0xe3/0x190 [ 147.919384][ T8560] ? __might_fault+0xe3/0x190 [ 147.919397][ T8560] arch_do_signal_or_restart+0x47b/0x7a0 [ 147.919413][ T8560] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 147.919435][ T8560] syscall_exit_to_user_mode+0x150/0x2a0 [ 147.919452][ T8560] __do_fast_syscall_32+0x80/0x120 [ 147.919469][ T8560] do_fast_syscall_32+0x32/0x80 [ 147.919485][ T8560] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 147.919498][ T8560] RIP: 0023:0xf7f32579 [ 147.919506][ T8560] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 147.919516][ T8560] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 000000000000008d [ 147.919526][ T8560] RAX: 0000000000000010 RBX: 0000000000000005 RCX: 0000000080001fc0 [ 147.919532][ T8560] RDX: 00000000000000b8 RSI: 0000000000000000 RDI: 0000000000000000 [ 147.919538][ T8560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 147.919544][ T8560] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 147.919550][ T8560] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 147.919563][ T8560] [ 148.124337][ T1466] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 148.257397][ T8568] netlink: 40 bytes leftover after parsing attributes in process `syz.2.714'. [ 148.277480][ T4350] libceph: connect (1)[c::]:6789 error -101 [ 148.280141][ T4350] libceph: mon0 (1)[c::]:6789 connect error [ 148.294173][ T1466] usb 6-1: Using ep0 maxpacket: 8 [ 148.300716][ T1466] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 148.303284][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 148.315521][ T1466] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 148.319152][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 148.323407][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 148.328071][ T1466] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 148.330441][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 148.333948][ T1466] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 148.338926][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 148.342331][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 148.347078][ T1466] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 148.350025][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 148.354280][ T8568] ceph: No mds server is up or the cluster is laggy [ 148.356630][ T1466] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 148.361794][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 148.375301][ T1466] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 148.385259][ T1466] usb 6-1: string descriptor 0 read error: -22 [ 148.387223][ T1466] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 148.390203][ T1466] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.418159][ T1466] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 148.532095][ T8575] netlink: 'syz.0.713': attribute type 10 has an invalid length. [ 148.549991][ T8576] netlink: 4 bytes leftover after parsing attributes in process `syz.3.715'. [ 148.613230][ T1466] usb 6-1: USB disconnect, device number 3 [ 148.912833][ T8587] netlink: 20 bytes leftover after parsing attributes in process `syz.2.720'. [ 149.729569][ T8597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.724'. [ 149.903320][ T8611] rdma_rxe: rxe_newlink: failed to add lo [ 150.244187][ T834] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 150.408420][ T834] usb 8-1: device descriptor read/64, error -71 [ 150.463596][ T8624] netlink: 'syz.1.727': attribute type 1 has an invalid length. [ 150.466565][ T8624] netlink: 'syz.1.727': attribute type 2 has an invalid length. [ 150.586558][ T8627] netlink: 'syz.2.729': attribute type 10 has an invalid length. [ 150.646532][ T8630] mkiss: ax0: crc mode is auto. [ 150.650652][ T834] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 150.804228][ T834] usb 8-1: device descriptor read/64, error -71 [ 150.948588][ T834] usb usb8-port1: attempt power cycle [ 151.171373][ T8637] Bluetooth: MGMT ver 1.23 [ 151.295186][ T834] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 151.314935][ T834] usb 8-1: device descriptor read/8, error -71 [ 151.564297][ T834] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 151.584748][ T834] usb 8-1: device descriptor read/8, error -71 [ 151.828523][ T834] usb usb8-port1: unable to enumerate USB device [ 151.974501][ T6006] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 152.138108][ T6006] usb 8-1: device descriptor read/64, error -71 [ 152.310970][ T8657] program syz.2.740 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 152.372468][ T8658] netlink: 'syz.0.739': attribute type 10 has an invalid length. [ 152.405524][ T6006] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 152.544368][ T6006] usb 8-1: device descriptor read/64, error -71 [ 152.579499][ T8660] __nla_validate_parse: 2 callbacks suppressed [ 152.579510][ T8660] netlink: 12 bytes leftover after parsing attributes in process `syz.2.741'. [ 152.585862][ T8660] netlink: 'syz.2.741': attribute type 1 has an invalid length. [ 152.588352][ T8660] netlink: 'syz.2.741': attribute type 2 has an invalid length. [ 152.655262][ T6006] usb usb8-port1: attempt power cycle [ 152.793694][ T8670] sp0: Synchronizing with TNC [ 152.801133][ T8670] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 153.016112][ T40] kauditd_printk_skb: 47 callbacks suppressed [ 153.016124][ T40] audit: type=1326 audit(2000000037.709:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.025501][ T40] audit: type=1326 audit(2000000037.709:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.033892][ T40] audit: type=1326 audit(2000000037.709:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=114 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.049487][ T40] audit: type=1326 audit(2000000037.709:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.056379][ T40] audit: type=1326 audit(2000000037.709:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.062901][ T40] audit: type=1326 audit(2000000037.709:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.070034][ T40] audit: type=1326 audit(2000000037.709:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.076766][ T40] audit: type=1326 audit(2000000037.709:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.083287][ T40] audit: type=1326 audit(2000000037.709:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.090025][ T40] audit: type=1326 audit(2000000037.709:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8673 comm="syz.2.745" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32579 code=0x7ffc0000 [ 153.201257][ T1145] Bluetooth: hci4: Frame reassembly failed (-84) [ 153.204225][ T1145] Bluetooth: hci4: Frame reassembly failed (-84) [ 153.283497][ T8681] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 153.524252][ T1466] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 153.535488][ T8687] netlink: 16 bytes leftover after parsing attributes in process `syz.3.748'. [ 153.704185][ T1466] usb 7-1: Using ep0 maxpacket: 8 [ 153.710842][ T1466] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 153.713674][ T1466] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 153.717024][ T1466] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 153.721316][ T1466] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 153.725307][ T1466] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 153.728616][ T8689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.749'. [ 153.729946][ T1466] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 153.737290][ T1466] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.255721][ T8696] netlink: 12 bytes leftover after parsing attributes in process `syz.0.751'. [ 154.264238][ T8696] netlink: 'syz.0.751': attribute type 1 has an invalid length. [ 154.267004][ T8696] netlink: 'syz.0.751': attribute type 2 has an invalid length. [ 154.377928][ T8699] netlink: 12 bytes leftover after parsing attributes in process `syz.3.752'. [ 154.695835][ T5981] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 154.825927][ T5981] usb 5-1: device descriptor read/64, error -71 [ 155.094190][ T5981] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 155.224222][ T5981] usb 5-1: device descriptor read/64, error -71 [ 155.234287][ T5948] Bluetooth: hci4: command 0x1003 tx timeout [ 155.237754][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 155.344488][ T5981] usb usb5-port1: attempt power cycle [ 155.694273][ T5981] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 155.714800][ T5981] usb 5-1: device descriptor read/8, error -71 [ 155.964150][ T5981] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 155.984792][ T5981] usb 5-1: device descriptor read/8, error -71 [ 156.105326][ T5981] usb usb5-port1: unable to enumerate USB device [ 156.276704][ T1466] usb 7-1: usb_control_msg returned -71 [ 156.278596][ T1466] usbtmc 7-1:16.0: can't read capabilities [ 156.283972][ T1466] usb 7-1: USB disconnect, device number 2 [ 156.391118][ T8736] misc userio: Can't change port type on an already running userio instance [ 156.488693][ T8735] netlink: 12 bytes leftover after parsing attributes in process `syz.3.762'. [ 156.493255][ T8735] netlink: 'syz.3.762': attribute type 1 has an invalid length. [ 156.495624][ T8735] netlink: 'syz.3.762': attribute type 2 has an invalid length. [ 156.610277][ T8740] netlink: 16 bytes leftover after parsing attributes in process `syz.1.761'. [ 156.623155][ T8742] FAULT_INJECTION: forcing a failure. [ 156.623155][ T8742] name failslab, interval 1, probability 0, space 0, times 0 [ 156.628437][ T8742] CPU: 2 UID: 0 PID: 8742 Comm: syz.3.763 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 156.628460][ T8742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 156.628470][ T8742] Call Trace: [ 156.628477][ T8742] [ 156.628484][ T8742] dump_stack_lvl+0x16c/0x1f0 [ 156.628514][ T8742] should_fail_ex+0x512/0x640 [ 156.628538][ T8742] ? __kvmalloc_node_noprof+0x122/0x600 [ 156.628561][ T8742] should_failslab+0xc2/0x120 [ 156.628582][ T8742] __kvmalloc_node_noprof+0x135/0x600 [ 156.628602][ T8742] ? nf_tables_addchain.constprop.0+0x5dc/0x1ab0 [ 156.628630][ T8742] ? nf_tables_addchain.constprop.0+0x5dc/0x1ab0 [ 156.628650][ T8742] nf_tables_addchain.constprop.0+0x5dc/0x1ab0 [ 156.628683][ T8742] ? __pfx_nf_tables_addchain.constprop.0+0x10/0x10 [ 156.628706][ T8742] ? __lock_acquire+0x5ca/0x1ba0 [ 156.628750][ T8742] ? nla_strcmp+0xff/0x130 [ 156.628770][ T8742] ? nft_table_lookup.part.0+0x1e3/0x230 [ 156.628793][ T8742] nf_tables_newchain+0x1d03/0x2830 [ 156.628820][ T8742] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 156.628868][ T8742] ? __nla_validate_parse+0x5f1/0x2880 [ 156.628893][ T8742] ? __pfx_nf_tables_newchain+0x10/0x10 [ 156.628916][ T8742] ? __pfx___nla_validate_parse+0x10/0x10 [ 156.628948][ T8742] ? __nla_parse+0x40/0x60 [ 156.628971][ T8742] nfnetlink_rcv_batch+0x1908/0x2350 [ 156.629014][ T8742] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 156.629037][ T8742] ? consume_skb+0xcc/0x100 [ 156.629061][ T8742] ? find_held_lock+0x2b/0x80 [ 156.629079][ T8742] ? __local_bh_enable_ip+0xa4/0x120 [ 156.629100][ T8742] ? lockdep_hardirqs_on+0x7c/0x110 [ 156.629137][ T8742] ? __pfx___dev_queue_xmit+0x10/0x10 [ 156.629180][ T8742] ? __nla_parse+0x40/0x60 [ 156.629202][ T8742] nfnetlink_rcv+0x3c1/0x430 [ 156.629227][ T8742] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 156.629258][ T8742] netlink_unicast+0x53a/0x7f0 [ 156.629285][ T8742] ? __pfx_netlink_unicast+0x10/0x10 [ 156.629316][ T8742] netlink_sendmsg+0x8d1/0xdd0 [ 156.629343][ T8742] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.629367][ T8742] ? __import_iovec+0x1c8/0x660 [ 156.629398][ T8742] ____sys_sendmsg+0xa98/0xc70 [ 156.629426][ T8742] ? __pfx_____sys_sendmsg+0x10/0x10 [ 156.629449][ T8742] ? get_compat_msghdr+0x11a/0x170 [ 156.629479][ T8742] ___sys_sendmsg+0x134/0x1d0 [ 156.629502][ T8742] ? __pfx____sys_sendmsg+0x10/0x10 [ 156.629556][ T8742] __sys_sendmsg+0x16d/0x220 [ 156.629578][ T8742] ? __pfx___sys_sendmsg+0x10/0x10 [ 156.629611][ T8742] ? rcu_is_watching+0x12/0xc0 [ 156.629632][ T8742] __do_fast_syscall_32+0x73/0x120 [ 156.629659][ T8742] do_fast_syscall_32+0x32/0x80 [ 156.629685][ T8742] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 156.629706][ T8742] RIP: 0023:0xf7fc7579 [ 156.629727][ T8742] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 156.629743][ T8742] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 156.629760][ T8742] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 156.629772][ T8742] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 156.629782][ T8742] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 156.629792][ T8742] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 156.629801][ T8742] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 156.629825][ T8742] [ 156.753672][ C2] vkms_vblank_simulate: vblank timer overrun [ 156.767302][ T8742] mkiss: ax0: crc mode is auto. [ 156.946429][ T8754] tipc: Started in network mode [ 156.950146][ T8754] tipc: Node identity e6d0b0c47646, cluster identity 4711 [ 156.954188][ T8754] tipc: Enabled bearer , priority 0 [ 156.958097][ T8754] syzkaller0: MTU too low for tipc bearer [ 156.960387][ T8754] tipc: Disabling bearer [ 156.966130][ T8755] netlink: 40 bytes leftover after parsing attributes in process `syz.3.764'. [ 156.991512][ T24] libceph: connect (1)[c::]:6789 error -101 [ 156.993778][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 157.078819][ T8755] ceph: No mds server is up or the cluster is laggy [ 157.330186][ T8773] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(15) [ 157.333116][ T8773] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 157.337668][ T8773] vhci_hcd vhci_hcd.0: Device attached [ 157.341414][ T8773] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(17) [ 157.343517][ T8773] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 157.347113][ T8773] vhci_hcd vhci_hcd.0: Device attached [ 157.350340][ T8773] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(19) [ 157.352432][ T8773] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 157.355976][ T8773] vhci_hcd vhci_hcd.0: Device attached [ 157.358444][ T8773] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.362107][ T8773] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(23) [ 157.364187][ T8773] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 157.367593][ T8773] vhci_hcd vhci_hcd.0: Device attached [ 157.371260][ T8773] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(25) [ 157.373322][ T8773] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 157.375756][ T8773] vhci_hcd vhci_hcd.0: Device attached [ 157.378492][ T8773] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.381439][ T8773] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.385064][ T8773] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.391417][ T8773] vhci_hcd vhci_hcd.0: port 0 already used [ 157.405752][ T8780] vhci_hcd: connection closed [ 157.405930][ T8778] vhci_hcd: connection closed [ 157.406019][ T8782] vhci_hcd: connection closed [ 157.407615][ T8776] vhci_hcd: connection closed [ 157.409093][ T1145] vhci_hcd: stop threads [ 157.410752][ T8774] vhci_hcd: connection closed [ 157.412608][ T1145] vhci_hcd: release socket [ 157.416565][ T1145] vhci_hcd: disconnect device [ 157.419454][ T1145] vhci_hcd: stop threads [ 157.420748][ T1145] vhci_hcd: release socket [ 157.422183][ T1145] vhci_hcd: disconnect device [ 157.423897][ T1145] vhci_hcd: stop threads [ 157.425738][ T1145] vhci_hcd: release socket [ 157.427129][ T1145] vhci_hcd: disconnect device [ 157.429255][ T1145] vhci_hcd: stop threads [ 157.430705][ T1145] vhci_hcd: release socket [ 157.432254][ T1145] vhci_hcd: disconnect device [ 157.434222][ T1145] vhci_hcd: stop threads [ 157.435602][ T1145] vhci_hcd: release socket [ 157.437045][ T1145] vhci_hcd: disconnect device [ 157.801286][ T8802] sz1: rxe_newlink: already configured on lo [ 157.965491][ T8814] xt_CT: You must specify a L4 protocol and not use inversions on it [ 157.995684][ T8816] netlink: 'syz.2.784': attribute type 1 has an invalid length. [ 157.998087][ T8816] nbd: error processing sock list [ 158.104197][ T29] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 158.244261][ T29] usb 5-1: device descriptor read/64, error -71 [ 158.494309][ T29] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 158.624317][ T29] usb 5-1: device descriptor read/64, error -71 [ 158.735542][ T29] usb usb5-port1: attempt power cycle [ 158.878027][ T8827] FAULT_INJECTION: forcing a failure. [ 158.878027][ T8827] name failslab, interval 1, probability 0, space 0, times 0 [ 158.882011][ T8827] CPU: 2 UID: 0 PID: 8827 Comm: syz.2.787 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 158.882025][ T8827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 158.882032][ T8827] Call Trace: [ 158.882036][ T8827] [ 158.882041][ T8827] dump_stack_lvl+0x16c/0x1f0 [ 158.882060][ T8827] should_fail_ex+0x512/0x640 [ 158.882079][ T8827] should_failslab+0xc2/0x120 [ 158.882093][ T8827] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 158.882106][ T8827] ? skb_clone+0x190/0x3f0 [ 158.882121][ T8827] skb_clone+0x190/0x3f0 [ 158.882134][ T8827] netlink_deliver_tap+0xabd/0xd30 [ 158.882151][ T8827] netlink_dump+0xb6d/0xd00 [ 158.882166][ T8827] ? __pfx_netlink_dump+0x10/0x10 [ 158.882178][ T8827] ? __rhashtable_lookup.constprop.0+0x3a5/0x760 [ 158.882190][ T8827] ? __netlink_dump_start+0x150/0x990 [ 158.882209][ T8827] ? netlink_lookup+0x258/0x520 [ 158.882221][ T8827] ? __pfx_netlink_lookup+0x10/0x10 [ 158.882238][ T8827] __netlink_dump_start+0x6d6/0x990 [ 158.882252][ T8827] ? __pfx_ip6addrlbl_dump+0x10/0x10 [ 158.882268][ T8827] rtnetlink_rcv_msg+0xb3e/0xe90 [ 158.882281][ T8827] ? __pfx_ip6addrlbl_dump+0x10/0x10 [ 158.882297][ T8827] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 158.882310][ T8827] ? __pfx_ip6addrlbl_dump+0x10/0x10 [ 158.882331][ T8827] netlink_rcv_skb+0x16d/0x440 [ 158.882349][ T8827] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 158.882363][ T8827] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 158.882385][ T8827] ? netlink_deliver_tap+0x1ae/0xd30 [ 158.882401][ T8827] netlink_unicast+0x53a/0x7f0 [ 158.882416][ T8827] ? __pfx_netlink_unicast+0x10/0x10 [ 158.882434][ T8827] netlink_sendmsg+0x8d1/0xdd0 [ 158.882450][ T8827] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.882465][ T8827] ? __import_iovec+0x1c8/0x660 [ 158.882479][ T8827] ____sys_sendmsg+0xa98/0xc70 [ 158.882496][ T8827] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.882511][ T8827] ? get_compat_msghdr+0x11a/0x170 [ 158.882530][ T8827] ___sys_sendmsg+0x134/0x1d0 [ 158.882544][ T8827] ? __pfx____sys_sendmsg+0x10/0x10 [ 158.882574][ T8827] __sys_sendmsg+0x16d/0x220 [ 158.882587][ T8827] ? __pfx___sys_sendmsg+0x10/0x10 [ 158.882606][ T8827] ? rcu_is_watching+0x12/0xc0 [ 158.882619][ T8827] __do_fast_syscall_32+0x73/0x120 [ 158.882637][ T8827] do_fast_syscall_32+0x32/0x80 [ 158.882653][ T8827] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 158.882666][ T8827] RIP: 0023:0xf7f32579 [ 158.882675][ T8827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 158.882685][ T8827] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 158.882695][ T8827] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800016c0 [ 158.882702][ T8827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 158.882707][ T8827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 158.882713][ T8827] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 158.882719][ T8827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 158.882732][ T8827] [ 159.095988][ T8835] dvmrp9: entered allmulticast mode [ 159.104200][ T29] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 159.125824][ T29] usb 5-1: device descriptor read/8, error -71 [ 159.128916][ T8838] FAULT_INJECTION: forcing a failure. [ 159.128916][ T8838] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.132883][ T8838] CPU: 2 UID: 0 PID: 8838 Comm: syz.1.792 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 159.132898][ T8838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 159.132904][ T8838] Call Trace: [ 159.132908][ T8838] [ 159.132913][ T8838] dump_stack_lvl+0x16c/0x1f0 [ 159.132932][ T8838] should_fail_ex+0x512/0x640 [ 159.132952][ T8838] _copy_to_user+0x32/0xd0 [ 159.132970][ T8838] simple_read_from_buffer+0xcb/0x170 [ 159.132988][ T8838] proc_fail_nth_read+0x197/0x270 [ 159.133004][ T8838] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 159.133020][ T8838] ? rw_verify_area+0xcf/0x680 [ 159.133036][ T8838] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 159.133051][ T8838] vfs_read+0x1de/0xc70 [ 159.133063][ T8838] ? __pfx___mutex_lock+0x10/0x10 [ 159.133079][ T8838] ? __pfx_vfs_read+0x10/0x10 [ 159.133092][ T8838] ? __fget_files+0x20e/0x3c0 [ 159.133106][ T8838] ksys_read+0x12a/0x240 [ 159.133121][ T8838] ? __pfx_ksys_read+0x10/0x10 [ 159.133132][ T8838] ? rcu_is_watching+0x12/0xc0 [ 159.133145][ T8838] __do_fast_syscall_32+0x73/0x120 [ 159.133163][ T8838] do_fast_syscall_32+0x32/0x80 [ 159.133179][ T8838] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 159.133192][ T8838] RIP: 0023:0xf7f44579 [ 159.133201][ T8838] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 159.133211][ T8838] RSP: 002b:00000000f5066590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 159.133221][ T8838] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5066620 [ 159.133228][ T8838] RDX: 000000000000000f RSI: 00000000f73d2ff4 RDI: 0000000000000000 [ 159.133233][ T8838] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 159.133239][ T8838] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 159.133245][ T8838] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 159.133258][ T8838] [ 159.254636][ T834] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 159.364314][ T29] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 159.385060][ T29] usb 5-1: device descriptor read/8, error -71 [ 159.405922][ T834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 159.410172][ T834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 159.413928][ T834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 159.419003][ T834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 159.424675][ T834] usb 8-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 159.428128][ T834] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.431187][ T834] usb 8-1: Product: syz [ 159.432950][ T834] usb 8-1: Manufacturer: syz [ 159.434804][ T834] usb 8-1: SerialNumber: syz [ 159.438823][ T834] usb 8-1: config 0 descriptor?? [ 159.494605][ T29] usb usb5-port1: unable to enumerate USB device [ 159.651092][ T834] adutux 8-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 159.850271][ T1466] usb 8-1: USB disconnect, device number 11 [ 160.005077][ T8844] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 160.012133][ T8844] overlayfs: failed to resolve './file1': -2 [ 160.711000][ T8885] FAULT_INJECTION: forcing a failure. [ 160.711000][ T8885] name failslab, interval 1, probability 0, space 0, times 0 [ 160.715305][ T8885] CPU: 2 UID: 0 PID: 8885 Comm: syz.0.809 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 160.715325][ T8885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 160.715333][ T8885] Call Trace: [ 160.715337][ T8885] [ 160.715341][ T8885] dump_stack_lvl+0x16c/0x1f0 [ 160.715376][ T8885] should_fail_ex+0x512/0x640 [ 160.715397][ T8885] should_failslab+0xc2/0x120 [ 160.715411][ T8885] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 160.715424][ T8885] ? skb_clone+0x190/0x3f0 [ 160.715440][ T8885] skb_clone+0x190/0x3f0 [ 160.715453][ T8885] netlink_deliver_tap+0xabd/0xd30 [ 160.715470][ T8885] netlink_unicast+0x5df/0x7f0 [ 160.715485][ T8885] ? __pfx_netlink_unicast+0x10/0x10 [ 160.715503][ T8885] netlink_sendmsg+0x8d1/0xdd0 [ 160.715519][ T8885] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.715538][ T8885] __sys_sendto+0x498/0x510 [ 160.715550][ T8885] ? __pfx___sys_sendto+0x10/0x10 [ 160.715560][ T8885] ? __lock_acquire+0xaa4/0x1ba0 [ 160.715590][ T8885] __ia32_compat_sys_socketcall+0x625/0x770 [ 160.715605][ T8885] ? __fget_files+0x20e/0x3c0 [ 160.715614][ T8885] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 160.715630][ T8885] ? fput+0x70/0xf0 [ 160.715646][ T8885] ? rcu_is_watching+0x12/0xc0 [ 160.715658][ T8885] __do_fast_syscall_32+0x73/0x120 [ 160.715675][ T8885] do_fast_syscall_32+0x32/0x80 [ 160.715691][ T8885] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 160.715704][ T8885] RIP: 0023:0xf7fb4579 [ 160.715712][ T8885] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 160.715722][ T8885] RSP: 002b:00000000f50d5410 EFLAGS: 00000293 ORIG_RAX: 0000000000000066 [ 160.715732][ T8885] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f50d5424 [ 160.715738][ T8885] RDX: 0000000000000000 RSI: 00000000f50d5550 RDI: 00000000f7442ff4 [ 160.715744][ T8885] RBP: 00000000f50d5550 R08: 0000000000000000 R09: 0000000000000000 [ 160.715750][ T8885] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 160.715756][ T8885] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 160.715769][ T8885] [ 160.716429][ T8884] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.723911][ T8886] netlink: 56 bytes leftover after parsing attributes in process `syz.3.805'. [ 160.811391][ T8872] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 160.813529][ T8872] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 160.817394][ T8872] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 160.819515][ T8872] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 160.861201][ T8891] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 160.878110][ T8891] overlayfs: failed to resolve './file1': -2 [ 161.326982][ T8910] netlink: 'syz.0.818': attribute type 33 has an invalid length. [ 161.329540][ T8910] netlink: 152 bytes leftover after parsing attributes in process `syz.0.818'. [ 161.892356][ T8932] FAULT_INJECTION: forcing a failure. [ 161.892356][ T8932] name failslab, interval 1, probability 0, space 0, times 0 [ 161.896585][ T8932] CPU: 1 UID: 0 PID: 8932 Comm: syz.3.823 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 161.896599][ T8932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.896605][ T8932] Call Trace: [ 161.896612][ T8932] [ 161.896620][ T8932] dump_stack_lvl+0x16c/0x1f0 [ 161.896639][ T8932] should_fail_ex+0x512/0x640 [ 161.896658][ T8932] should_failslab+0xc2/0x120 [ 161.896672][ T8932] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 161.896685][ T8932] ? skb_clone+0x190/0x3f0 [ 161.896700][ T8932] skb_clone+0x190/0x3f0 [ 161.896714][ T8932] netlink_deliver_tap+0xabd/0xd30 [ 161.896731][ T8932] netlink_unicast+0x5df/0x7f0 [ 161.896746][ T8932] ? __pfx_netlink_unicast+0x10/0x10 [ 161.896764][ T8932] netlink_sendmsg+0x8d1/0xdd0 [ 161.896780][ T8932] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.896818][ T8932] ? __import_iovec+0x1c8/0x660 [ 161.896834][ T8932] ____sys_sendmsg+0xa98/0xc70 [ 161.896852][ T8932] ? __pfx_____sys_sendmsg+0x10/0x10 [ 161.896867][ T8932] ? get_compat_msghdr+0x11a/0x170 [ 161.896886][ T8932] ___sys_sendmsg+0x134/0x1d0 [ 161.896900][ T8932] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.896930][ T8932] __sys_sendmsg+0x16d/0x220 [ 161.896943][ T8932] ? __pfx___sys_sendmsg+0x10/0x10 [ 161.896962][ T8932] ? rcu_is_watching+0x12/0xc0 [ 161.896977][ T8932] __do_fast_syscall_32+0x73/0x120 [ 161.896998][ T8932] do_fast_syscall_32+0x32/0x80 [ 161.897014][ T8932] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 161.897028][ T8932] RIP: 0023:0xf7fc7579 [ 161.897037][ T8932] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 161.897047][ T8932] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 161.897057][ T8932] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 161.897063][ T8932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 161.897069][ T8932] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 161.897077][ T8932] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 161.897083][ T8932] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 161.897096][ T8932] [ 161.974199][ T8932] netlink: 'syz.3.823': attribute type 33 has an invalid length. [ 161.976626][ T8932] netlink: 152 bytes leftover after parsing attributes in process `syz.3.823'. [ 162.119063][ T8941] gtp2: entered promiscuous mode [ 162.120678][ T8941] gtp2: entered allmulticast mode [ 162.560970][ T8950] netlink: 'syz.2.829': attribute type 10 has an invalid length. [ 162.764202][ T5948] Bluetooth: hci0: command 0x0c1a tx timeout [ 162.787560][ T8952] FAULT_INJECTION: forcing a failure. [ 162.787560][ T8952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.788486][ T8952] [ 162.788492][ T8952] ====================================================== [ 162.788496][ T8952] WARNING: possible circular locking dependency detected [ 162.788500][ T8952] 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 Not tainted [ 162.788506][ T8952] ------------------------------------------------------ [ 162.788509][ T8952] syz.1.830/8952 is trying to acquire lock: [ 162.788514][ T8952] ffffffff8e2ccec0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0 [ 162.788547][ T8952] [ 162.788547][ T8952] but task is already holding lock: [ 162.788550][ T8952] ffff88802b239f18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 162.788571][ T8952] [ 162.788571][ T8952] which lock already depends on the new lock. [ 162.788571][ T8952] [ 162.788574][ T8952] [ 162.788574][ T8952] the existing dependency chain (in reverse order) is: [ 162.788577][ T8952] [ 162.788577][ T8952] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 162.788589][ T8952] _raw_spin_lock_nested+0x31/0x40 [ 162.788602][ T8952] raw_spin_rq_lock_nested+0x29/0x130 [ 162.788611][ T8952] task_rq_lock+0xcf/0x490 [ 162.788620][ T8952] cgroup_move_task+0x81/0x2a0 [ 162.788631][ T8952] css_set_move_task+0x288/0x5f0 [ 162.788642][ T8952] cgroup_post_fork+0x201/0x9e0 [ 162.788656][ T8952] copy_process+0x5006/0x91a0 [ 162.788669][ T8952] kernel_clone+0xfc/0x960 [ 162.788680][ T8952] user_mode_thread+0xc7/0x110 [ 162.788692][ T8952] rest_init+0x23/0x2b0 [ 162.788701][ T8952] start_kernel+0x3e9/0x4d0 [ 162.788725][ T8952] x86_64_start_reservations+0x18/0x30 [ 162.788739][ T8952] x86_64_start_kernel+0xb0/0xc0 [ 162.788752][ T8952] common_startup_64+0x13e/0x148 [ 162.788764][ T8952] [ 162.788764][ T8952] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 162.788776][ T8952] _raw_spin_lock_irqsave+0x3a/0x60 [ 162.788788][ T8952] try_to_wake_up+0xb2/0x1680 [ 162.788819][ T8952] __wake_up_common+0x132/0x1f0 [ 162.788832][ T8952] __wake_up+0x31/0x60 [ 162.788841][ T8952] tty_port_default_wakeup+0x2a/0x40 [ 162.788855][ T8952] serial8250_tx_chars+0x68e/0x860 [ 162.788867][ T8952] serial8250_handle_irq+0x761/0xcb0 [ 162.788882][ T8952] serial8250_default_handle_irq+0x9a/0x210 [ 162.788896][ T8952] serial8250_interrupt+0x106/0x210 [ 162.788911][ T8952] __handle_irq_event_percpu+0x22c/0x7d0 [ 162.788920][ T8952] handle_irq_event+0xab/0x1e0 [ 162.788928][ T8952] handle_edge_irq+0x263/0xd10 [ 162.788942][ T8952] __common_interrupt+0xe2/0x250 [ 162.788956][ T8952] common_interrupt+0xba/0xe0 [ 162.788966][ T8952] asm_common_interrupt+0x26/0x40 [ 162.788975][ T8952] pv_native_safe_halt+0xf/0x20 [ 162.788988][ T8952] default_idle+0x13/0x20 [ 162.788995][ T8952] default_idle_call+0x6d/0xb0 [ 162.789004][ T8952] do_idle+0x391/0x510 [ 162.789012][ T8952] cpu_startup_entry+0x4f/0x60 [ 162.789021][ T8952] start_secondary+0x21d/0x2b0 [ 162.789035][ T8952] common_startup_64+0x13e/0x148 [ 162.789046][ T8952] [ 162.789046][ T8952] -> #2 (&tty->write_wait){-...}-{3:3}: [ 162.789059][ T8952] _raw_spin_lock_irqsave+0x3a/0x60 [ 162.789070][ T8952] __wake_up+0x1c/0x60 [ 162.789086][ T8952] tty_port_default_wakeup+0x2a/0x40 [ 162.789098][ T8952] serial8250_tx_chars+0x68e/0x860 [ 162.789111][ T8952] serial8250_handle_irq+0x761/0xcb0 [ 162.789125][ T8952] serial8250_default_handle_irq+0x9a/0x210 [ 162.789139][ T8952] serial8250_interrupt+0x106/0x210 [ 162.789153][ T8952] __handle_irq_event_percpu+0x22c/0x7d0 [ 162.789162][ T8952] handle_irq_event+0xab/0x1e0 [ 162.789170][ T8952] handle_edge_irq+0x263/0xd10 [ 162.789184][ T8952] __common_interrupt+0xe2/0x250 [ 162.789197][ T8952] common_interrupt+0xba/0xe0 [ 162.789207][ T8952] asm_common_interrupt+0x26/0x40 [ 162.789215][ T8952] _raw_spin_unlock_irqrestore+0x31/0x80 [ 162.789228][ T8952] uart_write+0x2a4/0xb30 [ 162.789239][ T8952] n_tty_write+0x40f/0x1160 [ 162.789253][ T8952] file_tty_write.constprop.0+0x502/0x9b0 [ 162.789265][ T8952] redirected_tty_write+0xd4/0x150 [ 162.789276][ T8952] vfs_write+0x5bd/0x1180 [ 162.789285][ T8952] ksys_write+0x12a/0x240 [ 162.789293][ T8952] do_syscall_64+0xcd/0x230 [ 162.789307][ T8952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.789316][ T8952] [ 162.789316][ T8952] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 162.789328][ T8952] _raw_spin_lock_irqsave+0x3a/0x60 [ 162.789340][ T8952] serial8250_console_write+0x181/0x1890 [ 162.789354][ T8952] console_flush_all+0x801/0xc60 [ 162.789362][ T8952] console_unlock+0xd8/0x210 [ 162.789369][ T8952] vprintk_emit+0x418/0x6d0 [ 162.789377][ T8952] _printk+0xc7/0x100 [ 162.789389][ T8952] register_console+0xc2d/0x11b0 [ 162.789398][ T8952] univ8250_console_init+0x5f/0x90 [ 162.789411][ T8952] console_init+0x14f/0x680 [ 162.789424][ T8952] start_kernel+0x29f/0x4d0 [ 162.789437][ T8952] x86_64_start_reservations+0x18/0x30 [ 162.789451][ T8952] x86_64_start_kernel+0xb0/0xc0 [ 162.789464][ T8952] common_startup_64+0x13e/0x148 [ 162.789474][ T8952] [ 162.789474][ T8952] -> #0 (console_owner){-.-.}-{0:0}: [ 162.789486][ T8952] __lock_acquire+0x1173/0x1ba0 [ 162.789498][ T8952] lock_acquire+0x179/0x350 [ 162.789510][ T8952] console_lock_spinning_enable+0xb0/0xd0 [ 162.789525][ T8952] console_flush_all+0x7aa/0xc60 [ 162.789533][ T8952] console_unlock+0xd8/0x210 [ 162.789540][ T8952] vprintk_emit+0x418/0x6d0 [ 162.789548][ T8952] _printk+0xc7/0x100 [ 162.789560][ T8952] should_fail_ex+0x4e7/0x640 [ 162.789575][ T8952] strncpy_from_user+0x3b/0x2e0 [ 162.789587][ T8952] strncpy_from_user_nofault+0x7f/0x180 [ 162.789601][ T8952] bpf_probe_read_user_str+0x26/0x70 [ 162.789610][ T8952] bpf_prog_7acee76fef7300d9+0x64/0x6c [ 162.789618][ T8952] bpf_trace_run2+0x230/0x590 [ 162.789629][ T8952] __bpf_trace_tlb_flush+0xd1/0x110 [ 162.789644][ T8952] trace_tlb_flush+0xe4/0x160 [ 162.789657][ T8952] switch_mm_irqs_off+0x377/0x890 [ 162.789670][ T8952] __schedule+0xf4f/0x5de0 [ 162.789682][ T8952] preempt_schedule_irq+0x51/0x90 [ 162.789694][ T8952] irqentry_exit+0x36/0x90 [ 162.789707][ T8952] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 162.789717][ T8952] unwind_next_frame+0xf8/0x20a0 [ 162.789728][ T8952] arch_stack_walk+0x94/0x100 [ 162.789739][ T8952] stack_trace_save+0x8e/0xc0 [ 162.789748][ T8952] save_stack+0x160/0x1f0 [ 162.789758][ T8952] __reset_page_owner+0x84/0x1a0 [ 162.789767][ T8952] __free_frozen_pages+0x69d/0xff0 [ 162.789776][ T8952] __put_partials+0x16d/0x1c0 [ 162.789785][ T8952] qlist_free_all+0x4e/0x120 [ 162.789794][ T8952] kasan_quarantine_reduce+0x195/0x1e0 [ 162.789804][ T8952] __kasan_slab_alloc+0x69/0x90 [ 162.789815][ T8952] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 162.789823][ T8952] fsnotify_alloc_group+0x92/0x330 [ 162.789837][ T8952] do_inotify_init+0x49/0x5f0 [ 162.789847][ T8952] __ia32_sys_inotify_init1+0x30/0x40 [ 162.789858][ T8952] __do_fast_syscall_32+0x73/0x120 [ 162.789872][ T8952] do_fast_syscall_32+0x32/0x80 [ 162.789886][ T8952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 162.789898][ T8952] [ 162.789898][ T8952] other info that might help us debug this: [ 162.789898][ T8952] [ 162.789901][ T8952] Chain exists of: [ 162.789901][ T8952] console_owner --> &p->pi_lock --> &rq->__lock [ 162.789901][ T8952] [ 162.789914][ T8952] Possible unsafe locking scenario: [ 162.789914][ T8952] [ 162.789917][ T8952] CPU0 CPU1 [ 162.789919][ T8952] ---- ---- [ 162.789922][ T8952] lock(&rq->__lock); [ 162.789927][ T8952] lock(&p->pi_lock); [ 162.789934][ T8952] lock(&rq->__lock); [ 162.789940][ T8952] lock(console_owner); [ 162.789945][ T8952] [ 162.789945][ T8952] *** DEADLOCK *** [ 162.789945][ T8952] [ 162.789948][ T8952] 6 locks held by syz.1.830/8952: [ 162.789953][ T8952] #0: ffffffff8e5876f0 (remove_cache_srcu){.+.+}-{0:0}, at: kasan_quarantine_reduce+0x88/0x1e0 [ 162.789976][ T8952] #1: ffffffff8e3bfa80 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xbd/0x20a0 [ 162.789998][ T8952] #2: ffff88802b239f18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 162.790020][ T8952] #3: ffffffff8e3bfa80 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1b6/0x590 [ 162.790043][ T8952] #4: ffffffff8e3ad300 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100 [ 162.790067][ T8952] #5: ffffffff8e3ad370 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60 [ 162.790090][ T8952] [ 162.790090][ T8952] stack backtrace: [ 162.790095][ T8952] CPU: 1 UID: 0 PID: 8952 Comm: syz.1.830 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 162.790108][ T8952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 162.790114][ T8952] Call Trace: [ 162.790118][ T8952] [ 162.790121][ T8952] dump_stack_lvl+0x116/0x1f0 [ 162.790136][ T8952] print_circular_bug+0x275/0x350 [ 162.790150][ T8952] check_noncircular+0x14c/0x170 [ 162.790164][ T8952] __lock_acquire+0x1173/0x1ba0 [ 162.790179][ T8952] lock_acquire+0x179/0x350 [ 162.790192][ T8952] ? console_lock_spinning_enable+0x9f/0xd0 [ 162.790208][ T8952] ? console_lock_spinning_enable+0x88/0xd0 [ 162.790225][ T8952] console_lock_spinning_enable+0xb0/0xd0 [ 162.790241][ T8952] ? console_lock_spinning_enable+0x9f/0xd0 [ 162.790257][ T8952] console_flush_all+0x7aa/0xc60 [ 162.790267][ T8952] ? __pfx_console_flush_all+0x10/0x10 [ 162.790278][ T8952] ? is_printk_cpu_sync_owner+0x32/0x40 [ 162.790289][ T8952] console_unlock+0xd8/0x210 [ 162.790297][ T8952] ? __pfx_console_unlock+0x10/0x10 [ 162.790306][ T8952] ? do_raw_spin_unlock+0x100/0x230 [ 162.790322][ T8952] ? _printk+0xc7/0x100 [ 162.790334][ T8952] ? __down_trylock_console_sem+0xb0/0x140 [ 162.790349][ T8952] vprintk_emit+0x418/0x6d0 [ 162.790359][ T8952] ? __pfx_vprintk_emit+0x10/0x10 [ 162.790368][ T8952] ? kernelmode_fixup_or_oops.constprop.0+0x77/0xe0 [ 162.790380][ T8952] _printk+0xc7/0x100 [ 162.790392][ T8952] ? __pfx__printk+0x10/0x10 [ 162.790405][ T8952] ? ___ratelimit+0x24c/0x570 [ 162.790418][ T8952] ? __pfx____ratelimit+0x10/0x10 [ 162.790433][ T8952] should_fail_ex+0x4e7/0x640 [ 162.790448][ T8952] strncpy_from_user+0x3b/0x2e0 [ 162.790462][ T8952] strncpy_from_user_nofault+0x7f/0x180 [ 162.790477][ T8952] bpf_probe_read_user_str+0x26/0x70 [ 162.790487][ T8952] bpf_prog_7acee76fef7300d9+0x64/0x6c [ 162.790494][ T8952] bpf_trace_run2+0x230/0x590 [ 162.790507][ T8952] ? __pfx_bpf_trace_run2+0x10/0x10 [ 162.790519][ T8952] ? __lock_acquire+0xaa4/0x1ba0 [ 162.790533][ T8952] __bpf_trace_tlb_flush+0xd1/0x110 [ 162.790549][ T8952] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 162.790565][ T8952] ? find_held_lock+0x2b/0x80 [ 162.790575][ T8952] ? psi_task_switch+0x201/0x8e0 [ 162.790586][ T8952] trace_tlb_flush+0xe4/0x160 [ 162.790600][ T8952] switch_mm_irqs_off+0x377/0x890 [ 162.790615][ T8952] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 162.790630][ T8952] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 162.790646][ T8952] __schedule+0xf4f/0x5de0 [ 162.790658][ T8952] ? __pfx_bpf_trace_run2+0x10/0x10 [ 162.790673][ T8952] ? __pfx___schedule+0x10/0x10 [ 162.790685][ T8952] ? __lock_acquire+0x5ca/0x1ba0 [ 162.790700][ T8952] ? mark_held_locks+0x49/0x80 [ 162.790713][ T8952] preempt_schedule_irq+0x51/0x90 [ 162.790727][ T8952] irqentry_exit+0x36/0x90 [ 162.790741][ T8952] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 162.790751][ T8952] RIP: 0010:unwind_next_frame+0xf8/0x20a0 [ 162.790763][ T8952] Code: 15 2e 00 e8 2a cc ff 09 5a 85 c0 0f 85 57 09 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8d 65 50 4c 89 e2 48 c1 ea 03 80 3c 02 00 <0f> 85 ee 17 00 00 4d 8b 75 50 4d 85 f6 74 36 49 8d be 88 00 00 00 [ 162.790773][ T8952] RSP: 0018:ffffc90006b0fa10 EFLAGS: 00000246 [ 162.790781][ T8952] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 00000000090a95df [ 162.790787][ T8952] RDX: 1ffff92000d61f5a RSI: ffffffff8bf473e0 RDI: ffffffff8dce6d28 [ 162.790793][ T8952] RBP: ffffc90006b0fac8 R08: f2767abefc51ed2d R09: 0000000000000000 [ 162.790799][ T8952] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90006b0fad0 [ 162.790805][ T8952] R13: ffffc90006b0fa80 R14: 0000000000000000 R15: ffff88800036c880 [ 162.790814][ T8952] ? __ia32_sys_inotify_init1+0x30/0x40 [ 162.790826][ T8952] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 162.790837][ T8952] arch_stack_walk+0x94/0x100 [ 162.790850][ T8952] ? __ia32_sys_inotify_init1+0x30/0x40 [ 162.790862][ T8952] stack_trace_save+0x8e/0xc0 [ 162.790872][ T8952] ? __pfx_stack_trace_save+0x10/0x10 [ 162.790883][ T8952] ? find_held_lock+0x2b/0x80 [ 162.790893][ T8952] save_stack+0x160/0x1f0 [ 162.790903][ T8952] ? __pfx_save_stack+0x10/0x10 [ 162.790912][ T8952] ? __free_frozen_pages+0x69d/0xff0 [ 162.790921][ T8952] ? __put_partials+0x16d/0x1c0 [ 162.790931][ T8952] ? qlist_free_all+0x4e/0x120 [ 162.790940][ T8952] ? kasan_quarantine_reduce+0x195/0x1e0 [ 162.790950][ T8952] ? __kasan_slab_alloc+0x69/0x90 [ 162.790960][ T8952] ? __kmalloc_cache_noprof+0x1f1/0x3e0 [ 162.790969][ T8952] ? fsnotify_alloc_group+0x92/0x330 [ 162.790984][ T8952] ? do_inotify_init+0x49/0x5f0 [ 162.790994][ T8952] ? __ia32_sys_inotify_init1+0x30/0x40 [ 162.791007][ T8952] ? __rcu_read_unlock+0x2b4/0x580 [ 162.791021][ T8952] __reset_page_owner+0x84/0x1a0 [ 162.791032][ T8952] __free_frozen_pages+0x69d/0xff0 [ 162.791042][ T8952] __put_partials+0x16d/0x1c0 [ 162.791053][ T8952] qlist_free_all+0x4e/0x120 [ 162.791063][ T8952] kasan_quarantine_reduce+0x195/0x1e0 [ 162.791074][ T8952] __kasan_slab_alloc+0x69/0x90 [ 162.791089][ T8952] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 162.791099][ T8952] ? fsnotify_alloc_group+0x92/0x330 [ 162.791114][ T8952] fsnotify_alloc_group+0x92/0x330 [ 162.791130][ T8952] do_inotify_init+0x49/0x5f0 [ 162.791140][ T8952] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 162.791156][ T8952] __ia32_sys_inotify_init1+0x30/0x40 [ 162.791167][ T8952] __do_fast_syscall_32+0x73/0x120 [ 162.791183][ T8952] do_fast_syscall_32+0x32/0x80 [ 162.791198][ T8952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 162.791210][ T8952] RIP: 0023:0xf7f44579 [ 162.791217][ T8952] Code: Unable to access opcode bytes at 0xf7f4454f. [ 162.791221][ T8952] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 000000000000014c [ 162.791230][ T8952] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 162.791236][ T8952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 162.791241][ T8952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 162.791247][ T8952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 162.791253][ T8952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 162.791261][ T8952] [ 163.236496][ T8952] CPU: 1 UID: 0 PID: 8952 Comm: syz.1.830 Not tainted 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 163.236511][ T8952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.236518][ T8952] Call Trace: [ 163.236523][ T8952] [ 163.236528][ T8952] dump_stack_lvl+0x116/0x1f0 [ 163.236547][ T8952] should_fail_ex+0x512/0x640 [ 163.236564][ T8952] strncpy_from_user+0x3b/0x2e0 [ 163.236578][ T8952] strncpy_from_user_nofault+0x7f/0x180 [ 163.236595][ T8952] bpf_probe_read_user_str+0x26/0x70 [ 163.236606][ T8952] bpf_prog_7acee76fef7300d9+0x64/0x6c [ 163.236615][ T8952] bpf_trace_run2+0x230/0x590 [ 163.236628][ T8952] ? __pfx_bpf_trace_run2+0x10/0x10 [ 163.236640][ T8952] ? __lock_acquire+0xaa4/0x1ba0 [ 163.236656][ T8952] __bpf_trace_tlb_flush+0xd1/0x110 [ 163.236672][ T8952] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 163.236688][ T8952] ? find_held_lock+0x2b/0x80 [ 163.236698][ T8952] ? psi_task_switch+0x201/0x8e0 [ 163.236710][ T8952] trace_tlb_flush+0xe4/0x160 [ 163.236725][ T8952] switch_mm_irqs_off+0x377/0x890 [ 163.236740][ T8952] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 163.236755][ T8952] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 163.236771][ T8952] __schedule+0xf4f/0x5de0 [ 163.236784][ T8952] ? __pfx_bpf_trace_run2+0x10/0x10 [ 163.236816][ T8952] ? __pfx___schedule+0x10/0x10 [ 163.236829][ T8952] ? __lock_acquire+0x5ca/0x1ba0 [ 163.236843][ T8952] ? mark_held_locks+0x49/0x80 [ 163.236856][ T8952] preempt_schedule_irq+0x51/0x90 [ 163.236871][ T8952] irqentry_exit+0x36/0x90 [ 163.236885][ T8952] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 163.236896][ T8952] RIP: 0010:unwind_next_frame+0xf8/0x20a0 [ 163.236908][ T8952] Code: 15 2e 00 e8 2a cc ff 09 5a 85 c0 0f 85 57 09 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8d 65 50 4c 89 e2 48 c1 ea 03 80 3c 02 00 <0f> 85 ee 17 00 00 4d 8b 75 50 4d 85 f6 74 36 49 8d be 88 00 00 00 [ 163.236918][ T8952] RSP: 0018:ffffc90006b0fa10 EFLAGS: 00000246 [ 163.236927][ T8952] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 00000000090a95df [ 163.236933][ T8952] RDX: 1ffff92000d61f5a RSI: ffffffff8bf473e0 RDI: ffffffff8dce6d28 [ 163.236939][ T8952] RBP: ffffc90006b0fac8 R08: f2767abefc51ed2d R09: 0000000000000000 [ 163.236945][ T8952] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90006b0fad0 [ 163.236951][ T8952] R13: ffffc90006b0fa80 R14: 0000000000000000 R15: ffff88800036c880 [ 163.236961][ T8952] ? __ia32_sys_inotify_init1+0x30/0x40 [ 163.236974][ T8952] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 163.236986][ T8952] arch_stack_walk+0x94/0x100 [ 163.236999][ T8952] ? __ia32_sys_inotify_init1+0x30/0x40 [ 163.237011][ T8952] stack_trace_save+0x8e/0xc0 [ 163.237022][ T8952] ? __pfx_stack_trace_save+0x10/0x10 [ 163.237033][ T8952] ? find_held_lock+0x2b/0x80 [ 163.237042][ T8952] save_stack+0x160/0x1f0 [ 163.237053][ T8952] ? __pfx_save_stack+0x10/0x10 [ 163.237063][ T8952] ? __free_frozen_pages+0x69d/0xff0 [ 163.237077][ T8952] ? __put_partials+0x16d/0x1c0 [ 163.237086][ T8952] ? qlist_free_all+0x4e/0x120 [ 163.237095][ T8952] ? kasan_quarantine_reduce+0x195/0x1e0 [ 163.237106][ T8952] ? __kasan_slab_alloc+0x69/0x90 [ 163.237117][ T8952] ? __kmalloc_cache_noprof+0x1f1/0x3e0 [ 163.237127][ T8952] ? fsnotify_alloc_group+0x92/0x330 [ 163.237141][ T8952] ? do_inotify_init+0x49/0x5f0 [ 163.237152][ T8952] ? __ia32_sys_inotify_init1+0x30/0x40 [ 163.237164][ T8952] ? __rcu_read_unlock+0x2b4/0x580 [ 163.237178][ T8952] __reset_page_owner+0x84/0x1a0 [ 163.237190][ T8952] __free_frozen_pages+0x69d/0xff0 [ 163.237200][ T8952] __put_partials+0x16d/0x1c0 [ 163.237211][ T8952] qlist_free_all+0x4e/0x120 [ 163.237221][ T8952] kasan_quarantine_reduce+0x195/0x1e0 [ 163.237232][ T8952] __kasan_slab_alloc+0x69/0x90 [ 163.237244][ T8952] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 163.237254][ T8952] ? fsnotify_alloc_group+0x92/0x330 [ 163.237270][ T8952] fsnotify_alloc_group+0x92/0x330 [ 163.237286][ T8952] do_inotify_init+0x49/0x5f0 [ 163.237296][ T8952] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 163.237312][ T8952] __ia32_sys_inotify_init1+0x30/0x40 [ 163.237324][ T8952] __do_fast_syscall_32+0x73/0x120 [ 163.237340][ T8952] do_fast_syscall_32+0x32/0x80 [ 163.237355][ T8952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 163.237368][ T8952] RIP: 0023:0xf7f44579 [ 163.237375][ T8952] Code: Unable to access opcode bytes at 0xf7f4454f. [ 163.237379][ T8952] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 000000000000014c [ 163.237388][ T8952] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 163.237394][ T8952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 163.237400][ T8952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 163.237405][ T8952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 163.237413][ T8952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 163.237426][ T8952] [ 163.237545][ C3] vkms_vblank_simulate: vblank timer overrun [ 163.237693][ T5948] Bluetooth: hci3: command 0x0405 tx timeout [ 163.237730][ T5294] Bluetooth: hci2: command 0x0406 tx timeout [ 163.237748][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout [ 163.393761][ C3] vkms_vblank_simulate: vblank timer overrun [ 165.314299][ T67] Bluetooth: hci3: command 0x0405 tx timeout VM DIAGNOSIS: 01:20:39 Registers: info registers vcpu 0 CPU#0 RAX=ffff88802b239f00 RBX=ffff88802b239f00 RCX=ffffffff8b6c2136 RDX=0000000000000000 RSI=0000000000000004 RDI=ffff88802b239f00 RBP=0000000000000003 RSP=ffffc90000007b38 R8 =0000000000000000 R9 =ffffed10056473e0 R10=ffff88802b239f03 R11=0000000000000000 R12=ffffed10056473e0 R13=0000000000000000 R14=ffff88802b23ae40 R15=0000000000000000 RIP=ffffffff821f2dc2 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977ea000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000026d63000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000000032e7 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854c3af5 RDI=ffffffff9ade1c40 RBP=ffffffff9ade1c00 RSP=ffffc90006b0ef90 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e35312e36 R12=0000000000000000 R13=0000000000000065 R14=ffffffff9ade1c00 R15=ffffffff854c3a90 RIP=ffffffff854c3b1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978ea000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000073593000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b239f00 RCX=ffffffff8b6c2136 RDX=ffffed10056473e1 RSI=0000000000000004 RDI=ffff88802b239f00 RBP=0000000000000003 RSP=ffffc90000538478 R8 =0000000000000000 R9 =ffffed10056473e0 R10=ffff88802b239f03 R11=0000000000000000 R12=ffffed10056473e0 R13=0000000000000000 R14=ffff88802b43ae40 R15=0000000000000002 RIP=ffffffff8b6c2172 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979ea000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080ae3000 CR3=000000006ee47000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000040000000 RBX=0000000000000003 RCX=ffffffff8168f4f6 RDX=ffff88801bf20000 RSI=ffffffff8169254c RDI=0000000000000000 RBP=ffff88802b239f00 RSP=ffffc9000048f8e8 R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000000 R12=0000000000000003 R13=0000000000000003 R14=ffff88802b53ae40 R15=ffffed10056473e0 RIP=ffffffff8169254d RFL=00000012 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097aea000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000073593000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000