last executing test programs: 42m18.321821144s ago: executing program 0 (id=210): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000140)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={r2, 0x8001}, 0x8) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4041, &(0x7f0000000000)=0xfc9) 42m14.439086892s ago: executing program 0 (id=212): r0 = syz_io_uring_setup(0x10e, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0xfffffffc}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) r3 = io_uring_setup(0xadc, &(0x7f0000000200)={0x0, 0x0, 0x2, 0x0, 0x257}) io_uring_enter(r3, 0x4f8f, 0xd949, 0x7, 0x0, 0x0) 42m5.606010159s ago: executing program 0 (id=215): sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000000207010200000000000000424000000000e1ffff02"], 0x34}, 0x1, 0x0, 0x0, 0x8004}, 0x400801c) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 42m0.94055818s ago: executing program 0 (id=217): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udp\x00') read$FUSE(r0, &(0x7f0000004180)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000300)={[{@uid={'uid', 0x3d, r1}}, {@gid={'gid', 0x3d, r2}}]}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') read$FUSE(r3, &(0x7f0000002140)={0x2020}, 0x2100) 41m55.409566864s ago: executing program 0 (id=219): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x4, 0x0, 0x0) 41m51.97783254s ago: executing program 0 (id=221): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000010}) r2 = syz_io_uring_setup(0x1e27, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x302}}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 41m46.340601037s ago: executing program 32 (id=221): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000010}) r2 = syz_io_uring_setup(0x1e27, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x302}}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 30m23.848105016s ago: executing program 1 (id=388): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1}, 0x6e) setresuid(0x0, 0x0, 0xee00) listen(r0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]}) chdir(0x0) close_range(r1, 0xffffffffffffffff, 0x0) 30m17.749638427s ago: executing program 1 (id=390): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02}) close(r0) socket$netlink(0x10, 0x3, 0x0) preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/133, 0x85}], 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 30m5.78455069s ago: executing program 1 (id=392): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000611224000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) epoll_create1(0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt(r0, 0x9, 0x2, &(0x7f00000001c0)="eab0a10dabe25c0a7c52ac19dce6f8170e8c0324cd3b937536f3f24914", 0x1d) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa004}, 0x4) 30m0.992895914s ago: executing program 1 (id=393): r0 = syz_open_dev$sndpcmp(&(0x7f0000000500), 0xb, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000480)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x3}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000000)={0xfffffffc, [[0x7fff, 0x0, 0x0, 0x11, 0x0, 0xfffffffd, 0x0, 0xfffffffc], [0x1, 0x0, 0x0, 0x0, 0x2000c000, 0x5], [0x0, 0x5, 0x0, 0x0, 0xfffffffe, 0x7, 0x2]], '\x00', [{0x0, 0x3}, {}, {0x4, 0x1}, {0x2, 0x1}, {0x5f08, 0x2006}, {}, {0x6}, {}, {}, {0x4, 0xffff}, {0xfffffffe, 0xfffffffc}, {0x0, 0xfffffffc}], '\x00', 0x0, 0x0, 0x0, 0x2, 0x0, 0x35}) 29m56.626862866s ago: executing program 1 (id=395): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) 29m52.651524897s ago: executing program 1 (id=396): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, r1, 0x6, 0x0, @void}, 0x10) r2 = fsopen(&(0x7f0000000000)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) 29m7.046198571s ago: executing program 33 (id=396): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, r1, 0x6, 0x0, @void}, 0x10) r2 = fsopen(&(0x7f0000000000)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) 1m4.753018163s ago: executing program 2 (id=783): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000006080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xf000, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_FLAGS={0x8, 0x8, 0xf2ff}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20008020}, 0x0) 54.899650082s ago: executing program 2 (id=785): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) syz_open_procfs$pagemap(0x0, 0x0) ioctl$BLKRRPART(r1, 0x125f, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 40.368053447s ago: executing program 2 (id=787): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) readv(r1, &(0x7f00000013c0)=[{&(0x7f0000001400)=""/227, 0x7ffff000}], 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) 40.367845737s ago: executing program 3 (id=788): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x5, 0x8, 0x8, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 37.137198742s ago: executing program 3 (id=789): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a40)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c76d7756bf4fcaff0c23", 0x88}, {&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7", 0x25}, {&(0x7f0000000f00)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef3", 0x1b}], 0x3}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 27.836013714s ago: executing program 3 (id=790): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a3c000000090a050600001900000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001414000000110001"], 0x64}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x2c, 0xd, 0xa, 0xe01, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, 0x2c}}, 0x0) 22.874987349s ago: executing program 2 (id=791): r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) connect$vsock_stream(r0, &(0x7f0000000580)={0x28, 0x0, 0x0, @host}, 0x10) connect$vsock_stream(r0, &(0x7f00000004c0)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r0, 0x0) 20.579305137s ago: executing program 3 (id=792): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x0, 0x5, 0xfeff, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0x0, 0xfeff}) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x10, 0x96}) 19.070314641s ago: executing program 2 (id=793): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0x48882, 0x0) sendfile(r2, r2, 0x0, 0x20000000003f) 13.848713584s ago: executing program 3 (id=794): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f0000000580)={0x2c, &(0x7f0000000340)={0x0, 0x0, 0x5, {0x5, 0x0, "0f6364"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.456085497s ago: executing program 2 (id=795): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0x1000001000104) ioctl$NBD_DO_IT(r0, 0xab03) 0s ago: executing program 3 (id=796): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000140)=0x3ff, 0x4) sendmsg$inet6(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x34000}], 0x1}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:54903' (ED25519) to the list of known hosts. syzkaller login: [ 397.248729][ T3154] cgroup: Unknown subsys name 'net' [ 397.884013][ T3154] cgroup: Unknown subsys name 'cpuset' [ 398.018423][ T3154] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 461.649127][ T3154] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 544.452499][ T3166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 544.603759][ T3168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 544.717802][ T3166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 544.825256][ T3168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 558.229026][ T3168] hsr_slave_0: entered promiscuous mode [ 558.291920][ T3168] hsr_slave_1: entered promiscuous mode [ 559.266546][ T3166] hsr_slave_0: entered promiscuous mode [ 559.302949][ T3166] hsr_slave_1: entered promiscuous mode [ 559.328306][ T3166] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 559.333186][ T3166] Cannot create hsr debugfs directory [ 567.048115][ T3168] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 567.231488][ T3168] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 567.354690][ T3168] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 567.796310][ T3168] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 569.361218][ T3166] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 569.586724][ T3166] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 570.225148][ T3166] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 570.864764][ T3166] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 586.307245][ T3168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 588.578986][ T3166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 637.286605][ T3168] veth0_vlan: entered promiscuous mode [ 638.037580][ T3168] veth1_vlan: entered promiscuous mode [ 640.797426][ T3168] veth0_macvtap: entered promiscuous mode [ 641.561792][ T3168] veth1_macvtap: entered promiscuous mode [ 643.283734][ T3166] veth0_vlan: entered promiscuous mode [ 644.478580][ T3168] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.507019][ T3168] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.542785][ T3168] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.545195][ T3168] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.748822][ T3166] veth1_vlan: entered promiscuous mode [ 648.897743][ T3166] veth0_macvtap: entered promiscuous mode [ 649.810475][ T3166] veth1_macvtap: entered promiscuous mode [ 649.863040][ T3168] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 651.667269][ T3166] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.682176][ T3166] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.684833][ T3166] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.687082][ T3166] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.955201][ T3796] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 656.658973][ T3796] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 656.665698][ T3796] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 657.244515][ T3796] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 657.248272][ T3796] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.258945][ T3796] usb 2-1: Product: syz [ 657.263182][ T3796] usb 2-1: Manufacturer: syz [ 657.267428][ T3796] usb 2-1: SerialNumber: syz [ 657.447402][ T3796] usb 2-1: config 0 descriptor?? [ 657.566457][ T3856] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 657.685090][ T3856] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 660.486611][ T3856] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 660.516007][ T3856] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 663.227080][ T3796] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 663.451908][ T3796] dm9601 2-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet, 54:01:47:1e:47:20 [ 663.546930][ T3796] usb 2-1: USB disconnect, device number 2 [ 663.614119][ T3796] dm9601 2-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet [ 711.515497][ T3934] syz.1.15 uses obsolete (PF_INET,SOCK_PACKET) [ 711.943761][ T3934] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 719.051135][ T3945] input: syz0 as /devices/virtual/input/input0 [ 734.395948][ T3966] dvmrp1: entered allmulticast mode [ 739.403184][ T3972] trusted_key: syz.1.27 sent an empty control message without MSG_MORE. [ 751.807198][ T3986] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 764.582880][ T3156] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 765.008719][ T3156] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.015187][ T3156] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.438388][ T3156] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 765.443239][ T3156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 765.445441][ T3156] usb 1-1: SerialNumber: syz [ 767.750351][ T3156] usb 1-1: 0:2 : does not exist [ 768.668860][ T3156] usb 1-1: USB disconnect, device number 2 [ 780.979032][ T3156] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 781.223443][ T3156] usb 1-1: Using ep0 maxpacket: 32 [ 781.335746][ T3156] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 781.338955][ T3156] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 781.355559][ T3156] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 781.358008][ T3156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 781.607833][ T3156] usb 1-1: config 0 descriptor?? [ 783.267360][ T3156] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 783.536791][ T4035] Zero length message leads to an empty skb [ 784.543801][ T3156] usb 1-1: USB disconnect, device number 3 [ 787.226268][ T1914] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 787.722931][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 787.726036][ T1914] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 787.729152][ T1914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 787.832372][ T1914] usb 2-1: config 0 descriptor?? [ 788.694507][ T1914] usbhid 2-1:0.0: can't add hid device: -71 [ 788.713684][ T1914] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 788.897188][ T1914] usb 2-1: USB disconnect, device number 3 [ 790.913181][ T3157] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 791.138289][ T3157] usb 2-1: Using ep0 maxpacket: 16 [ 791.371343][ T3157] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 791.376385][ T3157] usb 2-1: config 0 interface 0 has no altsetting 0 [ 791.378917][ T3157] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00 [ 791.412293][ T3157] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 791.517764][ T3157] usb 2-1: config 0 descriptor?? [ 793.931377][ T3157] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 793.933988][ T3157] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 793.935983][ T3157] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 793.938756][ T3157] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 793.942474][ T3157] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 794.084919][ T3157] corsair 0003:1B1C:1B34.0002: hidraw0: USB HID v0.05 Device [HID 1b1c:1b34] on usb-dummy_hcd.1-1/input0 [ 794.454956][ T3157] usb 2-1: USB disconnect, device number 4 [ 835.355015][ T1914] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 835.803568][ T1914] usb 1-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 835.806034][ T1914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.936764][ T1914] usb 1-1: config 0 descriptor?? [ 837.275490][ T1914] kaweth 1-1:0.0: Firmware present in device. [ 837.552644][ T1914] kaweth 1-1:0.0: Statistics collection: 0 [ 837.555500][ T1914] kaweth 1-1:0.0: Multicast filter limit: 0 [ 837.557301][ T1914] kaweth 1-1:0.0: MTU: 0 [ 837.558880][ T1914] kaweth 1-1:0.0: Read MAC address 00:00:00:00:00:00 [ 839.041121][ T1914] kaweth 1-1:0.0: kaweth interface created at eth1 [ 840.240661][ T3796] usb 1-1: USB disconnect, device number 4 [ 857.236169][ T3796] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 857.522498][ T3796] usb 2-1: Using ep0 maxpacket: 16 [ 857.676069][ T3796] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 857.678649][ T3796] usb 2-1: config 0 has no interface number 0 [ 857.712238][ T3796] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 857.731730][ T3796] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 857.734375][ T3796] usb 2-1: config 0 interface 41 has no altsetting 0 [ 857.918979][ T3796] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 857.942924][ T3796] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.945056][ T3796] usb 2-1: Product: syz [ 857.946649][ T3796] usb 2-1: Manufacturer: syz [ 857.948255][ T3796] usb 2-1: SerialNumber: syz [ 858.232479][ T3796] usb 2-1: config 0 descriptor?? [ 858.347865][ T4166] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 858.427220][ T4166] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 860.355125][ T4166] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 860.359240][ T4166] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 861.468446][ T4166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 862.058761][ T4166] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 863.032571][ T3796] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 863.266121][ T3796] usb 2-1: USB disconnect, device number 5 [ 870.705945][ T3157] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 871.044365][ T3157] usb 1-1: Using ep0 maxpacket: 16 [ 871.122938][ T3157] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 871.125072][ T3157] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 871.126790][ T3157] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 871.128963][ T3157] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 871.138625][ T3157] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 871.311923][ T3157] usb 1-1: config 0 descriptor?? [ 873.414652][ T3157] microsoft 0003:045E:07DA.0003: No inputs registered, leaving [ 874.228730][ T3157] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 874.233463][ T3157] microsoft 0003:045E:07DA.0003: no inputs found [ 874.235405][ T3157] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway [ 881.806136][ T3156] usb 1-1: reset high-speed USB device number 5 using dummy_hcd [ 882.876436][ T4000] usb 1-1: USB disconnect, device number 5 [ 906.402143][ T35] audit: type=1326 audit(905.090:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 906.423089][ T35] audit: type=1326 audit(905.110:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 906.554957][ T35] audit: type=1326 audit(905.280:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=167 compat=0 ip=0xdb5be code=0x7ffc0000 [ 906.578075][ T35] audit: type=1326 audit(905.280:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 906.612302][ T35] audit: type=1326 audit(905.300:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 906.804317][ T35] audit: type=1326 audit(905.510:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=235 compat=0 ip=0xdb5be code=0x7ffc0000 [ 907.188112][ T35] audit: type=1326 audit(905.680:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 907.286769][ T35] audit: type=1326 audit(906.010:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 907.485792][ T35] audit: type=1326 audit(906.210:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=167 compat=0 ip=0xdb5be code=0x7ffc0000 [ 907.533104][ T35] audit: type=1326 audit(906.230:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4237 comm="syz.1.73" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 927.638684][ T4255] netlink: 9 bytes leftover after parsing attributes in process `syz.0.79'. [ 927.753786][ T4255] gretap0: entered promiscuous mode [ 928.678815][ T4255] netlink: 5 bytes leftover after parsing attributes in process `syz.0.79'. [ 928.717265][ T4255] gretap0: left promiscuous mode [ 928.741582][ T4255] gretap0: entered allmulticast mode [ 934.277377][ T35] kauditd_printk_skb: 4 callbacks suppressed [ 934.278070][ T35] audit: type=1326 audit(932.980:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4262 comm="syz.1.82" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x0 [ 961.844297][ T3796] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 962.286063][ T3796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 962.288703][ T3796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 962.299079][ T3796] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 962.324959][ T3796] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 962.326961][ T3796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 962.397966][ T3796] usb 2-1: config 0 descriptor?? [ 962.435707][ T4295] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 963.934682][ T3796] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd [ 964.046013][ T3796] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 964.343090][ T3796] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 964.623631][ T3796] usb 2-1: USB disconnect, device number 6 [ 991.866626][ T3886] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 992.362224][ T3886] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 992.366395][ T3886] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 992.367942][ T3886] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 992.377600][ T3886] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xE7, changing to 0x87 [ 992.386129][ T3886] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 992.388164][ T3886] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0 [ 992.511052][ T3886] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 992.513650][ T3886] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 992.515786][ T3886] usb 1-1: Product: syz [ 992.517543][ T3886] usb 1-1: Manufacturer: syz [ 992.731003][ T3886] cdc_wdm 1-1:1.0: skipping garbage [ 992.732918][ T3886] cdc_wdm 1-1:1.0: skipping garbage [ 992.811795][ T3886] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 994.122457][ T1813] usb 1-1: USB disconnect, device number 6 [ 1001.675341][ T4364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.101'. [ 1015.638904][ T4402] capability: warning: `syz.1.103' uses deprecated v2 capabilities in a way that may be insecure [ 1019.906444][ T4412] netlink: 24 bytes leftover after parsing attributes in process `syz.1.106'. [ 1044.416647][ T4437] ALSA: seq fatal error: cannot create timer (-22) [ 1060.106553][ T4458] process 'syz.0.123' launched './file2' with NULL argv: empty string added [ 1094.195218][ T4488] block nbd1: shutting down sockets [ 1099.243504][ T4493] netlink: 96 bytes leftover after parsing attributes in process `syz.1.135'. [ 1143.827646][ T4530] netlink: 'syz.1.150': attribute type 1 has an invalid length. [ 1144.245278][ T4534] netlink: 4 bytes leftover after parsing attributes in process `syz.1.150'. [ 1147.037555][ T4530] bond2: entered promiscuous mode [ 1147.107201][ T4534] bond2: left promiscuous mode [ 1147.152797][ T4534] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1161.213258][ T4585] nbd0: detected capacity change from 0 to 12 [ 1161.361996][ T4585] block nbd0: Send control failed (result -89) [ 1161.367513][ T4585] block nbd0: Request send failed, requeueing [ 1161.498972][ T4486] block nbd0: Receive control failed (result -32) [ 1161.553123][ T27] block nbd0: Dead connection, failed to find a fallback [ 1161.555735][ T27] block nbd0: shutting down sockets [ 1161.558577][ T27] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1161.564159][ T27] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1161.595200][ T4585] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1161.597606][ T4585] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1161.632423][ T4585] nbd0: unable to read partition table [ 1165.548325][ T4591] capability: warning: `syz.0.159' uses 32-bit capabilities (legacy support in use) [ 1185.308125][ T4610] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1223.830776][ T35] audit: type=1326 audit(1478.542:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.0.181" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 1223.936820][ T35] audit: type=1326 audit(1478.652:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.0.181" exe="/syz-executor" sig=0 arch=c00000f3 syscall=56 compat=0 ip=0xdb5be code=0x7fc00000 [ 1224.010617][ T35] audit: type=1326 audit(1478.722:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.0.181" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 1230.075268][ T4658] input: syz0 as /devices/virtual/input/input3 [ 1231.669150][ T4664] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1259.473997][ T4688] batadv_slave_0: entered promiscuous mode [ 1259.834293][ T4686] batadv_slave_0: left promiscuous mode [ 1276.091799][ T3796] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1276.470755][ T3796] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1276.472297][ T3796] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1276.568338][ T3796] usb 1-1: config 0 descriptor?? [ 1277.520708][ T3796] usb 1-1: Cannot set MAC address [ 1277.524767][ T3796] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1277.616809][ T3796] usb 1-1: USB disconnect, device number 7 [ 1297.968054][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1297.999207][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.008432][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.015142][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.020226][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.021559][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.022589][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.023735][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.025499][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.027283][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.066001][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.068313][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.076790][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.078931][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.088091][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.091856][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.093782][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.095540][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.098197][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.114952][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.117190][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.119003][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.155244][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.157346][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.202515][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.206347][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.208420][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.241559][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.243868][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.245837][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.248235][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.273000][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1298.275294][ T3886] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1299.098625][ T3886] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1299.384503][ T4615] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1299.850824][ T4615] usb 1-1: config 0 has no interfaces? [ 1299.853468][ T4615] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 1299.855638][ T4615] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1300.015090][ T4615] usb 1-1: config 0 descriptor?? [ 1303.798522][ T4615] usb 1-1: USB disconnect, device number 8 [ 1336.107363][ T4792] ipip0: entered promiscuous mode [ 1393.956341][ T4933] syzkaller0: entered promiscuous mode [ 1393.958766][ T4933] syzkaller0: entered allmulticast mode [ 1394.234343][ T4956] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 1403.731359][ T4815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1404.092256][ T4815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1422.203558][ T4815] hsr_slave_0: entered promiscuous mode [ 1422.346564][ T4815] hsr_slave_1: entered promiscuous mode [ 1422.423217][ T4815] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1422.425402][ T4815] Cannot create hsr debugfs directory [ 1429.624837][ T4815] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1429.875613][ T4815] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1430.058192][ T4815] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1430.371255][ T4815] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1452.238259][ T4815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1453.966043][ T5191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.237'. [ 1477.982539][ T3796] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1478.284343][ T3796] usb 2-1: Using ep0 maxpacket: 8 [ 1478.477997][ T3796] usb 2-1: config 0 has no interfaces? [ 1478.485073][ T3796] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1478.487280][ T3796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1478.626154][ T3796] usb 2-1: config 0 descriptor?? [ 1492.916505][ T3886] usb 2-1: USB disconnect, device number 7 [ 1512.473577][ T4815] veth0_vlan: entered promiscuous mode [ 1513.058440][ T4815] veth1_vlan: entered promiscuous mode [ 1514.898548][ T4815] veth0_macvtap: entered promiscuous mode [ 1515.199066][ T4815] veth1_macvtap: entered promiscuous mode [ 1518.194391][ T4815] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1518.197203][ T4815] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1518.228128][ T4815] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1518.268235][ T4815] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1533.155315][ T5260] netlink: 12 bytes leftover after parsing attributes in process `syz.1.244'. [ 1533.283628][ T5260] netlink: 12 bytes leftover after parsing attributes in process `syz.1.244'. [ 1582.456028][ T5311] vlan2: entered promiscuous mode [ 1582.461961][ T5311] macvtap0: entered promiscuous mode [ 1582.522956][ T5311] vlan2: entered allmulticast mode [ 1582.525220][ T5311] macvtap0: entered allmulticast mode [ 1582.526950][ T5311] veth0_macvtap: entered allmulticast mode [ 1596.561731][ T5325] vlan3: entered allmulticast mode [ 1596.563128][ T5325] bridge_slave_0: entered allmulticast mode [ 1596.917794][ T5325] bridge_slave_0: left allmulticast mode [ 1608.508559][ T5342] input: syz1 as /devices/virtual/input/input4 [ 1609.528505][ T5350] binder: 5349:5350 ioctl c0306201 200001c0 returned -14 [ 1640.873174][ T5373] syzkaller0: entered promiscuous mode [ 1640.875469][ T5373] syzkaller0: entered allmulticast mode [ 1642.453033][ T5379] netlink: 172 bytes leftover after parsing attributes in process `syz.1.276'. [ 1663.355244][ T5387] netlink: 4 bytes leftover after parsing attributes in process `syz.1.278'. [ 1665.391073][ T5392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1665.461785][ T5392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1665.765273][ T5387] hsr_slave_1 (unregistering): left promiscuous mode [ 1712.404155][ T5427] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 1718.924770][ T3796] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1719.184583][ T3796] usb 2-1: Using ep0 maxpacket: 32 [ 1719.946058][ T3796] usb 2-1: New USB device found, idVendor=17cc, idProduct=1010, bcdDevice=40.72 [ 1719.948790][ T3796] usb 2-1: New USB device strings: Mfr=1, Product=129, SerialNumber=0 [ 1719.954614][ T3796] usb 2-1: Product: syz [ 1719.956400][ T3796] usb 2-1: Manufacturer: syz [ 1720.117161][ T3796] usb 2-1: config 0 descriptor?? [ 1721.046615][ T5443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1721.153172][ T5443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1721.454633][ T3796] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -110 [ 1721.712350][ T3796] usb 2-1: USB disconnect, device number 8 [ 1742.136006][ T5466] netlink: 24 bytes leftover after parsing attributes in process `syz.2.296'. [ 1748.314115][ T5473] netlink: 8 bytes leftover after parsing attributes in process `syz.1.299'. [ 1813.477187][ T5526] netlink: 'syz.2.317': attribute type 1 has an invalid length. [ 1813.484750][ T5526] netlink: 52 bytes leftover after parsing attributes in process `syz.2.317'. [ 1844.218717][ T5550] netlink: 'syz.2.328': attribute type 1 has an invalid length. [ 1852.284801][ T5558] netlink: 148 bytes leftover after parsing attributes in process `syz.2.330'. [ 1872.074420][ T5575] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1882.945076][ T5356] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1883.458838][ T5356] usb 2-1: config 0 has an invalid interface number: 63 but max is 0 [ 1883.463037][ T5356] usb 2-1: config 0 has no interface number 0 [ 1884.250628][ T5356] usb 2-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 1.00 [ 1884.252876][ T5356] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1884.254696][ T5356] usb 2-1: Product: syz [ 1884.256117][ T5356] usb 2-1: Manufacturer: syz [ 1884.258518][ T5356] usb 2-1: SerialNumber: syz [ 1884.320663][ T5356] usb 2-1: config 0 descriptor?? [ 1884.452804][ T5356] usb-storage 2-1:0.63: USB Mass Storage device detected [ 1886.427478][ T3886] usb 2-1: USB disconnect, device number 9 [ 1913.522180][ T5626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1913.563203][ T5626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1935.964983][ T3855] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1936.263168][ T3855] usb 2-1: Using ep0 maxpacket: 16 [ 1936.394757][ T5647] all: renamed from lo (while UP) [ 1936.448089][ T3855] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1936.457274][ T3855] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 1936.462233][ T3855] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11 [ 1936.464513][ T3855] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024 [ 1936.466508][ T3855] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1936.655330][ T3855] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 1936.659028][ T3855] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1936.662139][ T3855] usb 2-1: Product: syz [ 1936.663623][ T3855] usb 2-1: Manufacturer: syz [ 1936.665131][ T3855] usb 2-1: SerialNumber: syz [ 1936.733618][ T3855] usb 2-1: config 0 descriptor?? [ 1938.272641][ T3855] appledisplay 2-1:0.0: Error while getting initial brightness: -110 [ 1938.828374][ T3855] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -110 [ 1940.476580][ T3156] usb 2-1: USB disconnect, device number 10 [ 1966.925869][ T5689] io-wq is not configured for unbound workers [ 1981.173304][ T3796] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1981.812656][ T3796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1981.815730][ T3796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1981.818430][ T3796] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 1981.831713][ T3796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1982.097647][ T3796] usb 2-1: config 0 descriptor?? [ 1988.717766][ T3796] arvo 0003:1E7D:30D4.0006: collection stack underflow [ 1988.722114][ T3796] arvo 0003:1E7D:30D4.0006: item 0 1 0 12 parsing failed [ 1988.738966][ T3796] arvo 0003:1E7D:30D4.0006: parse failed [ 1988.745556][ T3796] arvo 0003:1E7D:30D4.0006: probe with driver arvo failed with error -22 [ 1990.391108][ T3886] usb 2-1: USB disconnect, device number 11 [ 2039.297525][ T35] audit: type=1326 audit(2293.992:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5789 comm="syz.1.388" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x0 [ 2056.014036][ T5803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2056.054732][ T5803] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2108.912165][ T35] audit: type=1326 audit(2363.562:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5834 comm="syz.2.403" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x0 [ 2128.422257][ T5622] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2129.527356][ T5622] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2130.505800][ T5622] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2131.386229][ T5622] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2142.803371][ T5622] dvmrp1 (unregistering): left allmulticast mode [ 2145.064573][ T5622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2145.296866][ T5622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2145.419042][ T5622] bond0 (unregistering): Released all slaves [ 2146.095801][ T5622] bond1 (unregistering): Released all slaves [ 2147.371381][ T5622] bond2 (unregistering): Released all slaves [ 2149.454727][ T5622] hsr_slave_0: left promiscuous mode [ 2149.913984][ T5622] veth1_macvtap: left promiscuous mode [ 2149.922957][ T5622] veth0_macvtap: left promiscuous mode [ 2149.963279][ T5622] veth1_vlan: left promiscuous mode [ 2149.971439][ T5622] veth0_vlan: left promiscuous mode [ 2153.814948][ T5897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2153.911320][ T5897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2203.974994][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2204.176374][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2225.777578][ T5844] hsr_slave_0: entered promiscuous mode [ 2225.835087][ T5844] hsr_slave_1: entered promiscuous mode [ 2233.935952][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2234.293350][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2234.626235][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2235.067835][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2237.625908][ T6217] binder: 6212:6217 ioctl c0306201 20000480 returned -14 [ 2251.467830][ T6230] block nbd2: shutting down sockets [ 2262.423202][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2285.715368][ T6257] syzkaller0: entered promiscuous mode [ 2285.717807][ T6257] syzkaller0: entered allmulticast mode [ 2286.245520][ T6257] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 16735 [ 2313.173130][ T6289] netlink: 'syz.2.426': attribute type 1 has an invalid length. [ 2313.174601][ T6289] netlink: 5 bytes leftover after parsing attributes in process `syz.2.426'. [ 2339.215341][ T5844] veth0_vlan: entered promiscuous mode [ 2340.993259][ T5844] veth1_vlan: entered promiscuous mode [ 2343.151600][ T5844] veth0_macvtap: entered promiscuous mode [ 2343.815670][ T5844] veth1_macvtap: entered promiscuous mode [ 2344.787451][ T5844] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2344.789061][ T5844] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2344.801345][ T5844] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2344.802629][ T5844] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2388.087876][ T6354] input: syz0 as /devices/virtual/input/input5 [ 2402.694832][ T6228] block nbd3: Receive control failed (result -107) [ 2403.202402][ T6374] nbd3: detected capacity change from 0 to 15960 [ 2403.402556][ T6374] block nbd3: Dead connection, failed to find a fallback [ 2403.404015][ T6374] block nbd3: shutting down sockets [ 2403.405656][ T6374] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2403.407025][ T6374] Buffer I/O error on dev nbd3, logical block 0, async page read [ 2403.431401][ T6374] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2403.434750][ T6374] Buffer I/O error on dev nbd3, logical block 0, async page read [ 2403.436864][ T6374] nbd3: unable to read partition table [ 2404.154946][ T6374] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2404.157167][ T6374] Buffer I/O error on dev nbd3, logical block 0, async page read [ 2413.218959][ T6383] gtp0: entered promiscuous mode [ 2430.861049][ T6399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.448'. [ 2430.862996][ T6399] netlink: 16 bytes leftover after parsing attributes in process `syz.3.448'. [ 2430.905546][ T6399] netlink: 4 bytes leftover after parsing attributes in process `syz.3.448'. [ 2439.941280][ T35] audit: type=1326 audit(2694.652:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6412 comm="syz.3.452" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x0 [ 2499.667497][ T6322] af_packet: tpacket_rcv: packet too big, clamped from 74 to 4294967286. macoff=82 [ 2506.065796][ T6474] netlink: 256 bytes leftover after parsing attributes in process `syz.2.470'. [ 2567.783606][ T6508] pim6reg: entered allmulticast mode [ 2567.820888][ T6510] pim6reg: left allmulticast mode [ 2590.513935][ T6530] netlink: 36 bytes leftover after parsing attributes in process `syz.3.491'. [ 2639.158938][ T6572] input: syz0 as /devices/virtual/input/input6 [ 2707.413301][ T6632] nbd2: detected capacity change from 0 to 12 [ 2707.588963][ T6632] block nbd2: Send control failed (result -89) [ 2707.591568][ T6632] block nbd2: Request send failed, requeueing [ 2707.597846][ T4486] block nbd2: Receive control failed (result -32) [ 2707.615914][ T27] block nbd2: Dead connection, failed to find a fallback [ 2707.617656][ T27] block nbd2: shutting down sockets [ 2707.618670][ T27] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2707.624475][ T27] Buffer I/O error on dev nbd2, logical block 0, async page read [ 2707.679671][ T6632] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2707.681522][ T6632] Buffer I/O error on dev nbd2, logical block 0, async page read [ 2707.683977][ T6632] nbd2: unable to read partition table [ 2733.909057][ T6650] ptrace attach of "/syz-executor exec"[6651] was attempted by "/syz-executor exec"[6650] [ 2743.683257][ T6663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2743.702103][ T6663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2744.455374][ T6663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2744.506273][ T6663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2769.577134][ T4486] block nbd2: Receive control failed (result -32) [ 2769.785022][ T6680] block nbd2: shutting down sockets [ 2783.198363][ T6691] netlink: 542 bytes leftover after parsing attributes in process `syz.2.543'. [ 2917.502778][ T6778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2917.594822][ T6778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2919.657324][ T6782] netlink: 'syz.2.571': attribute type 4 has an invalid length. [ 2922.042080][ T6783] netlink: 'syz.2.571': attribute type 4 has an invalid length. [ 2941.558642][ T6792] hub 1-0:1.0: USB hub found [ 2941.588891][ T6792] hub 1-0:1.0: 1 port detected [ 2953.510942][ T6804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2953.536295][ T6804] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3035.864959][ T6854] input: syz0 as /devices/virtual/input/input7 [ 3076.175608][ T6905] netlink: 'syz.2.609': attribute type 1 has an invalid length. [ 3106.514304][ T6955] loop0: detected capacity change from 0 to 7 [ 3134.977884][ T6987] hsr0: entered promiscuous mode [ 3167.310929][ T7016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3167.353495][ T7016] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3167.512442][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.516103][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.517965][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.537331][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.541460][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.543207][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.544777][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.546383][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.547952][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.568370][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.576780][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.578707][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.611151][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.613165][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.614818][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.616476][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.618456][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.634597][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.637596][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.653101][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.655065][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.656732][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.658407][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.693310][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.695311][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.696982][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.718903][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.733047][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.735083][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.736726][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.738347][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.773256][ T6693] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 3167.914732][ T6693] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 3228.014979][ T7063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.650'. [ 3254.523267][ T7079] xt_SECMARK: invalid mode: 0 [ 3260.795973][ T7082] netlink: 132 bytes leftover after parsing attributes in process `syz.3.657'. [ 3281.627801][ T7093] netlink: 8 bytes leftover after parsing attributes in process `syz.3.660'. [ 3303.814674][ T7115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3303.825507][ T7115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3375.214300][ T7171] input: syz1 as /devices/virtual/input/input8 [ 3384.212698][ T7184] input: syz1 as /devices/virtual/input/input9 [ 3492.924074][ T7258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.715'. [ 3493.437353][ T7258] veth3: entered allmulticast mode [ 3507.562400][ T7283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3507.616005][ T7283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3538.538018][ T6228] block nbd2: Receive control failed (result -107) [ 3538.843450][ T7303] nbd2: detected capacity change from 0 to 15960 [ 3539.396696][ T7303] block nbd2: Dead connection, failed to find a fallback [ 3539.402154][ T7303] block nbd2: shutting down sockets [ 3539.404013][ T7303] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3539.406269][ T7303] Buffer I/O error on dev nbd2, logical block 0, async page read [ 3539.434539][ T7303] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3539.437239][ T7303] Buffer I/O error on dev nbd2, logical block 0, async page read [ 3539.447053][ T7303] nbd2: unable to read partition table [ 3539.676206][ T7303] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 3539.683654][ T7303] Buffer I/O error on dev nbd2, logical block 0, async page read [ 3558.688804][ T35] audit: type=1326 audit(3813.402:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.3.734" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 3558.782602][ T35] audit: type=1326 audit(3813.412:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.3.734" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 3558.811375][ T35] audit: type=1326 audit(3813.522:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.3.734" exe="/syz-executor" sig=0 arch=c00000f3 syscall=116 compat=0 ip=0xdb5be code=0x7ffc0000 [ 3558.852796][ T35] audit: type=1326 audit(3813.542:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.3.734" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 3558.857225][ T35] audit: type=1326 audit(3813.562:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.3.734" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7ffc0000 [ 3640.783714][ T35] audit: type=1326 audit(3895.432:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.142463][ T35] audit: type=1326 audit(3895.832:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=56 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.146645][ T35] audit: type=1326 audit(3895.842:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.192332][ T35] audit: type=1326 audit(3895.872:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.194789][ T35] audit: type=1326 audit(3895.872:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.196833][ T35] audit: type=1326 audit(3895.872:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.247219][ T35] audit: type=1326 audit(3895.872:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.271877][ T35] audit: type=1326 audit(3895.922:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.274574][ T35] audit: type=1326 audit(3895.922:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3641.562558][ T35] audit: type=1326 audit(3896.272:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.2.748" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 3652.275344][ T7509] TCP: TCP_TX_DELAY enabled [ 3665.513225][ T7522] netlink: 'syz.2.752': attribute type 4 has an invalid length. [ 3688.682183][ T7540] loop0: detected capacity change from 0 to 16384 [ 3711.885410][ T7555] netlink: 148 bytes leftover after parsing attributes in process `syz.2.764'. [ 3736.067163][ T7564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3736.175905][ T7564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3751.516390][ T7574] pim6reg1: entered allmulticast mode [ 3761.018309][ T7583] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 3762.923962][ T7583] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 3779.543967][ T7609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3779.688262][ T7609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3780.466252][ T7609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3780.505082][ T7609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3781.433921][ T7609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3781.477907][ T7609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3791.596189][ T7623] syz_tun: entered allmulticast mode [ 3791.808914][ T7622] syz_tun: left allmulticast mode [ 3822.047540][ T7646] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 3822.052617][ T7646] IPv6: NLM_F_CREATE should be set when creating new route [ 3851.911336][ T7675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3851.915980][ T7675] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3863.128552][ T7679] [ 3863.129973][ T7679] ====================================================== [ 3863.132546][ T7679] WARNING: possible circular locking dependency detected [ 3863.137272][ T7679] 6.13.0-rc2-syzkaller-g21f1b85c8912 #0 Not tainted [ 3863.139216][ T7679] ------------------------------------------------------ [ 3863.140695][ T7679] syz.2.795/7679 is trying to acquire lock: [ 3863.142607][ T7679] ff60000019a49390 (set->srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x0/0x292 [ 3863.148718][ T7679] [ 3863.148718][ T7679] but task is already holding lock: [ 3863.150245][ T7679] ff6000001a122310 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x41e/0x1326 [ 3863.153636][ T7679] [ 3863.153636][ T7679] which lock already depends on the new lock. [ 3863.153636][ T7679] [ 3863.155152][ T7679] [ 3863.155152][ T7679] the existing dependency chain (in reverse order) is: [ 3863.156736][ T7679] [ 3863.156736][ T7679] -> #7 (&q->sysfs_lock){+.+.}-{4:4}: [ 3863.160900][ T7679] lock_acquire.part.0+0x2c4/0x81a [ 3863.162711][ T7679] lock_acquire+0x74/0x98 [ 3863.164199][ T7679] __mutex_lock+0x166/0x1082 [ 3863.165789][ T7679] mutex_lock_nested+0x14/0x1c [ 3863.167220][ T7679] __blk_mq_update_nr_hw_queues+0x41e/0x1326 [ 3863.168861][ T7679] blk_mq_update_nr_hw_queues+0x32/0x4a [ 3863.170654][ T7679] nbd_start_device+0x140/0xc00 [ 3863.172144][ T7679] nbd_ioctl+0x474/0xd90 [ 3863.173774][ T7679] blkdev_ioctl+0x23c/0xca0 [ 3863.175367][ T7679] __riscv_sys_ioctl+0x18e/0x1e2 [ 3863.177041][ T7679] syscall_handler+0x94/0x118 [ 3863.178471][ T7679] do_trap_ecall_u+0x1aa/0x216 [ 3863.180114][ T7679] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3863.182001][ T7679] [ 3863.182001][ T7679] -> #6 (&q->q_usage_counter(io)#21){++++}-{0:0}: [ 3863.184709][ T7679] lock_acquire.part.0+0x2c4/0x81a [ 3863.186120][ T7679] lock_acquire+0x74/0x98 [ 3863.187540][ T7679] blk_mq_submit_bio+0x20d2/0x26be [ 3863.188905][ T7679] __submit_bio+0x32e/0x492 [ 3863.190435][ T7679] submit_bio_noacct_nocheck+0x740/0xe36 [ 3863.191969][ T7679] submit_bio_noacct+0xa96/0x1e04 [ 3863.193435][ T7679] submit_bio+0xc8/0x4f2 [ 3863.195032][ T7679] submit_bh_wbc+0x42a/0x5a8 [ 3863.196492][ T7679] block_read_full_folio+0x6e6/0x90a [ 3863.198265][ T7679] blkdev_read_folio+0x26/0x30 [ 3863.200376][ T7679] filemap_read_folio+0xc2/0x272 [ 3863.202034][ T7679] filemap_get_pages+0x126c/0x1ba0 [ 3863.203671][ T7679] filemap_read+0x366/0xc52 [ 3863.205227][ T7679] blkdev_read_iter+0x164/0x416 [ 3863.206714][ T7679] do_iter_readv_writev+0x55a/0x686 [ 3863.208352][ T7679] vfs_readv+0x414/0x70c [ 3863.210153][ T7679] do_preadv+0x1b4/0x250 [ 3863.211520][ T7679] __riscv_sys_preadv+0x88/0xc4 [ 3863.213264][ T7679] syscall_handler+0x94/0x118 [ 3863.215622][ T7679] do_trap_ecall_u+0x1aa/0x216 [ 3863.217508][ T7679] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3863.219402][ T7679] [ 3863.219402][ T7679] -> #5 (mapping.invalidate_lock#2){++++}-{4:4}: [ 3863.222365][ T7679] lock_acquire.part.0+0x2c4/0x81a [ 3863.224109][ T7679] lock_acquire+0x74/0x98 [ 3863.225694][ T7679] down_read+0xa4/0x45e [ 3863.227085][ T7679] filemap_fault+0x8ca/0x2c46 [ 3863.228665][ T7679] __do_fault+0xf4/0x4de [ 3863.230137][ T7679] __handle_mm_fault+0x1770/0x4292 [ 3863.231597][ T7679] handle_mm_fault+0x48c/0x886 [ 3863.233263][ T7679] __get_user_pages+0xb7a/0x35ec [ 3863.234649][ T7679] faultin_page_range+0x246/0x932 [ 3863.236079][ T7679] do_madvise+0x5ce/0x7f2 [ 3863.237153][ T7679] __riscv_sys_madvise+0x88/0xdc [ 3863.238621][ T7679] syscall_handler+0x94/0x118 [ 3863.240810][ T7679] do_trap_ecall_u+0x1aa/0x216 [ 3863.242418][ T7679] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3863.244085][ T7679] [ 3863.244085][ T7679] -> #4 (&mm->mmap_lock){++++}-{4:4}: [ 3863.246650][ T7679] lock_acquire.part.0+0x2c4/0x81a [ 3863.248220][ T7679] lock_acquire+0x74/0x98 [ 3863.250182][ T7679] __might_fault+0xdc/0x138 [ 3863.250976][ T7679] _copy_from_iter+0x120/0x1a38 [ 3863.251754][ T7679] tcp_sendmsg_locked+0x247e/0x3696 [ 3863.253194][ T7679] tcp_sendmsg+0x32/0x4e [ 3863.254556][ T7679] inet_sendmsg+0x9c/0xda [ 3863.256035][ T7679] __sock_sendmsg+0xcc/0x160 [ 3863.258331][ T7679] sock_write_iter+0x2a0/0x3ba [ 3863.260641][ T7679] vfs_write+0x56c/0xa94 [ 3863.262030][ T7679] ksys_write+0x200/0x226 [ 3863.263423][ T7679] __riscv_sys_write+0x6e/0x94 [ 3863.264850][ T7679] syscall_handler+0x94/0x118 [ 3863.266324][ T7679] do_trap_ecall_u+0x1aa/0x216 [ 3863.267919][ T7679] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3863.270078][ T7679] [ 3863.270078][ T7679] -> #3 (sk_lock-AF_INET){+.+.}-{0:0}: [ 3863.272420][ T7679] lock_acquire.part.0+0x2c4/0x81a [ 3863.274067][ T7679] lock_acquire+0x74/0x98 [ 3863.275626][ T7679] lock_sock_nested+0x38/0xf6 [ 3863.277224][ T7679] inet_autobind+0x28/0x1b8 [ 3863.278686][ T7679] inet_send_prepare+0x37e/0x5c0 [ 3863.280169][ T7679] inet_sendmsg+0x40/0xda [ 3863.281591][ T7679] __sock_sendmsg+0xcc/0x160 [ 3863.283850][ T7679] sock_sendmsg+0xfa/0x19e [ 3863.285337][ T7679] __sock_xmit+0x1f0/0x4e2 [ 3863.286865][ T7679] nbd_send_cmd+0x8ea/0x232a [ 3863.288435][ T7679] nbd_queue_rq+0x7ea/0xe6a [ 3863.290500][ T7679] blk_mq_dispatch_rq_list+0x3f0/0x1ab6 [ 3863.292112][ T7679] __blk_mq_sched_dispatch_requests+0xaee/0x1370 [ 3863.293743][ T7679] blk_mq_sched_dispatch_requests+0xb6/0x17c [ 3863.295478][ T7679] blk_mq_run_hw_queue+0x28c/0x6ba [ 3863.297062][ T7679] blk_mq_flush_plug_list+0x63c/0x1ebe [ 3863.298573][ T7679] __blk_flush_plug+0x270/0x422 [ 3863.300459][ T7679] __submit_bio+0x3ac/0x492 [ 3863.302092][ T7679] submit_bio_noacct_nocheck+0x740/0xe36 [ 3863.303683][ T7679] submit_bio_noacct+0xa96/0x1e04 [ 3863.305290][ T7679] submit_bio+0xc8/0x4f2 [ 3863.306670][ T7679] submit_bh_wbc+0x42a/0x5a8 [ 3863.308204][ T7679] block_read_full_folio+0x6e6/0x90a [ 3863.310491][ T7679] blkdev_read_folio+0x26/0x30 [ 3863.311982][ T7679] filemap_read_folio+0xc2/0x272 [ 3863.313539][ T7679] do_read_cache_folio+0x1e6/0x4d2 [ 3863.315119][ T7679] read_cache_folio+0x4e/0x68 [ 3863.316712][ T7679] read_part_sector+0xc0/0x44e [ 3863.318122][ T7679] read_lba+0x1c8/0x344 [ 3863.319580][ T7679] find_valid_gpt.constprop.0+0x206/0x22f2 [ 3863.321161][ T7679] efi_partition+0x10a/0xa14 [ 3863.322611][ T7679] bdev_disk_changed+0x5de/0x139c [ 3863.324015][ T7679] blkdev_get_whole+0x17c/0x514 [ 3863.325531][ T7679] bdev_open+0x86a/0xfa8 [ 3863.326922][ T7679] bdev_file_open_by_dev+0x172/0x1fc [ 3863.328461][ T7679] disk_scan_partitions+0x1b4/0x2ba [ 3863.330609][ T7679] blkdev_common_ioctl+0xc60/0x1f6e [ 3863.332174][ T7679] blkdev_ioctl+0x1aa/0xca0 [ 3863.333788][ T7679] __riscv_sys_ioctl+0x18e/0x1e2 [ 3863.335278][ T7679] syscall_handler+0x94/0x118 [ 3863.336739][ T7679] do_trap_ecall_u+0x1aa/0x216 [ 3863.338411][ T7679] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3863.340023][ T7679] [ 3863.340023][ T7679] -> #2 (&nsock->tx_lock){+.+.}-{4:4}: [ 3863.342254][ T7679] lock_acquire.part.0+0x2c4/0x81a [ 3863.343766][ T7679] lock_acquire+0x74/0x98 [ 3863.345218][ T7679] __mutex_lock+0x166/0x1082 [ 3863.346558][ T7679] mutex_lock_nested+0x14/0x1c [ 3863.347989][ T7679] nbd_queue_rq+0x3b8/0xe6a [ 3863.349599][ T7679] blk_mq_dispatch_rq_list+0x3f0/0x1ab6 [ 3863.351198][ T7679] __blk_mq_sched_dispatch_requests+0xaee/0x1370 [ 3863.352876][ T7679] blk_mq_sched_dispatch_requests+0xb6/0x17c [ 3863.354659][ T7679] blk_mq_run_hw_queue+0x28c/0x6ba [ 3863.356986][ T7679] blk_mq_flush_plug_list+0x63c/0x1ebe [ 3863.358471][ T7679] __blk_flush_plug+0x270/0x422 [ 3863.360543][ T7679] __submit_bio+0x3ac/0x492 [ 3863.361967][ T7679] submit_bio_noacct_nocheck+0x740/0xe36 [ 3863.363513][ T7679] submit_bio_noacct+0xa96/0x1e04 [ 3863.364966][ T7679] submit_bio+0xc8/0x4f2 [ 3863.366298][ T7679] submit_bh_wbc+0x42a/0x5a8 [ 3863.367720][ T7679] block_read_full_folio+0x6e6/0x90a [ 3863.369285][ T7679] blkdev_read_folio+0x26/0x30 [ 3863.370785][ T7679] filemap_read_folio+0xc2/0x272 [ 3863.372253][ T7679] do_read_cache_folio+0x1e6/0x4d2 [ 3863.373801][ T7679] read_cache_folio+0x4e/0x68 [ 3863.375201][ T7679] read_part_sector+0xc0/0x44e [ 3863.376651][ T7679] read_lba+0x1c8/0x344 [ 3863.377971][ T7679] find_valid_gpt.constprop.0+0x206/0x22f2 [ 3863.379710][ T7679] efi_partition+0x10a/0xa14 [ 3863.381111][ T7679] bdev_disk_changed+0x5de/0x139c [ 3863.382533][ T7679] blkdev_get_whole+0x17c/0x514 [ 3863.383970][ T7679] bdev_open+0x86a/0xfa8 [ 3863.385374][ T7679] bdev_file_open_by_dev+0x172/0x1fc [ 3863.386859][ T7679] disk_scan_partitions+0x1b4/0x2ba [ 3863.388247][ T7679] blkdev_common_ioctl+0xc60/0x1f6e [ 3863.390313][ T7679] blkdev_ioctl+0x1aa/0xca0 [ 3863.391727][ T7679] __riscv_sys_ioctl+0x18e/0x1e2 [ 3863.393282][ T7679] syscall_handler+0x94/0x118 [ 3863.394533][ T7679] do_trap_ecall_u+0x1aa/0x216 [ 3863.395702][ T7679] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3863.396616][ T7679] [ 3863.396616][ T7679] -> #1 (&cmd->lock){+.+.}-{4:4}: [ 3863.397867][ T7679] lock_acquire.part.0+0x2c4/0x81a [ 3863.398956][ T7679] lock_acquire+0x74/0x98 [ 3863.400384][ T7679] __mutex_lock+0x166/0x1082 [ 3863.401656][ T7679] mutex_lock_nested+0x14/0x1c [ 3863.402664][ T7679] nbd_queue_rq+0xbc/0xe6a [ 3863.403458][ T7679] blk_mq_dispatch_rq_list+0x3f0/0x1ab6 [ 3863.404326][ T7679] __blk_mq_sched_dispatch_requests+0xaee/0x1370 [ 3863.405340][ T7679] blk_mq_sched_dispatch_requests+0xb6/0x17c [ 3863.406228][ T7679] blk_mq_run_hw_queue+0x28c/0x6ba [ 3863.407012][ T7679] blk_mq_flush_plug_list+0x63c/0x1ebe [ 3863.407824][ T7679] __blk_flush_plug+0x270/0x422 [ 3863.408792][ T7679] __submit_bio+0x3ac/0x492 [ 3863.410075][ T7679] submit_bio_noacct_nocheck+0x740/0xe36 [ 3863.411563][ T7679] submit_bio_noacct+0xa96/0x1e04 [ 3863.413061][ T7679] submit_bio+0xc8/0x4f2 [ 3863.414806][ T7679] submit_bh_wbc+0x42a/0x5a8 [ 3863.415628][ T7679] block_read_full_folio+0x6e6/0x90a [ 3863.416504][ T7679] blkdev_read_folio+0x26/0x30 [ 3863.417419][ T7679] filemap_read_folio+0xc2/0x272 [ 3863.418229][ T7679] do_read_cache_folio+0x1e6/0x4d2 [ 3863.419963][ T7679] read_cache_folio+0x4e/0x68 [ 3863.421486][ T7679] read_part_sector+0xc0/0x44e [ 3863.422250][ T7679] read_lba+0x1c8/0x344 [ 3863.422966][ T7679] find_valid_gpt.constprop.0+0x206/0x22f2 [ 3863.423811][ T7679] efi_partition+0x10a/0xa14 [ 3863.425088][ T7679] bdev_disk_changed+0x5de/0x139c [ 3863.426521][ T7679] blkdev_get_whole+0x17c/0x514 [ 3863.427343][ T7679] bdev_open+0x86a/0xfa8 [ 3863.428099][ T7679] bdev_file_open_by_dev+0x172/0x1fc [ 3863.429400][ T7679] disk_scan_partitions+0x1b4/0x2ba [ 3863.430584][ T7679] blkdev_common_ioctl+0xc60/0x1f6e [ 3863.431449][ T7679] blkdev_ioctl+0x1aa/0xca0 [ 3863.432298][ T7679] __riscv_sys_ioctl+0x18e/0x1e2 [ 3863.433162][ T7679] syscall_handler+0x94/0x118 [ 3863.433928][ T7679] do_trap_ecall_u+0x1aa/0x216 [ 3863.434802][ T7679] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3863.435728][ T7679] [ 3863.435728][ T7679] -> #0 (set->srcu){.+.+}-{0:0}: [ 3863.438119][ T7679] check_noncircular+0x2ba/0x354 [ 3863.439918][ T7679] __lock_acquire+0x2e4e/0x8594 [ 3863.441653][ T7679] lock_sync+0x286/0x504 [ 3863.442589][ T7679] __synchronize_srcu+0xd4/0x292 [ 3863.443446][ T7679] synchronize_srcu+0x172/0x414 [ 3863.444307][ T7679] blk_mq_quiesce_queue+0x12e/0x19e [ 3863.445128][ T7679] elevator_disable+0x76/0x1e8 [ 3863.445962][ T7679] __blk_mq_update_nr_hw_queues+0x390/0x1326 [ 3863.446879][ T7679] blk_mq_update_nr_hw_queues+0x32/0x4a [ 3863.447747][ T7679] nbd_start_device+0x140/0xc00 [ 3863.449218][ T7679] nbd_ioctl+0x474/0xd90 [ 3863.450664][ T7679] blkdev_ioctl+0x23c/0xca0 [ 3863.452200][ T7679] __riscv_sys_ioctl+0x18e/0x1e2 [ 3863.453821][ T7679] syscall_handler+0x94/0x118 [ 3863.454576][ T7679] do_trap_ecall_u+0x1aa/0x216 [ 3863.455358][ T7679] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3863.456220][ T7679] [ 3863.456220][ T7679] other info that might help us debug this: [ 3863.456220][ T7679] [ 3863.457303][ T7679] Chain exists of: [ 3863.457303][ T7679] set->srcu --> &q->q_usage_counter(io)#21 --> &q->sysfs_lock [ 3863.457303][ T7679] [ 3863.461611][ T7679] Possible unsafe locking scenario: [ 3863.461611][ T7679] [ 3863.462810][ T7679] CPU0 CPU1 [ 3863.463808][ T7679] ---- ---- [ 3863.464895][ T7679] lock(&q->sysfs_lock); [ 3863.466335][ T7679] lock(&q->q_usage_counter(io)#21); [ 3863.468020][ T7679] lock(&q->sysfs_lock); [ 3863.470404][ T7679] sync(set->srcu); [ 3863.472053][ T7679] [ 3863.472053][ T7679] *** DEADLOCK *** [ 3863.472053][ T7679] [ 3863.473020][ T7679] 5 locks held by syz.2.795/7679: [ 3863.473724][ T7679] #0: ff6000001a1f0198 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x144/0xd90 [ 3863.476480][ T7679] #1: ff6000001a1f00d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x2a/0x4a [ 3863.478350][ T7679] #2: ff6000001a121de8 (&q->q_usage_counter(io)#21){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x206/0x1326 [ 3863.483610][ T7679] #3: ff6000001a121e20 (&q->q_usage_counter(queue)#5){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x206/0x1326 [ 3863.485625][ T7679] #4: ff6000001a122310 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x41e/0x1326 [ 3863.488615][ T7679] [ 3863.488615][ T7679] stack backtrace: [ 3863.491174][ T7679] CPU: 1 UID: 0 PID: 7679 Comm: syz.2.795 Not tainted 6.13.0-rc2-syzkaller-g21f1b85c8912 #0 [ 3863.493232][ T7679] Hardware name: riscv-virtio,qemu (DT) [ 3863.494929][ T7679] Call Trace: [ 3863.496063][ T7679] [] dump_backtrace+0x2e/0x3c [ 3863.497807][ T7679] [] show_stack+0x30/0x3c [ 3863.499184][ T7679] [] dump_stack_lvl+0x12e/0x1a6 [ 3863.500806][ T7679] [] dump_stack+0x1c/0x24 [ 3863.502416][ T7679] [] print_circular_bug+0x3a2/0x42c [ 3863.504071][ T7679] [] check_noncircular+0x2ba/0x354 [ 3863.505660][ T7679] [] __lock_acquire+0x2e4e/0x8594 [ 3863.506582][ T7679] [] lock_sync+0x286/0x504 [ 3863.507449][ T7679] [] __synchronize_srcu+0xd4/0x292 [ 3863.508397][ T7679] [] synchronize_srcu+0x172/0x414 [ 3863.510110][ T7679] [] blk_mq_quiesce_queue+0x12e/0x19e [ 3863.511733][ T7679] [] elevator_disable+0x76/0x1e8 [ 3863.513224][ T7679] [] __blk_mq_update_nr_hw_queues+0x390/0x1326 [ 3863.514950][ T7679] [] blk_mq_update_nr_hw_queues+0x32/0x4a [ 3863.516071][ T7679] [] nbd_start_device+0x140/0xc00 [ 3863.517024][ T7679] [] nbd_ioctl+0x474/0xd90 [ 3863.517881][ T7679] [] blkdev_ioctl+0x23c/0xca0 [ 3863.518828][ T7679] [] __riscv_sys_ioctl+0x18e/0x1e2 [ 3863.520256][ T7679] [] syscall_handler+0x94/0x118 [ 3863.521158][ T7679] [] do_trap_ecall_u+0x1aa/0x216 [ 3863.522064][ T7679] [] _new_vmalloc_restore_context_a0+0xc2/0xce [ 3865.333595][ T4486] block nbd2: Receive control failed (result -32) [ 3865.349005][ T4486] block nbd2: Receive control failed (result -32) [ 3865.387446][ T7679] block nbd2: shutting down sockets VM DIAGNOSIS: 02:08:28 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff809567fc mhartid 0000000000000000 mstatus 0000000a000001a2 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff861e63e4 vstvec 0000000000000000 mepc ffffffff804b663c sepc ffffffff80980452 vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000009 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 000000008004a000 sscratch 0000000000000000 satp a064e000000ad699 x0/zero 0000000000000000 x1/ra ffffffff800714de x2/sp ff20000000006c00 x3/gp ffffffff899f4f80 x4/tp ff6000001d56b480 x5/t0 ff20000000006e00 x6/t1 ffe37fff001566a6 x7/t2 000000000000001a x8/s0 ff20000000006d40 x9/s1 0000000000000000 x10/a0 ff1c000000ab3500 x11/a1 0000000000000000 x12/a2 0000000000000000 x13/a3 0000000000000002 x14/a4 0000000000000100 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 0000000000000000 x18/s2 0000000000000015 x19/s3 ff60000070fec900 x20/s4 0000000000000000 x21/s5 0000000020000000 x22/s6 0000000002580160 x23/s7 0000038374f075f8 x24/s8 0001f000003fffff x25/s9 ff60000072fec900 x26/s10 00000000000281f1 x27/s11 1fe4000000000e2c x28/t3 0000000003ffffff x29/t4 ffe37fff001566a6 x30/t5 ffe37fff001566a7 x31/t6 ff20000000006fa0 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff81d0111c mhartid 0000000000000001 mstatus 0000000a000000a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000020 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff861e63e4 vstvec 0000000000000000 mepc ffffffff8008378a sepc ffffffff81d66042 vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080048000 sscratch 0000000000000000 satp a064d000000abf0a x0/zero 0000000000000000 x1/ra ffffffff81d010fc x2/sp ff200000019d6a60 x3/gp ffffffff899f4f80 x4/tp ff6000001bb58000 x5/t0 6300000000000000 x6/t1 ffe3ffff0033ad44 x7/t2 63722d302e33312e x8/s0 ff200000019d6a90 x9/s1 ffffffff90d8bae0 x10/a0 ff2000000006d005 x11/a1 000000000000001f x12/a2 0000000000080000 x13/a3 ffffffff81d010fc x14/a4 1ffffffff21b1765 x15/a5 0000000000000000 x16/a6 0000000000000003 x17/a7 0000000000000003 x18/s2 0000000000000005 x19/s3 0000000000000000 x20/s4 0000000000000000 x21/s5 fffffffef21b17b6 x22/s6 fffffffef21b17b6 x23/s7 0000000000000003 x24/s8 fffffffef21b1766 x25/s9 ffffffff90d8bdb2 x26/s10 ffffffff90d8bdb0 x27/s11 ffffffff90d8bb30 x28/t3 ffffffff90badcb7 x29/t4 ffe3ffff0033ad44 x30/t5 ffe3ffff0033ad45 x31/t6 ffffffff90badcb7 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000