last executing test programs: 4m34.914064036s ago: executing program 1 (id=549): sched_setscheduler(0x0, 0x1, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x6) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40802, 0x8) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf4fffff7, 0x12, r0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x100, 0x0) mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) r5 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r5, &(0x7f0000000780)="026126d40eb8b249", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1}}, 0x3c) 4m34.013590194s ago: executing program 1 (id=555): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) ftruncate(r1, 0x1000006) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$addseals(r1, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x3000000, 0x0, 0x1000000}) 4m33.688365428s ago: executing program 1 (id=556): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0xfffffffffffffee3, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x38, 0x1, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @local}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_bpf={0x0, 0x6, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x0, 0x2, {0x9, 0x9, 0x4, 0xebff, 0x7}}, @TCA_ACT_BPF_OPS_LEN, @TCA_ACT_BPF_OPS_LEN={0x0, 0x3, 0x9}, @TCA_ACT_BPF_PARMS={0x0, 0x2, {0xb, 0x2, 0x3, 0x7, 0x1}}, @TCA_ACT_BPF_OPS_LEN={0x0, 0x3, 0x6}]}, {0x0, 0x6, "d1f00f16bd76b4bc97a714bae3d2f8b2aba8e33b5bd6b4bbdaf22b7959adbef0ebf8e13fef207ae83336c27a8ecd0c49832a9eb42786d4aa3db55ae2473830cb49b407b7e0a59be13e8725e49a818e173f415c1141a9cd4ce457ed7ed209e10d6c10b6f3c53c9bbbff51d69cb03e99fc1442f6002824011cb91200853b88be0fdd4f197c1d506f4ee6537775632e14b280f665119a51dd3648bbdb724151797cd6c2dc8e03cc6dcc604becaafcf3a59df41d5ac8bf3cd5caeee8dde2efcc7470b6f1c741074ef6e57df78ef2b590f1565f428d0bf468f3b1"}, {0x0, 0x7, {0x0, 0x1}}, {0x0, 0x8, {0x1, 0x3}}}}]}]}, 0xc1}, 0x1, 0x0, 0x0, 0x8c2}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg$inet6(r4, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d482a863ae5c0b4d768ffe745af2c53a", 0x24}], 0x1}}], 0x1, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r5, 0x720, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) chdir(&(0x7f0000000100)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="14010000320001000000000000000000010100800c0001000000000000000000140003002001000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d97ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd0000000000000000"], 0x114}], 0x1}, 0x40800) bind$bt_l2cap(r6, &(0x7f0000000980), 0xe) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) 4m33.687564252s ago: executing program 1 (id=557): socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x4, 0x12, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x26, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, 0x0, &(0x7f0000000080)=r2}, 0x20) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4048aecb, &(0x7f0000000080)=ANY=[]) ioctl$KVM_GET_VCPU_EVENTS(r3, 0xc048aeca, &(0x7f0000000100)) 4m33.605707344s ago: executing program 1 (id=561): r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0x7b, &(0x7f0000000000), 0x8) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, 0x0, 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x1c1140, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'lo\x00'}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB, @ANYBLOB], 0x48) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000d40)=@raw={'raw\x00', 0x4001, 0x3, 0x314, 0x0, 0x0, 0x148, 0x1f0, 0x148, 0x280, 0x240, 0x240, 0x280, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x190, 0x1f0, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}, @common=@addrtype={{0x2c}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x3a7) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r8, 0x894b, &(0x7f0000000040)) 4m32.643967028s ago: executing program 1 (id=564): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0) read$FUSE(r0, &(0x7f0000002280)={0x2020}, 0x2020) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000100)='setgroups\x00') mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000000)={0x50000, 0x0, [0x9, 0x2, 0x3, 0x1ff, 0x5, 0x5, 0x4]}) 4m17.433601651s ago: executing program 32 (id=564): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0) read$FUSE(r0, &(0x7f0000002280)={0x2020}, 0x2020) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000100)='setgroups\x00') mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000000)={0x50000, 0x0, [0x9, 0x2, 0x3, 0x1ff, 0x5, 0x5, 0x4]}) 4.491360722s ago: executing program 4 (id=1970): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @pic={0x80, 0x9, 0x7, 0x2, 0x5, 0x5, 0xf2, 0x7, 0x6, 0x4, 0xc, 0xe7, 0x2, 0xfc, 0x1}}) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r4, 0x80047210, &(0x7f0000000040)) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x82, 0xca, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) r5 = syz_usb_connect$cdc_ncm(0x6, 0x72, &(0x7f0000000780)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="bbc48edf185d2a484b457f950a1d5aaebee13016ae1278af6c22d93a11fc625cac90e3baff310807befa88373032318687e5e45a567e5bcdcafdbfa6ce7bd47ba7e61966baab827be8a1ba06ccc69908a3c92ede18c4167c56cbc08138e83b2bd3af68a7c167d62b14b528526854f02552082554127398003162449a0307b5adedcca3520c2f32b29766719936ecb54d35e459f448b61e", @ANYRESOCT=r0, @ANYBLOB="4ed0aa7450926edb004a8a6d441659662860bbc6953aca4b761a01047952c30e9078ab14e0c502ebde813b4f7236c516a5c6158adeaab94235f55a819c1e77bb64136c42f05cbae07f200d3c222c59b0f16680c1c906d2a6cb0b3367069ae78f5b7eef64312e12a5c3b91ec2c205721e1b40f90c9f7ef1f077913966e426270553b98f02beb5b1666bb54a9c5c57e9918b4ca32251a29e43a3c441e7cb431b7d06839b0e45245c06b7135e66ee291a60b38743d18661df5142bb00c2ceeef257094fb57acca14708d01639c5addbf6199a5fcb2e8dc616ddb50993570714061569f464ac3437023d9eef59973a7a5316bc20c6d6b86bdbf9c2dc2f"], 0x0) syz_usb_disconnect(r5) r6 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[], 0x0) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(0xffffffffffffffff, 0x0, 0x0) write$char_usb(r7, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_usb_disconnect(r6) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x52, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) r8 = syz_usb_connect(0x0, 0x0, 0x0, 0x0) syz_usb_disconnect(r8) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) 1.970354265s ago: executing program 0 (id=1988): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r2}, 0x10) ioctl$KVM_CREATE_PIT2(r1, 0xc048aec8, &(0x7f00000001c0)={0x6}) 1.830213382s ago: executing program 0 (id=1990): r0 = memfd_secret(0x0) socket$inet6(0xa, 0x6, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) setpgid(r1, r1) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') mount(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x3e, &(0x7f0000000300)='usrquota') 1.440854592s ago: executing program 4 (id=1997): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010000104000000000000000000", @ANYRES32=0x0, @ANYBLOB="00800100102000001c0012800c0001006d6163766c616e000c000280060002000100000008000500", @ANYRES32=r1, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x4004041}, 0x24040010) sendmmsg$sock(r0, &(0x7f0000000e80)=[{{&(0x7f0000000000)=@caif=@rfm={0x25, 0x6, "d11669d7e0134db9042c22bc4cffffd0"}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000300)="2879de6000e82aa58839ef11336b5436d75202e403c1810b59149794a6712d9878b158912db71419375359c9c77854988195dba8a214dce26aaa5386af670aca22ca43556dea09351aa399507acade80473608a1c06ea1ca5460bbdd5cc0e2e3bed7a538b85c5aa3213c18019eee7fa4a8b24b3596a1cba68455eff9a1ccc6b6e9a38c580be270ce53548686d5e5831aae344676b56ab0677606703d97fb760c5323428dbf4f595280ccbd20368250d34359edec93dc8680a06486dbf510f771a0eae97d6de20797", 0xc8}, {&(0x7f0000000080)="3dc9b8c0d5cd082a5b0ad9ccc9dcfea18b", 0x11}], 0x2, &(0x7f0000001000)=[@mark={{0x10, 0x1, 0x24, 0x8}}, @txtime={{0x14, 0x1, 0x3d, 0x8}}, @txtime={{0x0, 0x1, 0x3d, 0x7}}, @mark={{0x10, 0x1, 0x24, 0x2}}, @txtime={{0xd, 0x1, 0x3d, 0xfffffffffffffffc}}, @timestamping={{0x10, 0x1, 0x25, 0x7}}, @timestamping={{0x10, 0x1, 0x25, 0x1}}, @timestamping={{0x10, 0x1, 0x25, 0x1}}, @txtime={{0x14, 0x1, 0x3d, 0x5}}], 0x9c}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000f00)="73363e5cb4f548b86da8650e95a4627f72d349fedaf940ed9f8bca48c350e36e07bfb56385bbb16c743b43b3a707c7b78fdd48f36fa15cb48c729f51b54d9f81890b76c1dfdf0d1e7be2d652f3033e20adfbf3ed8fd491bb4dc525e1d0c06edd8e51581869c7bc42db590cc877e13cbd4811482d0adbd65b35af6c7fd10c3798900162bc4c94324d746888f623b36ab0cd08307c56436ebc89895ca4feffd8839f723410705f0bbb76f3d3a209fba26c8b8279a4ea8824d553f4fd6846c46f552de8f70927", 0xc5}, {&(0x7f0000000240)="47732f4042b10031c2acde", 0xb}, {&(0x7f00000004c0)="a13a0273b8ae7a21be012bdf1ecd61de960110847e381260d5c052dc3ab1ad16c9dc0c6d428dd51f9a14082a9c7f5084b1b82e0a61525e7e720a4f969679978d890462124466a4b919157e7ace", 0x4d}, {&(0x7f0000000540)="a0720b85e92d5aa316ad2a34284cda54e18fed5eab651d590cc7766e880335b8a5d415035b14fac9a01ead6ffa8b9109ee7afd3f18a06138d37087e7119e507fffd1598939be8630079ddd348b73caf1e11a33a487ead5b81fc31c38385bb757ca6e32ecb68dbdb7bf0ebb17316f03846eb8e92b767e869d538fa25b3716b0fc6b27f68300abfe82e17556c2db8c1df213f0efc9", 0x94}, {&(0x7f0000000600)="b5225f7e4ada67c16440c5bc580d0200c308fb5a5dc7ce51b5bba218080f69a59fc6d49faf03d14a6b12b13c7d5b4b7cc00bb89897314799b97ae16d8f4da6b1f1c0d6a87d82c2ea9c27fc4860a319e0d7049ed68a35f594e818582a5ca3da03b610", 0x62}, {&(0x7f0000000680)="afceccf156507cb7aac5fb7f61dd295b5d391efc1a50da15500bf89ef88397336943ef73a55b5accdef29b25facd351739dd64f0960295f8e71aeb9f02597a08121cc7aa0a8c687de4c153ad6d6a11538e96f43f78a09d204023621389127f4d02dec851", 0x64}, {&(0x7f0000000700)="b6a3351e1b2fd42dcca0ae612894616aa8f809b100447e5e1469b13cc0a4a53a39ffb9d77389e66c29dcd77a37d76038eef5a096e8ff4e575d5a3b712f30dca9af9f3f838d112d394a14b76663f007daaab5a6623eff89ccd957a61d618ffbbbe67aeb72e32b1ba415944ccaf95eb4831fe0b33f1f3d643f969d894093a31134ce154209ba0972ea1cb4c11e9e916fb5b5090828757b661d495d7e3ee4f35fcb599ce58b03e8d34ca0b7c81b6e2b58c3356525e7ba808dbd4829bf17b5fe2ad4584d636cce5e4b60d1e41659b950b2c89c59b412363a03516aa4a84d99b00667cde834c4a49ef7d197896116a9c50cf64a45995eaa52ef1082a9a951ae6c9e", 0xff}, {&(0x7f0000000800)="9ac678c0b347a799dc33aae06515ab1bdc8e2ae3a642b6cfd56707fca965c5bcf3d3511ef2ee58a0fbbb2a3ba2e553d961f1aae411cd7ec82c577a0831e971ad7cd09d85dc82e2d0242d53496380", 0x4e}, {&(0x7f0000000880)="f8a2502d6671a5cc0e30d222f39037725d214dbaa1fd495a2a8b19782731640088c572ce76db2b45483621553883cadf35209493261a22ba7c548492dba64a78f82c1987bdc48475255e634ec8c2b709cc3070d5c3e418af34fa860b67dbc3418552d88782507101342e1f68d51f80e2e5f37318", 0x74}, {&(0x7f0000000900)="c37991976cba22ffff542ca407c8e293ceb380b698136cb6398b16d4118d2cc72b72796ed321afd04efba9ff6bb69ede4f9affa22a234973df07dc6cec474219e63445e48c9976914639bffc57e7b0eb8850d8053b31f49db70189f718be7c9334c6fd0991a24ce0a793d6aa98fa007568a5c5b6a41fc9152d0e5f15f5645c14bc6bd01aa55129950f8f5ab0042a85", 0x8f}], 0xa, &(0x7f0000000280)=[@mark={{0x10, 0x1, 0x24, 0x9}}], 0x10}}, {{&(0x7f0000000a40)=@l2tp6={0xa, 0x0, 0x100, @dev={0xfe, 0x80, '\x00', 0x34}, 0x3, 0x4}, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000ac0)="52b3a67c209659432d2360c7356fecf0815694e9ac302d427ae5ce05095952d1d27bead915663df87d681948cbba3daf1b8a3511c3f542f2e1c63625b16d7c9c179c3cfb92e2a387b6d2bf012357b2afc278d0561ca3cb3bcf6508b95d9f8f247ca3b26d45ef6b4d1c75deaf077df15aebab050f65d93a2dbd955c51e47c4b0c6d67fabdc6586660896e5a99886a2a347001319b336fb9e5e6d9fd14970a5c29cbc74442a08bced78ba8b0ed3c8deeea5505f54a6fc21687ec9279063d2899a87ca91eb95432555102518fbbd14bfad52b933f501e54402c9fc45b884f0df7acc361f343560a1ff4351bf5e273cdba34c9dc880df04cf702", 0xf8}, {&(0x7f0000000bc0)="3a91948d046f076aaf577216a88b87dde658237a5dc07e0b20845180cbf0a9f4fd4c11f1cec1a584e7320fb15edcefdd705637c0c4779e8a1bab3759ce30f0c63a95865c3af875b5c12a3c1d7456e24ffc987fe358c85ce5721de81a26529507e096b77dcdd27cf424dbaf7f71", 0x6d}, {&(0x7f0000000c40)="34d3e45d53a8f2c910d193b82d0425420f1fdd40d6729be00096714015f0ff1bae2a6bff9c7d6f9b28dd2f2e85e16c544d0da18f19c4337ac3339f29dbe4e62e2ab99fd33fbc9a7ac5f8389f3b8dc534c6c24d1b1bb280776fb942e4c6", 0x5d}, {&(0x7f0000000cc0)="2205a8df3887cc441e5b7f569ec4e2596c28be923cef11c88434aaedb7bde6fd1b85a7f4a7984cb1cc49913c1392ed1d7fd98c8b36c8fea2851782ee44e22e7243e5298f8e79d7ad3066fb91e0bdb8963dfb4e88d6717ceadb3b2aa3aa6000394ead513c768f5b1b29f17c29f0c5937f05e8d431c6e47d922dade8024568196368da415567ea7d9185f27fee4360", 0x8e}], 0x4, &(0x7f0000000dc0)=[@mark={{0x10, 0x1, 0x24, 0x6}}, @mark={{0x10, 0x1, 0x24, 0x5}}, @timestamping={{0x10, 0x1, 0x25, 0xa16c892}}, @mark={{0x10}}, @mark={{0x10, 0x1, 0x24, 0xffffff80}}, @timestamping={{0x10, 0x1, 0x25, 0x4007}}, @txtime={{0x14, 0x1, 0x3d, 0xffffffffffffff01}}, @timestamping={{0x10, 0x1, 0x25, 0x2}}, @mark={{0x10, 0x1, 0x24, 0x4}}, @txtime={{0x14, 0x1, 0x3d, 0x10}}], 0xa8}}], 0x3, 0x20048080) socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) (async) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010000104000000000000000000", @ANYRES32=0x0, @ANYBLOB="00800100102000001c0012800c0001006d6163766c616e000c000280060002000100000008000500", @ANYRES32=r1, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x4004041}, 0x24040010) (async) sendmmsg$sock(r0, &(0x7f0000000e80)=[{{&(0x7f0000000000)=@caif=@rfm={0x25, 0x6, "d11669d7e0134db9042c22bc4cffffd0"}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000300)="2879de6000e82aa58839ef11336b5436d75202e403c1810b59149794a6712d9878b158912db71419375359c9c77854988195dba8a214dce26aaa5386af670aca22ca43556dea09351aa399507acade80473608a1c06ea1ca5460bbdd5cc0e2e3bed7a538b85c5aa3213c18019eee7fa4a8b24b3596a1cba68455eff9a1ccc6b6e9a38c580be270ce53548686d5e5831aae344676b56ab0677606703d97fb760c5323428dbf4f595280ccbd20368250d34359edec93dc8680a06486dbf510f771a0eae97d6de20797", 0xc8}, {&(0x7f0000000080)="3dc9b8c0d5cd082a5b0ad9ccc9dcfea18b", 0x11}], 0x2, &(0x7f0000001000)=[@mark={{0x10, 0x1, 0x24, 0x8}}, @txtime={{0x14, 0x1, 0x3d, 0x8}}, @txtime={{0x0, 0x1, 0x3d, 0x7}}, @mark={{0x10, 0x1, 0x24, 0x2}}, @txtime={{0xd, 0x1, 0x3d, 0xfffffffffffffffc}}, @timestamping={{0x10, 0x1, 0x25, 0x7}}, @timestamping={{0x10, 0x1, 0x25, 0x1}}, @timestamping={{0x10, 0x1, 0x25, 0x1}}, @txtime={{0x14, 0x1, 0x3d, 0x5}}], 0x9c}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000f00)="73363e5cb4f548b86da8650e95a4627f72d349fedaf940ed9f8bca48c350e36e07bfb56385bbb16c743b43b3a707c7b78fdd48f36fa15cb48c729f51b54d9f81890b76c1dfdf0d1e7be2d652f3033e20adfbf3ed8fd491bb4dc525e1d0c06edd8e51581869c7bc42db590cc877e13cbd4811482d0adbd65b35af6c7fd10c3798900162bc4c94324d746888f623b36ab0cd08307c56436ebc89895ca4feffd8839f723410705f0bbb76f3d3a209fba26c8b8279a4ea8824d553f4fd6846c46f552de8f70927", 0xc5}, {&(0x7f0000000240)="47732f4042b10031c2acde", 0xb}, {&(0x7f00000004c0)="a13a0273b8ae7a21be012bdf1ecd61de960110847e381260d5c052dc3ab1ad16c9dc0c6d428dd51f9a14082a9c7f5084b1b82e0a61525e7e720a4f969679978d890462124466a4b919157e7ace", 0x4d}, {&(0x7f0000000540)="a0720b85e92d5aa316ad2a34284cda54e18fed5eab651d590cc7766e880335b8a5d415035b14fac9a01ead6ffa8b9109ee7afd3f18a06138d37087e7119e507fffd1598939be8630079ddd348b73caf1e11a33a487ead5b81fc31c38385bb757ca6e32ecb68dbdb7bf0ebb17316f03846eb8e92b767e869d538fa25b3716b0fc6b27f68300abfe82e17556c2db8c1df213f0efc9", 0x94}, {&(0x7f0000000600)="b5225f7e4ada67c16440c5bc580d0200c308fb5a5dc7ce51b5bba218080f69a59fc6d49faf03d14a6b12b13c7d5b4b7cc00bb89897314799b97ae16d8f4da6b1f1c0d6a87d82c2ea9c27fc4860a319e0d7049ed68a35f594e818582a5ca3da03b610", 0x62}, {&(0x7f0000000680)="afceccf156507cb7aac5fb7f61dd295b5d391efc1a50da15500bf89ef88397336943ef73a55b5accdef29b25facd351739dd64f0960295f8e71aeb9f02597a08121cc7aa0a8c687de4c153ad6d6a11538e96f43f78a09d204023621389127f4d02dec851", 0x64}, {&(0x7f0000000700)="b6a3351e1b2fd42dcca0ae612894616aa8f809b100447e5e1469b13cc0a4a53a39ffb9d77389e66c29dcd77a37d76038eef5a096e8ff4e575d5a3b712f30dca9af9f3f838d112d394a14b76663f007daaab5a6623eff89ccd957a61d618ffbbbe67aeb72e32b1ba415944ccaf95eb4831fe0b33f1f3d643f969d894093a31134ce154209ba0972ea1cb4c11e9e916fb5b5090828757b661d495d7e3ee4f35fcb599ce58b03e8d34ca0b7c81b6e2b58c3356525e7ba808dbd4829bf17b5fe2ad4584d636cce5e4b60d1e41659b950b2c89c59b412363a03516aa4a84d99b00667cde834c4a49ef7d197896116a9c50cf64a45995eaa52ef1082a9a951ae6c9e", 0xff}, {&(0x7f0000000800)="9ac678c0b347a799dc33aae06515ab1bdc8e2ae3a642b6cfd56707fca965c5bcf3d3511ef2ee58a0fbbb2a3ba2e553d961f1aae411cd7ec82c577a0831e971ad7cd09d85dc82e2d0242d53496380", 0x4e}, {&(0x7f0000000880)="f8a2502d6671a5cc0e30d222f39037725d214dbaa1fd495a2a8b19782731640088c572ce76db2b45483621553883cadf35209493261a22ba7c548492dba64a78f82c1987bdc48475255e634ec8c2b709cc3070d5c3e418af34fa860b67dbc3418552d88782507101342e1f68d51f80e2e5f37318", 0x74}, {&(0x7f0000000900)="c37991976cba22ffff542ca407c8e293ceb380b698136cb6398b16d4118d2cc72b72796ed321afd04efba9ff6bb69ede4f9affa22a234973df07dc6cec474219e63445e48c9976914639bffc57e7b0eb8850d8053b31f49db70189f718be7c9334c6fd0991a24ce0a793d6aa98fa007568a5c5b6a41fc9152d0e5f15f5645c14bc6bd01aa55129950f8f5ab0042a85", 0x8f}], 0xa, &(0x7f0000000280)=[@mark={{0x10, 0x1, 0x24, 0x9}}], 0x10}}, {{&(0x7f0000000a40)=@l2tp6={0xa, 0x0, 0x100, @dev={0xfe, 0x80, '\x00', 0x34}, 0x3, 0x4}, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000ac0)="52b3a67c209659432d2360c7356fecf0815694e9ac302d427ae5ce05095952d1d27bead915663df87d681948cbba3daf1b8a3511c3f542f2e1c63625b16d7c9c179c3cfb92e2a387b6d2bf012357b2afc278d0561ca3cb3bcf6508b95d9f8f247ca3b26d45ef6b4d1c75deaf077df15aebab050f65d93a2dbd955c51e47c4b0c6d67fabdc6586660896e5a99886a2a347001319b336fb9e5e6d9fd14970a5c29cbc74442a08bced78ba8b0ed3c8deeea5505f54a6fc21687ec9279063d2899a87ca91eb95432555102518fbbd14bfad52b933f501e54402c9fc45b884f0df7acc361f343560a1ff4351bf5e273cdba34c9dc880df04cf702", 0xf8}, {&(0x7f0000000bc0)="3a91948d046f076aaf577216a88b87dde658237a5dc07e0b20845180cbf0a9f4fd4c11f1cec1a584e7320fb15edcefdd705637c0c4779e8a1bab3759ce30f0c63a95865c3af875b5c12a3c1d7456e24ffc987fe358c85ce5721de81a26529507e096b77dcdd27cf424dbaf7f71", 0x6d}, {&(0x7f0000000c40)="34d3e45d53a8f2c910d193b82d0425420f1fdd40d6729be00096714015f0ff1bae2a6bff9c7d6f9b28dd2f2e85e16c544d0da18f19c4337ac3339f29dbe4e62e2ab99fd33fbc9a7ac5f8389f3b8dc534c6c24d1b1bb280776fb942e4c6", 0x5d}, {&(0x7f0000000cc0)="2205a8df3887cc441e5b7f569ec4e2596c28be923cef11c88434aaedb7bde6fd1b85a7f4a7984cb1cc49913c1392ed1d7fd98c8b36c8fea2851782ee44e22e7243e5298f8e79d7ad3066fb91e0bdb8963dfb4e88d6717ceadb3b2aa3aa6000394ead513c768f5b1b29f17c29f0c5937f05e8d431c6e47d922dade8024568196368da415567ea7d9185f27fee4360", 0x8e}], 0x4, &(0x7f0000000dc0)=[@mark={{0x10, 0x1, 0x24, 0x6}}, @mark={{0x10, 0x1, 0x24, 0x5}}, @timestamping={{0x10, 0x1, 0x25, 0xa16c892}}, @mark={{0x10}}, @mark={{0x10, 0x1, 0x24, 0xffffff80}}, @timestamping={{0x10, 0x1, 0x25, 0x4007}}, @txtime={{0x14, 0x1, 0x3d, 0xffffffffffffff01}}, @timestamping={{0x10, 0x1, 0x25, 0x2}}, @mark={{0x10, 0x1, 0x24, 0x4}}, @txtime={{0x14, 0x1, 0x3d, 0x10}}], 0xa8}}], 0x3, 0x20048080) (async) 1.325787142s ago: executing program 4 (id=1999): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000080)=0xf) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x8, 0x5b81, 0x0, 0x2, 0x9, 0x9, 0x0, 0x0, 0x982f}) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)) r2 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x8}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000380)={0x5, 0xfffc, 0x10001, 0x90000000, 0x8, 0x9, 0x2, 0x0, r3}, &(0x7f00000003c0)=0x20) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = syz_io_uring_setup(0x3901, &(0x7f0000000300)={0x0, 0xe91c, 0x8, 0x0, 0xffffffff}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}) io_uring_enter(r6, 0x2def, 0x4000, 0x0, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x11e) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_tcp(0xa, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r9 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1.279740691s ago: executing program 2 (id=2001): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1a, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f7ffffff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) mount(0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 1.221269124s ago: executing program 2 (id=2002): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x4, &(0x7f0000000000)=@bpq0, 0x10) (fail_nth: 1) 1.221075307s ago: executing program 2 (id=2003): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000140)=@ccm_128={{}, "3f968a231afa0e18", "4a952e4ea416ad75f769d6386c3c044b", "0879f5ff", "e4eb37b07ad86ed7"}, 0x28) 1.215286462s ago: executing program 3 (id=2004): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xb, 0x400000000007, &(0x7f0000006680)) keyctl$chown(0x4, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) dup3(r1, r1, 0x80000) r2 = syz_io_uring_setup(0xa07, &(0x7f0000000200)={0x0, 0xcc75, 0x0, 0x3}, &(0x7f0000000140)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x5b06, &(0x7f00000003c0)={0x0, 0xef71, 0x400, 0xfffffffe, 0x2f1}, &(0x7f00000001c0)=0x0, &(0x7f0000000440)) syz_io_uring_submit(r5, r4, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) clock_gettime(0x0, &(0x7f0000000280)) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240), 0x10, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="00000000080000008c7beb10", @ANYRES32=0x0, @ANYRES32=0xea60, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x48095}, 0x20000000) shutdown(0xffffffffffffffff, 0x1) r7 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffd000/0x1000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee6}, &(0x7f0000000000)=0x1d) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004980)=[{{&(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000000)="0eef16", 0x3}], 0x1}}], 0x1, 0x2000c000) 1.193668017s ago: executing program 2 (id=2005): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) setreuid(0x0, 0xee01) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000110071120600000000009500000000000000b0bf9e787f1eeca6a0d1e63d46b14d252896c207a0c399105e846954767da05835665e049d480ca6e27be33e7eabe37913adfc8aac96ca2fd242dfd37873"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$SIOCSIFHWADDR(r2, 0x8948, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$notify(r3, 0x402, 0x1a) readv(r3, 0x0, 0x0) r4 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000000)=@id, &(0x7f0000000080)=0x10, 0x800) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000140)={0x42}, 0x10) 1.121326971s ago: executing program 2 (id=2006): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = inotify_init() r3 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r4 = inotify_add_watch(r2, &(0x7f0000000240)='./file0\x00', 0x8c7) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e000028000280060002000200000047cd4690e51d732bfd8afe32333d2c5f7cc34b1ad41e75c4ea92446ccd45ef3c1f840e63eeabb2bfab944ba14ccf92ebc5d97c1eb6268b20e9f94e2d43bc8f678016da28375a0419fc69b4892965ca11123ff39f078fff841bd8acbf9f6cc3d774c891551f23a1fe6500605f68b665a7ce996b2b9efde734bfa067b7963fb5b8c48633166fe7a11f951f7c22f4f14c3d0e80ea36"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0) write$binfmt_elf32(r3, &(0x7f0000000040)=ANY=[@ANYRES64=r4], 0x69) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) r9 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r9, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r10 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg$nl_route_sched(r10, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=@delqdisc={0x24, 0x25, 0x300, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r11, {0x6, 0xfff2}, {0x480bd72125a0c189, 0x5}, {0xffe0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4808}, 0x880) connect$inet(r9, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) 431.158566ms ago: executing program 0 (id=2007): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) io_setup(0x8, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x200, r0, 0x0, 0x0, 0x4}]) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, 0xffffffffffffffff, 0x2b) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') userfaultfd(0x1) ioctl$sock_inet6_tcp_SIOCINQ(r2, 0xc02063a1, 0x0) 381.264093ms ago: executing program 3 (id=2008): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000001c0)=0x1) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, 0x0) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000480)=0x7) 261.008356ms ago: executing program 3 (id=2009): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000001c0)=0x1) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, 0x0) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000480)=0x7) (fail_nth: 1) 259.907986ms ago: executing program 0 (id=2010): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, 0x0, 0x0) sendto$inet(r2, &(0x7f0000000040)="a6", 0xffffff4c, 0x0, 0x0, 0x0) 258.103457ms ago: executing program 4 (id=2011): getpgrp(0xffffffffffffffff) (async) r0 = getpgrp(0xffffffffffffffff) sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0xa8) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000018c0)=ANY=[@ANYRES16=r0, @ANYRES64=r0, @ANYRESDEC=r1], 0x0, 0x26, 0x0, 0x0, 0x7, 0x0, @void, @value}, 0x28) syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042) r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x822b01) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0) write$char_usb(r2, &(0x7f0000000040)="e2", 0x12d8) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="0002"]) read$FUSE(r1, &(0x7f00000021c0)={0x2020}, 0xfc5e) (async) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0xfc5e) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0xfffffffffffffffe, r3, {0x7, 0x29, 0x7ff, 0x204000, 0x0, 0x4, 0x8000080, 0x1}}, 0x50) (async) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0xfffffffffffffffe, r3, {0x7, 0x29, 0x7ff, 0x204000, 0x0, 0x4, 0x8000080, 0x1}}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x0) (async) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) (async) r5 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r5) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1) (async) r7 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1) fcntl$setlease(r7, 0x400, 0x1) (async) fcntl$setlease(r7, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000019c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='minix\x00', 0x1000000, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000cec1000000000000000000008500000030000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) cachestat(r9, &(0x7f0000000140)={0x91e, 0x6}, &(0x7f0000000200), 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0xe, 0x0, &(0x7f0000000040)="e02742e8680d85ff9782762f0800", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) writev(r4, &(0x7f0000000140)=[{&(0x7f00000002c0)="ac72a5d6e3524358cca54601414214febdc341a0252713b3264107d1e7ce3fc2cb22b633500808d1f48d021d61dc4bc66dfc18cc1e509804ed89197e808431c463c59d96ae10151c37d5c811033d89e9702dea127e82e44b01e038bd388d249db1da3d5c7e49da83c512e2af1b6cbd652041c3695f89d0c93e86628db68414e9646c6d5dacfbfc22d7e6f5d19d444b3d3fc65dd7f7910a05dc551abc01193c6465139b8f4471c8ffe9a3861d15be5a92a5319f1278f46d4c5f5138e744b63cea2eccd5c8", 0xc4}, {&(0x7f0000000400)="458a0d890475da45ffb25ff36c02409cdc8baea4845fb5e0b3bf21add00e373ae29d6eff6d43cf1b59b825cdb3d955763c0497982e7ec2ed2355e0dff142d5ea5586c75ab43644f19f744c4c0a1a27fc8996ba32680fd99ee82ee743a62e1727c899f9effe8f18ea6f8b69046b0da77ac792a909497a4edc37bd083e2abdc4017c45360dad57b1e301e93a14777f7c789624eebb3e5d8d7b6ac2d686cce590facb2b397b36fcf1b4913839525d92d97c6469256726491dc2da6f3ca7f272cfbf930d12bc0b6a0feba667d50602dc666a525ac7474234e2f09bcc544d83b2f5943c294d592a44562ba0389424", 0xec}, {&(0x7f0000000500)="ad867d6e876e856f859dc5dd24ec6eb30546b270ca12617bb46eb211a785ce492348ee9eaf71fb8e5b01911e7e5f5b60e7da01d599fa1110b0cc308eb77a874f9290", 0x42}, {&(0x7f0000000680)="d4a0f1a8be0fc8cf68c77e2383b5b7647b77fca9ba051217819f49756ed64026e572eb1ca02e67c89734d7fbf4f91786570b2cdcc6f961b872ff71a5144bc913809b", 0x42}, {&(0x7f0000000700)="25abd1ec2edb8f8e693730dbddeb6cd47407dfa2afe92fdb70d7bbf07a597590738f11f7cac3d5443c6aeffc81728b392e0476abf3f943200c330a62043cb480b3ee", 0x42}, {&(0x7f0000000780)="9aab71f16c42c80394e430d68709c1420ad3ad1c26913c8f9bd44e6b056cb412f282a22823d94b80bdcb61c8b766cc059640961c610a91b868f3dd7b75f0a26a71c572985f1da2db43d5a5df894684763f7d43cd15fd8097756518da206f5481ca6bfb2fe3", 0x65}, {&(0x7f0000000800)="47cc9ac8eff675f06666c3301b919a134e7515e0cb1efbec4f4f7b33aa9d5892fb834ef0aeda475d35cb82d4ee9ea932b4e7d886dbdab3878b8f007b5f449bbfb8ebceff21d3cbd7d1b386a29d9be60debdf9ce8a631c7a93a5443824b365650b7d75768f25faa41a41893250165af9dcb0ec1b553f92177993eb5a2cb8bf2356bf9e9dcbf9a2b1ec74c6bff6fd3fed61f5bba2171aaa4c31ac1dc1afc31997befab40e9b7597a4bdf623e1bfbb5bd16e0cba13814b2", 0xb6}, {&(0x7f00000008c0)="8619e42ad4e8ed739dbd88807ceb318b89a690e36137d9fb288e384e834c5c00616ccf989707836cfa2b16ced2827ce6d62f97ff8667c09e1d44e2867cb95336d28a5689206890821ccceee0234cbaec1dc6c37725a42fa6e398ee1572a86b85a38f108945d6f03feeadaa04ebb53d99d5cdeaba1923c71899492b159b49fb637c7df29e000025e6229ae92e61a8fdaad47d9f2bd140291bb97dec7e812f2bbeabb45b3b98adf6bdb80f2b9f21b8173bca79c3c420d748f875e71f375b27286427cd4a8a7dddac468514d3cdd5986aed0815f5c8b0fede510b2750a557ce021abb468386c6de2bb2e6541bdae3a916682e0da62d7ccd181a31d1ecbaa38755da6ecb754bd693a882b440a917b761afb91ff7f0a01b4e426303104d9a7746ae06d0c5117fe0e3aa65345792aefa7746a0206ea0d9fa9c4338edad198271381d2758c89bd9c889fba5cef3cceb4cbfc427e3efb0e7c6b00464d088d25a95363e3c8e45e99dc3a562fb07ab5055e2783eab1bc0f01b1bfd3fe41c6a239ba75627030b6e2c085df4669cbd78d27299128878a74993f01f97758afefdba5982e27368a604600f788788f6b5816ce2f471959182dcd0ecd6abfb6cd398db499b0d0867b7fd24611cb3d3cc476695fa7fb85cf3e7fcbbe933af91931f0befad815c24faed84753a6470b6c91f0b4924702f9fb6a05ee31f6cd3ca0a4fcffb4ca18de36babb158dd84cd84ef719ac34b65e52c6d6e93cddafb745eb7446a94a2382efbee6fc2c37c9250b93b4ce0d0e7c5960dfb72d034e57eb703051f55c83c53be92077c3b6bd173768bef78d66472fcbc18806673c35196de6ac74606087fb2d6034b40c81a85d0b423a12259084f46c7c1c8e31e294bd49ca18b8940fad4a23e78a017ea5887229f6a390f3238f51e233dfe33a26eb36f1e9283e19fff4e2ced485b02fdd3b359af199257ecdedea53cce902e697b86b4a82e6b8fa497df8b5ff63821936515c3c7eaea197e9dc7fed9a6de34a2b83d84e3cb6c16727b31437a1cd971da9bbce95895b32d093a51567e06f9778caf467a8e8b6f460c8aca539cee4b6bfb9a7bcc6391821a7a6f1c05b9c8aee46f7579b4cdc5fad790d11f738e4a543bb91d4bb8a7bbe4cb1737693ba31c0403658b747a70a1c5629d8627b5c8b0c941f556fbc3aa69e95a3a30ace66a26c1142368e89f8b91bdc0659108fa5297864bdbbf9ae43f611e08f01dc0e062902343316835d3121727b16ff38095f5cd918df59e0a2e7f01d6e21beff54ce8de990fb7c4532366d757e628b5aa2e3b4b95c6ce7c363d6bc36077ad8a4c0ef0152b4ab3e59a645d14ea1a29477314e3795dd618073f2c16a33617dffa7958ca0b12f911ae811302ab06543c19441d26ddb24c61aa1632eb8088e5e9e51543ccf3c32304cbbb535fe294b1e862bc34c9e7adfdd89c28ce038441f1b2ef7e3ce92e70273be87127c8cf641af5c30a2a0e2180ab09d1912c88990c606d8b51d7cf813150f7a251fa493bdaf0bbc5b8c5609e0988789fefe4303ac1d1acc2f657557f51272514c2cf8db4b9b85687d139c9d6d2726d00ecb5247b025784b0f7ed26bf051a19b6ba0e42f6a5889c9256efdc50ffe507adfb858d4d64088256b917a3f14061c2da1dc13185212cab5742b3def05bd57a8937c9af55502e4b9bb16646bbb108891f1315a7320966802c3d22113c55f36539b54e87fe374423788d3bd6ac5c7b0063dbdbcda22d7611b49db8d06a22fc5199d1207d3cbb398c3237675a241055bb151a34c46f6228e53811028b27f6c0f6b8246b6df13a818fc607f9035a1617795e50d0fd6e13e588927ade33214f048d51ab3811b2e9e3b8bdc2e4d1ec552263465675f8f5af7fdb9ececbf4a9f30becb38ca990fd69e32a0d1b37cc59159637bf1a7e709f80cd5b77159345a1ea4cc1a1e1266110cf3327738d8b0277ba42e7e6b5b97a1f529329a32485377afbbe37646e62ca27c2bcc006cefa0be15464717b276c2653b0018eaa0c81c86d3335b8be9ec72b1bdf5c5c573dadda9f047f3d6229c35b6c16b5c0549604fecc078cc724045276c63bf984400d9fb3347f865c9a0dc866afb0a638a30e82086739521a0a915bdda3844865070086976a7adac0a4bd37f8d523e4ee366073b3f0eadfd1f15285f725e710b331460118b772aaa6901c827f580c63c803dbeb7260312e1eb88a67743385f3e002ea44e9451a60b30e64aee4180626fcfcdae9c28338b7cd797941f680db9864f1e29bbfb7ccf8d6a707eb8c25ae5246e641e41e7a57ee33608e1d02b19033bcdab4fec1b6c9263532c9a9f6c62bc5f7329d9bac8223c31379133d53877fbf1e7a7bf40769cbf261885fb79ea4177e8279cb2e981569cc04616057a6e8245dc3850162011994584a7b8e2c7ce4d436e32e900783ad11717f2a174d3f5dc49a66b741bcc403e62143823246491c4fd78cdb30eaefb21a8634571f9a16cab732fdf1bbb27349c9fc2c38ccc3e0ffcf2fa0a8bade76f33ff564f86e6c8c49046e7fa09da72e64f874ffe407fab8018c673cf054573e6dabd7e35cdfa480b69c2fdc563eb197cfdc3191fa94580aa1aa97a77dbabbaf0c426cf9842fe2eb9f5193593364350dd2d8f3cce7ae3eb058a9c0d175f46dc2b578c2b1fb1275ddc6a63d194ddf443f3491d04d84308b8b159719c537b9e72011ba5678e16bda5bdfa9e382ba176e8802a5870a69ef0b3203075b5eed466f9dfa74b7a5ed32efb50788418b9db09888aeaba18c1edfd0f726b580d4d9184604ec6656fa2ca1ef3c4b18fca971b9937f3eeff95834e4926d91f1ed3d8b3c7937bfc21e86b1e4fd6e0bd90fdd5ad63bcb44178b025bc346eec7cc46dc0a73831fa67e81bbcafff7dec05b2c87dd56957e7a727d588dbcc9d9a3ffc4c215a49b7436f1c09803377dc0f3fb11a84a8f088bbdf40772f0244554315dd5d3ead94719d121f63b235572fb8eea0f9ea80352252ae70210b7bb28b70e833fcab9a71725f8b2aae51f6ca56397685cf217770c25355f1e53ce7d92cde92a6f41f43952a47062af89d8eba5be1008781baf7ca32d3b716d65dd9050f36206a5df5da3d9f1c1ba720084abe68c0d9c6c4d4088052669f34b5fadd9bf14635acf27cc81ce12df9cdf011a3ce182885a725b89d8dafccd139b89c3d697b56711102e460d6616a20203736b72381aed511067b97f44e202b124a7e56982a1858a5b89a9896f5035101bec62b3692e13248fcbdd6c759cb4ffc9fc49f67bdcb2f63f5a18e5d94290ecf1a770dbfb279d3d667c04d2689f5b573442cb4a809a0fcb87edd9357fbba644285f918b3b0f0c645ac68e9d4d90e2ce4e2e08e63571cbbe8ab858867945651f4cfb7e234871bc7d03df6761d57c1e6db18eec1a25a7f0ffa54c476eb57ad00d437a3273fd486a1906c67fa6d12180a1f3aa1e30f54769a8b0f5d66a2baf6fa76bf295bf7bef45f65fd94392b1accab5865aafc25c3f35ce6de241ae4bba9f2ca4467122b685bba1731c0710c102a3b0e96332a5c7f71aa11faa1571f8ebb7238b7cf59e32775e4a93ca46b49569bb290d6d6276a53b2149b0fead281c3e57ba5711dad51e8a2ac615f83942111dfcd69d3acb33aa90e494f969e4247061020bfaf69e3833c7f5ae9fb014ab6418328945268c02498d198a7bf1b97e09276279dde627c8b88c731fa8e2c31401c3d231478422d77a02db5241653a11bcf40f6489192effc5f5cdf745680eee05f4b7e278dab748fceb718040198403d50c6edf05b4c56ada19a201a8f0dc4ffa736ed87f339f77c72fa63fedf19fc6bfa24377dd17ff912c8432784658f82890569772b822aebd77897384c019805bb8a95e749aa6c75526f4a791c184594dd3811abd7f73c304efa0b02be2685659b53165533ac24fd864d8ff92bdce26b89e345d2589680c4591947e0429f06d1fa656232e2a91194902b3d78e96f086b24f8632a21904eb99ea82e4f9eee27a0854f0badbd8b776adb632ea57f08241be203d749e94becc36ed9ad805dde5be7ac1071a35fcb099c41d36df2af13470fd600cd98621c24fa96a3d16cea9526b326536d4ee1ea9378c068d276b1d1ed2afae71f4d861d210aadc78ec0c515d4de83095e1a98ae8b5b36f9929d7fd45ebeca33063a322d1ff4505eae42aee81265c0aa0b8973711bfdb87d49301067b8eed56a27192a5e5fe3503f742bc319fdf726df575e36e3746f62f34077664287a56d7d716100387c0ecfc16f34dde08f30fc7a48f5d38b2e6c14d5ab9b7f1610e277b36d259fe58f2451fcd80b088933952680edcc9171e288834d68adddd6d831ecb710baa88da53758838824570d79ed16deeb2d6e88b26a21fa5235816f5f33b0bf8a1a43f0a5d3ea4d0d40a0105f33aaad861ff1a895cfeae4ce46ccf249a53e37d3127a35f273e003f7f8f289f5d8d3cb8c73098fb986d3495032cc7e2947d50620d7128e9dde21dea2120d501434211b17ceece000b4371d1278bbd6508b100621e26d017ebff418923a5c8b6c3f51405aa41894999b7d2780a8d0db296271fddd2ff1c59e939dd6326d466408d4be16507faabd4e5c32bd0ef88243f8de46725d8edbd267f43e2a0b4478fe82c4f6246b61cc5c8f29b059f189c3ebb58ee83367c0f91d829aef0f399a6a89128cecabfadb070fde91ec95146c70880bcc9a8ff8194ecc5dba011a85b4bf65ec83bc82ae6a650502f7a6930c943caca24715387ab3249ab8f1642cfd006c06c4fa86c704cdb668ee2c217a46391d928bd926f07fdea6827cfee922c500e5c3d4341aa07ab5bb9bca92af2d7cd157fae51ac136e5ae134839482f0188ff20f41ebe96e0a3de6299f969315074211a316c06480854f10ac9a36f9dd4ad605717ce0cab81a981bd669db083520b315da39b32401ed8ccc04d9f204f4e947b3df79e4fb5ef4ccf0a953e6efc704ce44f338f03cbcd63e68cdbb7ec13b17dd41e57127bd7948cf62d673d9efdc0c77b18c7bd5cf80c6e9d8edc40ef786eaca071e6417638f3bcdb42050b3b18284f49f22377e7e703b5153956e33ec160c0e7766e7f32abf1ee2efcb32bc0ad4191fc07370b5a012de3be92d113c2b905d7da84cbdd9eb16e2e4e4e4306cdd70fc86c168cf94cbde3fc94a3358d3028f9854eb25127a26a14bd1140891af04c51d092e7cdf5b0fb3b5b134350d313162741d3eec1e80be9ac545426d5b25b3271370a5e7027df6e10fae7df086dd3b63e912431697516a3ce285699a0999e445c2b6a5290ccfc447ea423c7bfea8db47b4afdbb437c6f0dcc81d24c79c462799f8150e9673f6355d6b66f4da863603dae825a346367b01ed38c40d69d8feef9263a29ba7ee232820986f9f79c1721b7800b140685070e9d52b087321877be16f9077d7b9b48b3741613bea0e0a8a9114a9585be0b08260e47736fc277a325ebd059533b7f3cb5b4f970ca0164b769faa8961aea89fc018e7c8fb00b220ac42cba8fabb64a5ac5d2192f176bd0ede5cd009a32e53909d5e8a8cef3a481d779d54d65f5c6ce1dc232522e0bddae432c1ac2168008c441a243a995b018465879b612cb8e7081190d44646f88feefd726883f81a311237abea662eea140bd349f4dfc67beb6bd429c07239cdee9169f72b1195d112e26c4e7acbf245fcf824289bb315ca2f8a06e4da5e36aa52a85c1e363f28ea244f815d643f9b518f94701a4b0b1cf9c9ba069afc873c4971a89fd1dc396968141787b8dc42b9b346", 0x1000}], 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f00000003c0)=@sr0, 0x0, &(0x7f0000000580)={0x5, 0x6, 0x558e, 0x7, 0x8, 0x4, 0x772, 0x12db54ad, 0x80000}) 140.047876ms ago: executing program 2 (id=2012): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="ad733642561534f14257b6c5820fae9d6d", 0x11) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0) write$vga_arbiter(r2, 0x0, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) r5 = syz_open_dev$vim2m(0x0, 0x10007ff, 0x2) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) pselect6(0x40, &(0x7f00000000c0)={0x4f0d7cc6, 0x0, 0x5, 0x0, 0x3, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffc}, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT, @ANYRES32=r5, @ANYRESDEC=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x53a, @void, @value}, 0x94) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, 0x0, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x10) sendmsg$rds(r6, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x0, 0x4004000}, 0x0) r8 = socket$inet6(0xa, 0x2, 0x3a) recvfrom$inet6(r8, 0x0, 0x0, 0x10000, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 139.723572ms ago: executing program 0 (id=2013): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x5, 0x1, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000001c0)=0x1) ioctl$VIDIOC_S_FREQUENCY(r2, 0x402c5639, &(0x7f0000000080)={0x0, 0x2, 0x7}) 139.328437ms ago: executing program 3 (id=2014): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) openat$vga_arbiter(0xffffff9c, &(0x7f00000000c0), 0x140, 0x0) (async) openat$vga_arbiter(0xffffff9c, &(0x7f00000000c0), 0x140, 0x0) mount(0x0, &(0x7f0000000600)='./file0\x00', &(0x7f0000000100)='devpts\x00', 0x0, 0x0) mount$9p_xen(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x345065, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f0000000280)=@generic, 0x80, &(0x7f0000000340)=[{&(0x7f0000000300)}, {&(0x7f0000000480)=""/184, 0xb8}, {&(0x7f0000000540)=""/176, 0xb0}, {&(0x7f0000000600)=""/132, 0x84}, {&(0x7f00000006c0)=""/129, 0x81}], 0x5, &(0x7f0000000780)=""/234, 0xea}, 0x68}, {{&(0x7f0000000880)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000900)=""/129, 0x81}], 0x1, &(0x7f00000009c0)=""/230, 0xe6}, 0x1ff}, {{&(0x7f0000000ac0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000b40)=""/224, 0xe0}, {&(0x7f0000000c40)=""/115, 0x73}, {&(0x7f0000000cc0)=""/48, 0x30}, {&(0x7f0000000d00)=""/45, 0x2d}, {&(0x7f0000000d40)=""/9, 0x9}, {&(0x7f0000000d80)=""/128, 0x80}], 0x6, &(0x7f0000000e40)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000001e40)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @local}}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/49, 0x31}, {&(0x7f0000001f00)=""/50, 0x32}, {&(0x7f0000001f40)=""/28, 0x1c}], 0x3, &(0x7f0000001fc0)=""/4096, 0x1000}}, {{&(0x7f0000002fc0)=@tipc, 0x80, &(0x7f00000030c0), 0x0, &(0x7f0000003100)=""/217, 0xd9}, 0x81}, {{&(0x7f0000003200)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000003440)=[{&(0x7f0000003280)=""/44, 0x2c}, {&(0x7f00000032c0)=""/231, 0xe7}, {&(0x7f00000033c0)=""/89, 0x59}], 0x3, &(0x7f0000003480)=""/224, 0xe0}, 0x8b}, {{&(0x7f0000003580)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000003700)=[{&(0x7f0000003600)=""/212, 0xd4}], 0x1, &(0x7f0000003740)=""/68, 0x44}, 0x100}], 0x7, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) (async) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0xfffffffffffffc5d, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'wg1\x00'}]}, 0x50}}, 0x0) (async) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0xfffffffffffffc5d, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'wg1\x00'}]}, 0x50}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)}, 0x0) 64.244728ms ago: executing program 0 (id=2015): r0 = memfd_secret(0x0) socket$inet6(0xa, 0x6, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) setpgid(r1, r1) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') mount(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x3e, &(0x7f0000000300)='usrquota') 63.567062ms ago: executing program 4 (id=2016): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xb, 0x400000000007, &(0x7f0000006680)) keyctl$chown(0x4, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r0 = syz_io_uring_setup(0xa07, &(0x7f0000000200)={0x0, 0xcc75, 0x0, 0x3}, &(0x7f0000000140)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x5b06, &(0x7f00000003c0)={0x0, 0xef71, 0x400, 0xfffffffe, 0x2f1}, &(0x7f00000001c0)=0x0, &(0x7f0000000440)) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0}) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240), 0x10, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="00000000080000008c7beb10", @ANYRES32=0x0, @ANYRES32=0xea60, @ANYRES32=r5, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x48095}, 0x20000000) r6 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffd000/0x1000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee6}, &(0x7f0000000000)=0x1d) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004980)=[{{&(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000000)="0eef1612", 0x4}], 0x1}}], 0x1, 0x2000c000) 859.729µs ago: executing program 3 (id=2017): r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) recvfrom$inet6(r0, &(0x7f0000000000)=""/45, 0x44, 0x0, 0x0, 0xffffffffffffffc3) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1) r1 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) (fail_nth: 1) 338.05µs ago: executing program 4 (id=2018): socket$inet6(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xc, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) io_setup(0x4082, &(0x7f0000000380)) unshare(0x400) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'lo\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r5, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x1, @broadcast, 'lo\x00'}}) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0) write$tcp_mem(r6, &(0x7f0000000280)={0x7, 0x2d, 0xffffffffffffffff, 0x3a, 0x0, 0x2c}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xb, 0x20, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x9f}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x3}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400}, @alu={0xce29e5354d59a59e, 0x1, 0x0, 0x5, 0x6, 0x10, 0x1}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}]}, 0x0, 0x6, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001400)={0x0, 0xf, 0x8c8e, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r8, r7, 0x25, 0x8, @val=@iter={0x0}}, 0x20) socket$nl_route(0x10, 0x3, 0x0) 0s ago: executing program 3 (id=2019): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@newtaction={0x130, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x11c, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0xd4, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x8e, 0x6, "e5fbb7cdb3ff9fe3b3e012d9430a14660b72d4f72c7fcba8aa7d2a288edbea47258b04da702928c5d0459b84e29659954e67854e888fe68ab08990d7fc026715b8abf4c754a6119f0766556f965b897548f08bd5c5eeaef2bf5033d7a90a17012b58618a7c3b530e9996fb40fa6f83362f86c626b4ca90464701746323bfbcca02ea75e40682d7a0e7cd"}, {0xc}, {0xc}}}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_delroute={0x24, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x80, 0x0, 0xfe, 0x4, 0xc8, 0x1}, [@RTA_DST={0x8, 0x1, @dev}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008040) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040), 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d20bddda7d1db9342de76eec7967fe97751f13a23aeaacb0565c1c2251560ed1"}}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x19, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000008500000019000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, 0x0, 0x0) r6 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r6, &(0x7f0000000040), 0xc) r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8) writev(r6, &(0x7f0000000180)=[{&(0x7f0000002680)="1e", 0xfdef}], 0x1) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r8, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): ered forwarding state [ 148.563368][ T8462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.569393][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.572212][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.580869][ T8462] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.585887][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.587836][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.591527][ T1188] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.593503][ T1188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.645597][ T5972] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 148.660334][ T8462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.742825][ T8462] veth0_vlan: entered promiscuous mode [ 148.746362][ T8462] veth1_vlan: entered promiscuous mode [ 148.757203][ T8462] veth0_macvtap: entered promiscuous mode [ 148.760863][ T8462] veth1_macvtap: entered promiscuous mode [ 148.766221][ T8462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.769100][ T8462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.771819][ T8462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.774662][ T8462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.778785][ T8462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.781657][ T8462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.785160][ T8462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 148.790760][ T8462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.793609][ T8462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.797386][ T8462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.800363][ T8462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.803121][ T8462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.806303][ T8462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.809233][ T5972] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.809924][ T8462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 148.812193][ T5972] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.816455][ T8462] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.817394][ T5972] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 148.819180][ T8462] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.819215][ T8462] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.822650][ T5972] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 148.825070][ T8462] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.827611][ T5972] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.835745][ T5972] usb 7-1: config 0 descriptor?? [ 148.853563][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.857482][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.865454][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.867694][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.911935][ T8488] tipc: Enabling of bearer rejected, already enabled [ 148.924176][ T8490] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.932793][ T8490] mmap: syz.4.630 (8490) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 149.242885][ T5972] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 149.253185][ T5972] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 149.440758][ T836] usb 7-1: USB disconnect, device number 3 [ 150.245106][ T5953] Bluetooth: hci4: command tx timeout [ 150.839572][ T8527] input: syz1 as /devices/virtual/input/input23 [ 150.878582][ T8529] netlink: 'syz.2.642': attribute type 1 has an invalid length. [ 150.880761][ T8529] netlink: 'syz.2.642': attribute type 3 has an invalid length. [ 150.882842][ T8529] netlink: 224 bytes leftover after parsing attributes in process `syz.2.642'. [ 151.128283][ T5953] Bluetooth: hci3: unexpected event for opcode 0x0406 [ 151.181304][ T8534] input: syz1 as /devices/virtual/input/input24 [ 151.455283][ T8551] tipc: Enabling of bearer rejected, already enabled [ 152.325328][ T5953] Bluetooth: hci4: command tx timeout [ 153.412139][ T8594] input: syz1 as /devices/virtual/input/input25 [ 153.640845][ T8601] tipc: Enabling of bearer rejected, already enabled [ 154.226927][ T8607] bond1: (slave syz_tun): Releasing active interface [ 154.236453][ T8607] bridge_slave_0: left allmulticast mode [ 154.238286][ T8607] bridge_slave_0: left promiscuous mode [ 154.240293][ T8607] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.243751][ T8607] bridge_slave_1: left allmulticast mode [ 154.246185][ T8607] bridge_slave_1: left promiscuous mode [ 154.247775][ T8607] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.253260][ T8607] bond0: (slave bond_slave_0): Releasing backup interface [ 154.261465][ T8607] bond0: (slave bond_slave_1): Releasing backup interface [ 154.275364][ T8607] team0: Port device team_slave_0 removed [ 154.282878][ T8607] team0: Port device team_slave_1 removed [ 154.286527][ T8607] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.289202][ T8607] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.292564][ T8607] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.295574][ T8607] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.303119][ T8607] bond1: (slave veth3): Releasing active interface [ 154.348221][ T8612] team0: Mode "loadbalanc" not found [ 154.352135][ T8607] vlan0: entered promiscuous mode [ 154.363683][ T8607] team0: Port device vlan0 added [ 154.414990][ T5953] Bluetooth: hci4: command tx timeout [ 155.416936][ T5953] Bluetooth: hci3: unexpected event for opcode 0x0406 [ 155.643279][ T8645] tipc: Enabling of bearer rejected, already enabled [ 155.699310][ T8643] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 155.702496][ T8643] ref_ctr increment failed for inode: 0x387 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804afb4600 [ 156.062199][ T8649] input: syz1 as /devices/virtual/input/input26 [ 156.494919][ T5953] Bluetooth: hci4: command tx timeout [ 157.427298][ T8667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.675'. [ 157.435803][ T8667] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 157.437997][ T8667] macvlan2: entered allmulticast mode [ 157.439550][ T8667] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 157.465679][ T8667] block device autoloading is deprecated and will be removed. [ 158.627670][ T8689] netlink: 'syz.4.682': attribute type 1 has an invalid length. [ 158.629833][ T8689] netlink: 'syz.4.682': attribute type 3 has an invalid length. [ 158.632186][ T8689] netlink: 224 bytes leftover after parsing attributes in process `syz.4.682'. [ 158.741915][ T8694] tipc: Enabling of bearer rejected, already enabled [ 159.109407][ T8698] input: syz1 as /devices/virtual/input/input27 [ 159.844896][ T5951] Bluetooth: hci0: command 0x0406 tx timeout [ 159.845132][ T5314] Bluetooth: hci3: command 0x0405 tx timeout [ 159.855480][ T5314] Bluetooth: hci1: command 0x0406 tx timeout [ 160.813077][ T8737] netlink: 'syz.4.691': attribute type 1 has an invalid length. [ 160.815305][ T8737] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 160.817393][ T8737] netlink: 224 bytes leftover after parsing attributes in process `syz.4.691'. [ 161.358935][ T8754] input: syz1 as /devices/virtual/input/input28 [ 161.871107][ T8761] random: crng reseeded on system resumption [ 161.878479][ T40] audit: type=1326 audit(1743205979.006:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.886375][ T40] audit: type=1326 audit(1743205979.006:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.906375][ T40] audit: type=1326 audit(1743205979.016:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=328 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.919300][ T40] audit: type=1326 audit(1743205979.016:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.937552][ T40] audit: type=1326 audit(1743205979.016:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.948024][ T40] audit: type=1326 audit(1743205979.016:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.957570][ T40] audit: type=1326 audit(1743205979.016:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.963238][ T40] audit: type=1326 audit(1743205979.016:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.969050][ T40] audit: type=1326 audit(1743205979.016:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 161.975031][ T40] audit: type=1326 audit(1743205979.026:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8760 comm="syz.4.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 162.199180][ T8776] SET target dimension over the limit! [ 164.262084][ T8808] input: syz1 as /devices/virtual/input/input29 [ 164.375871][ T8820] tipc: Enabling of bearer rejected, already enabled [ 164.654029][ T8826] SET target dimension over the limit! [ 165.317137][ T8832] tipc: Enabling of bearer rejected, already enabled [ 166.065227][ T8848] Cannot find add_set index 0 as target [ 166.627939][ T8860] netlink: 'syz.3.721': attribute type 1 has an invalid length. [ 166.630211][ T8860] netlink: 'syz.3.721': attribute type 3 has an invalid length. [ 166.632349][ T8860] netlink: 224 bytes leftover after parsing attributes in process `syz.3.721'. [ 167.098214][ T8874] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 167.100602][ T8874] ref_ctr increment failed for inode: 0x97 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806d938a00 [ 167.150344][ T8866] input: syz1 as /devices/virtual/input/input31 [ 168.383993][ T8895] serio: Serial port ptm0 [ 168.603224][ T8911] bridge0: port 3(netdevsim0) entered blocking state [ 168.605773][ T8911] bridge0: port 3(netdevsim0) entered disabled state [ 168.608190][ T8911] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 168.612161][ T8911] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 168.614835][ T8911] bridge0: port 3(netdevsim0) entered blocking state [ 168.617430][ T8911] bridge0: port 3(netdevsim0) entered forwarding state [ 169.008518][ T8919] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 169.012204][ T8919] ref_ctr increment failed for inode: 0x3e8 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806b29bc00 [ 169.353942][ T8932] SET target dimension over the limit! [ 169.722882][ T8938] input: syz1 as /devices/virtual/input/input32 [ 170.797288][ T8952] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 170.799801][ T8952] ref_ctr increment failed for inode: 0xb3 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801312c600 [ 172.048617][ T8988] Cannot find add_set index 0 as target [ 172.250758][ T8992] input: syz1 as /devices/virtual/input/input33 [ 172.346145][ T8995] input: syz1 as /devices/virtual/input/input34 [ 172.531975][ T8998] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 172.534307][ T8998] ref_ctr increment failed for inode: 0x449 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806d93e400 [ 174.447579][ T9038] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 174.450720][ T9038] ref_ctr increment failed for inode: 0x459 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804afb1e00 [ 174.697131][ T9056] Cannot find add_set index 0 as target [ 175.569563][ T9069] netlink: 'syz.0.772': attribute type 1 has an invalid length. [ 175.571665][ T9069] netlink: 'syz.0.772': attribute type 3 has an invalid length. [ 175.573722][ T9069] netlink: 224 bytes leftover after parsing attributes in process `syz.0.772'. [ 175.790711][ T9073] ip6erspan0: entered promiscuous mode [ 175.819180][ T9073] vlan2: entered promiscuous mode [ 175.820795][ T9073] vlan2: entered allmulticast mode [ 175.822539][ T9073] hsr_slave_1: entered allmulticast mode [ 176.064935][ T6034] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 176.226124][ T6034] usb 8-1: config 0 has an invalid interface number: 50 but max is 0 [ 176.233252][ T6034] usb 8-1: config 0 has no interface number 0 [ 176.235062][ T6034] usb 8-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 176.241375][ T6034] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 176.245015][ T6034] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.250572][ T6034] usb 8-1: Product: syz [ 176.251827][ T6034] usb 8-1: Manufacturer: syz [ 176.253125][ T6034] usb 8-1: SerialNumber: syz [ 176.255679][ T6034] usb 8-1: config 0 descriptor?? [ 176.259070][ T6034] yurex 8-1:0.50: USB YUREX device now attached to Yurex #0 [ 176.468472][ T5972] usb 8-1: USB disconnect, device number 6 [ 176.477738][ T5972] yurex 8-1:0.50: USB YUREX #0 now disconnected [ 176.677479][ T9073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.773'. [ 176.846646][ T9085] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 176.849016][ T9085] ref_ctr increment failed for inode: 0x46c offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806b29bc00 [ 178.443117][ T9122] netlink: 'syz.3.784': attribute type 1 has an invalid length. [ 178.485974][ T9122] netlink: 'syz.3.784': attribute type 3 has an invalid length. [ 178.488095][ T9122] netlink: 224 bytes leftover after parsing attributes in process `syz.3.784'. [ 179.403579][ T9132] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 179.464980][ T9132] ref_ctr increment failed for inode: 0x436 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806b29e400 [ 182.293319][ T9190] No control pipe specified [ 182.486057][ T9196] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 182.488287][ T9196] ref_ctr increment failed for inode: 0x489 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806b299400 [ 182.865364][ T9203] tipc: Started in network mode [ 182.867199][ T9203] tipc: Node identity ac14140f, cluster identity 4711 [ 182.873138][ T9203] tipc: New replicast peer: 255.255.255.255 [ 182.875998][ T9203] tipc: Enabled bearer , priority 10 [ 182.911024][ T9204] input: syz1 as /devices/virtual/input/input35 [ 183.907889][ T29] tipc: Node number set to 2886997007 [ 184.393527][ T9230] input: syz1 as /devices/virtual/input/input36 [ 185.286822][ T9251] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 185.289196][ T9251] ref_ctr increment failed for inode: 0x112 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801312d000 [ 185.462844][ T9255] input: syz1 as /devices/virtual/input/input37 [ 188.010468][ T9297] No control pipe specified [ 188.257706][ T9307] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 188.261179][ T9307] ref_ctr increment failed for inode: 0x124 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804afb3c00 [ 188.450618][ T9304] tipc: Enabling of bearer rejected, already enabled [ 191.163850][ T9369] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 191.167144][ T9369] ref_ctr increment failed for inode: 0x4ca offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804afb3c00 [ 193.143092][ T9397] input: syz1 as /devices/virtual/input/input38 [ 193.607550][ T1411] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.609803][ T1411] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.996745][ T9426] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 193.999098][ T9426] ref_ctr increment failed for inode: 0x4e2 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804afb0a00 [ 195.051570][ T9448] input: syz1 as /devices/virtual/input/input39 [ 195.074408][ T9451] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.078028][ T9451] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.081242][ T9451] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.084365][ T9451] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.088663][ T9451] vxlan0: entered promiscuous mode [ 195.090476][ T9451] vxlan0: entered allmulticast mode [ 195.280401][ T9457] vlan2: entered allmulticast mode [ 195.381240][ T9459] vlan0: entered promiscuous mode [ 195.528849][ T9456] ptrace attach of ""[9458] was attempted by "/syz-executor exec"[9456] [ 196.098270][ T9476] netlink: 'syz.3.865': attribute type 1 has an invalid length. [ 196.100414][ T9476] netlink: 'syz.3.865': attribute type 3 has an invalid length. [ 196.102493][ T9476] netlink: 224 bytes leftover after parsing attributes in process `syz.3.865'. [ 196.660212][ T40] kauditd_printk_skb: 54 callbacks suppressed [ 196.660224][ T40] audit: type=1326 audit(1743206013.786:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.677864][ T40] audit: type=1326 audit(1743206013.786:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.683705][ T40] audit: type=1326 audit(1743206013.786:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=328 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.689793][ T40] audit: type=1326 audit(1743206013.786:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.697643][ T40] audit: type=1326 audit(1743206013.786:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.704240][ T40] audit: type=1326 audit(1743206013.786:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.710606][ T40] audit: type=1326 audit(1743206013.786:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.716641][ T40] audit: type=1326 audit(1743206013.786:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.722470][ T40] audit: type=1326 audit(1743206013.786:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 196.728486][ T40] audit: type=1326 audit(1743206013.806:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.2.868" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x7ffc0000 [ 202.451762][ T9622] netlink: 'syz.3.894': attribute type 1 has an invalid length. [ 202.453997][ T9622] netlink: 'syz.3.894': attribute type 3 has an invalid length. [ 202.456239][ T9622] netlink: 224 bytes leftover after parsing attributes in process `syz.3.894'. [ 202.898159][ T9636] netlink: 'syz.2.897': attribute type 5 has an invalid length. [ 204.288909][ T9657] netlink: 'syz.2.903': attribute type 1 has an invalid length. [ 204.297572][ T9657] netlink: 'syz.2.903': attribute type 3 has an invalid length. [ 204.299863][ T9657] netlink: 224 bytes leftover after parsing attributes in process `syz.2.903'. [ 205.192583][ T9689] netlink: 'syz.2.908': attribute type 1 has an invalid length. [ 205.195037][ T9689] netlink: 'syz.2.908': attribute type 3 has an invalid length. [ 205.197249][ T9689] netlink: 224 bytes leftover after parsing attributes in process `syz.2.908'. [ 206.036567][ T9703] netlink: 'syz.0.912': attribute type 1 has an invalid length. [ 206.038843][ T9703] netlink: 'syz.0.912': attribute type 3 has an invalid length. [ 206.041023][ T9703] netlink: 224 bytes leftover after parsing attributes in process `syz.0.912'. [ 206.800471][ T9717] tipc: Enabling of bearer rejected, already enabled [ 206.884080][ T9718] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 206.886684][ T9718] ref_ctr increment failed for inode: 0x4f0 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801b47c600 [ 206.893815][ T9719] Cannot find add_set index 0 as target [ 207.587552][ T9731] input: syz1 as /devices/virtual/input/input40 [ 208.002893][ T9744] netlink: 'syz.0.921': attribute type 1 has an invalid length. [ 208.005135][ T9744] netlink: 'syz.0.921': attribute type 3 has an invalid length. [ 208.007366][ T9744] netlink: 224 bytes leftover after parsing attributes in process `syz.0.921'. [ 209.321969][ T9770] tipc: Enabling of bearer rejected, already enabled [ 209.468709][ T9772] netlink: 'syz.2.928': attribute type 1 has an invalid length. [ 209.470853][ T9772] netlink: 'syz.2.928': attribute type 3 has an invalid length. [ 209.472918][ T9772] netlink: 224 bytes leftover after parsing attributes in process `syz.2.928'. [ 209.728388][ T9780] input: syz1 as /devices/virtual/input/input41 [ 211.200625][ T9809] netlink: 8 bytes leftover after parsing attributes in process `syz.3.936'. [ 211.210792][ T9809] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 211.212944][ T9809] macvlan2: entered allmulticast mode [ 211.214508][ T9809] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 211.771698][ T9818] SET target dimension over the limit! [ 212.196604][ T9822] tipc: Enabling of bearer rejected, already enabled [ 214.073157][ T9860] tipc: Enabling of bearer rejected, already enabled [ 214.718190][ T9870] input: syz1 as /devices/virtual/input/input42 [ 216.485312][ T9887] netlink: 'syz.4.952': attribute type 1 has an invalid length. [ 216.487490][ T9887] netlink: 'syz.4.952': attribute type 3 has an invalid length. [ 216.489585][ T9887] netlink: 224 bytes leftover after parsing attributes in process `syz.4.952'. [ 216.980967][ T9903] No control pipe specified [ 217.766829][ T9916] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 217.769203][ T9916] ref_ctr increment failed for inode: 0x57b offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888022332800 [ 218.302071][ T9924] netlink: 'syz.4.963': attribute type 1 has an invalid length. [ 218.304330][ T9924] netlink: 'syz.4.963': attribute type 3 has an invalid length. [ 218.306671][ T9924] netlink: 224 bytes leftover after parsing attributes in process `syz.4.963'. [ 219.154863][ T9945] input: syz1 as /devices/virtual/input/input43 [ 220.886722][ T9973] input: syz1 as /devices/virtual/input/input44 [ 220.890055][ T9977] input: syz1 as /devices/virtual/input/input45 [ 221.575394][ T9989] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 221.578502][ T9989] ref_ctr increment failed for inode: 0x592 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801364a800 [ 224.471136][T10039] input: syz1 as /devices/virtual/input/input46 [ 224.509321][T10042] input: syz1 as /devices/virtual/input/input47 [ 225.021841][T10053] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -11226, delta: 1 [ 225.024411][T10053] ref_ctr increment failed for inode: 0x555 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801312da00 [ 226.694183][T10087] input: syz1 as /devices/virtual/input/input48 [ 226.832995][T10092] netlink: 'syz.0.1004': attribute type 1 has an invalid length. [ 226.835250][T10092] netlink: 'syz.0.1004': attribute type 3 has an invalid length. [ 226.837378][T10092] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1004'. [ 227.335443][T10100] input: syz1 as /devices/virtual/input/input49 [ 229.682486][T10130] input: syz1 as /devices/virtual/input/input50 [ 229.951539][T10134] netlink: 'syz.4.1014': attribute type 1 has an invalid length. [ 229.954929][T10134] netlink: 'syz.4.1014': attribute type 3 has an invalid length. [ 229.958173][T10134] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1014'. [ 230.201093][T10140] netlink: 'syz.4.1017': attribute type 1 has an invalid length. [ 230.203326][T10140] netlink: 'syz.4.1017': attribute type 3 has an invalid length. [ 230.205581][T10140] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1017'. [ 231.575066][T10151] tipc: Enabling of bearer rejected, already enabled [ 233.018038][T10192] input: syz1 as /devices/virtual/input/input51 [ 234.698616][T10212] tipc: Enabling of bearer rejected, already enabled [ 235.057579][T10223] nfs4: Bad value for 'fsc' [ 235.407468][T10222] input: syz1 as /devices/virtual/input/input52 [ 236.412995][T10241] netlink: 'syz.0.1039': attribute type 1 has an invalid length. [ 236.415393][T10241] netlink: 'syz.0.1039': attribute type 3 has an invalid length. [ 236.417882][T10241] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1039'. [ 236.535899][T10248] autofs: Unknown parameter '0x0000000000000000' [ 237.692827][T10272] Cannot find add_set index 0 as target [ 239.608976][T10286] Cannot find add_set index 0 as target [ 239.697613][T10293] input: syz1 as /devices/virtual/input/input53 [ 241.089336][T10315] netlink: 'syz.3.1056': attribute type 1 has an invalid length. [ 241.093873][T10315] netlink: 'syz.3.1056': attribute type 3 has an invalid length. [ 241.100375][T10315] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1056'. [ 241.423093][T10319] input: syz1 as /devices/virtual/input/input54 [ 241.667706][T10328] autofs: Bad value for 'fd' [ 242.142573][T10341] tipc: Enabling of bearer rejected, already enabled [ 242.607759][T10346] netlink: 'syz.4.1063': attribute type 1 has an invalid length. [ 242.610308][T10346] netlink: 'syz.4.1063': attribute type 3 has an invalid length. [ 242.612917][T10346] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1063'. [ 243.553627][T10367] Cannot find add_set index 0 as target [ 244.430537][T10371] SET target dimension over the limit! [ 244.485859][T10381] input: syz1 as /devices/virtual/input/input55 [ 245.017791][T10397] input: syz1 as /devices/virtual/input/input56 [ 245.237238][T10403] tipc: Enabling of bearer rejected, already enabled [ 246.083175][T10415] Cannot find add_set index 0 as target [ 246.662754][ T5953] Bluetooth: hci4: unexpected event 0x23 length: 42 > 13 [ 246.724335][T10430] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1084'. [ 247.595862][T10447] input: syz1 as /devices/virtual/input/input57 [ 247.756500][T10450] vlan2: entered promiscuous mode [ 247.758222][T10450] vlan2: entered allmulticast mode [ 247.759673][T10450] hsr_slave_1: entered allmulticast mode [ 248.032041][T10457] overlay: Unknown parameter 'dont_appraise' [ 248.393683][T10470] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 248.397365][T10470] UDF-fs: Scanning with blocksize 2048 failed [ 248.400906][T10470] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 248.402850][T10470] UDF-fs: Scanning with blocksize 4096 failed [ 249.163124][T10489] Cannot find add_set index 0 as target [ 250.305543][T10504] input: syz1 as /devices/virtual/input/input58 [ 250.545945][T10510] netlink: 'syz.2.1104': attribute type 1 has an invalid length. [ 250.549566][T10510] netlink: 'syz.2.1104': attribute type 3 has an invalid length. [ 250.551934][T10510] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1104'. [ 252.319028][T10542] SET target dimension over the limit! [ 252.446475][T10544] tipc: Enabling of bearer rejected, already enabled [ 252.952705][T10551] netlink: 'syz.0.1114': attribute type 1 has an invalid length. [ 252.955406][T10551] netlink: 'syz.0.1114': attribute type 3 has an invalid length. [ 252.957646][T10551] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1114'. [ 254.955457][T10586] nfs4: Bad value for 'fsc' [ 255.046044][ T1411] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.048204][ T1411] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.929901][T10596] SET target dimension over the limit! [ 256.484372][T10604] tipc: Enabling of bearer rejected, already enabled [ 256.500378][T10600] tipc: Enabling of bearer rejected, already enabled [ 257.100514][T10625] autofs: Unknown parameter 'fd0x0000000000000000' [ 257.682858][T10629] syz.2.1132 (10629) used greatest stack depth: 20552 bytes left [ 257.763652][T10639] SET target dimension over the limit! [ 258.904783][T10646] netlink: 'syz.2.1136': attribute type 1 has an invalid length. [ 258.907021][T10646] netlink: 'syz.2.1136': attribute type 3 has an invalid length. [ 258.909174][T10646] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1136'. [ 259.323859][T10650] nfs4: Bad value for 'fsc' [ 259.329386][T10660] tipc: Enabling of bearer rejected, already enabled [ 259.544375][T10661] input: syz1 as /devices/virtual/input/input59 [ 260.682422][T10685] syz.4.1144 (10685) used greatest stack depth: 20440 bytes left [ 261.432754][T10703] netlink: 'syz.2.1149': attribute type 1 has an invalid length. [ 261.435320][T10703] netlink: 'syz.2.1149': attribute type 3 has an invalid length. [ 261.437948][T10703] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1149'. [ 261.922284][T10708] tipc: Enabling of bearer rejected, already enabled [ 262.434340][T10714] nfs4: Bad value for 'fsc' [ 264.777774][T10762] tipc: Enabling of bearer rejected, already enabled [ 265.337932][T10765] input: syz1 as /devices/virtual/input/input60 [ 265.952070][T10777] Cannot find add_set index 0 as target [ 266.429300][T10783] Cannot find add_set index 0 as target [ 268.931238][T10824] input: syz1 as /devices/virtual/input/input61 [ 269.326162][T10837] Cannot find add_set index 0 as target [ 271.155590][T10874] tipc: Enabling of bearer rejected, already enabled [ 272.484973][ T5937] Bluetooth: hci4: command 0x0406 tx timeout [ 273.300916][T10907] SET target dimension over the limit! [ 274.613827][T10938] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1206'. [ 275.253586][T10949] netlink: 'syz.3.1208': attribute type 1 has an invalid length. [ 275.255913][T10949] netlink: 'syz.3.1208': attribute type 3 has an invalid length. [ 275.258118][T10949] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1208'. [ 275.331143][T10956] SET target dimension over the limit! [ 276.158488][T10963] input: syz1 as /devices/virtual/input/input62 [ 276.211105][T10970] No control pipe specified [ 276.678483][ T5953] block nbd2: Receive control failed (result -104) [ 276.686824][ T5864] block nbd2: shutting down sockets [ 276.794335][T10982] input: syz1 as /devices/virtual/input/input63 [ 277.917100][T11000] Cannot find add_set index 0 as target [ 278.966074][T11019] input: syz1 as /devices/virtual/input/input64 [ 278.982833][T11025] No control pipe specified [ 281.021617][T11075] No control pipe specified [ 281.178529][T11080] input: syz1 as /devices/virtual/input/input65 [ 282.282247][T11099] SET target dimension over the limit! [ 282.635778][T11109] Cannot find add_set index 0 as target [ 284.754221][T11146] input: syz1 as /devices/virtual/input/input66 [ 284.795864][T11150] batadv_slave_1: entered promiscuous mode [ 284.801855][T11149] batadv_slave_1: left promiscuous mode [ 285.238567][T11161] netlink: 'syz.4.1261': attribute type 1 has an invalid length. [ 285.243110][T11161] netlink: 'syz.4.1261': attribute type 3 has an invalid length. [ 285.249418][T11161] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1261'. [ 285.743840][T11181] netlink: 'syz.0.1267': attribute type 4 has an invalid length. [ 286.811926][T11195] netlink: 'syz.3.1270': attribute type 1 has an invalid length. [ 286.817066][T11195] netlink: 'syz.3.1270': attribute type 3 has an invalid length. [ 286.822077][T11195] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1270'. [ 287.081250][T11207] input: syz1 as /devices/virtual/input/input67 [ 287.605705][ T5937] Bluetooth: hci4: command 0x0406 tx timeout [ 287.731285][T11223] bridge_slave_0: left allmulticast mode [ 287.733338][T11223] bridge_slave_0: left promiscuous mode [ 287.741208][T11223] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.818893][T11223] bridge_slave_1: left allmulticast mode [ 287.832866][T11223] bridge_slave_1: left promiscuous mode [ 287.855440][T11223] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.871951][T11223] bond0: (slave bond_slave_0): Releasing backup interface [ 287.893368][T11223] bond0: (slave bond_slave_1): Releasing backup interface [ 287.916159][T11223] team0: Port device team_slave_0 removed [ 287.956884][T11223] team0: Port device team_slave_1 removed [ 287.959889][T11223] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.961893][T11223] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.969271][T11223] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.972202][T11223] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 288.160972][T11238] netlink: 'syz.2.1281': attribute type 1 has an invalid length. [ 288.163237][T11238] netlink: 'syz.2.1281': attribute type 3 has an invalid length. [ 288.165800][T11238] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1281'. [ 289.705800][T11271] input: syz1 as /devices/virtual/input/input68 [ 290.031995][T11278] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1294'. [ 290.034530][T11278] netlink: 'syz.2.1294': attribute type 1 has an invalid length. [ 291.406106][T11318] No control pipe specified [ 291.978521][T11328] team0: Port device vlan0 removed [ 293.497266][T11365] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1313'. [ 293.923722][T11373] FAULT_INJECTION: forcing a failure. [ 293.923722][T11373] name failslab, interval 1, probability 0, space 0, times 0 [ 293.928346][T11373] CPU: 1 UID: 0 PID: 11373 Comm: syz.0.1315 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 293.928362][T11373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 293.928368][T11373] Call Trace: [ 293.928371][T11373] [ 293.928375][T11373] dump_stack_lvl+0x16c/0x1f0 [ 293.928393][T11373] should_fail_ex+0x512/0x640 [ 293.928409][T11373] ? __kmalloc_noprof+0xbf/0x510 [ 293.928420][T11373] ? qp_host_alloc_queue+0x4c/0x220 [ 293.928431][T11373] should_failslab+0xc2/0x120 [ 293.928442][T11373] __kmalloc_noprof+0xd2/0x510 [ 293.928453][T11373] qp_host_alloc_queue+0x4c/0x220 [ 293.928464][T11373] qp_broker_alloc+0xe66/0x1ce0 [ 293.928479][T11373] ? __pfx_qp_broker_alloc+0x10/0x10 [ 293.928493][T11373] ? find_held_lock+0x2b/0x80 [ 293.928506][T11373] vmci_qp_broker_alloc+0x93/0xc0 [ 293.928521][T11373] vmci_host_do_alloc_queuepair.constprop.0+0x2fd/0x3d0 [ 293.928534][T11373] ? __pfx_vmci_host_do_alloc_queuepair.constprop.0+0x10/0x10 [ 293.928548][T11373] ? kasan_quarantine_put+0x10a/0x240 [ 293.928564][T11373] ? lockdep_hardirqs_on+0x7c/0x110 [ 293.928580][T11373] ? tomoyo_path_number_perm+0x18d/0x580 [ 293.928592][T11373] vmci_host_unlocked_ioctl+0x51e/0x2010 [ 293.928604][T11373] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 293.928616][T11373] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 293.928636][T11373] ? find_held_lock+0x2b/0x80 [ 293.928650][T11373] ? __fget_files+0x20e/0x3c0 [ 293.928660][T11373] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 293.928671][T11373] compat_ptr_ioctl+0x6b/0xa0 [ 293.928683][T11373] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 293.928696][T11373] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 293.928711][T11373] __do_fast_syscall_32+0x73/0x120 [ 293.928725][T11373] do_fast_syscall_32+0x32/0x80 [ 293.928739][T11373] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 293.928752][T11373] RIP: 0023:0xf745e579 [ 293.928760][T11373] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 293.928770][T11373] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 293.928780][T11373] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000007a8 [ 293.928787][T11373] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000 [ 293.928793][T11373] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 293.928799][T11373] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 293.928804][T11373] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 293.928815][T11373] [ 294.211764][T11377] input: syz1 as /devices/virtual/input/input69 [ 294.520682][T11382] SET target dimension over the limit! [ 294.887221][T11386] input: syz1 as /devices/virtual/input/input70 [ 297.059750][T11432] netlink: 'syz.0.1331': attribute type 1 has an invalid length. [ 297.062223][T11432] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1331'. [ 297.305011][ T836] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 297.471191][ T836] usb 5-1: config 0 has an invalid interface number: 20 but max is 0 [ 297.474619][ T836] usb 5-1: config 0 has no interface number 0 [ 297.477186][ T836] usb 5-1: config 0 interface 20 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 297.486474][ T836] usb 5-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 297.488872][ T836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.491455][ T836] usb 5-1: Product: syz [ 297.492655][ T836] usb 5-1: Manufacturer: syz [ 297.493923][ T836] usb 5-1: SerialNumber: syz [ 297.496524][ T836] usb 5-1: config 0 descriptor?? [ 297.500818][ T836] usb-storage 5-1:0.20: USB Mass Storage device detected [ 297.506529][ T836] usb-storage 5-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 297.710347][ T24] usb 5-1: USB disconnect, device number 5 [ 298.926419][T11474] nfs4: Bad value for 'fsc' [ 299.805561][ T5972] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 299.986024][ T5972] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 299.988846][ T5972] usb 9-1: config 0 has no interfaces? [ 299.990347][ T5972] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 299.992743][ T5972] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.995849][ T5972] usb 9-1: config 0 descriptor?? [ 300.210677][ T836] usb 9-1: USB disconnect, device number 2 [ 301.466492][T11532] SET target dimension over the limit! [ 303.462131][T11577] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 303.465463][T11577] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 303.468295][T11577] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 304.939379][T11600] SET target dimension over the limit! [ 308.850538][T11695] input: syz1 as /devices/virtual/input/input71 [ 310.684630][T11736] nfs4: Bad value for 'fsc' [ 311.112759][T11743] autofs: Unknown parameter 'fd0x0000000000000000' [ 312.231453][T11770] input: syz1 as /devices/virtual/input/input72 [ 313.341906][T11794] Cannot find add_set index 0 as target [ 314.618284][T11812] SET target dimension over the limit! [ 316.487212][ T1411] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.489043][ T1411] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.503183][T11863] SET target dimension over the limit! [ 318.372914][T11877] nfs4: Bad value for 'fsc' [ 319.097427][T11900] input: syz1 as /devices/virtual/input/input73 [ 319.131618][T11901] input: syz1 as /devices/virtual/input/input74 [ 320.016028][ T40] kauditd_printk_skb: 46 callbacks suppressed [ 320.016039][ T40] audit: type=1800 audit(1743206137.146:603): pid=11915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1434" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 320.739435][T11923] SET target dimension over the limit! [ 321.026716][T11924] input: syz1 as /devices/virtual/input/input75 [ 321.522267][T11934] input: syz1 as /devices/virtual/input/input76 [ 322.587746][T11955] input: syz1 as /devices/virtual/input/input77 [ 323.381405][T11971] input: syz1 as /devices/virtual/input/input78 [ 325.170724][T12004] autofs: Unknown parameter '0x0000000000000000' [ 326.651076][T12029] input: syz1 as /devices/virtual/input/input79 [ 327.740321][T12052] autofs: Unknown parameter '0x0000000000000000' [ 327.838171][T12057] input: syz1 as /devices/virtual/input/input80 [ 330.070866][T12107] input: syz1 as /devices/virtual/input/input81 [ 330.639202][T12110] input: syz1 as /devices/virtual/input/input82 [ 336.960580][T12222] input: syz1 as /devices/virtual/input/input83 [ 340.287228][T12272] TCP: out of memory -- consider tuning tcp_mem [ 340.317744][T12275] TCP: out of memory -- consider tuning tcp_mem [ 340.414829][ C0] TCP: out of memory -- consider tuning tcp_mem [ 341.312044][T12302] input: syz1 as /devices/virtual/input/input84 [ 341.322969][T12303] input: syz1 as /devices/virtual/input/input85 [ 341.929836][T12320] input: syz1 as /devices/virtual/input/input86 [ 343.531865][T12346] netlink: 'syz.2.1524': attribute type 1 has an invalid length. [ 343.534434][T12346] netlink: 'syz.2.1524': attribute type 3 has an invalid length. [ 343.538505][T12346] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1524'. [ 344.887959][T12370] syz_tun: entered allmulticast mode [ 344.892019][T12353] input: syz1 as /devices/virtual/input/input87 [ 345.621958][T12374] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 345.632273][T12386] netlink: 'syz.0.1535': attribute type 1 has an invalid length. [ 345.634490][T12386] netlink: 'syz.0.1535': attribute type 3 has an invalid length. [ 345.636757][T12386] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1535'. [ 347.531490][T12426] netlink: 280 bytes leftover after parsing attributes in process `syz.4.1544'. [ 347.565012][ T40] audit: type=1800 audit(1743206164.686:604): pid=12430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1545" name="bus" dev="tmpfs" ino=2 res=0 errno=0 [ 347.566200][T12430] FAULT_INJECTION: forcing a failure. [ 347.566200][T12430] name failslab, interval 1, probability 0, space 0, times 0 [ 347.575473][T12430] CPU: 2 UID: 0 PID: 12430 Comm: syz.4.1545 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 347.575487][T12430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 347.575494][T12430] Call Trace: [ 347.575498][T12430] [ 347.575502][T12430] dump_stack_lvl+0x16c/0x1f0 [ 347.575521][T12430] should_fail_ex+0x512/0x640 [ 347.575537][T12430] ? __kmalloc_noprof+0xbf/0x510 [ 347.575547][T12430] ? ima_write_template_field_data+0x5d/0x1f0 [ 347.575559][T12430] should_failslab+0xc2/0x120 [ 347.575570][T12430] __kmalloc_noprof+0xd2/0x510 [ 347.575581][T12430] ima_write_template_field_data+0x5d/0x1f0 [ 347.575593][T12430] ima_eventdigest_init_common+0x154/0x430 [ 347.575605][T12430] ? __pfx_ima_eventdigest_init_common+0x10/0x10 [ 347.575622][T12430] ? rcu_is_watching+0x12/0xc0 [ 347.575634][T12430] ? trace_kmalloc+0x2b/0xd0 [ 347.575645][T12430] ? __kmalloc_noprof+0x242/0x510 [ 347.575656][T12430] ima_alloc_init_template+0x39d/0x720 [ 347.575672][T12430] ? rcu_is_watching+0x12/0xc0 [ 347.575684][T12430] ima_store_measurement+0x1eb/0x5c0 [ 347.575703][T12430] ? __pfx_ima_store_measurement+0x10/0x10 [ 347.575724][T12430] ? vfs_getxattr_alloc+0xec/0x340 [ 347.575737][T12430] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 347.575751][T12430] process_measurement+0x1edc/0x2360 [ 347.575768][T12430] ? __pfx_process_measurement+0x10/0x10 [ 347.575781][T12430] ? __lock_acquire+0x5ca/0x1ba0 [ 347.575808][T12430] ? get_pid_task+0x106/0x250 [ 347.575817][T12430] ? proc_fail_nth_write+0x9f/0x250 [ 347.575833][T12430] ? find_held_lock+0x2b/0x80 [ 347.575846][T12430] ima_file_mmap+0x1b1/0x1d0 [ 347.575859][T12430] ? __pfx_ima_file_mmap+0x10/0x10 [ 347.575874][T12430] security_mmap_file+0x88c/0x990 [ 347.575887][T12430] vm_mmap_pgoff+0xec/0x450 [ 347.575903][T12430] ? find_held_lock+0x2b/0x80 [ 347.575915][T12430] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 347.575932][T12430] ? __fget_files+0x20e/0x3c0 [ 347.575943][T12430] ksys_mmap_pgoff+0x32c/0x5c0 [ 347.575957][T12430] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 347.575971][T12430] __do_fast_syscall_32+0x73/0x120 [ 347.575986][T12430] do_fast_syscall_32+0x32/0x80 [ 347.575999][T12430] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.576012][T12430] RIP: 0023:0xf7fd3579 [ 347.576020][T12430] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 347.576030][T12430] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 347.576040][T12430] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000600402 [ 347.576046][T12430] RDX: 00000000007ffffe RSI: 0000000004002011 RDI: 0000000000000006 [ 347.576053][T12430] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 347.576058][T12430] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 347.576064][T12430] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.576075][T12430] [ 347.576190][ T40] audit: type=1804 audit(1743206164.706:605): pid=12430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.4.1545" name="/newroot/227/file0/bus" dev="tmpfs" ino=2 res=0 errno=0 [ 347.674309][T12431] input: syz1 as /devices/virtual/input/input88 [ 347.816314][T12433] netlink: 'syz.0.1546': attribute type 1 has an invalid length. [ 347.821640][T12433] netlink: 'syz.0.1546': attribute type 3 has an invalid length. [ 347.826943][T12433] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1546'. [ 349.285403][T12470] syz_tun: entered allmulticast mode [ 349.288350][T12470] netlink: 'syz.3.1555': attribute type 4 has an invalid length. [ 349.318544][T12472] netlink: 'syz.0.1556': attribute type 1 has an invalid length. [ 349.320774][T12472] netlink: 'syz.0.1556': attribute type 3 has an invalid length. [ 349.324623][T12472] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1556'. [ 349.597289][T12479] input: syz1 as /devices/virtual/input/input89 [ 350.980059][T12512] netlink: 'syz.2.1566': attribute type 1 has an invalid length. [ 350.982390][T12512] netlink: 'syz.2.1566': attribute type 3 has an invalid length. [ 350.984601][T12512] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1566'. [ 351.614629][T12518] fuse: Bad value for 'fd' [ 353.947850][T12554] ata1.00: non-matching transfer count (1530558389/0) [ 356.310964][T12592] FAULT_INJECTION: forcing a failure. [ 356.310964][T12592] name failslab, interval 1, probability 0, space 0, times 0 [ 356.315602][T12592] CPU: 2 UID: 0 PID: 12592 Comm: syz.3.1589 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 356.315617][T12592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 356.315624][T12592] Call Trace: [ 356.315638][T12592] [ 356.315644][T12592] dump_stack_lvl+0x16c/0x1f0 [ 356.315662][T12592] should_fail_ex+0x512/0x640 [ 356.315680][T12592] should_failslab+0xc2/0x120 [ 356.315691][T12592] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 356.315709][T12592] ? skb_clone+0x190/0x3f0 [ 356.315721][T12592] skb_clone+0x190/0x3f0 [ 356.315731][T12592] netlink_deliver_tap+0xabd/0xd30 [ 356.315744][T12592] netlink_unicast+0x6b2/0x7f0 [ 356.315757][T12592] ? __pfx_netlink_unicast+0x10/0x10 [ 356.315771][T12592] netlink_ack+0x696/0xb80 [ 356.315784][T12592] netlink_rcv_skb+0x347/0x440 [ 356.315795][T12592] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 356.315808][T12592] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 356.315824][T12592] ? netlink_deliver_tap+0x1ae/0xd30 [ 356.315836][T12592] netlink_unicast+0x53a/0x7f0 [ 356.315848][T12592] ? __pfx_netlink_unicast+0x10/0x10 [ 356.315860][T12592] ? __phys_addr_symbol+0x30/0x80 [ 356.315875][T12592] ? __check_object_size+0x4c7/0x710 [ 356.315888][T12592] netlink_sendmsg+0x8da/0xd70 [ 356.315900][T12592] ? __pfx_netlink_sendmsg+0x10/0x10 [ 356.315912][T12592] ? __import_iovec+0x1c8/0x660 [ 356.315925][T12592] ____sys_sendmsg+0xa8d/0xc60 [ 356.315939][T12592] ? __pfx_____sys_sendmsg+0x10/0x10 [ 356.315951][T12592] ? get_compat_msghdr+0x11a/0x170 [ 356.315972][T12592] ___sys_sendmsg+0x134/0x1d0 [ 356.315982][T12592] ? __pfx____sys_sendmsg+0x10/0x10 [ 356.316003][T12592] __sys_sendmsg+0x16d/0x220 [ 356.316013][T12592] ? __pfx___sys_sendmsg+0x10/0x10 [ 356.316027][T12592] ? rcu_is_watching+0x12/0xc0 [ 356.316040][T12592] __do_fast_syscall_32+0x73/0x120 [ 356.316055][T12592] do_fast_syscall_32+0x32/0x80 [ 356.316068][T12592] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 356.316081][T12592] RIP: 0023:0xf7fe6579 [ 356.316089][T12592] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 356.316099][T12592] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 356.316109][T12592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240 [ 356.316115][T12592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 356.316125][T12592] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 356.316131][T12592] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 356.316137][T12592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 356.316147][T12592] [ 358.621007][T12634] netlink: 'syz.3.1600': attribute type 1 has an invalid length. [ 358.623448][T12634] netlink: 'syz.3.1600': attribute type 3 has an invalid length. [ 358.625934][T12634] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1600'. [ 358.769915][T12638] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1602'. [ 360.453410][T12668] netlink: 'syz.2.1610': attribute type 1 has an invalid length. [ 360.455966][T12668] netlink: 'syz.2.1610': attribute type 3 has an invalid length. [ 360.458266][T12668] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1610'. [ 360.652088][ T40] audit: type=1326 audit(1743206177.776:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1607" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 360.658142][ T40] audit: type=1326 audit(1743206177.776:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1607" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 362.518320][T12701] netlink: 'syz.0.1619': attribute type 1 has an invalid length. [ 362.520588][T12701] netlink: 'syz.0.1619': attribute type 3 has an invalid length. [ 362.522831][T12701] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1619'. [ 362.541410][T12700] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 362.556868][T12700] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 363.614574][ T40] audit: type=1326 audit(1743206180.736:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12708 comm="syz.3.1623" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 363.622845][ T40] audit: type=1326 audit(1743206180.736:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12708 comm="syz.3.1623" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000 [ 364.992629][T12744] netlink: 'syz.0.1631': attribute type 1 has an invalid length. [ 364.996667][T12744] netlink: 'syz.0.1631': attribute type 3 has an invalid length. [ 364.999812][T12744] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1631'. [ 365.041596][T12749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1633'. [ 366.440088][T12778] 9pnet_fd: Insufficient options for proto=fd [ 366.442658][T12778] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1637'. [ 366.530775][T12782] Unsupported ieee802154 address type: 0 [ 366.540842][T12782] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1640'. [ 366.966160][T12790] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1642'. [ 367.887587][T12817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1649'. [ 367.890281][T12817] nbd: must specify an index to disconnect [ 367.947236][T12813] block nbd2: shutting down sockets [ 368.183504][T12822] input: syz1 as /devices/virtual/input/input90 [ 369.817068][T12857] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 370.376542][T12862] block nbd4: shutting down sockets [ 370.681529][T12879] input: syz1 as /devices/virtual/input/input91 [ 371.197673][T12884] FAULT_INJECTION: forcing a failure. [ 371.197673][T12884] name failslab, interval 1, probability 0, space 0, times 0 [ 371.202898][T12884] CPU: 2 UID: 0 PID: 12884 Comm: syz.0.1670 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 371.202913][T12884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 371.202920][T12884] Call Trace: [ 371.202923][T12884] [ 371.202927][T12884] dump_stack_lvl+0x16c/0x1f0 [ 371.202944][T12884] should_fail_ex+0x512/0x640 [ 371.202960][T12884] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 371.202978][T12884] should_failslab+0xc2/0x120 [ 371.202990][T12884] __kmalloc_cache_noprof+0x6a/0x3e0 [ 371.203004][T12884] ? percpu_ref_init+0xec/0x410 [ 371.203019][T12884] ? __pfx_css_release+0x10/0x10 [ 371.203035][T12884] percpu_ref_init+0xec/0x410 [ 371.203049][T12884] cgroup_mkdir+0x2d2/0x1160 [ 371.203060][T12884] ? __pfx_cgroup_mkdir+0x10/0x10 [ 371.203070][T12884] kernfs_iop_mkdir+0x15a/0x1f0 [ 371.203082][T12884] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 371.203099][T12884] vfs_mkdir+0x590/0x8c0 [ 371.203114][T12884] do_mkdirat+0x304/0x3e0 [ 371.203124][T12884] ? __pfx_do_mkdirat+0x10/0x10 [ 371.203134][T12884] ? getname_flags.part.0+0x1c2/0x540 [ 371.203155][T12884] __ia32_sys_mkdirat+0x82/0xb0 [ 371.203164][T12884] __do_fast_syscall_32+0x73/0x120 [ 371.203179][T12884] do_fast_syscall_32+0x32/0x80 [ 371.203192][T12884] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 371.203205][T12884] RIP: 0023:0xf745e579 [ 371.203213][T12884] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 371.203224][T12884] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000128 [ 371.203234][T12884] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000 [ 371.203241][T12884] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000000 [ 371.203247][T12884] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 371.203253][T12884] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 371.203258][T12884] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 371.203270][T12884] [ 371.994559][ T5972] libceph: connect (1)[c::]:6789 error -101 [ 371.996578][ T5972] libceph: mon0 (1)[c::]:6789 connect error [ 372.038489][T12902] ceph: No mds server is up or the cluster is laggy [ 372.538884][T12924] FAULT_INJECTION: forcing a failure. [ 372.538884][T12924] name failslab, interval 1, probability 0, space 0, times 0 [ 372.542301][T12924] CPU: 0 UID: 0 PID: 12924 Comm: syz.0.1687 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 372.542316][T12924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 372.542323][T12924] Call Trace: [ 372.542326][T12924] [ 372.542340][T12924] dump_stack_lvl+0x16c/0x1f0 [ 372.542359][T12924] should_fail_ex+0x512/0x640 [ 372.542376][T12924] ? __kmalloc_noprof+0xbf/0x510 [ 372.542387][T12924] ? mpi_alloc_limb_space+0x31/0x60 [ 372.542400][T12924] should_failslab+0xc2/0x120 [ 372.542411][T12924] __kmalloc_noprof+0xd2/0x510 [ 372.542422][T12924] mpi_alloc_limb_space+0x31/0x60 [ 372.542435][T12924] mpi_powm+0x511/0x1bf0 [ 372.542452][T12924] ? __pfx_mpi_powm+0x10/0x10 [ 372.542467][T12924] ? kasan_save_track+0x14/0x30 [ 372.542483][T12924] ? __kasan_kmalloc+0xaa/0xb0 [ 372.542499][T12924] dh_compute_value+0x1b1/0x3b0 [ 372.542512][T12924] ? __pfx_dh_compute_value+0x10/0x10 [ 372.542523][T12924] ? trace_kmalloc+0x2b/0xd0 [ 372.542535][T12924] ? __virt_addr_valid+0x5e/0x590 [ 372.542549][T12924] ? __phys_addr+0xc6/0x150 [ 372.542565][T12924] __keyctl_dh_compute+0x7bf/0x10c0 [ 372.542580][T12924] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 372.542592][T12924] ? dl_scaled_delta_exec+0xdb/0x2e0 [ 372.542603][T12924] ? update_curr_dl_se+0x9c/0x730 [ 372.542614][T12924] ? update_curr+0x5af/0x800 [ 372.542624][T12924] ? find_held_lock+0x2b/0x80 [ 372.542638][T12924] ? rcu_is_watching+0x12/0xc0 [ 372.542655][T12924] compat_keyctl_dh_compute+0x143/0x1c0 [ 372.542667][T12924] ? __pfx_compat_keyctl_dh_compute+0x10/0x10 [ 372.542692][T12924] __do_compat_sys_keyctl+0x27b/0x440 [ 372.542711][T12924] __do_fast_syscall_32+0x73/0x120 [ 372.542732][T12924] do_fast_syscall_32+0x32/0x80 [ 372.542752][T12924] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 372.542770][T12924] RIP: 0023:0xf745e579 [ 372.542781][T12924] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 372.542796][T12924] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000120 [ 372.542811][T12924] RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 0000000080000140 [ 372.542821][T12924] RDX: 00000000800000c0 RSI: 00000000fffffe4f RDI: 0000000000000000 [ 372.542830][T12924] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 372.542839][T12924] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 372.542848][T12924] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 372.542863][T12924] [ 373.237773][T12929] input: syz1 as /devices/virtual/input/input92 [ 373.779990][T12943] FAULT_INJECTION: forcing a failure. [ 373.779990][T12943] name failslab, interval 1, probability 0, space 0, times 0 [ 373.784330][T12943] CPU: 2 UID: 0 PID: 12943 Comm: syz.4.1686 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 373.784350][T12943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 373.784360][T12943] Call Trace: [ 373.784364][T12943] [ 373.784371][T12943] dump_stack_lvl+0x16c/0x1f0 [ 373.784393][T12943] should_fail_ex+0x512/0x640 [ 373.784416][T12943] ? __kmalloc_noprof+0xbf/0x510 [ 373.784429][T12943] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 373.784449][T12943] should_failslab+0xc2/0x120 [ 373.784465][T12943] __kmalloc_noprof+0xd2/0x510 [ 373.784479][T12943] ? __pfx___mutex_trylock_common+0x10/0x10 [ 373.784505][T12943] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 373.784528][T12943] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 373.784544][T12943] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 373.784564][T12943] ? trace_cap_capable+0x18d/0x200 [ 373.784590][T12943] ? bpf_lsm_capable+0x9/0x10 [ 373.784605][T12943] ? security_capable+0x7e/0x260 [ 373.784627][T12943] ? ns_capable+0xd7/0x110 [ 373.784642][T12943] genl_rcv_msg+0x55c/0x800 [ 373.784663][T12943] ? __pfx_genl_rcv_msg+0x10/0x10 [ 373.784694][T12943] ? __pfx___dev_queue_xmit+0x10/0x10 [ 373.784716][T12943] ? __pfx_wg_set_device+0x10/0x10 [ 373.784733][T12943] ? __lock_acquire+0xaa4/0x1ba0 [ 373.784755][T12943] netlink_rcv_skb+0x16a/0x440 [ 373.784771][T12943] ? __pfx_genl_rcv_msg+0x10/0x10 [ 373.784803][T12943] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 373.784828][T12943] ? __pfx_down_read+0x10/0x10 [ 373.784845][T12943] ? netlink_deliver_tap+0x1ae/0xd30 [ 373.784863][T12943] genl_rcv+0x28/0x40 [ 373.784879][T12943] netlink_unicast+0x53a/0x7f0 [ 373.784897][T12943] ? __pfx_netlink_unicast+0x10/0x10 [ 373.784914][T12943] ? __phys_addr_symbol+0x30/0x80 [ 373.784939][T12943] ? __check_object_size+0x4c7/0x710 [ 373.784953][T12943] netlink_sendmsg+0x8da/0xd70 [ 373.784973][T12943] ? __pfx_netlink_sendmsg+0x10/0x10 [ 373.784990][T12943] ? __import_iovec+0x1c8/0x660 [ 373.785009][T12943] ____sys_sendmsg+0xa8d/0xc60 [ 373.785029][T12943] ? __pfx_____sys_sendmsg+0x10/0x10 [ 373.785045][T12943] ? get_compat_msghdr+0x11a/0x170 [ 373.785073][T12943] ___sys_sendmsg+0x134/0x1d0 [ 373.785089][T12943] ? __pfx____sys_sendmsg+0x10/0x10 [ 373.785139][T12943] __sys_sendmsg+0x16d/0x220 [ 373.785156][T12943] ? __pfx___sys_sendmsg+0x10/0x10 [ 373.785175][T12943] ? rcu_is_watching+0x12/0xc0 [ 373.785193][T12943] ? rcu_is_watching+0x12/0xc0 [ 373.785210][T12943] __do_fast_syscall_32+0x73/0x120 [ 373.785229][T12943] do_fast_syscall_32+0x32/0x80 [ 373.785248][T12943] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 373.785266][T12943] RIP: 0023:0xf7fd3579 [ 373.785278][T12943] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 373.785292][T12943] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 373.785306][T12943] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001000 [ 373.785315][T12943] RDX: 0000000020000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 373.785322][T12943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 373.785329][T12943] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 373.785338][T12943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 373.785355][T12943] [ 373.844933][ T5953] Bluetooth: hci0: command 0x0406 tx timeout [ 373.928829][T12954] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1692'. [ 374.526718][T12972] input: syz1 as /devices/virtual/input/input93 [ 375.056812][T12986] FAULT_INJECTION: forcing a failure. [ 375.056812][T12986] name failslab, interval 1, probability 0, space 0, times 0 [ 375.061105][T12986] CPU: 1 UID: 0 PID: 12986 Comm: syz.0.1702 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 375.061145][T12986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 375.061156][T12986] Call Trace: [ 375.061161][T12986] [ 375.061168][T12986] dump_stack_lvl+0x16c/0x1f0 [ 375.061192][T12986] should_fail_ex+0x512/0x640 [ 375.061216][T12986] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 375.061244][T12986] should_failslab+0xc2/0x120 [ 375.061261][T12986] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 375.061286][T12986] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 375.061308][T12986] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 375.061329][T12986] radix_tree_insert+0x247/0x630 [ 375.061351][T12986] qrtr_node_enqueue+0x1077/0x12e0 [ 375.061374][T12986] ? __asan_memcpy+0x3c/0x60 [ 375.061397][T12986] ? __pfx_qrtr_node_enqueue+0x10/0x10 [ 375.061415][T12986] ? skb_set_owner_w+0x31f/0x710 [ 375.061438][T12986] ? skb_copy_header+0x20/0x2b0 [ 375.061462][T12986] ? __pfx_skb_set_owner_w+0x10/0x10 [ 375.061486][T12986] ? __pfx__copy_from_iter+0x10/0x10 [ 375.061505][T12986] qrtr_bcast_enqueue+0xc7/0x1b0 [ 375.061529][T12986] qrtr_sendmsg+0x450/0x7a0 [ 375.061549][T12986] ? __pfx_qrtr_bcast_enqueue+0x10/0x10 [ 375.061569][T12986] ? __pfx_qrtr_sendmsg+0x10/0x10 [ 375.061596][T12986] sock_write_iter+0x4fc/0x5b0 [ 375.061617][T12986] ? __pfx_sock_write_iter+0x10/0x10 [ 375.061644][T12986] ? bpf_lsm_file_permission+0x9/0x10 [ 375.061659][T12986] ? security_file_permission+0x71/0x210 [ 375.061679][T12986] ? rw_verify_area+0xcf/0x680 [ 375.061702][T12986] vfs_write+0x5ba/0x1180 [ 375.061725][T12986] ? __pfx_sock_write_iter+0x10/0x10 [ 375.061746][T12986] ? __pfx_vfs_write+0x10/0x10 [ 375.061768][T12986] ? find_held_lock+0x2b/0x80 [ 375.061798][T12986] ksys_write+0x205/0x240 [ 375.061821][T12986] ? __pfx_ksys_write+0x10/0x10 [ 375.061846][T12986] ? rcu_is_watching+0x12/0xc0 [ 375.061866][T12986] __do_fast_syscall_32+0x73/0x120 [ 375.061889][T12986] do_fast_syscall_32+0x32/0x80 [ 375.061909][T12986] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 375.061929][T12986] RIP: 0023:0xf745e579 [ 375.061946][T12986] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 375.061961][T12986] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 375.061977][T12986] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000000 [ 375.061987][T12986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 375.061996][T12986] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 375.062006][T12986] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 375.062015][T12986] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 375.062033][T12986] [ 375.587633][T13009] FAULT_INJECTION: forcing a failure. [ 375.587633][T13009] name failslab, interval 1, probability 0, space 0, times 0 [ 375.591423][T13009] CPU: 3 UID: 0 PID: 13009 Comm: syz.3.1709 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 375.591438][T13009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 375.591445][T13009] Call Trace: [ 375.591448][T13009] [ 375.591453][T13009] dump_stack_lvl+0x16c/0x1f0 [ 375.591469][T13009] should_fail_ex+0x512/0x640 [ 375.591486][T13009] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 375.591499][T13009] should_failslab+0xc2/0x120 [ 375.591510][T13009] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 375.591532][T13009] ? vfs_parse_fs_string+0xc3/0x150 [ 375.591544][T13009] kmemdup_nul+0x49/0xf0 [ 375.591558][T13009] vfs_parse_fs_string+0xc3/0x150 [ 375.591568][T13009] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 375.591580][T13009] ? __pfx_udf_init_fs_context+0x10/0x10 [ 375.591595][T13009] ? alloc_fs_context+0x59b/0x9c0 [ 375.591607][T13009] path_mount+0x675/0x1f30 [ 375.591618][T13009] ? kmem_cache_free+0x2d4/0x4d0 [ 375.591633][T13009] ? __pfx_path_mount+0x10/0x10 [ 375.591645][T13009] ? putname+0x154/0x1a0 [ 375.591658][T13009] __ia32_sys_mount+0x28b/0x310 [ 375.591669][T13009] ? __pfx___ia32_sys_mount+0x10/0x10 [ 375.591681][T13009] ? rcu_is_watching+0x12/0xc0 [ 375.591694][T13009] __do_fast_syscall_32+0x73/0x120 [ 375.591709][T13009] do_fast_syscall_32+0x32/0x80 [ 375.591723][T13009] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 375.591736][T13009] RIP: 0023:0xf7fe6579 [ 375.591745][T13009] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 375.591755][T13009] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 375.591765][T13009] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 00000000800000c0 [ 375.591771][T13009] RDX: 0000000080000000 RSI: 0000000000010003 RDI: 0000000000000000 [ 375.591777][T13009] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 375.591783][T13009] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 375.591789][T13009] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 375.591799][T13009] [ 375.826026][ T5937] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 375.826853][T13018] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 376.237694][T13023] input: syz1 as /devices/virtual/input/input94 [ 377.920010][T13074] FAULT_INJECTION: forcing a failure. [ 377.920010][T13074] name failslab, interval 1, probability 0, space 0, times 0 [ 377.923402][T13074] CPU: 2 UID: 0 PID: 13074 Comm: syz.0.1731 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 377.923417][T13074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 377.923424][T13074] Call Trace: [ 377.923427][T13074] [ 377.923432][T13074] dump_stack_lvl+0x16c/0x1f0 [ 377.923449][T13074] should_fail_ex+0x512/0x640 [ 377.923466][T13074] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 377.923482][T13074] should_failslab+0xc2/0x120 [ 377.923493][T13074] __kmalloc_cache_noprof+0x6a/0x3e0 [ 377.923508][T13074] ? bpf_get_raw_tracepoint+0x9c/0x2d0 [ 377.923525][T13074] ? bpf_raw_tp_link_attach+0x18a/0x600 [ 377.923536][T13074] bpf_raw_tp_link_attach+0x18a/0x600 [ 377.923547][T13074] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 377.923557][T13074] ? find_held_lock+0x2b/0x80 [ 377.923569][T13074] ? __fget_files+0x204/0x3c0 [ 377.923582][T13074] ? fput+0x70/0xf0 [ 377.923593][T13074] ? __bpf_prog_get+0xa0/0x290 [ 377.923607][T13074] __sys_bpf+0x3ae/0x4c80 [ 377.923617][T13074] ? __pfx___sys_bpf+0x10/0x10 [ 377.923627][T13074] ? ksys_write+0x190/0x240 [ 377.923643][T13074] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 377.923662][T13074] ? fput+0x70/0xf0 [ 377.923673][T13074] ? ksys_write+0x1b9/0x240 [ 377.923688][T13074] ? __pfx_ksys_write+0x10/0x10 [ 377.923704][T13074] __ia32_sys_bpf+0x76/0xe0 [ 377.923715][T13074] __do_fast_syscall_32+0x73/0x120 [ 377.923729][T13074] do_fast_syscall_32+0x32/0x80 [ 377.923743][T13074] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.923756][T13074] RIP: 0023:0xf745e579 [ 377.923764][T13074] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 377.923774][T13074] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 377.923785][T13074] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000080000080 [ 377.923791][T13074] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 377.923797][T13074] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 377.923803][T13074] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 377.923809][T13074] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 377.923819][T13074] [ 377.926692][ T1411] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.956150][T13070] input: syz1 as /devices/virtual/input/input95 [ 377.958298][ T1411] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.864925][ T836] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 378.957736][T13106] netlink: 'syz.3.1742': attribute type 1 has an invalid length. [ 378.959915][T13106] netlink: 'syz.3.1742': attribute type 3 has an invalid length. [ 378.962057][T13106] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1742'. [ 379.015998][ T836] usb 9-1: too many configurations: 9, using maximum allowed: 8 [ 379.020919][ T836] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 379.023773][ T836] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 379.027808][ T836] usb 9-1: config 0 interface 0 has no altsetting 0 [ 379.032363][ T836] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 379.035128][ T836] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 379.038424][ T836] usb 9-1: config 0 interface 0 has no altsetting 0 [ 379.041450][ T836] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 379.044543][ T836] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 379.047903][ T836] usb 9-1: config 0 interface 0 has no altsetting 0 [ 379.050878][ T836] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 379.053788][ T836] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 379.056998][ T836] usb 9-1: config 0 interface 0 has no altsetting 0 [ 379.062204][ T836] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 379.065753][ T836] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 379.069741][ T836] usb 9-1: config 0 interface 0 has no altsetting 0 [ 379.072709][ T836] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 379.076977][ T836] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 379.083327][ T836] usb 9-1: config 0 interface 0 has no altsetting 0 [ 379.087857][ T836] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 379.090533][ T836] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 379.093761][ T836] usb 9-1: config 0 interface 0 has no altsetting 0 [ 379.105446][ T836] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 379.107889][ T836] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 379.110740][ T836] usb 9-1: config 0 interface 0 has no altsetting 0 [ 379.114922][ T836] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 379.117548][ T836] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 379.119856][ T836] usb 9-1: Product: syz [ 379.121201][ T836] usb 9-1: Manufacturer: syz [ 379.122505][ T836] usb 9-1: SerialNumber: syz [ 379.126617][ T836] usb 9-1: config 0 descriptor?? [ 379.132269][ T836] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0 [ 379.248613][T13114] input: syz1 as /devices/virtual/input/input96 [ 380.255669][T13122] input: syz1 as /devices/virtual/input/input97 [ 380.936254][T13141] netlink: 'syz.0.1751': attribute type 1 has an invalid length. [ 380.938557][T13141] netlink: 'syz.0.1751': attribute type 3 has an invalid length. [ 380.940839][T13141] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1751'. [ 380.994225][T13144] 9pnet_fd: Insufficient options for proto=fd [ 381.376179][ C2] usb 9-1: yurex_control_callback - control failed: -2 [ 381.381965][ T5972] usb 9-1: USB disconnect, device number 3 [ 381.387570][ T5972] yurex 9-1:0.0: USB YUREX #0 now disconnected [ 381.694947][ T6004] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 381.846036][ T6004] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 381.848778][ T6004] usb 8-1: config 0 interface 0 has no altsetting 0 [ 381.852058][ T6004] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 381.854604][ T6004] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 381.857276][ T6004] usb 8-1: Product: syz [ 381.858468][ T6004] usb 8-1: Manufacturer: syz [ 381.859777][ T6004] usb 8-1: SerialNumber: syz [ 381.861851][ T6004] usb 8-1: config 0 descriptor?? [ 381.866984][ T6004] usb 8-1: selecting invalid altsetting 0 [ 382.071243][T13150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1753'. [ 382.087188][ T6004] usb 8-1: USB disconnect, device number 7 [ 382.211105][T13169] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 382.213181][T13169] UDF-fs: Scanning with blocksize 2048 failed [ 382.215816][T13169] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 382.217819][T13169] UDF-fs: Scanning with blocksize 4096 failed [ 382.610955][T13171] input: syz1 as /devices/virtual/input/input98 [ 383.015599][T13191] overlayfs: failed to resolve './file0': -2 [ 383.130493][T13206] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1771'. [ 383.995865][T13225] FAULT_INJECTION: forcing a failure. [ 383.995865][T13225] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 383.999750][T13225] CPU: 1 UID: 0 PID: 13225 Comm: syz.4.1778 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 383.999765][T13225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 383.999771][T13225] Call Trace: [ 383.999780][T13225] [ 383.999784][T13225] dump_stack_lvl+0x16c/0x1f0 [ 383.999802][T13225] should_fail_ex+0x512/0x640 [ 383.999820][T13225] _copy_to_user+0x32/0xd0 [ 383.999832][T13225] simple_read_from_buffer+0xe0/0x170 [ 383.999848][T13225] proc_fail_nth_read+0x197/0x270 [ 383.999864][T13225] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 383.999880][T13225] ? rw_verify_area+0xcf/0x680 [ 383.999894][T13225] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 383.999909][T13225] vfs_read+0x1de/0xc70 [ 383.999925][T13225] ? __pfx___mutex_lock+0x10/0x10 [ 383.999939][T13225] ? __pfx_vfs_read+0x10/0x10 [ 383.999956][T13225] ? __fget_files+0x20e/0x3c0 [ 383.999969][T13225] ksys_read+0x12a/0x240 [ 383.999983][T13225] ? __pfx_ksys_read+0x10/0x10 [ 383.999999][T13225] ? rcu_is_watching+0x12/0xc0 [ 384.000013][T13225] __do_fast_syscall_32+0x73/0x120 [ 384.000028][T13225] do_fast_syscall_32+0x32/0x80 [ 384.000041][T13225] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 384.000055][T13225] RIP: 0023:0xf7fd3579 [ 384.000062][T13225] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 384.000073][T13225] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 384.000083][T13225] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50f6620 [ 384.000089][T13225] RDX: 000000000000000f RSI: 00000000f745cff4 RDI: 0000000000000000 [ 384.000095][T13225] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 384.000101][T13225] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 384.000107][T13225] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 384.000117][T13225] [ 384.057762][ C1] vkms_vblank_simulate: vblank timer overrun [ 384.349464][T13231] input: syz1 as /devices/virtual/input/input99 [ 384.603022][T13243] netlink: 'syz.3.1784': attribute type 1 has an invalid length. [ 384.605567][T13243] netlink: 'syz.3.1784': attribute type 3 has an invalid length. [ 384.607814][T13243] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1784'. [ 385.117615][T13262] xt_bpf: check failed: parse error [ 385.369175][T13285] lo speed is unknown, defaulting to 1000 [ 385.371071][T13285] lo speed is unknown, defaulting to 1000 [ 385.373612][T13285] lo speed is unknown, defaulting to 1000 [ 385.379133][T13285] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 385.383070][T13285] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 385.450305][T13285] lo speed is unknown, defaulting to 1000 [ 385.453117][T13285] lo speed is unknown, defaulting to 1000 [ 385.455871][T13285] lo speed is unknown, defaulting to 1000 [ 385.458049][T13285] lo speed is unknown, defaulting to 1000 [ 385.460293][T13285] lo speed is unknown, defaulting to 1000 [ 385.720823][T13293] netlink: 'syz.4.1794': attribute type 1 has an invalid length. [ 385.723150][T13293] netlink: 'syz.4.1794': attribute type 3 has an invalid length. [ 385.802155][T13293] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1794'. [ 386.868011][T13321] 9pnet_fd: Insufficient options for proto=fd [ 386.978053][T13316] input: syz1 as /devices/virtual/input/input100 [ 388.323171][T13374] syz_tun (unregistering): left allmulticast mode [ 389.243337][T13407] FAULT_INJECTION: forcing a failure. [ 389.243337][T13407] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 389.247605][T13407] CPU: 2 UID: 0 PID: 13407 Comm: syz.3.1832 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 389.247619][T13407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 389.247626][T13407] Call Trace: [ 389.247629][T13407] [ 389.247634][T13407] dump_stack_lvl+0x16c/0x1f0 [ 389.247650][T13407] should_fail_ex+0x512/0x640 [ 389.247668][T13407] strncpy_from_user+0x3b/0x2d0 [ 389.247683][T13407] bpf_prog_load+0x1afb/0x2480 [ 389.247695][T13407] ? __pfx_bpf_prog_load+0x10/0x10 [ 389.247713][T13407] __sys_bpf+0x4890/0x4c80 [ 389.247728][T13407] ? __pfx___sys_bpf+0x10/0x10 [ 389.247743][T13407] ? ksys_write+0x190/0x240 [ 389.247768][T13407] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 389.247792][T13407] ? fput+0x70/0xf0 [ 389.247803][T13407] ? ksys_write+0x1b9/0x240 [ 389.247819][T13407] ? __pfx_ksys_write+0x10/0x10 [ 389.247836][T13407] __ia32_sys_bpf+0x76/0xe0 [ 389.247846][T13407] __do_fast_syscall_32+0x73/0x120 [ 389.247861][T13407] do_fast_syscall_32+0x32/0x80 [ 389.247875][T13407] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 389.247887][T13407] RIP: 0023:0xf7fe6579 [ 389.247895][T13407] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 389.247905][T13407] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 389.247915][T13407] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0 [ 389.247925][T13407] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 389.247934][T13407] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 389.247942][T13407] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 389.247951][T13407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 389.247968][T13407] [ 389.420873][T13418] netlink: 'syz.3.1834': attribute type 4 has an invalid length. [ 389.425217][T13418] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1834'. [ 389.428708][T13418] : renamed from bond0 (while UP) [ 389.671869][T13420] input: syz1 as /devices/virtual/input/input101 [ 390.321999][T13430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1839'. [ 391.092840][T13456] capability: warning: `syz.0.1847' uses deprecated v2 capabilities in a way that may be insecure [ 391.276249][T13466] input: syz1 as /devices/virtual/input/input102 [ 391.441462][T13473] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1854'. [ 391.498885][T13481] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1858'. [ 391.691506][T13490] overlayfs: conflicting options: userxattr,metacopy=on [ 391.765004][ T29] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 391.925241][ T29] usb 8-1: Using ep0 maxpacket: 8 [ 391.927878][ T29] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 391.930052][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 391.933059][ T29] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 391.936492][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 391.939381][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 391.943246][ T29] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 391.945702][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 391.948694][ T29] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 391.960861][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 391.966545][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 391.976732][ T29] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 391.981045][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 391.990948][ T29] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 392.001380][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 392.011219][ T29] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 392.021017][ T29] usb 8-1: string descriptor 0 read error: -22 [ 392.022838][ T29] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 392.029985][ T29] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.042829][ T29] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 392.087952][ T40] audit: type=1326 audit(1743206209.216:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.096578][ T40] audit: type=1326 audit(1743206209.216:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.104295][ T40] audit: type=1326 audit(1743206209.216:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.112215][ T40] audit: type=1326 audit(1743206209.216:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.120228][ T40] audit: type=1326 audit(1743206209.216:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.129880][ T40] audit: type=1326 audit(1743206209.216:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.136710][ T40] audit: type=1326 audit(1743206209.216:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.143751][ T40] audit: type=1326 audit(1743206209.246:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.150833][ T40] audit: type=1326 audit(1743206209.256:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.157350][ T40] audit: type=1326 audit(1743206209.256:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13500 comm="syz.0.1866" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 392.185827][T13501] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1866'. [ 392.242999][ T29] usb 8-1: USB disconnect, device number 8 [ 393.312465][T13537] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(13) [ 393.315010][T13537] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 393.320277][T13537] vhci_hcd vhci_hcd.0: Device attached [ 393.324602][T13542] vhci_hcd: connection closed [ 393.328308][ T1146] vhci_hcd: stop threads [ 393.331309][ T1146] vhci_hcd: release socket [ 393.332599][ T1146] vhci_hcd: disconnect device [ 393.733716][T13544] input: syz1 as /devices/virtual/input/input103 [ 393.810911][T13548] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1880'. [ 393.981487][T13557] FAULT_INJECTION: forcing a failure. [ 393.981487][T13557] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 393.985108][T13557] CPU: 2 UID: 0 PID: 13557 Comm: syz.4.1882 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 393.985122][T13557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 393.985129][T13557] Call Trace: [ 393.985132][T13557] [ 393.985137][T13557] dump_stack_lvl+0x16c/0x1f0 [ 393.985154][T13557] should_fail_ex+0x512/0x640 [ 393.985172][T13557] _copy_from_user+0x2e/0xd0 [ 393.985182][T13557] get_compat_msghdr+0xa7/0x170 [ 393.985200][T13557] ? __pfx_get_compat_msghdr+0x10/0x10 [ 393.985219][T13557] ___sys_sendmsg+0x1ae/0x1d0 [ 393.985231][T13557] ? __pfx____sys_sendmsg+0x10/0x10 [ 393.985251][T13557] __sys_sendmsg+0x16d/0x220 [ 393.985261][T13557] ? __pfx___sys_sendmsg+0x10/0x10 [ 393.985275][T13557] ? rcu_is_watching+0x12/0xc0 [ 393.985288][T13557] __do_fast_syscall_32+0x73/0x120 [ 393.985303][T13557] do_fast_syscall_32+0x32/0x80 [ 393.985316][T13557] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 393.985330][T13557] RIP: 0023:0xf7fd3579 [ 393.985337][T13557] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 393.985348][T13557] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 393.985358][T13557] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180 [ 393.985364][T13557] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 393.985370][T13557] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 393.985376][T13557] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 393.985382][T13557] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 393.985392][T13557] [ 394.084403][T13564] program syz.4.1884 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 394.764722][T13584] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 394.767066][T13584] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 395.462079][T13592] FAULT_INJECTION: forcing a failure. [ 395.462079][T13592] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 395.467888][T13592] CPU: 1 UID: 0 PID: 13592 Comm: syz.0.1893 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 395.467924][T13592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 395.467933][T13592] Call Trace: [ 395.467939][T13592] [ 395.467945][T13592] dump_stack_lvl+0x16c/0x1f0 [ 395.467968][T13592] should_fail_ex+0x512/0x640 [ 395.467989][T13592] _copy_from_user+0x2e/0xd0 [ 395.468005][T13592] get_compat_msghdr+0xa7/0x170 [ 395.468034][T13592] ? __pfx_get_compat_msghdr+0x10/0x10 [ 395.468058][T13592] ? find_held_lock+0x2b/0x80 [ 395.468078][T13592] ___sys_sendmsg+0x1ae/0x1d0 [ 395.468091][T13592] ? __pfx____sys_sendmsg+0x10/0x10 [ 395.468124][T13592] __sys_sendmsg+0x16d/0x220 [ 395.468138][T13592] ? __pfx___sys_sendmsg+0x10/0x10 [ 395.468152][T13592] ? irqentry_exit+0x3b/0x90 [ 395.468175][T13592] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 395.468202][T13592] __do_fast_syscall_32+0x73/0x120 [ 395.468219][T13592] do_fast_syscall_32+0x32/0x80 [ 395.468238][T13592] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 395.468256][T13592] RIP: 0023:0xf745e579 [ 395.468268][T13592] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 395.468282][T13592] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 395.468297][T13592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 395.468306][T13592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 395.468315][T13592] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 395.468335][T13592] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 395.468344][T13592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 395.468361][T13592] [ 395.540011][T13598] FAULT_INJECTION: forcing a failure. [ 395.540011][T13598] name failslab, interval 1, probability 0, space 0, times 0 [ 395.544088][T13598] CPU: 0 UID: 0 PID: 13598 Comm: syz.3.1895 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 395.544121][T13598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 395.544130][T13598] Call Trace: [ 395.544134][T13598] [ 395.544138][T13598] dump_stack_lvl+0x16c/0x1f0 [ 395.544155][T13598] should_fail_ex+0x512/0x640 [ 395.544172][T13598] ? fs_reclaim_acquire+0xae/0x150 [ 395.544187][T13598] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 395.544200][T13598] should_failslab+0xc2/0x120 [ 395.544211][T13598] __kmalloc_noprof+0xd2/0x510 [ 395.544222][T13598] tomoyo_realpath_from_path+0xc2/0x6e0 [ 395.544236][T13598] ? tomoyo_profile+0x47/0x60 [ 395.544251][T13598] tomoyo_path_number_perm+0x245/0x580 [ 395.544260][T13598] ? tomoyo_path_number_perm+0x237/0x580 [ 395.544271][T13598] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 395.544282][T13598] ? find_held_lock+0x2b/0x80 [ 395.544303][T13598] ? find_held_lock+0x2b/0x80 [ 395.544315][T13598] ? __fget_files+0x204/0x3c0 [ 395.544325][T13598] ? __fget_files+0x20e/0x3c0 [ 395.544336][T13598] security_file_ioctl_compat+0x9b/0x240 [ 395.544348][T13598] __do_compat_sys_ioctl+0x4e/0x2c0 [ 395.544363][T13598] __do_fast_syscall_32+0x73/0x120 [ 395.544378][T13598] do_fast_syscall_32+0x32/0x80 [ 395.544391][T13598] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 395.544404][T13598] RIP: 0023:0xf7fe6579 [ 395.544413][T13598] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 395.544428][T13598] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 395.544441][T13598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0386105 [ 395.544447][T13598] RDX: 0000000080000480 RSI: 0000000000000000 RDI: 0000000000000000 [ 395.544456][T13598] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 395.544465][T13598] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 395.544474][T13598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 395.544486][T13598] [ 395.544500][T13598] ERROR: Out of memory at tomoyo_realpath_from_path. [ 395.655817][T13605] FAULT_INJECTION: forcing a failure. [ 395.655817][T13605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 395.659475][T13605] CPU: 0 UID: 0 PID: 13605 Comm: syz.3.1899 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 395.659489][T13605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 395.659496][T13605] Call Trace: [ 395.659499][T13605] [ 395.659504][T13605] dump_stack_lvl+0x16c/0x1f0 [ 395.659520][T13605] should_fail_ex+0x512/0x640 [ 395.659539][T13605] _copy_to_user+0x32/0xd0 [ 395.659550][T13605] simple_read_from_buffer+0xe0/0x170 [ 395.659566][T13605] proc_fail_nth_read+0x197/0x270 [ 395.659582][T13605] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 395.659598][T13605] ? rw_verify_area+0xcf/0x680 [ 395.659612][T13605] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 395.659627][T13605] vfs_read+0x1de/0xc70 [ 395.659644][T13605] ? __pfx___mutex_lock+0x10/0x10 [ 395.659657][T13605] ? __pfx_vfs_read+0x10/0x10 [ 395.659674][T13605] ? __fget_files+0x20e/0x3c0 [ 395.659686][T13605] ksys_read+0x12a/0x240 [ 395.659701][T13605] ? __pfx_ksys_read+0x10/0x10 [ 395.659716][T13605] ? rcu_is_watching+0x12/0xc0 [ 395.659730][T13605] __do_fast_syscall_32+0x73/0x120 [ 395.659744][T13605] do_fast_syscall_32+0x32/0x80 [ 395.659758][T13605] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 395.659771][T13605] RIP: 0023:0xf7fe6579 [ 395.659779][T13605] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 395.659789][T13605] RSP: 002b:00000000f5106590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 395.659799][T13605] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5106620 [ 395.659805][T13605] RDX: 000000000000000f RSI: 00000000f746cff4 RDI: 0000000000000000 [ 395.659811][T13605] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 395.659817][T13605] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 395.659823][T13605] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 395.659833][T13605] [ 395.829592][T13614] FAULT_INJECTION: forcing a failure. [ 395.829592][T13614] name failslab, interval 1, probability 0, space 0, times 0 [ 395.833516][T13614] CPU: 3 UID: 0 PID: 13614 Comm: syz.0.1905 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 395.833538][T13614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 395.833549][T13614] Call Trace: [ 395.833554][T13614] [ 395.833560][T13614] dump_stack_lvl+0x16c/0x1f0 [ 395.833585][T13614] should_fail_ex+0x512/0x640 [ 395.833610][T13614] ? fs_reclaim_acquire+0xae/0x150 [ 395.833631][T13614] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 395.833651][T13614] should_failslab+0xc2/0x120 [ 395.833668][T13614] __kmalloc_noprof+0xd2/0x510 [ 395.833686][T13614] tomoyo_realpath_from_path+0xc2/0x6e0 [ 395.833706][T13614] ? tomoyo_profile+0x47/0x60 [ 395.833729][T13614] tomoyo_path_number_perm+0x245/0x580 [ 395.833743][T13614] ? tomoyo_path_number_perm+0x237/0x580 [ 395.833759][T13614] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 395.833776][T13614] ? find_held_lock+0x2b/0x80 [ 395.833808][T13614] ? find_held_lock+0x2b/0x80 [ 395.833826][T13614] ? __fget_files+0x204/0x3c0 [ 395.833843][T13614] ? __fget_files+0x20e/0x3c0 [ 395.833859][T13614] security_file_ioctl_compat+0x9b/0x240 [ 395.833877][T13614] __do_compat_sys_ioctl+0x4e/0x2c0 [ 395.833899][T13614] __do_fast_syscall_32+0x73/0x120 [ 395.833920][T13614] do_fast_syscall_32+0x32/0x80 [ 395.833941][T13614] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 395.833960][T13614] RIP: 0023:0xf745e579 [ 395.833972][T13614] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 395.833991][T13614] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 395.834006][T13614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af12 [ 395.834016][T13614] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 395.834025][T13614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 395.834034][T13614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 395.834043][T13614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 395.834061][T13614] [ 395.834067][T13614] ERROR: Out of memory at tomoyo_realpath_from_path. [ 396.079078][T13638] FAULT_INJECTION: forcing a failure. [ 396.079078][T13638] name failslab, interval 1, probability 0, space 0, times 0 [ 396.082466][T13638] CPU: 2 UID: 0 PID: 13638 Comm: syz.0.1914 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 396.082482][T13638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 396.082488][T13638] Call Trace: [ 396.082492][T13638] [ 396.082496][T13638] dump_stack_lvl+0x16c/0x1f0 [ 396.082513][T13638] should_fail_ex+0x512/0x640 [ 396.082530][T13638] ? fs_reclaim_acquire+0xae/0x150 [ 396.082545][T13638] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 396.082559][T13638] should_failslab+0xc2/0x120 [ 396.082570][T13638] __kmalloc_noprof+0xd2/0x510 [ 396.082581][T13638] tomoyo_realpath_from_path+0xc2/0x6e0 [ 396.082595][T13638] ? tomoyo_profile+0x47/0x60 [ 396.082609][T13638] tomoyo_path_number_perm+0x245/0x580 [ 396.082619][T13638] ? tomoyo_path_number_perm+0x237/0x580 [ 396.082630][T13638] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 396.082640][T13638] ? find_held_lock+0x2b/0x80 [ 396.082661][T13638] ? find_held_lock+0x2b/0x80 [ 396.082673][T13638] ? __fget_files+0x204/0x3c0 [ 396.082684][T13638] ? __fget_files+0x20e/0x3c0 [ 396.082694][T13638] security_file_ioctl_compat+0x9b/0x240 [ 396.082707][T13638] __do_compat_sys_ioctl+0x4e/0x2c0 [ 396.082721][T13638] __do_fast_syscall_32+0x73/0x120 [ 396.082737][T13638] do_fast_syscall_32+0x32/0x80 [ 396.082750][T13638] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 396.082763][T13638] RIP: 0023:0xf745e579 [ 396.082771][T13638] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 396.082781][T13638] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 396.082792][T13638] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000007b1 [ 396.082798][T13638] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 396.082804][T13638] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 396.082810][T13638] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 396.082816][T13638] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 396.082826][T13638] [ 396.082830][T13638] ERROR: Out of memory at tomoyo_realpath_from_path. [ 396.088223][T13640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1915'. [ 396.150450][T13640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1915'. [ 396.202737][T13649] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 396.205418][T13649] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 396.234534][T13651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1917'. [ 396.254298][T13651] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 396.257999][T13651] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 396.261122][T13651] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 396.264208][T13651] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 396.268155][T13651] vxlan0: entered promiscuous mode [ 396.676740][T13656] input: syz1 as /devices/virtual/input/input104 [ 396.917667][T13663] ip6erspan0: entered promiscuous mode [ 397.069058][T13671] netlink: 'syz.2.1924': attribute type 10 has an invalid length. [ 397.070999][T13672] FAULT_INJECTION: forcing a failure. [ 397.070999][T13672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 397.075019][T13672] CPU: 2 UID: 0 PID: 13672 Comm: syz.4.1923 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 397.075033][T13672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 397.075040][T13672] Call Trace: [ 397.075043][T13672] [ 397.075047][T13672] dump_stack_lvl+0x16c/0x1f0 [ 397.075063][T13672] should_fail_ex+0x512/0x640 [ 397.075081][T13672] _copy_from_user+0x2e/0xd0 [ 397.075091][T13672] get_compat_msghdr+0xa7/0x170 [ 397.075109][T13672] ? __pfx_get_compat_msghdr+0x10/0x10 [ 397.075128][T13672] ___sys_sendmsg+0x1ae/0x1d0 [ 397.075139][T13672] ? __pfx____sys_sendmsg+0x10/0x10 [ 397.075160][T13672] __sys_sendmsg+0x16d/0x220 [ 397.075170][T13672] ? __pfx___sys_sendmsg+0x10/0x10 [ 397.075183][T13672] ? rcu_is_watching+0x12/0xc0 [ 397.075197][T13672] __do_fast_syscall_32+0x73/0x120 [ 397.075212][T13672] do_fast_syscall_32+0x32/0x80 [ 397.075225][T13672] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 397.075238][T13672] RIP: 0023:0xf7fd3579 [ 397.075246][T13672] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 397.075257][T13672] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 397.075267][T13672] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 397.075274][T13672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 397.075280][T13672] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 397.075286][T13672] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 397.075292][T13672] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 397.075302][T13672] [ 397.084242][T13671] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 397.238471][T13679] FAULT_INJECTION: forcing a failure. [ 397.238471][T13679] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 397.242042][T13679] CPU: 3 UID: 0 PID: 13679 Comm: syz.0.1927 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 397.242057][T13679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 397.242064][T13679] Call Trace: [ 397.242067][T13679] [ 397.242072][T13679] dump_stack_lvl+0x16c/0x1f0 [ 397.242088][T13679] should_fail_ex+0x512/0x640 [ 397.242106][T13679] _copy_from_user+0x2e/0xd0 [ 397.242127][T13679] get_compat_msghdr+0xa7/0x170 [ 397.242147][T13679] ? __pfx_get_compat_msghdr+0x10/0x10 [ 397.242168][T13679] ___sys_sendmsg+0x1ae/0x1d0 [ 397.242178][T13679] ? __pfx____sys_sendmsg+0x10/0x10 [ 397.242199][T13679] __sys_sendmsg+0x16d/0x220 [ 397.242209][T13679] ? __pfx___sys_sendmsg+0x10/0x10 [ 397.242223][T13679] ? rcu_is_watching+0x12/0xc0 [ 397.242238][T13679] __do_fast_syscall_32+0x73/0x120 [ 397.242252][T13679] do_fast_syscall_32+0x32/0x80 [ 397.242265][T13679] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 397.242278][T13679] RIP: 0023:0xf745e579 [ 397.242286][T13679] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 397.242296][T13679] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 397.242306][T13679] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 397.242312][T13679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 397.242318][T13679] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 397.242324][T13679] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 397.242329][T13679] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 397.242340][T13679] [ 397.321989][T13683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1930'. [ 397.327295][T13683] fuse: Unknown parameter '' [ 397.705603][T13661] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.708037][T13661] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.710353][T13661] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.712645][T13661] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.754835][T13661] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 397.759108][T13661] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 397.761676][T13661] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 397.764352][T13661] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 397.776343][T13661] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 398.174149][T13705] input: syz1 as /devices/virtual/input/input105 [ 398.345720][T13712] FAULT_INJECTION: forcing a failure. [ 398.345720][T13712] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 398.349292][T13712] CPU: 3 UID: 0 PID: 13712 Comm: syz.0.1940 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 398.349307][T13712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 398.349314][T13712] Call Trace: [ 398.349318][T13712] [ 398.349322][T13712] dump_stack_lvl+0x16c/0x1f0 [ 398.349338][T13712] should_fail_ex+0x512/0x640 [ 398.349356][T13712] _copy_from_user+0x2e/0xd0 [ 398.349367][T13712] __ia32_sys_epoll_ctl+0x130/0x1e0 [ 398.349383][T13712] ? __pfx___ia32_sys_epoll_ctl+0x10/0x10 [ 398.349400][T13712] ? rcu_is_watching+0x12/0xc0 [ 398.349414][T13712] __do_fast_syscall_32+0x73/0x120 [ 398.349429][T13712] do_fast_syscall_32+0x32/0x80 [ 398.349442][T13712] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 398.349456][T13712] RIP: 0023:0xf745e579 [ 398.349463][T13712] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 398.349474][T13712] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 00000000000000ff [ 398.349484][T13712] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001 [ 398.349490][T13712] RDX: 0000000000000003 RSI: 0000000080000140 RDI: 0000000000000000 [ 398.349496][T13712] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 398.349502][T13712] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 398.349508][T13712] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 398.349529][T13712] [ 398.757966][T13737] FAULT_INJECTION: forcing a failure. [ 398.757966][T13737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 398.762614][T13737] CPU: 0 UID: 0 PID: 13737 Comm: syz.4.1951 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 398.762632][T13737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 398.762640][T13737] Call Trace: [ 398.762644][T13737] [ 398.762650][T13737] dump_stack_lvl+0x16c/0x1f0 [ 398.762671][T13737] should_fail_ex+0x512/0x640 [ 398.762693][T13737] _copy_from_user+0x2e/0xd0 [ 398.762705][T13737] move_addr_to_kernel+0x74/0x160 [ 398.762724][T13737] __sys_connect+0xaf/0x170 [ 398.762746][T13737] ? __pfx___sys_connect+0x10/0x10 [ 398.762768][T13737] ? __pfx_ksys_write+0x10/0x10 [ 398.762790][T13737] __ia32_sys_connect+0x71/0xb0 [ 398.762808][T13737] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 398.762825][T13737] __do_fast_syscall_32+0x73/0x120 [ 398.762843][T13737] do_fast_syscall_32+0x32/0x80 [ 398.762859][T13737] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 398.762875][T13737] RIP: 0023:0xf7fd3579 [ 398.762884][T13737] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 398.762897][T13737] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 398.762910][T13737] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000 [ 398.762917][T13737] RDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000 [ 398.762925][T13737] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 398.762932][T13737] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 398.762939][T13737] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 398.762951][T13737] [ 399.008943][T13752] FAULT_INJECTION: forcing a failure. [ 399.008943][T13752] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 399.012521][T13752] CPU: 2 UID: 0 PID: 13752 Comm: syz.4.1957 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 399.012540][T13752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 399.012549][T13752] Call Trace: [ 399.012554][T13752] [ 399.012560][T13752] dump_stack_lvl+0x16c/0x1f0 [ 399.012581][T13752] should_fail_ex+0x512/0x640 [ 399.012599][T13752] _copy_from_user+0x2e/0xd0 [ 399.012610][T13752] get_compat_msghdr+0xa7/0x170 [ 399.012627][T13752] ? __pfx_get_compat_msghdr+0x10/0x10 [ 399.012647][T13752] ___sys_sendmsg+0x1ae/0x1d0 [ 399.012658][T13752] ? __pfx____sys_sendmsg+0x10/0x10 [ 399.012685][T13752] __sys_sendmsg+0x16d/0x220 [ 399.012700][T13752] ? __pfx___sys_sendmsg+0x10/0x10 [ 399.012719][T13752] ? rcu_is_watching+0x12/0xc0 [ 399.012737][T13752] __do_fast_syscall_32+0x73/0x120 [ 399.012756][T13752] do_fast_syscall_32+0x32/0x80 [ 399.012774][T13752] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 399.012792][T13752] RIP: 0023:0xf7fd3579 [ 399.012800][T13752] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 399.012810][T13752] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 399.012821][T13752] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000500 [ 399.012827][T13752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 399.012833][T13752] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 399.012838][T13752] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 399.012844][T13752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 399.012855][T13752] [ 399.359841][T13761] input: syz0 as /devices/virtual/input/input106 [ 399.365812][T13761] FAULT_INJECTION: forcing a failure. [ 399.365812][T13761] name failslab, interval 1, probability 0, space 0, times 0 [ 399.370014][T13761] CPU: 1 UID: 0 PID: 13761 Comm: syz.3.1960 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 399.370029][T13761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 399.370036][T13761] Call Trace: [ 399.370039][T13761] [ 399.370043][T13761] dump_stack_lvl+0x16c/0x1f0 [ 399.370059][T13761] should_fail_ex+0x512/0x640 [ 399.370076][T13761] ? fs_reclaim_acquire+0xae/0x150 [ 399.370091][T13761] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 399.370104][T13761] should_failslab+0xc2/0x120 [ 399.370116][T13761] __kmalloc_noprof+0xd2/0x510 [ 399.370127][T13761] tomoyo_realpath_from_path+0xc2/0x6e0 [ 399.370141][T13761] ? tomoyo_profile+0x47/0x60 [ 399.370155][T13761] tomoyo_path_number_perm+0x245/0x580 [ 399.370165][T13761] ? tomoyo_path_number_perm+0x237/0x580 [ 399.370176][T13761] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 399.370187][T13761] ? find_held_lock+0x2b/0x80 [ 399.370208][T13761] ? find_held_lock+0x2b/0x80 [ 399.370219][T13761] ? __fget_files+0x204/0x3c0 [ 399.370230][T13761] ? __fget_files+0x20e/0x3c0 [ 399.370240][T13761] security_file_ioctl_compat+0x9b/0x240 [ 399.370252][T13761] __do_compat_sys_ioctl+0x4e/0x2c0 [ 399.370267][T13761] __do_fast_syscall_32+0x73/0x120 [ 399.370281][T13761] do_fast_syscall_32+0x32/0x80 [ 399.370295][T13761] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 399.370308][T13761] RIP: 0023:0xf7fe6579 [ 399.370315][T13761] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 399.370326][T13761] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 399.370336][T13761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008000552c [ 399.370342][T13761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 399.370348][T13761] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 399.370354][T13761] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 399.370360][T13761] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 399.370370][T13761] [ 399.370375][T13761] ERROR: Out of memory at tomoyo_realpath_from_path. [ 399.523500][T13768] netlink: 'syz.3.1961': attribute type 1 has an invalid length. [ 399.529006][T13768] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1961'. [ 399.533336][T13768] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1961'. [ 400.007318][T13775] netlink: 'syz.4.1965': attribute type 4 has an invalid length. [ 400.030784][T13777] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1966'. [ 400.043880][T13777] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1966'. [ 400.103200][T13777] fuse: Unknown parameter 'd' [ 400.822097][T13789] FAULT_INJECTION: forcing a failure. [ 400.822097][T13789] name failslab, interval 1, probability 0, space 0, times 0 [ 400.825842][T13789] CPU: 2 UID: 0 PID: 13789 Comm: syz.0.1969 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 400.825858][T13789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 400.825864][T13789] Call Trace: [ 400.825868][T13789] [ 400.825872][T13789] dump_stack_lvl+0x16c/0x1f0 [ 400.825889][T13789] should_fail_ex+0x512/0x640 [ 400.825905][T13789] ? fs_reclaim_acquire+0xae/0x150 [ 400.825920][T13789] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 400.825934][T13789] should_failslab+0xc2/0x120 [ 400.825951][T13789] __kmalloc_noprof+0xd2/0x510 [ 400.825963][T13789] tomoyo_realpath_from_path+0xc2/0x6e0 [ 400.825976][T13789] ? tomoyo_profile+0x47/0x60 [ 400.825991][T13789] tomoyo_path_number_perm+0x245/0x580 [ 400.826001][T13789] ? tomoyo_path_number_perm+0x237/0x580 [ 400.826011][T13789] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 400.826022][T13789] ? find_held_lock+0x2b/0x80 [ 400.826042][T13789] ? find_held_lock+0x2b/0x80 [ 400.826054][T13789] ? __fget_files+0x204/0x3c0 [ 400.826065][T13789] ? __fget_files+0x20e/0x3c0 [ 400.826075][T13789] security_file_ioctl_compat+0x9b/0x240 [ 400.826087][T13789] __do_compat_sys_ioctl+0x4e/0x2c0 [ 400.826102][T13789] __do_fast_syscall_32+0x73/0x120 [ 400.826116][T13789] do_fast_syscall_32+0x32/0x80 [ 400.826130][T13789] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 400.826142][T13789] RIP: 0023:0xf745e579 [ 400.826150][T13789] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 400.826161][T13789] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 400.826171][T13789] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000400448c9 [ 400.826177][T13789] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 400.826183][T13789] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 400.826189][T13789] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 400.826195][T13789] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 400.826206][T13789] [ 400.882316][T13789] ERROR: Out of memory at tomoyo_realpath_from_path. [ 401.341213][T13799] input: syz1 as /devices/virtual/input/input107 [ 402.594572][T13824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1980'. [ 402.804949][ T5953] Bluetooth: hci4: command 0x0405 tx timeout [ 403.192112][T13833] FAULT_INJECTION: forcing a failure. [ 403.192112][T13833] name failslab, interval 1, probability 0, space 0, times 0 [ 403.196749][T13833] CPU: 3 UID: 0 PID: 13833 Comm: syz.3.1982 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 403.196768][T13833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 403.196777][T13833] Call Trace: [ 403.196781][T13833] [ 403.196786][T13833] dump_stack_lvl+0x16c/0x1f0 [ 403.196807][T13833] should_fail_ex+0x512/0x640 [ 403.196827][T13833] ? fs_reclaim_acquire+0xae/0x150 [ 403.196845][T13833] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 403.196885][T13833] should_failslab+0xc2/0x120 [ 403.196899][T13833] __kmalloc_noprof+0xd2/0x510 [ 403.196915][T13833] tomoyo_realpath_from_path+0xc2/0x6e0 [ 403.196931][T13833] ? tomoyo_profile+0x47/0x60 [ 403.196950][T13833] tomoyo_path_number_perm+0x245/0x580 [ 403.196962][T13833] ? tomoyo_path_number_perm+0x237/0x580 [ 403.196985][T13833] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 403.197000][T13833] ? find_held_lock+0x2b/0x80 [ 403.197027][T13833] ? find_held_lock+0x2b/0x80 [ 403.197042][T13833] ? __fget_files+0x204/0x3c0 [ 403.197057][T13833] ? __fget_files+0x20e/0x3c0 [ 403.197071][T13833] security_file_ioctl_compat+0x9b/0x240 [ 403.197087][T13833] __do_compat_sys_ioctl+0x4e/0x2c0 [ 403.197106][T13833] __do_fast_syscall_32+0x73/0x120 [ 403.197126][T13833] do_fast_syscall_32+0x32/0x80 [ 403.197143][T13833] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 403.197161][T13833] RIP: 0023:0xf7fe6579 [ 403.197173][T13833] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 403.197188][T13833] RSP: 002b:00000000f50e555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 403.197202][T13833] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c008561c [ 403.197212][T13833] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 403.197220][T13833] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 403.197229][T13833] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 403.197238][T13833] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 403.197255][T13833] [ 403.197294][T13833] ERROR: Out of memory at tomoyo_realpath_from_path. [ 403.263565][T13833] vivid-006: disconnect [ 403.267257][T13831] vivid-006: reconnect [ 403.353581][T13840] vivid-006: disconnect [ 403.356978][T13836] vivid-006: reconnect [ 404.054073][T13868] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1996'. [ 404.118345][T13873] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1997'. [ 404.142595][T13875] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1997'. [ 404.337786][T13894] Illegal XDP return value 4294967294 on prog (id 284) dev N/A, expect packet loss! [ 404.406557][T13898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2006'. [ 405.267722][T13907] FAULT_INJECTION: forcing a failure. [ 405.267722][T13907] name failslab, interval 1, probability 0, space 0, times 0 [ 405.274369][T13907] CPU: 2 UID: 0 PID: 13907 Comm: syz.3.2009 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 405.274386][T13907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 405.274393][T13907] Call Trace: [ 405.274396][T13907] [ 405.274400][T13907] dump_stack_lvl+0x16c/0x1f0 [ 405.274417][T13907] should_fail_ex+0x512/0x640 [ 405.274433][T13907] ? fs_reclaim_acquire+0xae/0x150 [ 405.274448][T13907] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 405.274461][T13907] should_failslab+0xc2/0x120 [ 405.274473][T13907] __kmalloc_noprof+0xd2/0x510 [ 405.274484][T13907] tomoyo_realpath_from_path+0xc2/0x6e0 [ 405.274498][T13907] ? tomoyo_profile+0x47/0x60 [ 405.274514][T13907] tomoyo_path_number_perm+0x245/0x580 [ 405.274524][T13907] ? tomoyo_path_number_perm+0x237/0x580 [ 405.274536][T13907] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 405.274547][T13907] ? find_held_lock+0x2b/0x80 [ 405.274569][T13907] ? find_held_lock+0x2b/0x80 [ 405.274581][T13907] ? __fget_files+0x204/0x3c0 [ 405.274593][T13907] ? __fget_files+0x20e/0x3c0 [ 405.274603][T13907] security_file_ioctl_compat+0x9b/0x240 [ 405.274616][T13907] __do_compat_sys_ioctl+0x4e/0x2c0 [ 405.274632][T13907] __do_fast_syscall_32+0x73/0x120 [ 405.274647][T13907] do_fast_syscall_32+0x32/0x80 [ 405.274661][T13907] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 405.274675][T13907] RIP: 0023:0xf7fe6579 [ 405.274683][T13907] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 405.274694][T13907] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 405.274705][T13907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040085618 [ 405.274712][T13907] RDX: 0000000080000480 RSI: 0000000000000000 RDI: 0000000000000000 [ 405.274719][T13907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 405.274725][T13907] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 405.274731][T13907] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 405.274742][T13907] [ 405.274746][T13907] ERROR: Out of memory at tomoyo_realpath_from_path. [ 405.496615][T13930] netlink: 1327 bytes leftover after parsing attributes in process `syz.3.2017'. [ 405.726542][T13939] kernel profiling enabled (shift: 7) [ 405.759380][T13939] ------------[ cut here ]------------ [ 405.760991][T13939] WARNING: CPU: 1 PID: 13939 at ./include/net/netdev_lock.h:54 dev_xdp_install+0x610/0x9b0 [ 405.763724][T13939] Modules linked in: [ 405.765324][T13939] CPU: 1 UID: 0 PID: 13939 Comm: syz.4.2018 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 405.770272][T13939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 405.773234][T13939] RIP: 0010:dev_xdp_install+0x610/0x9b0 [ 405.775068][T13939] Code: 8d bc 24 28 0d 00 00 be ff ff ff ff e8 59 cc 26 02 31 ff 89 c5 89 c6 e8 ae 76 7d f8 85 ed 0f 85 59 fb ff ff e8 71 7b 7d f8 90 <0f> 0b 90 e9 4b fb ff ff e8 63 7b 7d f8 49 8d bc 24 28 0d 00 00 be [ 405.780389][T13939] RSP: 0018:ffffc90026ad7940 EFLAGS: 00010283 [ 405.782084][T13939] RAX: 0000000000000275 RBX: ffff8880789bccbd RCX: ffffc90031863000 [ 405.784265][T13939] RDX: 0000000000080000 RSI: ffffffff893dc80f RDI: 0000000000000005 [ 405.786477][T13939] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 405.788618][T13939] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880789bc000 [ 405.790830][T13939] R13: ffffffff8708e1f0 R14: ffffc90007691000 R15: 0000000000000002 [ 405.793022][T13939] FS: 0000000000000000(0000) GS:ffff888097920000(0063) knlGS:00000000f50b4b40 [ 405.795533][T13939] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 405.797395][T13939] CR2: 000000002ea1dff8 CR3: 0000000066504000 CR4: 0000000000352ef0 [ 405.799593][T13939] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 405.801793][T13939] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 405.804012][T13939] Call Trace: [ 405.805312][T13939] [ 405.806153][T13939] ? __warn+0xea/0x3c0 [ 405.807282][T13939] ? dev_xdp_install+0x610/0x9b0 [ 405.808925][T13939] ? report_bug+0x3c3/0x580 [ 405.810233][T13939] ? dev_xdp_install+0x610/0x9b0 [ 405.811637][T13939] ? handle_bug+0x184/0x210 [ 405.813120][T13939] ? exc_invalid_op+0x17/0x50 [ 405.814452][T13939] ? asm_exc_invalid_op+0x1a/0x20 [ 405.816448][T13939] ? __pfx_nsim_bpf+0x10/0x10 [ 405.817818][T13939] ? dev_xdp_install+0x60f/0x9b0 [ 405.819202][T13939] ? dev_xdp_install+0x610/0x9b0 [ 405.820594][T13939] ? __pfx_nsim_bpf+0x10/0x10 [ 405.821912][T13939] ? __pfx_dev_xdp_install+0x10/0x10 [ 405.823401][T13939] ? __pfx___up_read+0x10/0x10 [ 405.824723][T13939] ? __pfx_nsim_bpf+0x10/0x10 [ 405.826377][T13939] dev_xdp_attach+0x6d1/0x16a0 [ 405.827699][T13939] ? __pfx_dev_xdp_attach+0x10/0x10 [ 405.829133][T13939] bpf_xdp_link_attach+0x2c5/0x680 [ 405.830575][T13939] ? __pfx_bpf_xdp_link_attach+0x10/0x10 [ 405.832170][T13939] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 405.833850][T13939] __sys_bpf+0x1bc7/0x4c80 [ 405.835460][T13939] ? __pfx___sys_bpf+0x10/0x10 [ 405.836802][T13939] ? __schedule+0x1186/0x5de0 [ 405.838125][T13939] ? do_futex+0x122/0x350 [ 405.839349][T13939] ? __pfx_do_futex+0x10/0x10 [ 405.840679][T13939] ? xfd_validate_state+0x5d/0x180 [ 405.842126][T13939] ? rcu_is_watching+0x12/0xc0 [ 405.843465][T13939] __ia32_sys_bpf+0x76/0xe0 [ 405.844738][T13939] __do_fast_syscall_32+0x73/0x120 [ 405.846483][T13939] do_fast_syscall_32+0x32/0x80 [ 405.847847][T13939] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 405.849613][T13939] RIP: 0023:0xf7fd3579 [ 405.850771][T13939] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 405.855992][T13939] RSP: 002b:00000000f50b455c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 405.858246][T13939] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000080000240 [ 405.860423][T13939] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000 [ 405.862530][T13939] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 405.864575][T13939] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 405.866776][T13939] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 405.868911][T13939] [ 405.869790][T13939] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 405.871747][T13939] CPU: 1 UID: 0 PID: 13939 Comm: syz.4.2018 Not tainted 6.14.0-syzkaller-07422-gacb4f33713b9 #0 PREEMPT(full) [ 405.874847][T13939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 405.878051][T13939] Call Trace: [ 405.878985][T13939] [ 405.879808][T13939] dump_stack_lvl+0x3d/0x1f0 [ 405.881084][T13939] panic+0x71c/0x800 [ 405.882168][T13939] ? __pfx_panic+0x10/0x10 [ 405.883391][T13939] ? show_trace_log_lvl+0x29c/0x3c0 [ 405.884799][T13939] ? dev_xdp_install+0x610/0x9b0 [ 405.886171][T13939] check_panic_on_warn+0xab/0xb0 [ 405.887490][T13939] __warn+0xf6/0x3c0 [ 405.888539][T13939] ? dev_xdp_install+0x610/0x9b0 [ 405.889874][T13939] report_bug+0x3c3/0x580 [ 405.891018][T13939] ? dev_xdp_install+0x610/0x9b0 [ 405.892340][T13939] handle_bug+0x184/0x210 [ 405.893530][T13939] exc_invalid_op+0x17/0x50 [ 405.894778][T13939] asm_exc_invalid_op+0x1a/0x20 [ 405.896097][T13939] RIP: 0010:dev_xdp_install+0x610/0x9b0 [ 405.897596][T13939] Code: 8d bc 24 28 0d 00 00 be ff ff ff ff e8 59 cc 26 02 31 ff 89 c5 89 c6 e8 ae 76 7d f8 85 ed 0f 85 59 fb ff ff e8 71 7b 7d f8 90 <0f> 0b 90 e9 4b fb ff ff e8 63 7b 7d f8 49 8d bc 24 28 0d 00 00 be [ 405.902740][T13939] RSP: 0018:ffffc90026ad7940 EFLAGS: 00010283 [ 405.904373][T13939] RAX: 0000000000000275 RBX: ffff8880789bccbd RCX: ffffc90031863000 [ 405.906479][T13939] RDX: 0000000000080000 RSI: ffffffff893dc80f RDI: 0000000000000005 [ 405.908578][T13939] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 405.910724][T13939] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880789bc000 [ 405.912821][T13939] R13: ffffffff8708e1f0 R14: ffffc90007691000 R15: 0000000000000002 [ 405.914957][T13939] ? __pfx_nsim_bpf+0x10/0x10 [ 405.916248][T13939] ? dev_xdp_install+0x60f/0x9b0 [ 405.917609][T13939] ? __pfx_nsim_bpf+0x10/0x10 [ 405.918887][T13939] ? __pfx_dev_xdp_install+0x10/0x10 [ 405.920331][T13939] ? __pfx___up_read+0x10/0x10 [ 405.921632][T13939] ? __pfx_nsim_bpf+0x10/0x10 [ 405.922904][T13939] dev_xdp_attach+0x6d1/0x16a0 [ 405.924214][T13939] ? __pfx_dev_xdp_attach+0x10/0x10 [ 405.925633][T13939] bpf_xdp_link_attach+0x2c5/0x680 [ 405.927034][T13939] ? __pfx_bpf_xdp_link_attach+0x10/0x10 [ 405.928595][T13939] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 405.930255][T13939] __sys_bpf+0x1bc7/0x4c80 [ 405.931504][T13939] ? __pfx___sys_bpf+0x10/0x10 [ 405.932847][T13939] ? __schedule+0x1186/0x5de0 [ 405.934175][T13939] ? do_futex+0x122/0x350 [ 405.935390][T13939] ? __pfx_do_futex+0x10/0x10 [ 405.936713][T13939] ? xfd_validate_state+0x5d/0x180 [ 405.938147][T13939] ? rcu_is_watching+0x12/0xc0 [ 405.939493][T13939] __ia32_sys_bpf+0x76/0xe0 [ 405.940766][T13939] __do_fast_syscall_32+0x73/0x120 [ 405.942204][T13939] do_fast_syscall_32+0x32/0x80 [ 405.943565][T13939] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 405.945333][T13939] RIP: 0023:0xf7fd3579 [ 405.946492][T13939] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 405.952090][T13939] RSP: 002b:00000000f50b455c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 405.954447][T13939] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000080000240 [ 405.956713][T13939] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000 [ 405.958961][T13939] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 405.961158][T13939] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 405.963341][T13939] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 405.965540][T13939] [ 405.966958][T13939] Kernel Offset: disabled [ 405.968178][T13939] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:57:03 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000021 RBX=ffff88801d6a8b40 RCX=0000000000020000 RDX=0000000000000000 RSI=ffff88801d6a8b18 RDI=ffff88801d6a8b40 RBP=ffff88801d6a8af0 RSP=ffffc900001f79e8 R8 =0000000000000000 R9 =0000000000000001 R10=0000000000000000 R11=ffffffff8e3bdcc0 R12=0000000000000000 R13=0000000000020000 R14=ffff88801d6a8000 R15=0000000000000000 RIP=ffffffff819802e3 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097820000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50a4da4 CR3=000000006492c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000006d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854779d5 RDI=ffffffff9adaac00 RBP=ffffffff9adaabc0 RSP=ffffc90026ad72b0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=000000000000006d R14=ffffffff9adaabc0 R15=ffffffff85477970 RIP=ffffffff854779ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097920000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000002ea1dff8 CR3=0000000066504000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000005bc211 RBX=0000000000000002 RCX=ffffffff8b64a339 RDX=0000000000000000 RSI=ffffffff8dbbef3d RDI=ffffffff8bf3d5c0 RBP=ffffed1003b57910 RSP=ffffc9000047fe00 R8 =0000000000000001 R9 =ffffed10056865bd R10=ffff88802b432deb R11=0000000000000000 R12=0000000000000002 R13=ffff88801dabc880 R14=ffffffff9083f610 R15=0000000000000000 RIP=ffffffff8b64b72f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a20000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3b7d49 CR3=0000000066504000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000000f6 RBX=0000000000000001 RCX=000000000000083f RDX=0000000000000000 RSI=00000000000000f6 RDI=000000000000003f RBP=0000000000080001 RSP=ffffc90026ca7870 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000003 R13=ffff88802b530a60 R14=0000000000000001 R15=ffffc90026ca7928 RIP=ffffffff81688d48 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097b20000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f742df0c CR3=0000000066504000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000