last executing test programs: 20.371875597s ago: executing program 3 (id=781): r0 = fanotify_init(0x0, 0x0) r1 = fanotify_init(0x20, 0x80000) r2 = fanotify_init(0x4, 0x0) r3 = epoll_create1(0x0) r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) fanotify_mark(r2, 0x1, 0x8000011, r4, 0x0) r5 = epoll_create1(0x0) r6 = fcntl$dupfd(r5, 0x2, 0xffffffffffffffff) fanotify_mark(r1, 0x1, 0x8000011, r6, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r7 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r7, 0x0, 0x0) 20.321473878s ago: executing program 3 (id=782): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x2, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}}) (async) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x2, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc04c560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x1, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "5c0a0551"}, 0x0, 0x1, {0x0}, 0x2, 0x20000000}) (async) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc04c560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x1, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "5c0a0551"}, 0x0, 0x1, {0x0}, 0x2, 0x20000000}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) accept4(r1, 0x0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x7, 0x0, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5, 0x0, &(0x7f0000000300)=[{}, {}, {}, {}, {0x4}], 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000340), 0xffff, r3}, 0x38) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000001000"/19, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100766c616e000000000c0002800600010000000000"], 0x3c}}, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000030400000000feffffff00000400", @ANYRES32=0x0, @ANYBLOB="00f7fe88d03937ca2f8641c5d97036000000000008001c006c800b000100531c4e82010c000280"], 0x3c}}, 0x0) r6 = openat$cgroup_type(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) write$cgroup_type(r6, &(0x7f0000000100), 0x9) (async) write$cgroup_type(r6, &(0x7f0000000100), 0x9) creat(&(0x7f0000000080)='./file0\x00', 0x0) (async) creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r8) (async) r9 = dup(r8) socket(0x10, 0x80002, 0x0) write$P9_RLERRORu(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="1c00000007ffff"], 0x52) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[{@version_u}]}}) connect$netrom(r4, &(0x7f0000000040)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) (async) connect$netrom(r4, &(0x7f0000000040)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0000000000000000000003000000080001800400028014"], 0x30}}, 0x0) r10 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r11, r12, &(0x7f0000000200)=@IORING_OP_CLOSE={0x13, 0x9}) (async) syz_io_uring_submit(r11, r12, &(0x7f0000000200)=@IORING_OP_CLOSE={0x13, 0x9}) io_uring_enter(r10, 0x0, 0x0, 0x0, 0x0, 0x0) 20.231588537s ago: executing program 3 (id=783): prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x60d00, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) preadv(r0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x10800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000440), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000002c0)={"90125830", 0x0, 0x5, 0x9, 0x0, 0x6, "471d855406050000c6a185480039d5", 'W\x00', "214619ed", "41f336e7", ["c81de44b0091fb7ce7442d42", "ed44d0ac45643699e300", "34334e67c300e1a4c49d3300", "e996c9c4d23135876ea2fff7"]}) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$sock_timeval(r2, 0x1, 0x67, 0x0, &(0x7f0000000880)) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x78) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) socket$kcm(0xa, 0x3, 0x87) ioctl$CEC_TRANSMIT(r1, 0xc0386105, 0x0) socket$kcm(0x11, 0x3, 0x0) r3 = socket(0x1e, 0x1, 0x0) connect$tipc(r3, 0x0, 0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0)={0x0, 0x72ae, 0x10}, 0x0, &(0x7f0000000280)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18010000110000000000000000000000181200", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10) getgroups(0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1}) 20.171426602s ago: executing program 3 (id=785): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r3 = syz_open_dev$loop(&(0x7f00000001c0), 0x3, 0x2) ioctl$IOC_PR_CLEAR(r3, 0x401070cd, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 19.922389395s ago: executing program 3 (id=786): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_int(r1, 0x1, 0x2a, 0x0, &(0x7f0000000500)) syz_usb_connect(0x3, 0x34, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef63"], 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24, 0x1, @mcast2, 0x6}, 0x1c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000040)={0x38, r5, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x38}}, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0) syz_pidfd_open(0x0, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000140)={0xfffeffff}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r7 = socket$inet6(0xa, 0x806, 0xfffffffc) bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5) setsockopt$sock_linger(r7, 0x1, 0xd, &(0x7f0000000180)={0x1, 0xfff}, 0x8) socket$inet_dccp(0x2, 0x6, 0x0) 18.96170006s ago: executing program 2 (id=789): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000000075c0000000e0a01020000000000000000010000000900020073797a32000000000900010073797a30"], 0xec}}, 0x0) (async) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000080), 0x200000, 0x4) (async) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 18.731691041s ago: executing program 2 (id=790): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/nfs', 0x0, 0x0) getdents(r2, &(0x7f00000019c0)=""/252, 0x18) getdents(r2, &(0x7f0000000080)=""/174, 0xae) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x34, r1, 0x1, 0x0, 0x0, {0x6, 0x0, 0x900}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}, @NLBL_UNLABEL_A_SECCTX={0xf, 0x7, 'unconfined\x00'}]}, 0x34}, 0x2, 0x34005}, 0x0) 18.731416513s ago: executing program 2 (id=791): socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) gettid() bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000004000000060000008000000042000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000040)="1002d7d957c9dc8dda937c7b61567297207adb3029e20544ec044c2fbb6bf865c9331165cb94d9fcb78cb57f9b40b11393c0030046c2e390f91dbd9ddf7accf1295f9abfb2b534ba", 0x0, 0x48) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x4002, &(0x7f0000000000)=0xfffffffffffffffe, 0x3, 0x0) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0xf4000000, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xa, 0x1, 0x0, 0x0, 0x2) syz_io_uring_setup(0x5e2, &(0x7f0000000340), &(0x7f0000000040)=0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0x0) r3 = openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x0, 0x12, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 18.630838593s ago: executing program 2 (id=792): pipe2(&(0x7f0000000080), 0x84800) (async) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_async', 0x292800, 0x102) (async) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_async', 0x292800, 0x102) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) dup(r3) (async) r5 = dup(r3) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000009000/0x1000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003000/0x4000)=nil}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r2, @ANYRES32, @ANYBLOB="00e0517cd700"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xf, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xf, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x0, 0x28, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) open(0x0, 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000008, 0x12, r4, 0x0) (async) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000008, 0x12, r4, 0x0) mlock2(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0) mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1) (async) mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1) mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) write(r8, &(0x7f0000000040)="09000000010000", 0x7) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r6, 0x0, r0, 0x0, 0x6, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3ff) (async) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3ff) fcntl$setstatus(r0, 0x4, 0x7c00) write$P9_RREAD(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="25682e3ac101001a000000f909fb29816eb2203fa6f48c509cdc722038507ffabba0a1655c"], 0x25) dup3(r9, r4, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000020acb"], 0x14}, 0x1, 0x0, 0x0, 0x81}, 0xa41447caa8d131c0) 18.491538399s ago: executing program 2 (id=793): prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x60d00, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) preadv(r0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x10800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000440), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000002c0)={"90125830", 0x0, 0x5, 0x9, 0x0, 0x6, "471d855406050000c6a185480039d5", 'W\x00', "214619ed", "41f336e7", ["c81de44b0091fb7ce7442d42", "ed44d0ac45643699e300", "34334e67c300e1a4c49d3300", "e996c9c4d23135876ea2fff7"]}) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$sock_timeval(r2, 0x1, 0x67, 0x0, &(0x7f0000000880)) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x78) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) socket$kcm(0xa, 0x3, 0x87) ioctl$CEC_TRANSMIT(r1, 0xc0386105, 0x0) socket$kcm(0x11, 0x3, 0x0) r3 = socket(0x1e, 0x1, 0x0) connect$tipc(r3, 0x0, 0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0)={0x0, 0x72ae, 0x10}, 0x0, &(0x7f0000000280)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10) getgroups(0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1}) 18.491317883s ago: executing program 2 (id=794): mknod$loop(&(0x7f0000000280)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='hfsplus\x00', 0x8000, 0x0) (fail_nth: 29) 17.171572494s ago: executing program 1 (id=799): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='map_files\x00') r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r3, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8000000000000001}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x100}]}, 0x30}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86ddf9fffffffffffffffc010000000000000000000000000000fe8000000000000000000000000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xa}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_emit_ethernet(0xec, &(0x7f0000000580)={@random="54ac2dbbaa9b", @empty, @val={@void, {0x8100, 0x1, 0x1, 0x3}}, {@mpls_mc={0x8848, {[{0x8001, 0x0, 0x1}], @llc={@llc={0x4e, 0xff, "e001", "58322b6479931cdef93a74105e7c03354eb3618d40351034e9f29141098709322fd984c5c840a559b4d1d3021fca6172c193a70518e2120eabccee418882ef8109e15d1d78719c204fc9616438b209ce41f7e3fb63017917c0891993bc71c2570134eb0d0ed10836e5a5ab76d99f3bb19bc78183a6e0613436c5f426446850b6db97ae1502286e3a8a7069f8bcf52106a8b0436e17f7e3af8a9aefbdf26b2f6328ad6273561d1411d334580099bd1a4f1fedb0844369418843686819a3fa54cf2ed8dee8fe7b03d4442d6069bbf4e4a95fdd"}}}}}}, &(0x7f0000000340)={0x0, 0x2, [0x587, 0xa40, 0x2d7, 0x21a]}) r6 = openat$hpet(0xffffff9c, &(0x7f0000000080), 0x765400, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x1000, 0x2}) r7 = accept4(r5, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000000b40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r8 = openat$fb1(0xffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x3f, 0x0, 0x1, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) sendmsg$nl_netfilter(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f000000a400)={0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, {}, [@typed={0xa9, 0x0, 0x0, 0x0, @binary="4c29ef4f7a96f263b46c720abe53d401cbc43a36f31a4354d5a9924f4360deec07340942c7dea7e10076d90019c18708463ab4442355a6955ffa816cc6c314fa8d3cf4e5661397df386d83ba4b1ab4b9876ccd6826e7e7be419f0e907360f799e83d9786f0e65e0ce1ba8cb79f906e375b5079320e149b43ae44d0315ede375b75b11c8a4210c3a00c24f330385c19aade2d43aeb2f63f18b46746c9b857b8f382a8c2b29a"}, @nested={0x4}, @typed={0x8, 0x0, 0x0, 0x0, @u32=0x1}, @nested={0xf31, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@mcast1}, @generic="7011d9696d208339e4beeea99e7cff779d988be5162138b45f9a3d640ccbcdc5d8e4837250d826f9453dd01f96d88266dad6a0760f0ce792e77fab61e8255296051cb24fa593e00f344a672e0e2d81de785238200dd281d13e6a8f45ef0c6ba590b2f81aca936927d38b1402cb7bc28c8aca6d9a46006947421af4c5ac737c017de5dead2c736a8acb2793917dad3702d0516c4641ca1579d372a8cb05477462e83d3fc98d3176c632ea744c8ac77b399848c2ef536aa76a592bf97d04ff902c72741464871441e91edb1a9605e19c4dc6ad1e973859363b56ec2bb59a3bc8b23606ccfbaf3c16167437c4110a34bf6cc715a0147af006e855abc3afdd7d540c75b207325fbfb989a2fada15d3ce8e47be12224303c919d9c7144701a5d91363cc76987392ee0cf17341140fc6fe40441a9b0e0dd31090351c5026e32f18ca56071a1bd107ca3d74bade29224c09fd888384c50d9eba768ef781167b65b58f26a9305fe42f4bb65f1aa21f0ee04841082250f1d58a83bdbf0c12cd0a41aef51b4cdcdf72d689eeb313885068e275ddf46b22aa1d522f48f1864b004dd6d60a361230546b3eb4eb0ebdefc83d2a544638cc74f5fec6caaf5226df5d4b883790d53228b745da38f3d4c431d0eae5a6cb3fcb8cd9b92b2a53d5601b50a087cb3573a0b677e500e014c8bb1a927a1a11dbe33b9b66a1e128ed27db4594eab0ad42d580f79e17c956a40980992936c843e31cc76c6652247d4fe3ad1dcbdebe0fb51f6df5f0b070ee6d32ea244b4fffcdfe74977f2bdae8f19c9087e2d29198919db262b30763f5404960cda3f1e17f21d0143559a64f40895bab3f7251f9a14f0b6e995dee322d21f45b4ce62ab5f7642c2dbe3515760668ff15f957062cd9ae0e1aeca6c342adb07c03fddd3163e2c315cff1ec52ee7fbd1bd633bee9388d340be2111e7250b0333e7d3bee790e7b57b482884a50613ebf8529784d34b74a96f9d7eac48ebf912ff283dd3be129c74ac31a9fa0c3fd45447f35eeb8f77c5e61a84924aa3a052c95b51efdf3adcd4ebfce06c40cfdb8af155ae83b63e598c28f73c3217b65f4d358ef201150911fb12ce6db1d43e7f18270c1fe357a162e35596f5590dbd0ed6766666dbfc7b3d0bf5a5c7ccc8b8c280aa62ac41e16dae58bc780347a637bda16fe0811c84bf3dcc557fe64c703c78254fb299e0b9053cf5fd32d46c73d8c060ef913fda5198724c82f96c980bba0f1fc47fbbb6f94e7cf8f0bc8f9a357a9a764125972570e66cc2a19f329b6fbb496523ee6995323c1617cac1a1cea0cbd5ab9bc31d6b45ce136428bbc8e66d72b100a26c136fe5269dec30a7e5eb3e82f80acf41f9fcc985b15008b9e1b28db9a19424fefff95aa4523d7bd6610f67f12998734f792be3f21d9f13b56136bcfc78d3575863b6afe4183a358f5e03618783b6d9b2417d703a010ec09c7403716792cbe82aa15ff6e9c1a5642011803d488c2297544862f0565fcd400983be26a95fc18bb3cc7890f683b9cf5cefd3244718c081e6fe5deb190f5f766abbbd0e1055c030425e4565d36a489082d7e5b661a90d9f805aa3734c61b1242eff4b22e90b1835eddc01a70f746347d4f04be706c11e06979e6e0bbe4e79d8d7f5f78cf31919901a3e054299ffe5ec8cb55dcbe5fa9d79b9eb33d450540824cc15076905bfde314677048065582864df956ec54095832ff820e1d29086143f0373c93c85e35e8ac0a18f7d3c435c40fa68bc2eb1d48cabf53ecdcc70d27e6ec8d57fc496e9156a30b2b51a877af0efd1d6831dd1f77c074f3c22ae30cbdda58db7d2b877ab7fbf3c59c640cbbeaa6e6e1b104c6d50b5bb1058750e19864651a5da1b8c7d2ce06a9ab333f2682c35e7c4abde51d70c291ced939bb36ddb7fa6afb930a30fd21a26306aa48c44a52846b2acc3636d5d8b4f2243734e87ce7d070e34bc242579d019bf63a244e63fb74829880d0831bf717e9cb9c88ce41b7a090f91c8f4b9977b70b2e98fcbaa06faf1dc2fac3f4a9478fa1126b2c480665565c2c9359a440b3a50139aa4390146414b092898e02976af7f6110c8ad02b1eb21c1679128d4606a02ebaf1a204f9986c0ceadb943c70c347411f61265da0ef4eb7385c8776817086b058a60f9d288ad401087764baa4274d877ac08732deba3acb8c843f5dee2a9e82abf11594c2d0c858b68e655a0727ab1a939135bf21bb764502098d9fdf185a4bb09b3295046f21cb2a5420ca605a02fe3c6972600074ffb490b58cadaaa538180a4437fcb9810fef4b32ac836c6bbcc67adeade9d4375c4bab62e3b062945b5e0824a6d102d32ad288e7204b04811245212640894a37fc0cbe7beb657f34b253b055abf109deac6f8e2c6000d8a29527f00c4a8daf98d65bd993dbc850ac4cb58569c862ed906d84db88f9743419acaaac70df0aab27a704a545b71eb31ac9d4b72c7d82165f9b0121d5ea7e9e27701a149bad87ec9625ec6b62aac5ce0ac4ea21738bc65cfeb81a0d151ae61f590b256395eb14ddabd696527f08c0b8873cb5f8c2c6ddb56507332178d849b521292090c81a1ef506c1ff954957c490efd3b6338a64faf4e5cb1cd1c4f4abe7a9d7ae378c6240bdeb5bae22279e8e5cb6fd0e298d11ea0f0f711d1cc192ab256a192bdb342844ba94d9eb6c77b9263a675e8163deea69d47b1d3dfdb028b8bbbe4561e659053e3567ed877340aef2190b2abe78604dc24da8b446c9a4985b2811028c8d6b8b89a80349a802985c5e217a059cd139d095df3403002710c9b0a1059f70ecba514549bd0050cf9dcb511135b4a2e5d0bf420520aa408475c8d316cb04947040fabf39b7f0951db02084f556329eb211554df69bb4e8e72f57540d5dabd7564dbc912bb25ae4ae66b95a99c45a45d0a7250079f15b691fe0829f2baf7e4ec18293f1fb67811ead33051f4f564fe41233cd14b76212abdb2986c887d730f2175ae805e9439d0378583a761b6e593054472a8bca92ec642687e242b6a93e78ceb1c0f0a449dafda15c1e81d6c4ecc41cf1c8ea1482ed8f7ad2d1c14de582f212989e0c254ac020468a4f08d11609f6fc19ef09ad563218db930b0e4d1c096627ebc04d374d5d44fb56514200602a0cd1c468450ab8f294daaf1bc8c9dd417f7a7f23a5cc3c80af620bc12c44fd64a795938b531873908837efe8d0d2237bd6c9255a097a022d68bb70db4807c91fb4e91c31039de5267ec27eb1f8268b7d23aafd9e05e6cdf68d7bc2f8a701591331401fb0a9219836366da8daee74456f06b6b0b1d12821f501afd6ff35baf484357a3f04a9519769a2f397b2a446bf70647fbfbab9aadc4f7e0e86ef54d24cc25266a3204403a25eaa19923e5acf2793bdc5405c0736a1283fe42e479acaf25f373a958e7555ab7cfc767aa5d4a200e57d8d3710bdf1d68183d9d19762b0219bb67c779293f2f06792e43a3537b2a8c441835f59acf5090555407a2267c54b2a32f439d5cf5da86a7a068e0276ad1a8b0540f90822dae3a35f0b94d55530285fa45e65e8f720ea797d5f8ac37deb8a5e4b009ad1c1ba06fb03c9e5e202dbfce1f43616e8a8b22e48f60c54cb03590a56ac2075a5da07e78e29161edcd3732c284f5c7b927e39e9cd1e9e457399aca0caffec9164f96722e906d439f9eb2329e854d775f3b7f1d2627a7677aa1601be88f57575fe3d61412d8753141ca8fb795d2376d50db1555fc436ad65dbfcb27e2319a022344cf75e860d11d2edd81e2a6c6464eb41d6f9920b472066ce724a484020b9ce868addd7c929307b99f42bf2e4f8b05a4bc72003825dad5f9a1f39e113b310647c7cd78ff4dfea1fb051a50cd81989adea243ee26e2bdc22bcd81104c3f8e3b52a791938a60cd6250fd83b9adfa8f709e41da4c7731d32dd55233bb31a713dfd710e42e10abf08af939594f5815b64efa47f18ed1ed797d5f42f1ee56309dff7641ff51072444d5e97cc638317277189bbb092fa7b68d832e7a5b1b4aca3cf7f215ebaba992f295f71b79711475f9378e47c6df7aa20f5bd09cc0f9fffb179327f6db91e3a1eea52bfb1e021737211a7789c2387bfef05050d4233789c082015daf47e4cec40f8a50ddc55c5b0633850cc56e52e94f4b6ebc0621d8e30231416bd69f7ef93ba1e209c8866ce7eba60bd77d822477abdc1e220e0b39b5663b86b13f6a46f8290e39cb46d6bfc33795631a9801e363a0d722979807839c99e5ae5b520c56721535924bc87ca703bfe8d722b802595341c867bf9b2d820176cdf07c7d5f4264b4cefca3f0644d76997e9cf9163fea973eff93ee6453d593604babe9c99891d435e51b93db97a49175743b4c7c1c8608a78d34fd544e7ee89582079ab9593365987fdae8817ce10590b08b87742493337f9baeddc5d42f65c47f964399f8269fb7406d7bfe5c8f19336c862db319c02154772b65519bc36cd93e8b7818083b1b1d60de2d8816f5cc8f884b39314dd4b6a8b856b3fba7c20c49cf49c4a3479ce34682db0d7e48b06e2089807ceae3c59690a32c8369d46efc3f42f5ffbd9194fceced2dd8b1b5911becd38c51c695569a530f6be9966ec8e15d49c8b7da0dfa5444be0600198aae59d2e8a9bbbaeb3d0ae41b9279706cf0a91f4cc14fc0858eebf6598207024a4bd18c7c62bcee7d97683f9ac8ae979e7588a79fc664c68f3f3895e0eaa8f8c511672c0b2a4e2db7bf84820800e924fbe3d41fb0c6d2ee0f96f6c619de32710dec697816105974f5d07548c6553d2c3cae88296087ac6b92453f340a84e827052c351c0379ee4518da1409249fa06deca2cfb732e2c81d1420f4762a60982b99dd35e3e1da467147aff1a8909f58789361bff9778a5114ece777b94eaf723d7cbc37f5814d919b82c23ee2925377ce7838bb85c3b177588cd7677545cf17a17beba62d59ba8fb1f60d93ed3d3e020bf94f519dee213b99bb542a99ed6039bef2b9cf24d2469e262ce7399fa37a0c21f26da08b2454705b39d468bcd6155b0fdd44ec5f2b244ec1f4fd3ac8148b80024c0fb20d033da2272575b06679560f754761bd2e1aaa5e76a9f2d01fc87872a08c51bb5cda567c5a8429d4ba2443d955dc0f93bcf6d37ee53752e8bf3dd97950031f632778828da8b76a9534456a459179a347f6c6699ddc5629842ed7e8f93c0c989c70c7fd3376d6ed000924c87b48027e2833e27f5ed4a31cd871ab27b4e69a8272b7fb8c839fb4bd4871837910c569a8f260850efe85b8206703682c75465cd270b79bc4d799b212798f501e51d45d817c280be1649118ae3beea0ab20b364e8c4d4b8c1d287fd111b04bb5ac618f1b5dee9e92762897e71fcd2e0916be170ff039e6ea6e9d5b3002dcc7aa0f854e2509e3a0b913f6410c0751bd9598f3f6ed9842f551ae1d"]}]}, 0x1000}}, 0x0) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r10, 0xae80, 0x0) 16.870807274s ago: executing program 3 (id=804): r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x300, 0x0}}, 0xfdbc) 16.241649921s ago: executing program 1 (id=808): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_mtu(r1, 0x29, 0x3e, 0x0, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r2, 0x29, 0xb, 0x0, 0x0) inotify_init1(0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="181600000000000000000000000000001801000020207025"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000c40)=ANY=[@ANYBLOB="02002302230102090500000010000020d3ad"]) setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20008811) sendto$inet6(r2, &(0x7f0000000240)="c4a2d0bb7804d07cb30f78c122351cb8ccca3917c3d6fbe78a10d7e07b02", 0x1e, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x5e) recvmmsg(0xffffffffffffffff, &(0x7f0000000bc0), 0x0, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x20, 0x2, 0x3, 0x401, 0x0, 0x0, {0xa, 0x0, 0x10}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0x4, 0x2}}]}, 0x20}}, 0x20000050) sendmsg$NFQNL_MSG_VERDICT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0x14, 0x3, 0x3, 0x201}, 0x14}}, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000b00)={0x5f, "abacd211119ca9c757c6cc8a0333b52c7b9c4cfa07558139ede6dc06270ef042", 0xffffffffffffffff}) ppoll(&(0x7f0000000180)=[{r6, 0x4080}], 0x1, 0x0, 0x0, 0x0) 15.381438721s ago: executing program 1 (id=812): r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_open_dev$usbfs(0x0, 0x77, 0x581280) r2 = open_tree(0xffffffffffffff9c, 0x0, 0x9801) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket(0x15, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x2711, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0x2a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_type(r6, &(0x7f0000000280), 0x9) r7 = openat$cgroup_procs(r2, &(0x7f0000000240)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000c40), 0x12) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$inet_mptcp(0x2, 0x1, 0x106) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)={0x24, r10, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_P2P_OPPPS={0x5}]}, 0x24}}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_clone(0x24084200, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)) syz_clone(0x40020000, 0x0, 0x0, 0x0, 0x0, 0x0) r12 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$int_in(r12, 0x5421, &(0x7f0000001100)=0x9) connect$bt_sco(r12, &(0x7f0000000040)={0x1f, @fixed}, 0x8) 14.930116936s ago: executing program 1 (id=816): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) preadv(r0, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f00000001c0)={0x10, "0724162f92b4aa7d67944074955d5d3433f174d22b867cf4ed1eaa057c599339a43ec79bed9d289148e81efce9b172329545fe3cac9e90b6abbf26a8b2cc61f66ef1b790065ce32526ea5d2f053cede71e9efacd76be218832d9b5bf239034013ef5b90145bba38621b1f7dad0df9b030b12aafb1fe0c09fb9cbd0f538ce1f84"}) setresuid(0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000300)={{{@in=@private, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@initdev}}, &(0x7f0000000000)=0x137) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/route\x00') read$FUSE(r2, &(0x7f0000007700)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r4 = memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8f#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00'/1301, 0x3) fcntl$addseals(r4, 0x409, 0x10) mmap(&(0x7f0000bb3000/0x4000)=nil, 0x4000, 0x2, 0x13, r4, 0x0) setresgid(r3, 0xffffffffffffffff, 0xffffffffffffffff) chown(0x0, r1, r3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = memfd_create(&(0x7f0000000280)='%\x00', 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r5, 0x0) r6 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) io_uring_setup(0x252f, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r8, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) syz_emit_ethernet(0x7e, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd6076b2af00482f00fe880000000000000000000000000001ff0200000000000000000000000000010000883ee655c644a71c"], 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c000000020605000a000ab48d32eaeaeb950000100003006269746d61703a706f72740005000400000000000900020073797a30050005000000000005000100060000001400078006000440000000000600055d00000000"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2c, 0x9, 0x6, 0x5, 0xa, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}}, 0x0) 14.928366875s ago: executing program 0 (id=817): r0 = gettid() fcntl$setown(0xffffffffffffffff, 0x8, r0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000ace) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10) arch_prctl$ARCH_SET_CPUID(0x1012, 0x10201) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc058534f, &(0x7f00000001c0)={{0x3, 0xfd}, 0x1, 0x3, 0x0, {}, 0xe}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', 0xffffffffffffffff, 0x0, 0x46}, 0x18) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r5 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r6 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r5) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000140)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r5}) keyctl$restrict_keyring(0x1d, r6, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = getpid() process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_xfrm(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000880)=ANY=[@ANYBLOB="90010000160001040000004000000000ac1414aa000000000000000000000000ff0100000000000000000000000000010000000000000002020000000c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff00000000000000000000000000000000330000000000000000000000000000000000000100000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000000000000000000000000800000000000000000000060000000004000000000000023500000a0000ff9400000000000000ad0400006d00120061656769733132386c2d6165736e690000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008010000000100006405356b0cf2a4763d36c98c5a0a2b9fe805d86359af02c8d1e59f5511627bb6790000000c000f00ee0100000000000014000e00fe8000000000000000000000000000000c0015000000000029f3ffff"], 0x190}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801) 5.781303585s ago: executing program 1 (id=818): r0 = gettid() fcntl$setown(0xffffffffffffffff, 0x8, r0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f00000001c0)={{0x3, 0xfd}, 0x1, 0x3, 0x0, {}, 0xe}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) gettid() r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f000000fd00), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001a0000000c00228004020080040000800500"], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0xc0844123, &(0x7f0000000080)=0x7b1) (fail_nth: 2) 5.021746235s ago: executing program 0 (id=821): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000480)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e220000ff0000f03ac71008000000ff00ffffffffffffffe7ee00000000000000002d00000000", 0x3f}, {&(0x7f0000000700)="6b3e7b6f91fbf72b37592dfb2e782f10d31a212219d0b6b9ac88ba1055cacb205111f200c748e4499dfa670705dbac48244b46530b6f2d2f31e454c819e646dc3c0e79ff83d6ddbe65522a50c54c865c52324c061602472942d04cec7fe629e61f94f8989ec11ba49efbc93ee12d8b1dae927e122034a49baac2b26a8aedf1defeecef9872ae16d743d45818354f7cb1bf02e4f898d503e45018ed8c47f1f940c559d5056e709437ebdfb21ac14c6fa50985482d2dabcf29b5b5ae47f1f1775ee04f057a28368640d9", 0xc9}, {&(0x7f0000000800)="6ba9beaacaa0b185d98892358b66aef04e2c27b3a90f3ee68cdc7089381356ae1cda1e6090a3fcd1c1bd5ec6ce43ed8f3e53cae99fc3b102bdf84930d8eb2104c2100820913bfc7d896956179f79f5b0981e64180d199fa90bd428b478a4b88bb826ce7b31eb50564a1936a9ef50811fe9adf15695d44afa3aed4907fad7a5b2f869f4d2966e2a45e97863736c5a248aeb1e67bb84461139bb", 0x99}], 0x3) 5.021368961s ago: executing program 0 (id=822): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000cc0)={0x28, r0, 0x1, 0x0, 0x0, {{0xa}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x6}]}]}, 0x28}}, 0x0) (async, rerun: 32) r3 = socket$inet6(0x10, 0x2, 0x0) (rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) r7 = socket$netlink(0x10, 0x3, 0x0) (async) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) (async) getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001300)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x1ff}, @TCA_TBF_PARMS={0x28}]}}]}, 0x60}}, 0x0) (async, rerun: 32) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0xffffffffffffffbe, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x25, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0x0, 0xfff1}}}, 0x24}}, 0x0) (async, rerun: 32) sendmsg$NL80211_CMD_NEW_STATION(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000140)={0x30, r6, 0xb97534d5fe9704cf, 0x0, 0x0, {{0x12}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x100}]}, 0x30}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 4.961466299s ago: executing program 0 (id=823): prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x60d00, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) preadv(r0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x10800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000440), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000002c0)={"90125830", 0x0, 0x5, 0x9, 0x0, 0x6, "471d855406050000c6a185480039d5", 'W\x00', "214619ed", "41f336e7", ["c81de44b0091fb7ce7442d42", "ed44d0ac45643699e300", "34334e67c300e1a4c49d3300", "e996c9c4d23135876ea2fff7"]}) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$sock_timeval(r2, 0x1, 0x67, 0x0, &(0x7f0000000880)) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x78) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) socket$kcm(0xa, 0x3, 0x87) ioctl$CEC_TRANSMIT(r1, 0xc0386105, 0x0) socket$kcm(0x11, 0x3, 0x0) r3 = socket(0x1e, 0x1, 0x0) connect$tipc(r3, 0x0, 0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0)={0x0, 0x72ae, 0x10}, 0x0, &(0x7f0000000280)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10) getgroups(0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1}) 4.959998426s ago: executing program 0 (id=824): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) syz_io_uring_setup(0x1e45, &(0x7f0000000780), 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111}}, 0x20) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x1}]}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) ioctl$TIOCGRS485(r0, 0x542e, &(0x7f0000000040)) r5 = syz_open_dev$sg(&(0x7f0000000000), 0x1, 0x4a083) ioctl$SG_IO(r5, 0x2285, &(0x7f0000000580)={0x53, 0x0, 0x6, 0x4, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000440)="8518a7a093f1", 0x0, 0x10000, 0x4, 0x0, 0x0}) r6 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip_vti0\x00', &(0x7f00000001c0)={'gre0\x00', r4, 0x40, 0x80, 0x0, 0x0, {{0x8, 0x4, 0x2, 0x4, 0x20, 0x65, 0x0, 0x5, 0x4, 0x0, @multicast1, @rand_addr=0x64010100, {[@end, @generic={0x44, 0x9, "51c0c9a2b76149"}]}}}}}) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x9f5f, 0x8, 0xfffffffa, 0x400, r6, 0x0, '\x00', r7, 0xffffffffffffffff, 0x1, 0x4, 0x2, 0xd, @void, @value, @void, @value}, 0x50) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000c6495da7be05d86542580b388355bbdcb5a4665a982c905a26b8abc91e9eba78175f335a792b387a8e827953027219fb2ad4ca9f1f2b01f235001cb63c826c673a893beeff708869969a6725e3ddf705f4da2568b1238e5e4c556e1c7d590722e902"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x68, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfede, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r9}, 0x10) map_shadow_stack(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r4, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2, 0x0, 0x800}, 0x0) 499.927µs ago: executing program 1 (id=825): syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="d6", 0x1}], 0x17) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) r2 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x380000, @empty}, 0x1c) 0s ago: executing program 0 (id=826): r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x4000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='tlb_flush\x00'}, 0x18) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x0, 0x0}) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYRESOCT=r1], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, 0x0}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r7, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x300, 0x2}}, 0x10, 0x0}, 0x0) r8 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r8, 0x6628, 0x0) write$P9_RVERSION(r8, &(0x7f0000000440)=ANY=[@ANYBLOB="1500000065ffffffff000008003950323030302e7592f1fe56a48caae4b7a47e498f3795829da7b32bb6551b83a86ef73589c4e922c9324d541b9d9eed7c48aa4e2f23df3a6b665cda03a044d395787795e8a065300f82b1d4f60163"], 0x15) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000800)={'sit0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400230300000008000100000a000000", @ANYRES32=r11, @ANYBLOB="0800080000040000140001"], 0x34}}, 0x0) read$FUSE(r8, &(0x7f0000000640)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r8, &(0x7f0000000180)={0x18, 0x0, r12}, 0x18) r13 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r13, &(0x7f0000000140)=0x400900, 0x12) socket$netlink(0x10, 0x3, 0x5) kernel console output (not intermixed with test programs): mm: syz.1.457 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 142.406616][ T6963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.409422][ T6963] Call Trace: [ 142.410324][ T6963] [ 142.411120][ T6963] dump_stack_lvl+0x16c/0x1f0 [ 142.412360][ T6963] should_fail_ex+0x497/0x5b0 [ 142.413603][ T6963] ? fs_reclaim_acquire+0xae/0x160 [ 142.414959][ T6963] should_failslab+0xc2/0x120 [ 142.416203][ T6963] __kmalloc_cache_noprof+0x6b/0x310 [ 142.417589][ T6963] ? register_netdevice+0x504/0x1e20 [ 142.418999][ T6963] register_netdevice+0x504/0x1e20 [ 142.420351][ T6963] ? kasan_save_track+0x14/0x30 [ 142.421659][ T6963] ? __pfx_register_netdevice+0x10/0x10 [ 142.423125][ T6963] ? alloc_netdev_mqs+0xf2a/0x12a0 [ 142.424458][ T6963] ? validate_linkmsg+0x6d2/0x9a0 [ 142.425790][ T6963] br_dev_newlink+0x27/0x110 [ 142.427022][ T6963] ? __pfx_br_dev_newlink+0x10/0x10 [ 142.428386][ T6963] __rtnl_newlink+0x119c/0x1920 [ 142.429684][ T6963] ? __pfx___rtnl_newlink+0x10/0x10 [ 142.431085][ T6963] rtnl_newlink+0x67/0xa0 [ 142.432238][ T6963] ? __pfx_rtnl_newlink+0x10/0x10 [ 142.433554][ T6963] rtnetlink_rcv_msg+0x3c7/0xea0 [ 142.434876][ T6963] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 142.436307][ T6963] ? __pfx___dev_queue_xmit+0x10/0x10 [ 142.437726][ T6963] netlink_rcv_skb+0x165/0x410 [ 142.438993][ T6963] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 142.440416][ T6963] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 142.441795][ T6963] ? netlink_deliver_tap+0x1ae/0xcf0 [ 142.443189][ T6963] netlink_unicast+0x53c/0x7f0 [ 142.444441][ T6963] ? __pfx_netlink_unicast+0x10/0x10 [ 142.445816][ T6963] ? __phys_addr_symbol+0x30/0x80 [ 142.447156][ T6963] ? __check_object_size+0x4a1/0x710 [ 142.448529][ T6963] netlink_sendmsg+0x8b8/0xd70 [ 142.449785][ T6963] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.451191][ T6963] ? lock_acquire+0x2f/0xb0 [ 142.452388][ T6963] ____sys_sendmsg+0x9ae/0xb40 [ 142.453638][ T6963] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.455020][ T6963] ? get_compat_msghdr+0x11b/0x170 [ 142.456371][ T6963] ? __pfx___lock_acquire+0x10/0x10 [ 142.457749][ T6963] ___sys_sendmsg+0x135/0x1e0 [ 142.459000][ T6963] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.460522][ T6963] ? lock_acquire+0x2f/0xb0 [ 142.461718][ T6963] ? __fget_files+0x40/0x3f0 [ 142.462950][ T6963] ? fdget+0x176/0x210 [ 142.464015][ T6963] __sys_sendmsg+0x117/0x1f0 [ 142.465235][ T6963] ? __pfx___sys_sendmsg+0x10/0x10 [ 142.466579][ T6963] ? __fget_files+0x244/0x3f0 [ 142.467815][ T6963] __do_fast_syscall_32+0x73/0x120 [ 142.469150][ T6963] do_fast_syscall_32+0x32/0x80 [ 142.470433][ T6963] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 142.472101][ T6963] RIP: 0023:0xf741e579 [ 142.473180][ T6963] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 142.478186][ T6963] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 142.480348][ T6963] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 142.482385][ T6963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 142.484442][ T6963] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 142.486487][ T6963] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 142.488544][ T6963] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 142.490724][ T6963] [ 143.885905][ T6987] io-wq is not configured for unbound workers [ 144.065481][ T5384] libceph: connect (1)[c::]:6789 error -101 [ 144.069808][ T5384] libceph: mon0 (1)[c::]:6789 connect error [ 144.074123][ T5384] libceph: connect (1)[c::]:6789 error -101 [ 144.076480][ T5384] libceph: mon0 (1)[c::]:6789 connect error [ 144.223784][ T6999] ceph: No mds server is up or the cluster is laggy [ 144.238944][ T5355] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 145.077553][ T7022] random: crng reseeded on system resumption [ 145.112882][ T7024] FAULT_INJECTION: forcing a failure. [ 145.112882][ T7024] name failslab, interval 1, probability 0, space 0, times 0 [ 145.116590][ T7024] CPU: 1 UID: 0 PID: 7024 Comm: syz.1.474 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 145.119693][ T7024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 145.122397][ T7024] Call Trace: [ 145.123305][ T7024] [ 145.124135][ T7024] dump_stack_lvl+0x16c/0x1f0 [ 145.125471][ T7024] should_fail_ex+0x497/0x5b0 [ 145.126998][ T7024] ? fs_reclaim_acquire+0xae/0x160 [ 145.128443][ T7024] should_failslab+0xc2/0x120 [ 145.129700][ T7024] __kmalloc_cache_noprof+0x6b/0x310 [ 145.131110][ T7024] ? snd_pcm_hw_param_near.constprop.0+0xbe/0x8f0 [ 145.132783][ T7024] snd_pcm_hw_param_near.constprop.0+0xbe/0x8f0 [ 145.134376][ T7024] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 145.136167][ T7024] ? snd_pcm_oss_change_params_locked+0x947/0x3a50 [ 145.137809][ T7024] snd_pcm_oss_change_params_locked+0x9b9/0x3a50 [ 145.139471][ T7024] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 145.141213][ T7024] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 145.142946][ T7024] ? __mutex_lock+0x1a6/0x9c0 [ 145.144222][ T7024] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 145.145963][ T7024] snd_pcm_oss_ioctl+0x21d5/0x3780 [ 145.147654][ T7024] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 145.149009][ T7024] ? __fget_files+0x244/0x3f0 [ 145.150415][ T7024] ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10 [ 145.151990][ T7024] __do_compat_sys_ioctl+0x259/0x2b0 [ 145.153283][ T7024] __do_fast_syscall_32+0x73/0x120 [ 145.154621][ T7024] do_fast_syscall_32+0x32/0x80 [ 145.156018][ T7024] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 145.157703][ T7024] RIP: 0023:0xf741e579 [ 145.158755][ T7024] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 145.164033][ T7024] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 145.166254][ T7024] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045002 [ 145.168240][ T7024] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 145.170314][ T7024] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 145.172427][ T7024] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 145.174756][ T7024] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 145.177264][ T7024] [ 145.384724][ T7040] netlink: 'syz.1.480': attribute type 9 has an invalid length. [ 145.386841][ T7040] netlink: 134672 bytes leftover after parsing attributes in process `syz.1.480'. [ 145.391390][ T7040] openvswitch: netlink: Port -524278 exceeds max allowable 65535 [ 145.546869][ T7052] binder_alloc: 7051: pid 7051 spamming oneway? 1 buffers allocated for a total size of 4096 [ 145.598055][ T5384] libceph: connect (1)[c::]:6789 error -101 [ 145.601387][ T5384] libceph: mon0 (1)[c::]:6789 connect error [ 145.604813][ T7053] netlink: 'syz.1.483': attribute type 4 has an invalid length. [ 145.637241][ T7053] netlink: 'syz.1.483': attribute type 4 has an invalid length. [ 145.868914][ T5384] libceph: connect (1)[c::]:6789 error -101 [ 145.871287][ T5384] libceph: mon0 (1)[c::]:6789 connect error [ 145.973122][ T7062] netlink: 20 bytes leftover after parsing attributes in process `syz.1.488'. [ 146.053867][ T7064] tipc: Started in network mode [ 146.055639][ T7064] tipc: Node identity ac1414aa, cluster identity 4711 [ 146.058314][ T7064] FAULT_INJECTION: forcing a failure. [ 146.058314][ T7064] name failslab, interval 1, probability 0, space 0, times 0 [ 146.066711][ T7064] CPU: 0 UID: 0 PID: 7064 Comm: syz.1.489 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 146.069550][ T7064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 146.072418][ T7064] Call Trace: [ 146.073319][ T7064] [ 146.074116][ T7064] dump_stack_lvl+0x16c/0x1f0 [ 146.075530][ T7064] should_fail_ex+0x497/0x5b0 [ 146.076858][ T7064] should_failslab+0xc2/0x120 [ 146.078108][ T7064] __kmalloc_cache_noprof+0x6b/0x310 [ 146.079707][ T7064] ? tipc_mon_create+0xef/0x5e0 [ 146.081047][ T7064] tipc_mon_create+0xef/0x5e0 [ 146.082308][ T7064] tipc_enable_bearer+0xa48/0xfa0 [ 146.083663][ T7064] ? __pfx_tipc_enable_bearer+0x10/0x10 [ 146.085155][ T7064] ? bpf_trace_run2+0x2a6/0x590 [ 146.086546][ T7064] ? __mutex_trylock_common+0xea/0x250 [ 146.087990][ T7064] ? __nla_parse+0x40/0x60 [ 146.089221][ T7064] __tipc_nl_bearer_enable+0x32a/0x420 [ 146.090675][ T7064] ? __mutex_lock+0x1a6/0x9c0 [ 146.091924][ T7064] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 146.093504][ T7064] ? __pfx___mutex_lock+0x10/0x10 [ 146.094893][ T7064] ? __nla_parse+0x40/0x60 [ 146.096104][ T7064] tipc_nl_bearer_enable+0x21/0x40 [ 146.097466][ T7064] genl_family_rcv_msg_doit+0x202/0x2f0 [ 146.098931][ T7064] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 146.100564][ T7064] ? __radix_tree_lookup+0x21f/0x2c0 [ 146.101947][ T7064] genl_rcv_msg+0x565/0x800 [ 146.103161][ T7064] ? __pfx_genl_rcv_msg+0x10/0x10 [ 146.104590][ T7064] ? __pfx_tipc_nl_bearer_enable+0x10/0x10 [ 146.106223][ T7064] netlink_rcv_skb+0x165/0x410 [ 146.107499][ T7064] ? __pfx_genl_rcv_msg+0x10/0x10 [ 146.108790][ T7064] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 146.110238][ T7064] ? down_read+0xc9/0x330 [ 146.111370][ T7064] ? __pfx_down_read+0x10/0x10 [ 146.112613][ T7064] ? netlink_deliver_tap+0x1ae/0xcf0 [ 146.113966][ T7064] genl_rcv+0x28/0x40 [ 146.115019][ T7064] netlink_unicast+0x53c/0x7f0 [ 146.116310][ T7064] ? __pfx_netlink_unicast+0x10/0x10 [ 146.117686][ T7064] ? __phys_addr_symbol+0x30/0x80 [ 146.119001][ T7064] ? __check_object_size+0x488/0x710 [ 146.120462][ T7064] netlink_sendmsg+0x8b8/0xd70 [ 146.121735][ T7064] ? __pfx_netlink_sendmsg+0x10/0x10 [ 146.123132][ T7064] ? lock_acquire+0x2f/0xb0 [ 146.124420][ T7064] ____sys_sendmsg+0x9ae/0xb40 [ 146.125650][ T7064] ? __pfx_____sys_sendmsg+0x10/0x10 [ 146.127419][ T7064] ? get_compat_msghdr+0x11b/0x170 [ 146.129229][ T7064] ? __pfx___lock_acquire+0x10/0x10 [ 146.131197][ T7064] ___sys_sendmsg+0x135/0x1e0 [ 146.133011][ T7064] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.134621][ T7064] ? lock_acquire+0x2f/0xb0 [ 146.135805][ T7064] ? __fget_files+0x40/0x3f0 [ 146.137439][ T7064] ? fdget+0x176/0x210 [ 146.138952][ T7064] __sys_sendmsg+0x117/0x1f0 [ 146.140613][ T7064] ? __pfx___sys_sendmsg+0x10/0x10 [ 146.141990][ T7064] ? __fget_files+0x244/0x3f0 [ 146.143269][ T7064] __do_fast_syscall_32+0x73/0x120 [ 146.144883][ T7064] do_fast_syscall_32+0x32/0x80 [ 146.146410][ T7064] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 146.148395][ T7064] RIP: 0023:0xf741e579 [ 146.149468][ T7064] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 146.154351][ T7064] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 146.156688][ T7064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 146.158801][ T7064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 146.160835][ T7064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 146.162808][ T7064] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 146.164840][ T7064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 146.166875][ T7064] [ 146.167772][ C0] vkms_vblank_simulate: vblank timer overrun [ 146.173882][ T7064] tipc: Disabling bearer [ 146.390464][ T5384] libceph: connect (1)[c::]:6789 error -101 [ 146.392586][ T5384] libceph: mon0 (1)[c::]:6789 connect error [ 146.424428][ T7055] ceph: No mds server is up or the cluster is laggy [ 146.634216][ T7088] binder: 7087:7088 ioctl c0306201 20000480 returned -22 [ 147.043725][ T7099] netlink: 68 bytes leftover after parsing attributes in process `syz.3.501'. [ 147.046291][ T7099] netlink: 68 bytes leftover after parsing attributes in process `syz.3.501'. [ 147.121745][ T7100] netlink: 'syz.3.501': attribute type 1 has an invalid length. [ 147.124442][ T7100] netlink: 512 bytes leftover after parsing attributes in process `syz.3.501'. [ 147.196344][ T7110] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 147.198654][ T7110] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 147.202239][ T7110] vhci_hcd vhci_hcd.0: Device attached [ 147.305119][ T7111] vhci_hcd: connection closed [ 147.313925][ T69] vhci_hcd: stop threads [ 147.316392][ T69] vhci_hcd: release socket [ 147.317579][ T69] vhci_hcd: disconnect device [ 147.779938][ T7125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.508'. [ 147.970589][ T7131] openvswitch: netlink: Key 0 has unexpected len 4 expected 0 [ 147.981026][ T5355] Bluetooth: hci1: unexpected event for opcode 0x1003 [ 149.025449][ T7159] netlink: 12 bytes leftover after parsing attributes in process `syz.1.521'. [ 150.071078][ T7175] netlink: 8 bytes leftover after parsing attributes in process `syz.2.525'. [ 150.073647][ T7175] netlink: 8 bytes leftover after parsing attributes in process `syz.2.525'. [ 150.150799][ T7184] tipc: Started in network mode [ 150.152152][ T7184] tipc: Node identity ac1414aa, cluster identity 4711 [ 150.159844][ T7184] tipc: Enabled bearer , priority 10 [ 150.214567][ T7191] netlink: 8 bytes leftover after parsing attributes in process `syz.3.530'. [ 150.494318][ T7204] FAULT_INJECTION: forcing a failure. [ 150.494318][ T7204] name failslab, interval 1, probability 0, space 0, times 0 [ 150.500454][ T7204] CPU: 1 UID: 0 PID: 7204 Comm: syz.1.540 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 150.504329][ T7204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 150.505218][ T65] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 150.508214][ T7204] Call Trace: [ 150.508225][ T7204] [ 150.508234][ T7204] dump_stack_lvl+0x16c/0x1f0 [ 150.511667][ T65] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 150.512511][ T7204] should_fail_ex+0x497/0x5b0 [ 150.514333][ T65] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 150.516284][ T7204] ? fs_reclaim_acquire+0xae/0x160 [ 150.518143][ T65] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 150.519969][ T7204] should_failslab+0xc2/0x120 [ 150.519999][ T7204] kmem_cache_alloc_node_noprof+0x71/0x310 [ 150.520024][ T7204] ? __alloc_skb+0x2b3/0x380 [ 150.529001][ T65] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 150.529242][ T7204] __alloc_skb+0x2b3/0x380 [ 150.532072][ T65] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 150.532711][ T7204] ? __pfx___alloc_skb+0x10/0x10 [ 150.536419][ T7204] ? kasan_quarantine_put+0x10a/0x240 [ 150.538403][ T7204] ? warn_bogus_irq_restore+0x30/0x30 [ 150.540408][ T7204] mpls_netconf_notify_devconf+0x4a/0x110 [ 150.542515][ T7204] mpls_dev_notify+0x727/0xa20 [ 150.544309][ T7204] notifier_call_chain+0xb9/0x410 [ 150.546168][ T7204] ? __pfx_mpls_dev_notify+0x10/0x10 [ 150.548073][ T7204] call_netdevice_notifiers_info+0xbe/0x140 [ 150.550185][ T7204] unregister_netdevice_many_notify+0x8d5/0x1e50 [ 150.552466][ T7204] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 150.554868][ T7204] ? __pfx___lock_acquire+0x10/0x10 [ 150.556744][ T7204] ? __might_fault+0x13b/0x190 [ 150.558525][ T7204] ? __pfx_lock_release+0x10/0x10 [ 150.560395][ T7204] ? aa_get_newest_label+0x376/0x680 [ 150.562353][ T7204] ? find_held_lock+0x2d/0x110 [ 150.564140][ T7204] ? __pfx_aa_get_newest_label+0x10/0x10 [ 150.566207][ T7204] unregister_netdevice_queue+0x307/0x3f0 [ 150.568318][ T7204] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 150.570640][ T7204] ? bpf_lsm_capable+0x9/0x10 [ 150.572388][ T7204] ? security_capable+0x7e/0x260 [ 150.574226][ T7204] ip_tunnel_ctl+0x4fb/0xb90 [ 150.575966][ T7204] ipip_tunnel_ctl+0xfb/0x280 [ 150.577686][ T7204] ip_tunnel_siocdevprivate+0x109/0x1b0 [ 150.579678][ T7204] ? __pfx_ip_tunnel_siocdevprivate+0x10/0x10 [ 150.581858][ T7204] ? netdev_name_node_lookup+0xf0/0x140 [ 150.583844][ T7204] dev_ifsioc+0x529/0x10b0 [ 150.585455][ T7204] ? __pfx_dev_ifsioc+0x10/0x10 [ 150.587219][ T7204] ? dev_ioctl+0x1a1/0x10c0 [ 150.588903][ T7204] ? __pfx___mutex_lock+0x10/0x10 [ 150.590786][ T7204] ? __pfx_lock_release+0x10/0x10 [ 150.592659][ T7204] ? netdev_name_node_lookup_rcu+0xf0/0x140 [ 150.594849][ T7204] dev_ioctl+0x1b2/0x10c0 [ 150.596450][ T7204] sock_ioctl+0x5b9/0x6c0 [ 150.598063][ T7204] ? __pfx_sock_ioctl+0x10/0x10 [ 150.599870][ T7204] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 150.601702][ T7204] compat_sock_ioctl+0x619/0x7e0 [ 150.603553][ T7204] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 150.605573][ T7204] ? __fget_files+0x244/0x3f0 [ 150.607289][ T7204] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 150.609213][ T7204] __do_compat_sys_ioctl+0x259/0x2b0 [ 150.611112][ T7204] __do_fast_syscall_32+0x73/0x120 [ 150.612909][ T7204] do_fast_syscall_32+0x32/0x80 [ 150.614616][ T7204] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 150.616778][ T7204] RIP: 0023:0xf741e579 [ 150.618255][ T7204] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 150.625028][ T7204] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 150.627731][ T7204] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000000089f2 [ 150.629782][ T7204] RDX: 0000000020000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 150.631870][ T7204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 150.633945][ T7204] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 150.636213][ T7204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 150.638819][ T7204] [ 150.718506][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.789214][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.860026][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.868264][ T7206] chnl_net:caif_netlink_parms(): no params data found [ 150.971436][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.991089][ T7206] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.993124][ T7206] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.995736][ T7206] bridge_slave_0: entered allmulticast mode [ 150.998333][ T7206] bridge_slave_0: entered promiscuous mode [ 151.003195][ T7206] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.005183][ T7206] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.007312][ T7206] bridge_slave_1: entered allmulticast mode [ 151.010482][ T7206] bridge_slave_1: entered promiscuous mode [ 151.042797][ T7206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.046696][ T7206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.074073][ T7206] team0: Port device team_slave_0 added [ 151.090087][ T7206] team0: Port device team_slave_1 added [ 151.139802][ T7226] netlink: 8 bytes leftover after parsing attributes in process `syz.1.536'. [ 151.184211][ T7206] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.188430][ T7206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.197120][ T7206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.206088][ T11] bridge_slave_1: left allmulticast mode [ 151.208304][ T11] bridge_slave_1: left promiscuous mode [ 151.209728][ T5378] tipc: Node number set to 2886997162 [ 151.210566][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.218039][ T11] bridge_slave_0: left allmulticast mode [ 151.220529][ T11] bridge_slave_0: left promiscuous mode [ 151.222689][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.415162][ T7231] FAULT_INJECTION: forcing a failure. [ 151.415162][ T7231] name failslab, interval 1, probability 0, space 0, times 0 [ 151.420141][ T7231] CPU: 2 UID: 0 PID: 7231 Comm: syz.1.536 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 151.423829][ T7231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 151.427350][ T7231] Call Trace: [ 151.428429][ T7231] [ 151.429473][ T7231] dump_stack_lvl+0x16c/0x1f0 [ 151.431174][ T7231] should_fail_ex+0x497/0x5b0 [ 151.432826][ T7231] ? fs_reclaim_acquire+0xae/0x160 [ 151.434670][ T7231] should_failslab+0xc2/0x120 [ 151.436398][ T7231] __kmalloc_noprof+0xcb/0x410 [ 151.438150][ T7231] ? __pfx___mutex_trylock_common+0x10/0x10 [ 151.440321][ T7231] ? genl_rcv_msg+0x580/0x800 [ 151.442049][ T7231] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 151.444616][ T7231] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 151.446611][ T7231] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 151.448816][ T7231] ? __radix_tree_lookup+0x21f/0x2c0 [ 151.450770][ T7231] genl_rcv_msg+0x565/0x800 [ 151.452438][ T7231] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.454268][ T7231] ? __pfx_nbd_genl_disconnect+0x10/0x10 [ 151.456327][ T7231] ? __pfx___lock_acquire+0x10/0x10 [ 151.458228][ T7231] netlink_rcv_skb+0x165/0x410 [ 151.459985][ T7231] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.461819][ T7231] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 151.463761][ T7231] ? down_read+0xc9/0x330 [ 151.465347][ T7231] ? __pfx_down_read+0x10/0x10 [ 151.467092][ T7231] ? netlink_deliver_tap+0x1ae/0xcf0 [ 151.469001][ T7231] genl_rcv+0x28/0x40 [ 151.470482][ T7231] netlink_unicast+0x53c/0x7f0 [ 151.472234][ T7231] ? __pfx_netlink_unicast+0x10/0x10 [ 151.474150][ T7231] ? __phys_addr_symbol+0x30/0x80 [ 151.475985][ T7231] ? __check_object_size+0x488/0x710 [ 151.477901][ T7231] netlink_sendmsg+0x8b8/0xd70 [ 151.479653][ T7231] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.481569][ T7231] ? lock_acquire+0x2f/0xb0 [ 151.483345][ T7231] ____sys_sendmsg+0x9ae/0xb40 [ 151.485095][ T7231] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.487010][ T7231] ? get_compat_msghdr+0x11b/0x170 [ 151.488855][ T7231] ? __pfx___lock_acquire+0x10/0x10 [ 151.490768][ T7231] ___sys_sendmsg+0x135/0x1e0 [ 151.492508][ T7231] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.494436][ T7231] ? lock_acquire+0x2f/0xb0 [ 151.496112][ T7231] ? __fget_files+0x40/0x3f0 [ 151.497835][ T7231] ? fdget+0x176/0x210 [ 151.499364][ T7231] __sys_sendmsg+0x117/0x1f0 [ 151.501077][ T7231] ? __pfx___sys_sendmsg+0x10/0x10 [ 151.502957][ T7231] ? __fget_files+0x244/0x3f0 [ 151.504684][ T7231] __do_fast_syscall_32+0x73/0x120 [ 151.506562][ T7231] do_fast_syscall_32+0x32/0x80 [ 151.508342][ T7231] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 151.510646][ T7231] RIP: 0023:0xf741e579 [ 151.512089][ T7231] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 151.518876][ T7231] RSP: 002b:00000000f56c456c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 151.521826][ T7231] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000200001c0 [ 151.524106][ T7231] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 151.526147][ T7231] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 151.528203][ T7231] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 151.530259][ T7231] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 151.532321][ T7231] [ 151.616063][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 151.620470][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 151.625405][ T11] bond0 (unregistering): Released all slaves [ 151.631621][ T7206] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.633420][ T7206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.640875][ T7206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.646385][ T7228] netlink: 20 bytes leftover after parsing attributes in process `syz.2.535'. [ 151.690889][ T7206] hsr_slave_0: entered promiscuous mode [ 151.693916][ T7206] hsr_slave_1: entered promiscuous mode [ 151.970455][ T65] block nbd1: Receive control failed (result -32) [ 151.971151][ T7229] block nbd1: shutting down sockets [ 151.998915][ T65] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 152.001051][ T65] Bluetooth: hci1: Injecting HCI hardware error event [ 152.003887][ T5355] Bluetooth: hci1: hardware error 0x00 [ 152.027045][ T11] hsr_slave_0: left promiscuous mode [ 152.034573][ T11] hsr_slave_1: left promiscuous mode [ 152.036708][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.038610][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.043103][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.044973][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.070741][ T11] veth1_macvtap: left promiscuous mode [ 152.072270][ T11] veth0_macvtap: left promiscuous mode [ 152.073789][ T11] veth1_vlan: left promiscuous mode [ 152.075195][ T11] veth0_vlan: left promiscuous mode [ 152.348942][ T5378] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 152.518751][ T5378] usb 7-1: Using ep0 maxpacket: 16 [ 152.524788][ T5378] usb 7-1: config 6 has an invalid interface number: 118 but max is 1 [ 152.526877][ T5378] usb 7-1: config 6 has an invalid interface descriptor of length 2, skipping [ 152.530120][ T5378] usb 7-1: config 6 contains an unexpected descriptor of type 0x1, skipping [ 152.532668][ T5378] usb 7-1: config 6 has an invalid interface number: 57 but max is 1 [ 152.535212][ T5378] usb 7-1: config 6 has an invalid interface number: 12 but max is 1 [ 152.537973][ T5378] usb 7-1: config 6 contains an unexpected descriptor of type 0x2, skipping [ 152.541696][ T5378] usb 7-1: config 6 contains an unexpected descriptor of type 0x1, skipping [ 152.544856][ T5378] usb 7-1: config 6 has an invalid descriptor of length 32, skipping remainder of the config [ 152.547775][ T5378] usb 7-1: config 6 has 3 interfaces, different from the descriptor's value: 2 [ 152.550389][ T5378] usb 7-1: config 6 has no interface number 0 [ 152.551974][ T5378] usb 7-1: config 6 has no interface number 1 [ 152.553991][ T5378] usb 7-1: config 6 has no interface number 2 [ 152.556169][ T5378] usb 7-1: config 6 interface 118 altsetting 2 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 152.560666][ T5378] usb 7-1: config 6 interface 118 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 10 [ 152.565362][ T5378] usb 7-1: too many endpoints for config 6 interface 57 altsetting 180: 161, using maximum allowed: 30 [ 152.569577][ T5378] usb 7-1: config 6 interface 57 altsetting 180 has 0 endpoint descriptors, different from the interface descriptor's value: 161 [ 152.570947][ T65] Bluetooth: hci2: command tx timeout [ 152.573803][ T5378] usb 7-1: config 6 interface 12 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 13 [ 152.583765][ T5378] usb 7-1: config 6 interface 118 has no altsetting 0 [ 152.585571][ T5378] usb 7-1: config 6 interface 57 has no altsetting 0 [ 152.587171][ T5378] usb 7-1: config 6 interface 12 has no altsetting 0 [ 152.603743][ T65] Bluetooth: hci1: unexpected event for opcode 0xff00 [ 152.610533][ T5378] usb 7-1: New USB device found, idVendor=0bfd, idProduct=0109, bcdDevice=ab.6b [ 152.612849][ T5378] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.614918][ T5378] usb 7-1: Product: 記⓶鶌サဈ㛮疇큓묧䝌턅ᣱ釷ﶗ鄃判ꛘ锒 [ 152.617309][ T5378] usb 7-1: Manufacturer: ခ [ 152.618453][ T5378] usb 7-1: SerialNumber: syz [ 152.751728][ T11] team0 (unregistering): Port device team_slave_1 removed [ 152.832970][ T11] team0 (unregistering): Port device team_slave_0 removed [ 152.850660][ T5378] kvaser_usb 7-1:6.118: error -ENODEV: Cannot get usb endpoint(s) [ 152.859689][ T5378] kvaser_usb 7-1:6.57: error -ENODEV: Cannot get usb endpoint(s) [ 152.864184][ T5378] kvaser_usb 7-1:6.12: error -ENODEV: Cannot get usb endpoint(s) [ 152.877561][ T5378] usb 7-1: USB disconnect, device number 5 [ 152.940902][ T7244] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 152.942939][ T7245] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 153.572326][ T7206] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 153.581082][ T7206] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 153.596101][ T7206] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 153.600962][ T7206] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 153.627319][ T39] audit: type=1326 audit(1728366125.608:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7277 comm="syz.2.549" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 153.631125][ T7278] befs: Unrecognized mount option "] [ 154.556194][ T7325] dump_stack_lvl+0x16c/0x1f0 [ 154.557434][ T7325] should_fail_ex+0x497/0x5b0 [ 154.558692][ T7325] should_failslab+0xc2/0x120 [ 154.559995][ T7325] __kmalloc_cache_noprof+0x6b/0x310 [ 154.561392][ T7325] ? __sctp_v6_cmp_addr+0x206/0x530 [ 154.562729][ T7325] ? sctp_add_bind_addr+0x9d/0x3e0 [ 154.564031][ T7325] sctp_add_bind_addr+0x9d/0x3e0 [ 154.565261][ T7325] sctp_copy_local_addr_list+0x39e/0x5a0 [ 154.566702][ T7325] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 154.568222][ T7325] ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360 [ 154.569645][ T7325] ? sctp_bind_addr_copy+0xe0/0x530 [ 154.570950][ T7325] sctp_bind_addr_copy+0xe0/0x530 [ 154.572235][ T7325] sctp_connect_new_asoc+0x1d8/0x790 [ 154.573555][ T7325] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 154.574981][ T7325] ? lock_acquire+0x2f/0xb0 [ 154.576112][ T7325] ? sctp_endpoint_lookup_assoc+0xac/0x2a0 [ 154.577541][ T7325] __sctp_connect+0x3f5/0xc60 [ 154.578709][ T7325] ? __pfx___sctp_connect+0x10/0x10 [ 154.579988][ T7325] ? __might_fault+0xe3/0x190 [ 154.581170][ T7325] ? __might_fault+0xe3/0x190 [ 154.582338][ T7325] __sctp_setsockopt_connectx+0xfc/0x170 [ 154.583801][ T7325] sctp_getsockopt+0x2e9f/0x7ae0 [ 154.585066][ T7325] ? aa_label_sk_perm+0x19d/0x5a0 [ 154.586330][ T7325] ? __lock_acquire+0xbdd/0x3ce0 [ 154.587592][ T7325] ? __pfx_sctp_getsockopt+0x10/0x10 [ 154.589010][ T7325] ? __pfx___lock_acquire+0x10/0x10 [ 154.590416][ T7325] ? hlock_class+0x4e/0x130 [ 154.591678][ T7325] ? __pfx___might_resched+0x10/0x10 [ 154.593174][ T7325] ? __pfx___lock_acquire+0x10/0x10 [ 154.594534][ T7325] ? aa_sk_perm+0x2f5/0xb20 [ 154.595928][ T7325] ? __pfx_aa_sk_perm+0x10/0x10 [ 154.597163][ T7325] ? find_held_lock+0x2d/0x110 [ 154.598378][ T7325] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 154.599882][ T7325] ? do_sock_getsockopt+0x3fe/0x870 [ 154.601189][ T7325] do_sock_getsockopt+0x3fe/0x870 [ 154.602438][ T7325] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 154.603862][ T7325] ? __fget_files+0x244/0x3f0 [ 154.605059][ T7325] __sys_getsockopt+0x1a1/0x270 [ 154.606275][ T7325] ? __pfx___sys_getsockopt+0x10/0x10 [ 154.607653][ T7325] ? fput+0x30/0x390 [ 154.608664][ T7325] ? ksys_write+0x1ad/0x260 [ 154.609847][ T7325] ? __pfx_ksys_write+0x10/0x10 [ 154.611298][ T7325] __ia32_sys_getsockopt+0xbc/0x160 [ 154.612630][ T7325] ? lockdep_hardirqs_on+0x7c/0x110 [ 154.613903][ T7325] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 154.615553][ T7325] __do_fast_syscall_32+0x73/0x120 [ 154.616824][ T7325] do_fast_syscall_32+0x32/0x80 [ 154.618036][ T7325] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 154.619583][ T7325] RIP: 0023:0xf7f4f579 [ 154.620631][ T7325] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 154.625408][ T7325] RSP: 002b:00000000f56b556c EFLAGS: 00000296 ORIG_RAX: 000000000000016d [ 154.627564][ T7325] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000084 [ 154.629620][ T7325] RDX: 000000000000006f RSI: 00000000200000c0 RDI: 0000000020000100 [ 154.631665][ T7325] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 154.633638][ T7325] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 154.635606][ T7325] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 154.637553][ T7325] [ 154.639141][ T5355] Bluetooth: hci2: command tx timeout [ 154.761378][ T5355] Bluetooth: hci4: unexpected event for opcode 0x2031 [ 154.783959][ T7331] bridge_slave_0: left allmulticast mode [ 154.790137][ T7331] bridge_slave_0: left promiscuous mode [ 154.794229][ T7331] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.828618][ T7331] bridge_slave_1: left allmulticast mode [ 154.836076][ T7331] bridge_slave_1: left promiscuous mode [ 154.837551][ T7331] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.845271][ T7331] bond0: (slave bond_slave_0): Releasing backup interface [ 154.865451][ T7331] bond0: (slave bond_slave_1): Releasing backup interface [ 154.889924][ T7331] team0: Port device team_slave_0 removed [ 154.904171][ T7331] team0: Port device team_slave_1 removed [ 154.906195][ T7331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.908440][ T7331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.916839][ T7331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.920004][ T7331] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.939350][ T7333] bond0: entered promiscuous mode [ 154.941056][ T7333] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 154.944578][ T7333] bond0: left promiscuous mode [ 154.967672][ T7332] bond0: entered promiscuous mode [ 154.969815][ T7332] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 155.002727][ T7332] bond0: left promiscuous mode [ 155.419581][ T7346] netlink: 36 bytes leftover after parsing attributes in process `syz.1.570'. [ 156.047805][ T7377] FAULT_INJECTION: forcing a failure. [ 156.047805][ T7377] name failslab, interval 1, probability 0, space 0, times 0 [ 156.052433][ T7377] CPU: 1 UID: 0 PID: 7377 Comm: syz.2.579 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 156.055855][ T7377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 156.058836][ T7377] Call Trace: [ 156.059719][ T7377] [ 156.060508][ T7377] dump_stack_lvl+0x16c/0x1f0 [ 156.061774][ T7377] should_fail_ex+0x497/0x5b0 [ 156.063029][ T7377] ? fs_reclaim_acquire+0xae/0x160 [ 156.064452][ T7377] should_failslab+0xc2/0x120 [ 156.065729][ T7377] __kmalloc_cache_noprof+0x6b/0x310 [ 156.067339][ T7377] ? nf_flow_offload_xdp_setup+0x99/0x9f0 [ 156.068867][ T7377] nf_flow_offload_xdp_setup+0x99/0x9f0 [ 156.070694][ T7377] nf_flow_table_offload_setup+0x3ce/0x740 [ 156.072614][ T7377] ? __pfx_nf_flow_table_offload_setup+0x10/0x10 [ 156.074759][ T7377] ? static_key_slow_inc+0x21/0x30 [ 156.076587][ T7377] ? __pfx_lock_release+0x10/0x10 [ 156.077985][ T7377] ? cpus_read_unlock+0x83/0x150 [ 156.079354][ T7377] ? static_key_slow_inc+0x21/0x30 [ 156.080858][ T7377] ? __nf_register_net_hook+0x371/0x730 [ 156.082302][ T7377] nft_register_flowtable_net_hooks+0x53d/0x7e0 [ 156.083968][ T7377] nf_tables_newflowtable+0xecb/0x2270 [ 156.085403][ T7377] ? __pfx_nf_tables_newflowtable+0x10/0x10 [ 156.086872][ T7377] ? net_generic+0xea/0x2a0 [ 156.088073][ T7377] ? __pfx_lock_release+0x10/0x10 [ 156.089370][ T7377] ? trace_lock_acquire+0x14a/0x1d0 [ 156.090869][ T7377] ? __nla_parse+0x40/0x60 [ 156.092344][ T7377] nfnetlink_rcv_batch+0x1a28/0x24e0 [ 156.094087][ T7377] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 156.096033][ T7377] ? __pfx_lock_release+0x10/0x10 [ 156.097669][ T7377] ? __local_bh_enable_ip+0xa4/0x120 [ 156.099378][ T7377] ? lockdep_hardirqs_on+0x7c/0x110 [ 156.101176][ T7377] ? __pfx___dev_queue_xmit+0x10/0x10 [ 156.102989][ T7377] ? __nla_parse+0x40/0x60 [ 156.104507][ T7377] nfnetlink_rcv+0x3c3/0x430 [ 156.105959][ T7377] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 156.107565][ T7377] netlink_unicast+0x53c/0x7f0 [ 156.109220][ T7377] ? __pfx_netlink_unicast+0x10/0x10 [ 156.110932][ T7377] ? __phys_addr_symbol+0x30/0x80 [ 156.112415][ T7377] ? __check_object_size+0x488/0x710 [ 156.114090][ T7377] netlink_sendmsg+0x8b8/0xd70 [ 156.115768][ T7377] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.117496][ T7377] ? lock_acquire+0x2f/0xb0 [ 156.118893][ T7377] ____sys_sendmsg+0x9ae/0xb40 [ 156.120520][ T7377] ? __pfx_____sys_sendmsg+0x10/0x10 [ 156.122435][ T7377] ? get_compat_msghdr+0x11b/0x170 [ 156.124294][ T7377] ? __pfx___lock_acquire+0x10/0x10 [ 156.126092][ T7377] ___sys_sendmsg+0x135/0x1e0 [ 156.127609][ T7377] ? __pfx____sys_sendmsg+0x10/0x10 [ 156.129004][ T7377] ? lock_acquire+0x2f/0xb0 [ 156.130165][ T7377] ? __fget_files+0x40/0x3f0 [ 156.131327][ T7377] ? fdget+0x176/0x210 [ 156.132398][ T7377] __sys_sendmsg+0x117/0x1f0 [ 156.133694][ T7377] ? __pfx___sys_sendmsg+0x10/0x10 [ 156.135543][ T7377] ? __fget_files+0x244/0x3f0 [ 156.137159][ T7377] __do_fast_syscall_32+0x73/0x120 [ 156.138783][ T7377] do_fast_syscall_32+0x32/0x80 [ 156.140172][ T7377] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 156.142395][ T7377] RIP: 0023:0xf7fe2579 [ 156.143845][ T7377] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 156.150409][ T7377] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 156.153171][ T7377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200 [ 156.155792][ T7377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 156.158351][ T7377] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 156.160947][ T7377] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 156.163666][ T7377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 156.165999][ T7377] [ 156.166911][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.717032][ T7399] input: syz0 as /devices/virtual/input/input12 [ 156.730871][ T5355] Bluetooth: hci2: command tx timeout [ 157.702670][ T7420] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.596'. [ 157.705718][ T7420] openvswitch: netlink: IP tunnel dst address not specified [ 157.727014][ T7423] FAULT_INJECTION: forcing a failure. [ 157.727014][ T7423] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 157.733225][ T7423] CPU: 0 UID: 0 PID: 7423 Comm: syz.0.598 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 157.736187][ T7423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 157.739184][ T7423] Call Trace: [ 157.740080][ T7423] [ 157.741288][ T7423] dump_stack_lvl+0x16c/0x1f0 [ 157.742946][ T7423] should_fail_ex+0x497/0x5b0 [ 157.744539][ T7423] _copy_to_user+0x30/0xc0 [ 157.746056][ T7423] simple_read_from_buffer+0xd0/0x160 [ 157.747874][ T7423] proc_fail_nth_read+0x198/0x270 [ 157.749219][ T7423] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 157.750701][ T7423] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 157.752167][ T7423] vfs_read+0x1ce/0xbd0 [ 157.753285][ T7423] ? __fget_files+0x23a/0x3f0 [ 157.754548][ T7423] ? fdget_pos+0x24c/0x360 [ 157.755744][ T7423] ? __pfx_lock_release+0x10/0x10 [ 157.757117][ T7423] ? trace_lock_acquire+0x14a/0x1d0 [ 157.758551][ T7423] ? __pfx_vfs_read+0x10/0x10 [ 157.759837][ T7423] ? __pfx___mutex_lock+0x10/0x10 [ 157.761203][ T7423] ? __fget_files+0x244/0x3f0 [ 157.762465][ T7423] ksys_read+0x12f/0x260 [ 157.763601][ T7423] ? __pfx_ksys_read+0x10/0x10 [ 157.764860][ T7423] __do_fast_syscall_32+0x73/0x120 [ 157.766210][ T7423] do_fast_syscall_32+0x32/0x80 [ 157.767505][ T7423] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 157.769156][ T7423] RIP: 0023:0xf7f4f579 [ 157.770250][ T7423] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 157.775260][ T7423] RSP: 002b:00000000f56d65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 157.777431][ T7423] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56d6620 [ 157.779503][ T7423] RDX: 000000000000000f RSI: 00000000f73dbff4 RDI: 0000000000000000 [ 157.781608][ T7423] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 157.783695][ T7423] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 157.785766][ T7423] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 157.787830][ T7423] [ 157.888774][ T7431] syz.3.600 (7431): /proc/7429/oom_adj is deprecated, please use /proc/7429/oom_score_adj instead. [ 158.007912][ T7435] hub 2-0:1.0: USB hub found [ 158.016100][ T7435] hub 2-0:1.0: 2 ports detected [ 158.790143][ T7441] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 158.792791][ T7441] overlayfs: failed to set xattr on upper [ 158.794265][ T7441] overlayfs: ...falling back to redirect_dir=nofollow. [ 158.796029][ T7441] overlayfs: ...falling back to index=off. [ 158.797533][ T7441] overlayfs: ...falling back to uuid=null. [ 158.808958][ T5355] Bluetooth: hci2: command tx timeout [ 158.810752][ T5355] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 158.813146][ T5355] Bluetooth: hci4: Injecting HCI hardware error event [ 158.815663][ T5355] Bluetooth: hci4: hardware error 0x00 [ 160.888950][ T5355] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 161.310322][ T7500] input: syz0 as /devices/virtual/input/input13 [ 161.614224][ T7509] FAULT_INJECTION: forcing a failure. [ 161.614224][ T7509] name failslab, interval 1, probability 0, space 0, times 0 [ 161.628785][ T7509] CPU: 0 UID: 0 PID: 7509 Comm: syz.3.622 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 161.632756][ T7509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 161.636738][ T7509] Call Trace: [ 161.638007][ T7509] [ 161.639149][ T7509] dump_stack_lvl+0x16c/0x1f0 [ 161.640930][ T7509] should_fail_ex+0x497/0x5b0 [ 161.642708][ T7509] ? fs_reclaim_acquire+0xae/0x160 [ 161.644629][ T7509] should_failslab+0xc2/0x120 [ 161.646400][ T7509] __kmalloc_node_noprof+0xd1/0x440 [ 161.648344][ T7509] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 161.650413][ T7509] __kvmalloc_node_noprof+0xad/0x1a0 [ 161.652398][ T7509] alloc_fdtable+0xef/0x290 [ 161.654143][ T7509] dup_fd+0x8b9/0xcd0 [ 161.655702][ T7509] ? apparmor_task_alloc+0x2c2/0x3b0 [ 161.657648][ T7509] copy_process+0x2218/0x6ee0 [ 161.659424][ T7509] ? get_pid_task+0xfc/0x250 [ 161.661163][ T7509] ? __pfx_copy_process+0x10/0x10 [ 161.663047][ T7509] ? find_held_lock+0x2d/0x110 [ 161.664842][ T7509] kernel_clone+0xfd/0x960 [ 161.666643][ T7509] ? __pfx_kernel_clone+0x10/0x10 [ 161.668545][ T7509] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 161.670885][ T7509] __do_compat_sys_ia32_clone+0xb7/0x100 [ 161.673183][ T7509] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 161.675784][ T7509] __do_fast_syscall_32+0x73/0x120 [ 161.677773][ T7509] do_fast_syscall_32+0x32/0x80 [ 161.679630][ T7509] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 161.681975][ T7509] RIP: 0023:0xf743e579 [ 161.683493][ T7509] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 161.690566][ T7509] RSP: 002b:00000000f572651c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 161.693640][ T7509] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 161.696560][ T7509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 161.699484][ T7509] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 161.702401][ T7509] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 161.705320][ T7509] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 161.708256][ T7509] [ 162.174514][ T7522] netlink: 'syz.0.628': attribute type 29 has an invalid length. [ 162.184443][ T7529] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 162.278584][ T7535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.632'. [ 162.284586][ T7535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.632'. [ 162.304956][ T7531] netlink: 36 bytes leftover after parsing attributes in process `syz.2.630'. [ 163.347376][ T7559] FAULT_INJECTION: forcing a failure. [ 163.347376][ T7559] name failslab, interval 1, probability 0, space 0, times 0 [ 163.353493][ T7559] CPU: 0 UID: 0 PID: 7559 Comm: syz.0.640 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 163.357170][ T7559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.360842][ T7559] Call Trace: [ 163.362017][ T7559] [ 163.363070][ T7559] dump_stack_lvl+0x16c/0x1f0 [ 163.364731][ T7559] should_fail_ex+0x497/0x5b0 [ 163.366386][ T7559] ? fs_reclaim_acquire+0xae/0x160 [ 163.368162][ T7559] should_failslab+0xc2/0x120 [ 163.369786][ T7559] __kmalloc_cache_noprof+0x6b/0x310 [ 163.371631][ T7559] ? macvlan_common_newlink+0x407/0x1a10 [ 163.373567][ T7559] macvlan_common_newlink+0x407/0x1a10 [ 163.375463][ T7559] ? alloc_netdev_mqs+0xfc0/0x12a0 [ 163.377257][ T7559] ? __pfx_macvlan_common_newlink+0x10/0x10 [ 163.379322][ T7559] ? rtnl_create_link+0xa2e/0xf10 [ 163.381046][ T7559] ? __pfx_macvlan_newlink+0x10/0x10 [ 163.382897][ T7559] __rtnl_newlink+0x119c/0x1920 [ 163.384590][ T7559] ? __pfx___rtnl_newlink+0x10/0x10 [ 163.386330][ T7559] rtnl_newlink+0x67/0xa0 [ 163.387814][ T7559] ? __pfx_rtnl_newlink+0x10/0x10 [ 163.389629][ T7559] rtnetlink_rcv_msg+0x3c7/0xea0 [ 163.391319][ T7559] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 163.393207][ T7559] ? __pfx___dev_queue_xmit+0x10/0x10 [ 163.395066][ T7559] netlink_rcv_skb+0x165/0x410 [ 163.396743][ T7559] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 163.398665][ T7559] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 163.400505][ T7559] ? netlink_deliver_tap+0x1ae/0xcf0 [ 163.402329][ T7559] netlink_unicast+0x53c/0x7f0 [ 163.403978][ T7559] ? __pfx_netlink_unicast+0x10/0x10 [ 163.405824][ T7559] ? __phys_addr_symbol+0x30/0x80 [ 163.407574][ T7559] ? __check_object_size+0x488/0x710 [ 163.409414][ T7559] netlink_sendmsg+0x8b8/0xd70 [ 163.411104][ T7559] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.412928][ T7559] ? lock_acquire+0x2f/0xb0 [ 163.414537][ T7559] ____sys_sendmsg+0x9ae/0xb40 [ 163.416195][ T7559] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.418003][ T7559] ? get_compat_msghdr+0x11b/0x170 [ 163.419749][ T7559] ? __pfx___lock_acquire+0x10/0x10 [ 163.421523][ T7559] ___sys_sendmsg+0x135/0x1e0 [ 163.423182][ T7559] ? __pfx____sys_sendmsg+0x10/0x10 [ 163.424987][ T7559] ? lock_acquire+0x2f/0xb0 [ 163.426597][ T7559] ? __fget_files+0x40/0x3f0 [ 163.428219][ T7559] ? fdget+0x176/0x210 [ 163.429658][ T7559] __sys_sendmsg+0x117/0x1f0 [ 163.431287][ T7559] ? __pfx___sys_sendmsg+0x10/0x10 [ 163.433031][ T7559] ? __fget_files+0x244/0x3f0 [ 163.434693][ T7559] __do_fast_syscall_32+0x73/0x120 [ 163.436430][ T7559] do_fast_syscall_32+0x32/0x80 [ 163.438127][ T7559] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 163.440315][ T7559] RIP: 0023:0xf7f4f579 [ 163.441708][ T7559] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 163.448380][ T7559] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 163.451210][ T7559] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0 [ 163.453910][ T7559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 163.456622][ T7559] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 163.459355][ T7559] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 163.462050][ T7559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 163.464800][ T7559] [ 163.511856][ T7566] mac80211_hwsim hwsim23 wlan1: entered promiscuous mode [ 163.515159][ T7566] macvlan2: entered promiscuous mode [ 163.516762][ T7566] macvlan2: entered allmulticast mode [ 163.524740][ T7566] mac80211_hwsim hwsim23 wlan1: entered allmulticast mode [ 163.532708][ T7566] mac80211_hwsim hwsim23 wlan1: left allmulticast mode [ 163.534951][ T7566] mac80211_hwsim hwsim23 wlan1: left promiscuous mode [ 163.748139][ T7569] netlink: 20 bytes leftover after parsing attributes in process `syz.0.643'. [ 164.633861][ T7585] FAULT_INJECTION: forcing a failure. [ 164.633861][ T7585] name failslab, interval 1, probability 0, space 0, times 0 [ 164.633951][ T7585] CPU: 3 UID: 0 PID: 7585 Comm: syz.1.648 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 164.633964][ T7585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.633971][ T7585] Call Trace: [ 164.633980][ T7585] [ 164.633984][ T7585] dump_stack_lvl+0x16c/0x1f0 [ 164.634015][ T7585] should_fail_ex+0x497/0x5b0 [ 164.634035][ T7585] ? fs_reclaim_acquire+0xae/0x160 [ 164.634050][ T7585] should_failslab+0xc2/0x120 [ 164.634066][ T7585] __kmalloc_node_track_caller_noprof+0xcf/0x440 [ 164.634082][ T7585] ? drm_atomic_get_connector_state+0x213/0x680 [ 164.634098][ T7585] krealloc_noprof+0x5d/0x130 [ 164.634111][ T7585] drm_atomic_get_connector_state+0x213/0x680 [ 164.634131][ T7585] drm_atomic_add_affected_connectors+0x2e7/0x400 [ 164.634147][ T7585] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 164.634160][ T7585] ? ww_mutex_lock+0x37/0x140 [ 164.634174][ T7585] ? modeset_lock+0x10e/0x6c0 [ 164.634187][ T7585] __drm_atomic_helper_set_config+0x5f1/0xe90 [ 164.634203][ T7585] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 164.634219][ T7585] ? drm_client_rotation+0x4d9/0x6a0 [ 164.634234][ T7585] drm_client_modeset_commit_atomic+0x557/0x800 [ 164.634251][ T7585] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 164.634263][ T7585] ? __mutex_lock+0x1a6/0x9c0 [ 164.634288][ T7585] drm_client_modeset_commit_locked+0x14d/0x580 [ 164.634332][ T7585] drm_client_modeset_commit+0x4f/0x80 [ 164.634346][ T7585] __drm_fb_helper_restore_fbdev_mode_unlocked+0x130/0x180 [ 164.634361][ T7585] drm_fb_helper_set_par+0xd8/0x120 [ 164.634373][ T7585] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 164.634384][ T7585] fb_set_var+0x7af/0x1130 [ 164.634397][ T7585] ? __pfx_fb_set_var+0x10/0x10 [ 164.634411][ T7585] ? __pfx___cant_migrate+0x10/0x10 [ 164.634423][ T7585] ? bpf_trace_run2+0x1c2/0x590 [ 164.634438][ T7585] ? bpf_trace_run2+0x2a6/0x590 [ 164.634451][ T7585] ? __pfx_bpf_trace_run2+0x10/0x10 [ 164.634476][ T7585] ? __mutex_trylock_common+0xea/0x250 [ 164.634494][ T7585] ? __pfx___mutex_trylock_common+0x10/0x10 [ 164.634509][ T7585] ? do_fb_ioctl+0x2cc/0x7d0 [ 164.634524][ T7585] ? rcu_is_watching+0x12/0xc0 [ 164.634536][ T7585] ? trace_contention_end+0xea/0x140 [ 164.634553][ T7585] ? __mutex_lock+0x1a6/0x9c0 [ 164.634573][ T7585] ? do_fb_ioctl+0x2c2/0x7d0 [ 164.634586][ T7585] ? is_console_locked+0x9/0x20 [ 164.634600][ T7585] ? fbcon_modechange_possible+0x334/0x440 [ 164.634619][ T7585] do_fb_ioctl+0x73f/0x7d0 [ 164.634632][ T7585] ? __pfx_do_fb_ioctl+0x10/0x10 [ 164.634645][ T7585] ? tomoyo_path_number_perm+0x292/0x5b0 [ 164.634669][ T7585] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 164.634699][ T7585] fb_compat_ioctl+0x55f/0x670 [ 164.634712][ T7585] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 164.634729][ T7585] ? __fget_files+0x244/0x3f0 [ 164.634743][ T7585] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 164.634757][ T7585] __do_compat_sys_ioctl+0x259/0x2b0 [ 164.634774][ T7585] __do_fast_syscall_32+0x73/0x120 [ 164.634789][ T7585] do_fast_syscall_32+0x32/0x80 [ 164.634803][ T7585] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 164.634818][ T7585] RIP: 0023:0xf741e579 [ 164.634827][ T7585] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 164.634837][ T7585] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 164.634853][ T7585] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 164.634860][ T7585] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 164.634867][ T7585] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 164.634874][ T7585] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 164.634880][ T7585] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 164.634894][ T7585] [ 164.860747][ T7589] FAULT_INJECTION: forcing a failure. [ 164.860747][ T7589] name failslab, interval 1, probability 0, space 0, times 0 [ 164.864232][ T7589] CPU: 1 UID: 0 PID: 7589 Comm: syz.1.650 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 164.867481][ T7589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.870493][ T7589] Call Trace: [ 164.871442][ T7589] [ 164.872276][ T7589] dump_stack_lvl+0x16c/0x1f0 [ 164.873608][ T7589] should_fail_ex+0x497/0x5b0 [ 164.874995][ T7589] should_failslab+0xc2/0x120 [ 164.876321][ T7589] __kmalloc_cache_noprof+0x6b/0x310 [ 164.877848][ T7589] ? __sctp_v6_cmp_addr+0x206/0x530 [ 164.879339][ T7589] ? sctp_add_bind_addr+0x9d/0x3e0 [ 164.880790][ T7589] sctp_add_bind_addr+0x9d/0x3e0 [ 164.882209][ T7589] sctp_copy_local_addr_list+0x39e/0x5a0 [ 164.883803][ T7589] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 164.885549][ T7589] ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360 [ 164.887350][ T7589] ? sctp_bind_addr_copy+0xe0/0x530 [ 164.888833][ T7589] sctp_bind_addr_copy+0xe0/0x530 [ 164.890282][ T7589] sctp_connect_new_asoc+0x1d8/0x790 [ 164.891805][ T7589] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 164.893427][ T7589] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 164.895093][ T7589] __sctp_connect+0x3f5/0xc60 [ 164.896420][ T7589] ? __pfx___sctp_connect+0x10/0x10 [ 164.897881][ T7589] __sctp_setsockopt_connectx+0xfc/0x170 [ 164.899458][ T7589] sctp_setsockopt+0x3ba8/0xb880 [ 164.900841][ T7589] ? __pfx_sctp_setsockopt+0x10/0x10 [ 164.902340][ T7589] ? sock_common_setsockopt+0x2e/0xf0 [ 164.903840][ T7589] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 164.905490][ T7589] do_sock_setsockopt+0x222/0x480 [ 164.906919][ T7589] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 164.908474][ T7589] ? fdget+0x176/0x210 [ 164.909630][ T7589] __sys_setsockopt+0x1a4/0x270 [ 164.911024][ T7589] ? __pfx___sys_setsockopt+0x10/0x10 [ 164.912531][ T7589] ? fput+0x30/0x390 [ 164.913629][ T7589] ? ksys_write+0x1ad/0x260 [ 164.914954][ T7589] ? __pfx_ksys_write+0x10/0x10 [ 164.916338][ T7589] __ia32_sys_setsockopt+0xbc/0x160 [ 164.917809][ T7589] ? lockdep_hardirqs_on+0x7c/0x110 [ 164.919291][ T7589] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 164.921130][ T7589] __do_fast_syscall_32+0x73/0x120 [ 164.922594][ T7589] do_fast_syscall_32+0x32/0x80 [ 164.923972][ T7589] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 164.925774][ T7589] RIP: 0023:0xf741e579 [ 164.926954][ T7589] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 164.932281][ T7589] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 164.934476][ T7589] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084 [ 164.936540][ T7589] RDX: 000000000000006e RSI: 0000000020000000 RDI: 0000000000000010 [ 164.938632][ T7589] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 164.940935][ T7589] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 164.943315][ T7589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 164.945540][ T7589] [ 165.016905][ T7592] syzkaller0: entered promiscuous mode [ 165.018510][ T7592] syzkaller0: entered allmulticast mode [ 165.388766][ T1838] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 165.818804][ T1838] usb 6-1: Using ep0 maxpacket: 8 [ 165.825944][ T1838] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 165.829446][ T1838] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 165.832929][ T1838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 165.836483][ T1838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 165.840868][ T1838] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 165.850465][ T1838] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 165.853785][ T1838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.962677][ T39] kauditd_printk_skb: 33 callbacks suppressed [ 165.962693][ T39] audit: type=1800 audit(1728366137.948:394): pid=7605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.654" name="bus" dev="9p" ino=35922795 res=0 errno=0 [ 165.979592][ T7604] netfs: Couldn't get user pages (rc=-14) [ 166.073803][ T1838] usb 6-1: usb_control_msg returned -32 [ 166.075932][ T1838] usbtmc 6-1:16.0: can't read capabilities [ 166.087768][ T1838] usb 6-1: USB disconnect, device number 7 [ 166.560712][ T7604] netlink: 188 bytes leftover after parsing attributes in process `syz.0.654'. [ 166.716924][ T7615] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 166.755649][ T7618] input input14: cannot allocate more than FF_MAX_EFFECTS effects [ 166.788213][ T7623] binder: BINDER_SET_CONTEXT_MGR already set [ 166.790126][ T7623] binder: 7622:7623 ioctl 4018620d 20000040 returned -16 [ 166.845681][ T7621] kvm: user requested TSC rate below hardware speed [ 166.866488][ T7627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.660'. [ 167.248041][ T7651] overlayfs: overlapping lowerdir path [ 167.863709][ T7656] netlink: 8 bytes leftover after parsing attributes in process `syz.2.669'. [ 168.103047][ T7651] syz.0.667 (7651) used greatest stack depth: 20992 bytes left [ 168.357433][ T7663] FAULT_INJECTION: forcing a failure. [ 168.357433][ T7663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.365307][ T7663] CPU: 2 UID: 0 PID: 7663 Comm: syz.3.671 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 168.368882][ T7663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 168.372667][ T7663] Call Trace: [ 168.373832][ T7663] [ 168.374862][ T7663] dump_stack_lvl+0x16c/0x1f0 [ 168.376483][ T7663] should_fail_ex+0x497/0x5b0 [ 168.378103][ T7663] _copy_from_user+0x30/0xf0 [ 168.379651][ T7663] get_compat_msghdr+0xa8/0x170 [ 168.380925][ T7663] ? __pfx_get_compat_msghdr+0x10/0x10 [ 168.382365][ T7663] ? __pfx___lock_acquire+0x10/0x10 [ 168.383715][ T7663] ___sys_sendmsg+0x1b0/0x1e0 [ 168.384966][ T7663] ? __pfx____sys_sendmsg+0x10/0x10 [ 168.386379][ T7663] ? lock_acquire+0x2f/0xb0 [ 168.387561][ T7663] ? __fget_files+0x40/0x3f0 [ 168.388771][ T7663] ? fdget+0x176/0x210 [ 168.389844][ T7663] __sys_sendmsg+0x117/0x1f0 [ 168.391078][ T7663] ? __pfx___sys_sendmsg+0x10/0x10 [ 168.392429][ T7663] ? __fget_files+0x244/0x3f0 [ 168.393667][ T7663] __do_fast_syscall_32+0x73/0x120 [ 168.395045][ T7663] do_fast_syscall_32+0x32/0x80 [ 168.396810][ T7663] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 168.398857][ T7663] RIP: 0023:0xf743e579 [ 168.399928][ T7663] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 168.404842][ T7663] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 168.407142][ T7663] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000340 [ 168.409228][ T7663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 168.411361][ T7663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 168.413479][ T7663] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 168.415847][ T7663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 168.418693][ T7663] [ 168.419545][ C2] vkms_vblank_simulate: vblank timer overrun [ 168.521302][ T7666] sctp: [Deprecated]: syz.3.672 (pid 7666) Use of struct sctp_assoc_value in delayed_ack socket option. [ 168.521302][ T7666] Use struct sctp_sack_info instead [ 168.836947][ T7675] syz_tun: entered promiscuous mode [ 168.840555][ T7675] batadv_slave_1: entered promiscuous mode [ 168.983216][ T7682] netlink: 16 bytes leftover after parsing attributes in process `syz.1.678'. [ 168.988003][ T7682] netlink: 'syz.1.678': attribute type 10 has an invalid length. [ 168.990977][ T7682] netlink: 2 bytes leftover after parsing attributes in process `syz.1.678'. [ 168.994051][ T7682] team0: entered promiscuous mode [ 168.996016][ T7682] bridge0: port 1(team0) entered blocking state [ 168.997815][ T7682] bridge0: port 1(team0) entered disabled state [ 169.001337][ T7682] team0: entered allmulticast mode [ 169.009134][ T7686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.679'. [ 169.136609][ T7697] FAULT_INJECTION: forcing a failure. [ 169.136609][ T7697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.148720][ T7697] CPU: 3 UID: 0 PID: 7697 Comm: syz.0.683 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 169.151722][ T7697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.154613][ T7697] Call Trace: [ 169.155529][ T7697] [ 169.156334][ T7697] dump_stack_lvl+0x16c/0x1f0 [ 169.157653][ T7697] should_fail_ex+0x497/0x5b0 [ 169.158982][ T7697] _copy_to_user+0x30/0xc0 [ 169.160205][ T7697] simple_read_from_buffer+0xd0/0x160 [ 169.161664][ T7697] proc_fail_nth_read+0x198/0x270 [ 169.163049][ T7697] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 169.164548][ T7697] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 169.166058][ T7697] vfs_read+0x1ce/0xbd0 [ 169.167276][ T7697] ? __fget_files+0x23a/0x3f0 [ 169.168548][ T7697] ? fdget_pos+0x24c/0x360 [ 169.169708][ T7697] ? __pfx_lock_release+0x10/0x10 [ 169.171057][ T7697] ? trace_lock_acquire+0x14a/0x1d0 [ 169.172412][ T7697] ? __pfx_vfs_read+0x10/0x10 [ 169.173621][ T7697] ? __pfx___mutex_lock+0x10/0x10 [ 169.174949][ T7697] ? __fget_files+0x244/0x3f0 [ 169.176290][ T7697] ksys_read+0x12f/0x260 [ 169.177494][ T7697] ? __pfx_ksys_read+0x10/0x10 [ 169.178763][ T7697] __do_fast_syscall_32+0x73/0x120 [ 169.180157][ T7697] do_fast_syscall_32+0x32/0x80 [ 169.181424][ T7697] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 169.183121][ T7697] RIP: 0023:0xf7f4f579 [ 169.184211][ T7697] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 169.189295][ T7697] RSP: 002b:00000000f56b55a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 169.192259][ T7697] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f56b5620 [ 169.194987][ T7697] RDX: 000000000000000f RSI: 00000000f73dbff4 RDI: 0000000000000000 [ 169.197840][ T7697] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 169.199938][ T7697] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 169.202366][ T7697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 169.205255][ T7697] [ 170.559480][ T7716] FAULT_INJECTION: forcing a failure. [ 170.559480][ T7716] name failslab, interval 1, probability 0, space 0, times 0 [ 170.578776][ T7716] CPU: 3 UID: 0 PID: 7716 Comm: syz.0.688 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 170.581815][ T7716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 170.584861][ T7716] Call Trace: [ 170.585739][ T7716] [ 170.586564][ T7716] dump_stack_lvl+0x16c/0x1f0 [ 170.588001][ T7716] should_fail_ex+0x497/0x5b0 [ 170.589239][ T7716] should_failslab+0xc2/0x120 [ 170.590668][ T7716] __kmalloc_noprof+0xcb/0x410 [ 170.591931][ T7716] dev_prep_valid_name.constprop.0+0x170/0x630 [ 170.593537][ T7716] ? __pfx_dev_prep_valid_name.constprop.0+0x10/0x10 [ 170.595270][ T7716] ? lockdep_init_map_type+0x16d/0x7d0 [ 170.596703][ T7716] ? lockdep_init_map_type+0x16d/0x7d0 [ 170.598151][ T7716] register_netdevice+0x4b6/0x1e20 [ 170.599527][ T7716] ? rtnetlink_rcv_msg+0x3c7/0xea0 [ 170.600874][ T7716] ? netlink_rcv_skb+0x165/0x410 [ 170.602178][ T7716] ? netlink_unicast+0x53c/0x7f0 [ 170.603492][ T7716] ? netlink_sendmsg+0x8b8/0xd70 [ 170.604784][ T7716] ? __pfx_register_netdevice+0x10/0x10 [ 170.606227][ T7716] ? __do_fast_syscall_32+0x73/0x120 [ 170.607648][ T7716] ? __pfx_macsec_handle_frame+0x10/0x10 [ 170.609104][ T7716] macsec_newlink+0x4ba/0x1c10 [ 170.610389][ T7716] ? __pfx_macsec_newlink+0x10/0x10 [ 170.611851][ T7716] ? read_word_at_a_time+0xe/0x20 [ 170.613182][ T7716] ? sized_strscpy+0xae/0x290 [ 170.614428][ T7716] ? kasan_save_track+0x14/0x30 [ 170.615701][ T7716] ? alloc_netdev_mqs+0xf2a/0x12a0 [ 170.617060][ T7716] ? validate_linkmsg+0x6d2/0x9a0 [ 170.618389][ T7716] ? rtnl_create_link+0xa2e/0xf10 [ 170.619703][ T7716] ? __pfx_macsec_newlink+0x10/0x10 [ 170.621063][ T7716] __rtnl_newlink+0x119c/0x1920 [ 170.622366][ T7716] ? __pfx___rtnl_newlink+0x10/0x10 [ 170.623729][ T7716] rtnl_newlink+0x67/0xa0 [ 170.624864][ T7716] ? __pfx_rtnl_newlink+0x10/0x10 [ 170.626169][ T7716] rtnetlink_rcv_msg+0x3c7/0xea0 [ 170.627494][ T7716] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 170.628925][ T7716] ? __pfx___dev_queue_xmit+0x10/0x10 [ 170.630776][ T7716] netlink_rcv_skb+0x165/0x410 [ 170.632583][ T7716] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 170.634630][ T7716] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 170.636571][ T7716] ? netlink_deliver_tap+0x1ae/0xcf0 [ 170.638531][ T7716] netlink_unicast+0x53c/0x7f0 [ 170.640281][ T7716] ? __pfx_netlink_unicast+0x10/0x10 [ 170.641803][ T7716] ? __phys_addr_symbol+0x30/0x80 [ 170.643469][ T7716] ? __check_object_size+0x488/0x710 [ 170.645388][ T7716] netlink_sendmsg+0x8b8/0xd70 [ 170.647168][ T7716] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.649100][ T7716] ? lock_acquire+0x2f/0xb0 [ 170.650814][ T7716] ____sys_sendmsg+0x9ae/0xb40 [ 170.652593][ T7716] ? __pfx_____sys_sendmsg+0x10/0x10 [ 170.654441][ T7716] ? get_compat_msghdr+0x11b/0x170 [ 170.655772][ T7716] ? __pfx___lock_acquire+0x10/0x10 [ 170.657365][ T7716] ___sys_sendmsg+0x135/0x1e0 [ 170.659055][ T7716] ? __pfx____sys_sendmsg+0x10/0x10 [ 170.660765][ T7716] ? lock_acquire+0x2f/0xb0 [ 170.661956][ T7716] ? __fget_files+0x40/0x3f0 [ 170.663190][ T7716] ? fdget+0x176/0x210 [ 170.664580][ T7716] __sys_sendmmsg+0x2a5/0x450 [ 170.666460][ T7716] ? __pfx___sys_sendmmsg+0x10/0x10 [ 170.668345][ T7716] ? vfs_write+0x14d/0x1140 [ 170.670032][ T7716] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 170.672194][ T7716] ? fput+0x30/0x390 [ 170.673613][ T7716] ? ksys_write+0x1ad/0x260 [ 170.675287][ T7716] ? __pfx_ksys_write+0x10/0x10 [ 170.677059][ T7716] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 170.678837][ T7716] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 170.680823][ T7716] __do_fast_syscall_32+0x73/0x120 [ 170.682697][ T7716] do_fast_syscall_32+0x32/0x80 [ 170.684572][ T7716] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 170.686907][ T7716] RIP: 0023:0xf7f4f579 [ 170.688439][ T7716] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 170.695397][ T7716] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 170.698125][ T7716] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 170.700229][ T7716] RDX: 0000000092492627 RSI: 0000000000000000 RDI: 0000000000000000 [ 170.702330][ T7716] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 170.704791][ T7716] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 170.707668][ T7716] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 170.710596][ T7716] [ 170.914532][ T7735] wg1: entered promiscuous mode [ 171.209047][ T65] Bluetooth: hci2: command 0x0405 tx timeout [ 171.452634][ T7740] FAULT_INJECTION: forcing a failure. [ 171.452634][ T7740] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.457095][ T7740] CPU: 2 UID: 0 PID: 7740 Comm: syz.1.696 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 171.460664][ T7740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 171.464302][ T7740] Call Trace: [ 171.465460][ T7740] [ 171.466503][ T7740] dump_stack_lvl+0x16c/0x1f0 [ 171.468130][ T7740] should_fail_ex+0x497/0x5b0 [ 171.469770][ T7740] _copy_from_user+0x30/0xf0 [ 171.471409][ T7740] snd_pcm_oss_write2+0x1c6/0x3f0 [ 171.473149][ T7740] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 171.475064][ T7740] ? snd_pcm_kernel_ioctl+0x257/0x2d0 [ 171.476891][ T7740] ? snd_pcm_oss_prepare+0x11e/0x220 [ 171.478713][ T7740] snd_pcm_oss_write+0x727/0xa00 [ 171.480438][ T7740] ? rw_verify_area+0xd0/0x700 [ 171.482089][ T7740] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 171.483968][ T7740] vfs_write+0x28e/0x1140 [ 171.485465][ T7740] ? __fget_files+0x23a/0x3f0 [ 171.487090][ T7740] ? __pfx_lock_release+0x10/0x10 [ 171.488812][ T7740] ? trace_lock_acquire+0x14a/0x1d0 [ 171.490629][ T7740] ? __pfx_vfs_write+0x10/0x10 [ 171.492281][ T7740] ? lock_acquire+0x2f/0xb0 [ 171.493854][ T7740] ? __fget_files+0x40/0x3f0 [ 171.495454][ T7740] ? __fget_files+0x244/0x3f0 [ 171.497079][ T7740] ksys_write+0x12f/0x260 [ 171.498580][ T7740] ? __pfx_ksys_write+0x10/0x10 [ 171.500265][ T7740] __do_fast_syscall_32+0x73/0x120 [ 171.502037][ T7740] do_fast_syscall_32+0x32/0x80 [ 171.503726][ T7740] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 171.505899][ T7740] RIP: 0023:0xf741e579 [ 171.507324][ T7740] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 171.513823][ T7740] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 171.516644][ T7740] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000500 [ 171.519322][ T7740] RDX: 000000000000fdbc RSI: 0000000000000000 RDI: 0000000000000000 [ 171.522006][ T7740] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 171.524550][ T7740] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 171.526717][ T7740] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 171.528863][ T7740] [ 171.529828][ C2] vkms_vblank_simulate: vblank timer overrun [ 172.259786][ T39] audit: type=1326 audit(1728366144.248:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.272608][ T39] audit: type=1326 audit(1728366144.248:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.291432][ T39] audit: type=1326 audit(1728366144.248:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.299375][ T39] audit: type=1326 audit(1728366144.248:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.306509][ T39] audit: type=1326 audit(1728366144.248:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.334345][ T39] audit: type=1326 audit(1728366144.248:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.361283][ T7765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.704'. [ 172.367249][ T7765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.704'. [ 172.370266][ T39] audit: type=1326 audit(1728366144.248:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.380406][ T39] audit: type=1326 audit(1728366144.248:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.386286][ T7765] bond1: entered promiscuous mode [ 172.387780][ T7765] bond1: entered allmulticast mode [ 172.389881][ T7765] 8021q: adding VLAN 0 to HW filter on device bond1 [ 172.392405][ T39] audit: type=1326 audit(1728366144.258:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.399424][ T39] audit: type=1326 audit(1728366144.258:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7759 comm="syz.2.703" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2579 code=0x7ffc0000 [ 172.503556][ T7763] netlink: 'syz.2.705': attribute type 1 has an invalid length. [ 172.508426][ T7763] netlink: 9348 bytes leftover after parsing attributes in process `syz.2.705'. [ 172.522625][ T7775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.708'. [ 172.525133][ T7775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.708'. [ 172.528085][ T7775] FAULT_INJECTION: forcing a failure. [ 172.528085][ T7775] name failslab, interval 1, probability 0, space 0, times 0 [ 172.532031][ T7775] CPU: 1 UID: 0 PID: 7775 Comm: syz.1.708 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 172.534857][ T7775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 172.538061][ T7775] Call Trace: [ 172.538983][ T7775] [ 172.540008][ T7775] dump_stack_lvl+0x16c/0x1f0 [ 172.541315][ T7775] should_fail_ex+0x497/0x5b0 [ 172.542612][ T7775] ? netlink_sendmsg+0x8b8/0xd70 [ 172.543957][ T7775] ? ____sys_sendmsg+0x9ae/0xb40 [ 172.545291][ T7775] should_failslab+0xc2/0x120 [ 172.546702][ T7775] __kmalloc_noprof+0xcb/0x410 [ 172.548131][ T7775] dev_prep_valid_name.constprop.0+0x170/0x630 [ 172.549791][ T7775] ? __pfx_dev_prep_valid_name.constprop.0+0x10/0x10 [ 172.551596][ T7775] ? lockdep_init_map_type+0x16d/0x7d0 [ 172.553070][ T7775] ? lockdep_init_map_type+0x16d/0x7d0 [ 172.554563][ T7775] register_netdevice+0x4b6/0x1e20 [ 172.555943][ T7775] ? __pfx_register_netdevice+0x10/0x10 [ 172.557443][ T7775] ? validate_linkmsg+0x6d2/0x9a0 [ 172.558857][ T7775] ? __pfx_bond_newlink+0x10/0x10 [ 172.560217][ T7775] bond_newlink+0x48/0xa0 [ 172.561389][ T7775] __rtnl_newlink+0x119c/0x1920 [ 172.562731][ T7775] ? __pfx___rtnl_newlink+0x10/0x10 [ 172.564147][ T7775] rtnl_newlink+0x67/0xa0 [ 172.565321][ T7775] ? __pfx_rtnl_newlink+0x10/0x10 [ 172.566708][ T7775] rtnetlink_rcv_msg+0x3c7/0xea0 [ 172.568091][ T7775] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 172.569806][ T7775] ? __pfx___dev_queue_xmit+0x10/0x10 [ 172.571781][ T7775] netlink_rcv_skb+0x165/0x410 [ 172.573519][ T7775] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 172.575190][ T7775] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 172.576591][ T7775] ? netlink_deliver_tap+0x1ae/0xcf0 [ 172.577991][ T7775] netlink_unicast+0x53c/0x7f0 [ 172.579388][ T7775] ? __pfx_netlink_unicast+0x10/0x10 [ 172.580792][ T7775] ? __phys_addr_symbol+0x30/0x80 [ 172.582189][ T7775] ? __check_object_size+0x488/0x710 [ 172.583627][ T7775] netlink_sendmsg+0x8b8/0xd70 [ 172.584910][ T7775] ? __pfx_netlink_sendmsg+0x10/0x10 [ 172.586347][ T7775] ____sys_sendmsg+0x9ae/0xb40 [ 172.587630][ T7775] ? __pfx_____sys_sendmsg+0x10/0x10 [ 172.589056][ T7775] ? get_compat_msghdr+0x11b/0x170 [ 172.590573][ T7775] ? __pfx___lock_acquire+0x10/0x10 [ 172.592105][ T7775] ___sys_sendmsg+0x135/0x1e0 [ 172.593380][ T7775] ? __pfx____sys_sendmsg+0x10/0x10 [ 172.594799][ T7775] ? lock_acquire+0x2f/0xb0 [ 172.596025][ T7775] ? __fget_files+0x40/0x3f0 [ 172.597278][ T7775] ? fdget+0x176/0x210 [ 172.598400][ T7775] __sys_sendmsg+0x117/0x1f0 [ 172.599645][ T7775] ? __pfx___sys_sendmsg+0x10/0x10 [ 172.601021][ T7775] ? __fget_files+0x244/0x3f0 [ 172.602320][ T7775] __do_fast_syscall_32+0x73/0x120 [ 172.603699][ T7775] do_fast_syscall_32+0x32/0x80 [ 172.605014][ T7775] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 172.606736][ T7775] RIP: 0023:0xf741e579 [ 172.607838][ T7775] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 172.612998][ T7775] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 172.615241][ T7775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000280 [ 172.617346][ T7775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 172.619479][ T7775] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 172.621582][ T7775] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 172.623698][ T7775] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 172.625818][ T7775] [ 172.669857][ T7784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.711'. [ 172.824325][ T7786] netlink: 24 bytes leftover after parsing attributes in process `syz.0.712'. [ 172.941957][ T7806] FAULT_INJECTION: forcing a failure. [ 172.941957][ T7806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.946386][ T7806] CPU: 0 UID: 0 PID: 7806 Comm: syz.1.718 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 172.950035][ T7806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 172.953042][ T7806] Call Trace: [ 172.953928][ T7806] [ 172.954731][ T7806] dump_stack_lvl+0x16c/0x1f0 [ 172.955972][ T7806] should_fail_ex+0x497/0x5b0 [ 172.957208][ T7806] copy_fpstate_to_sigframe+0x84d/0xae0 [ 172.958676][ T7806] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 172.960266][ T7806] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 172.961753][ T7806] get_sigframe+0x4aa/0x9c0 [ 172.962964][ T7806] ? __pfx_get_sigframe+0x10/0x10 [ 172.964283][ T7806] ? _raw_spin_unlock_irq+0x29/0x50 [ 172.965651][ T7806] ? siginfo_layout+0x177/0x290 [ 172.967171][ T7806] ia32_setup_rt_frame+0xe4/0xb20 [ 172.968502][ T7806] ? lock_acquire+0x2f/0xb0 [ 172.969703][ T7806] ? mntput_no_expire+0x9b/0xaf0 [ 172.971029][ T7806] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 172.972478][ T7806] ? mntput_no_expire+0x158/0xaf0 [ 172.973796][ T7806] ? do_raw_spin_lock+0x12d/0x2c0 [ 172.975126][ T7806] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 172.976543][ T7806] arch_do_signal_or_restart+0x47b/0x7e0 [ 172.978009][ T7806] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 172.979655][ T7806] ? ksys_write+0x1ad/0x260 [ 172.980844][ T7806] ? __pfx_path_listxattr+0x10/0x10 [ 172.982214][ T7806] syscall_exit_to_user_mode+0x150/0x2a0 [ 172.983703][ T7806] __do_fast_syscall_32+0x80/0x120 [ 172.985150][ T7806] do_fast_syscall_32+0x32/0x80 [ 172.986857][ T7806] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 172.988623][ T7806] RIP: 0023:0xf741e579 [ 172.989713][ T7806] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 172.994729][ T7806] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 00000000000000e8 [ 172.996894][ T7806] RAX: 0000000000000000 RBX: 0000000020000380 RCX: 0000000000000000 [ 172.998951][ T7806] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 173.000984][ T7806] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 173.003051][ T7806] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 173.005095][ T7806] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.007160][ T7806] [ 173.396758][ T7840] FAULT_INJECTION: forcing a failure. [ 173.396758][ T7840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.402296][ T7840] CPU: 3 UID: 0 PID: 7840 Comm: syz.3.730 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 173.406092][ T7840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 173.408175][ T7833] overlayfs: statfs failed on './file0' [ 173.409987][ T7840] Call Trace: [ 173.409996][ T7840] [ 173.410004][ T7840] dump_stack_lvl+0x16c/0x1f0 [ 173.410039][ T7840] should_fail_ex+0x497/0x5b0 [ 173.410069][ T7840] strncpy_from_user+0x3b/0x2a0 [ 173.410096][ T7840] getname_flags.part.0+0x8f/0x550 [ 173.410124][ T7840] getname_flags+0x93/0xf0 [ 173.410145][ T7840] user_path_at+0x24/0x60 [ 173.410165][ T7840] __ia32_sys_mount+0x1fb/0x310 [ 173.410187][ T7840] ? __pfx___ia32_sys_mount+0x10/0x10 [ 173.410231][ T7840] __do_fast_syscall_32+0x73/0x120 [ 173.410259][ T7840] do_fast_syscall_32+0x32/0x80 [ 173.410283][ T7840] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 173.434290][ T7840] RIP: 0023:0xf743e579 [ 173.435793][ T7840] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 173.442677][ T7840] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 173.445662][ T7840] RAX: ffffffffffffffda RBX: 00000000200000c0 RCX: 0000000020000100 [ 173.448533][ T7840] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 173.451527][ T7840] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 173.454421][ T7840] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 173.457264][ T7840] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.459430][ T7840] [ 173.460517][ C3] vkms_vblank_simulate: vblank timer overrun [ 173.746602][ T7859] netlink: 'syz.1.738': attribute type 1 has an invalid length. [ 173.750256][ T7859] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 173.753251][ T7859] IPv6: NLM_F_CREATE should be set when creating new route [ 173.773194][ T7859] Bluetooth: MGMT ver 1.23 [ 173.777976][ T7862] openvswitch: netlink: Missing key (keys=20040, expected=80) [ 173.839101][ T7865] FAULT_INJECTION: forcing a failure. [ 173.839101][ T7865] name failslab, interval 1, probability 0, space 0, times 0 [ 173.842857][ T7865] CPU: 0 UID: 0 PID: 7865 Comm: syz.2.741 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 173.845622][ T7865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 173.848501][ T7865] Call Trace: [ 173.849378][ T7865] [ 173.850176][ T7865] dump_stack_lvl+0x16c/0x1f0 [ 173.851466][ T7865] should_fail_ex+0x497/0x5b0 [ 173.852700][ T7865] ? fs_reclaim_acquire+0xae/0x160 [ 173.854033][ T7865] should_failslab+0xc2/0x120 [ 173.855228][ T7865] __kmalloc_noprof+0xcb/0x410 [ 173.856316][ T7865] ? __pfx_d_absolute_path+0x10/0x10 [ 173.857506][ T7865] tomoyo_encode2+0x100/0x3e0 [ 173.858802][ T7865] tomoyo_realpath_from_path+0x1a7/0x710 [ 173.860286][ T7865] tomoyo_path_number_perm+0x245/0x5b0 [ 173.861718][ T7865] ? tomoyo_path_number_perm+0x232/0x5b0 [ 173.863191][ T7865] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 173.864763][ T7865] ? trace_lock_acquire+0x14a/0x1d0 [ 173.866172][ T7865] ? lock_acquire+0x2f/0xb0 [ 173.867408][ T7865] ? __fget_files+0x40/0x3f0 [ 173.868643][ T7865] ? __fget_files+0x244/0x3f0 [ 173.869909][ T7865] security_file_ioctl_compat+0x9b/0x240 [ 173.871371][ T7865] __do_compat_sys_ioctl+0x52/0x2b0 [ 173.872728][ T7865] __do_fast_syscall_32+0x73/0x120 [ 173.874060][ T7865] do_fast_syscall_32+0x32/0x80 [ 173.875361][ T7865] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 173.877023][ T7865] RIP: 0023:0xf7fe2579 [ 173.878085][ T7865] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 173.883088][ T7865] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 173.885262][ T7865] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0d05605 [ 173.887538][ T7865] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 173.890111][ T7865] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 173.892460][ T7865] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 173.894523][ T7865] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.896567][ T7865] [ 173.900534][ T7865] ERROR: Out of memory at tomoyo_realpath_from_path. [ 173.955523][ T7874] FAULT_INJECTION: forcing a failure. [ 173.955523][ T7874] name failslab, interval 1, probability 0, space 0, times 0 [ 173.961675][ T7874] CPU: 0 UID: 0 PID: 7874 Comm: syz.2.743 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 173.965284][ T7874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 173.968947][ T7874] Call Trace: [ 173.970118][ T7874] [ 173.971172][ T7874] dump_stack_lvl+0x16c/0x1f0 [ 173.972808][ T7874] should_fail_ex+0x497/0x5b0 [ 173.974455][ T7874] ? fs_reclaim_acquire+0xae/0x160 [ 173.976233][ T7874] should_failslab+0xc2/0x120 [ 173.977860][ T7874] __kmalloc_noprof+0xcb/0x410 [ 173.979529][ T7874] ? __pfx___mutex_trylock_common+0x10/0x10 [ 173.981572][ T7874] ? genl_rcv_msg+0x580/0x800 [ 173.983215][ T7874] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 173.985651][ T7874] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 173.987532][ T7874] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 173.989631][ T7874] ? bpf_lsm_capable+0x9/0x10 [ 173.991288][ T7874] ? security_capable+0x7e/0x260 [ 173.993004][ T7874] genl_rcv_msg+0x565/0x800 [ 173.994610][ T7874] ? __pfx_genl_rcv_msg+0x10/0x10 [ 173.996366][ T7874] ? __pfx_netlbl_unlabel_staticadddef+0x10/0x10 [ 173.998540][ T7874] ? __pfx___lock_acquire+0x10/0x10 [ 174.000341][ T7874] netlink_rcv_skb+0x165/0x410 [ 174.001985][ T7874] ? __pfx_genl_rcv_msg+0x10/0x10 [ 174.003818][ T7874] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 174.005711][ T7874] ? down_read+0xc9/0x330 [ 174.007296][ T7874] ? __pfx_down_read+0x10/0x10 [ 174.009002][ T7874] ? netlink_deliver_tap+0x1ae/0xcf0 [ 174.010865][ T7874] genl_rcv+0x28/0x40 [ 174.012282][ T7874] netlink_unicast+0x53c/0x7f0 [ 174.013955][ T7874] ? __pfx_netlink_unicast+0x10/0x10 [ 174.015837][ T7874] ? __phys_addr_symbol+0x30/0x80 [ 174.017610][ T7874] ? __check_object_size+0x488/0x710 [ 174.019463][ T7874] netlink_sendmsg+0x8b8/0xd70 [ 174.021239][ T7874] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.023084][ T7874] ____sys_sendmsg+0x9ae/0xb40 [ 174.024756][ T7874] ? __pfx_____sys_sendmsg+0x10/0x10 [ 174.026619][ T7874] ? get_compat_msghdr+0x11b/0x170 [ 174.028457][ T7874] ? __pfx___lock_acquire+0x10/0x10 [ 174.030342][ T7874] ___sys_sendmsg+0x135/0x1e0 [ 174.032035][ T7874] ? __pfx____sys_sendmsg+0x10/0x10 [ 174.033906][ T7874] ? lock_acquire+0x2f/0xb0 [ 174.035542][ T7874] ? __fget_files+0x40/0x3f0 [ 174.037171][ T7874] ? fdget+0x176/0x210 [ 174.038591][ T7874] __sys_sendmsg+0x117/0x1f0 [ 174.040203][ T7874] ? __pfx___sys_sendmsg+0x10/0x10 [ 174.041964][ T7874] ? __fget_files+0x244/0x3f0 [ 174.043613][ T7874] __do_fast_syscall_32+0x73/0x120 [ 174.045380][ T7874] do_fast_syscall_32+0x32/0x80 [ 174.047060][ T7874] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 174.049232][ T7874] RIP: 0023:0xf7fe2579 [ 174.050663][ T7874] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 174.057173][ T7874] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 174.060009][ T7874] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000d40 [ 174.062794][ T7874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 174.065555][ T7874] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 174.068282][ T7874] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 174.071248][ T7874] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 174.074009][ T7874] [ 174.247144][ T7882] __nla_validate_parse: 2 callbacks suppressed [ 174.247155][ T7882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.747'. [ 174.437950][ T7887] netlink: 'syz.3.749': attribute type 6 has an invalid length. [ 174.440585][ T7887] netlink: 14557 bytes leftover after parsing attributes in process `syz.3.749'. [ 175.072569][ T7901] block device autoloading is deprecated and will be removed. [ 175.137848][ T7903] fuse: Unknown parameter '0x0000000000000003' [ 175.467460][ T7922] FAULT_INJECTION: forcing a failure. [ 175.467460][ T7922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.488732][ T7922] CPU: 3 UID: 0 PID: 7922 Comm: syz.3.761 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 175.491628][ T7922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 175.494456][ T7922] Call Trace: [ 175.495349][ T7922] [ 175.496142][ T7922] dump_stack_lvl+0x16c/0x1f0 [ 175.497387][ T7922] should_fail_ex+0x497/0x5b0 [ 175.498659][ T7922] _copy_from_user+0x30/0xf0 [ 175.499880][ T7922] kstrtouint_from_user+0xd7/0x1c0 [ 175.501245][ T7922] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 175.502769][ T7922] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 175.504267][ T7922] proc_fail_nth_write+0x84/0x250 [ 175.505609][ T7922] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 175.507331][ T7922] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 175.509039][ T7922] vfs_write+0x28e/0x1140 [ 175.510372][ T7922] ? __fget_files+0x23a/0x3f0 [ 175.511823][ T7922] ? fdget_pos+0x24c/0x360 [ 175.513212][ T7922] ? __pfx_lock_release+0x10/0x10 [ 175.514791][ T7922] ? trace_lock_acquire+0x14a/0x1d0 [ 175.516423][ T7922] ? __pfx_vfs_write+0x10/0x10 [ 175.517919][ T7922] ? __pfx___mutex_lock+0x10/0x10 [ 175.519509][ T7922] ? __fget_files+0x244/0x3f0 [ 175.520832][ T7922] ksys_write+0x12f/0x260 [ 175.521996][ T7922] ? __pfx_ksys_write+0x10/0x10 [ 175.523397][ T7922] __do_fast_syscall_32+0x73/0x120 [ 175.524974][ T7922] do_fast_syscall_32+0x32/0x80 [ 175.526508][ T7922] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.528443][ T7922] RIP: 0023:0xf743e579 [ 175.529863][ T7922] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 175.537168][ T7922] RSP: 002b:00000000f57055a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 175.537194][ T7922] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5705620 [ 175.537201][ T7922] RDX: 0000000000000001 RSI: 00000000f742bff4 RDI: 0000000000000000 [ 175.540486][ T7930] FAULT_INJECTION: forcing a failure. [ 175.540486][ T7930] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.542238][ T7922] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 175.551151][ T7922] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 175.553651][ T7922] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.556115][ T7922] [ 175.557084][ T7930] CPU: 0 UID: 0 PID: 7930 Comm: syz.1.765 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 175.557128][ C3] vkms_vblank_simulate: vblank timer overrun [ 175.560341][ T7930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 175.565502][ T7930] Call Trace: [ 175.566550][ T7930] [ 175.567471][ T7930] dump_stack_lvl+0x16c/0x1f0 [ 175.568941][ T7930] should_fail_ex+0x497/0x5b0 [ 175.570431][ T7930] _copy_to_user+0x30/0xc0 [ 175.571818][ T7930] simple_read_from_buffer+0xd0/0x160 [ 175.573477][ T7930] proc_fail_nth_read+0x198/0x270 [ 175.575047][ T7930] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 175.576765][ T7930] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 175.578494][ T7930] vfs_read+0x1ce/0xbd0 [ 175.579803][ T7930] ? __fget_files+0x23a/0x3f0 [ 175.581265][ T7930] ? fdget_pos+0x24c/0x360 [ 175.582657][ T7930] ? __pfx_lock_release+0x10/0x10 [ 175.584218][ T7930] ? trace_lock_acquire+0x14a/0x1d0 [ 175.585827][ T7930] ? __pfx_vfs_read+0x10/0x10 [ 175.587354][ T7930] ? __pfx___mutex_lock+0x10/0x10 [ 175.588923][ T7930] ? __fget_files+0x244/0x3f0 [ 175.590410][ T7930] ksys_read+0x12f/0x260 [ 175.591719][ T7930] ? __pfx_ksys_read+0x10/0x10 [ 175.593202][ T7930] __do_fast_syscall_32+0x73/0x120 [ 175.594820][ T7930] do_fast_syscall_32+0x32/0x80 [ 175.596342][ T7930] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.598297][ T7930] RIP: 0023:0xf741e579 [ 175.599551][ T7930] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 175.605379][ T7930] RSP: 002b:00000000f57065a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 175.607939][ T7930] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5706620 [ 175.610380][ T7930] RDX: 000000000000000f RSI: 00000000f740bff4 RDI: 0000000000000000 [ 175.612781][ T7930] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 175.615199][ T7930] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 175.617606][ T7930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.620026][ T7930] [ 175.627406][ T7936] syz.3.767[7936] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 175.627496][ T7936] syz.3.767[7936] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 175.635744][ T7936] syz.3.767[7936] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 175.696353][ T7941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.768'. [ 175.704091][ T7941] netlink: 12 bytes leftover after parsing attributes in process `syz.1.768'. [ 175.729583][ T7941] bond1: entered promiscuous mode [ 175.731018][ T7941] bond1: entered allmulticast mode [ 175.732451][ T7941] 8021q: adding VLAN 0 to HW filter on device bond1 [ 175.802603][ T7955] FAULT_INJECTION: forcing a failure. [ 175.802603][ T7955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.807062][ T7955] CPU: 3 UID: 0 PID: 7955 Comm: syz.1.773 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 175.810337][ T7955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 175.813657][ T7955] Call Trace: [ 175.814741][ T7955] [ 175.815691][ T7955] dump_stack_lvl+0x16c/0x1f0 [ 175.817244][ T7955] should_fail_ex+0x497/0x5b0 [ 175.818760][ T7955] _copy_from_user+0x30/0xf0 [ 175.820272][ T7955] ucma_write+0x129/0x330 [ 175.821656][ T7955] ? __pfx_ucma_write+0x10/0x10 [ 175.823210][ T7955] ? bpf_lsm_file_permission+0x9/0x10 [ 175.824865][ T7955] ? security_file_permission+0x71/0x210 [ 175.826602][ T7955] ? __pfx_ucma_write+0x10/0x10 [ 175.828116][ T7955] vfs_writev+0x6da/0xdd0 [ 175.829511][ T7955] ? find_held_lock+0x2d/0x110 [ 175.831059][ T7955] ? __pfx_vfs_writev+0x10/0x10 [ 175.832595][ T7955] ? find_held_lock+0x2d/0x110 [ 175.834143][ T7955] ? __pfx_lock_release+0x10/0x10 [ 175.835799][ T7955] ? trace_lock_acquire+0x14a/0x1d0 [ 175.837444][ T7955] ? __fget_files+0x244/0x3f0 [ 175.839009][ T7955] ? do_writev+0x289/0x370 [ 175.840579][ T7955] do_writev+0x289/0x370 [ 175.841916][ T7955] ? __pfx_do_writev+0x10/0x10 [ 175.843433][ T7955] __do_fast_syscall_32+0x73/0x120 [ 175.845030][ T7955] do_fast_syscall_32+0x32/0x80 [ 175.846623][ T7955] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.848570][ T7955] RIP: 0023:0xf741e579 [ 175.849851][ T7955] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 175.855850][ T7955] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 175.858562][ T7955] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000000 [ 175.861057][ T7955] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 175.863460][ T7955] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 175.865908][ T7955] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 175.868249][ T7955] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.870617][ T7955] [ 175.871704][ C3] vkms_vblank_simulate: vblank timer overrun [ 176.148815][ T6234] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 176.179268][ T7969] binder: 7964:7969 ioctl c0306201 0 returned -14 [ 176.219599][ T7969] binder: BINDER_SET_CONTEXT_MGR already set [ 176.221295][ T7969] binder: 7964:7969 ioctl 4018620d 20000040 returned -16 [ 176.223401][ T7969] binder: 7964:7969 ioctl c0306201 200003c0 returned -22 [ 176.379458][ T6234] usb 7-1: Using ep0 maxpacket: 16 [ 176.384004][ T6234] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.387545][ T6234] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 176.392122][ T6234] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 176.394540][ T6234] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.397646][ T6234] usb 7-1: config 0 descriptor?? [ 176.399774][ T7976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.780'. [ 176.411075][ T6234] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 176.421618][ T7976] bond2: entered allmulticast mode [ 176.423119][ T7976] 8021q: adding VLAN 0 to HW filter on device bond2 [ 176.492236][ T7976] hpfs: bad mount options. [ 176.567837][ T7983] netlink: 28 bytes leftover after parsing attributes in process `syz.3.782'. [ 176.573794][ T7983] 9pnet: p9_errstr2errno: server reported unknown error [ 176.635661][ T7988] netlink: 24 bytes leftover after parsing attributes in process `syz.1.784'. [ 176.642980][ T6234] usb 7-1: USB disconnect, device number 6 [ 176.958949][ T5378] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 177.128838][ T5378] usb 6-1: Using ep0 maxpacket: 8 [ 177.131625][ T5378] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 177.133787][ T5378] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 177.136345][ T5378] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 177.139595][ T5378] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 177.142245][ T5378] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 177.145565][ T5378] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 177.147891][ T5378] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.354761][ T5378] usb 6-1: usb_control_msg returned -32 [ 177.357255][ T5378] usbtmc 6-1:16.0: can't read capabilities [ 177.712970][ T7988] usb 6-1: usbtmc_ioctl_clear_in_halt returned -32 [ 178.086983][ T8000] netlink: 48 bytes leftover after parsing attributes in process `syz.2.789'. [ 178.416270][ T8016] FAULT_INJECTION: forcing a failure. [ 178.416270][ T8016] name (null), interval 1, probability 0, space 0, times 1 [ 178.421672][ T8016] CPU: 3 UID: 0 PID: 8016 Comm: syz.2.794 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 178.425431][ T8016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 178.429192][ T8016] Call Trace: [ 178.430407][ T8016] [ 178.431481][ T8016] dump_stack_lvl+0x16c/0x1f0 [ 178.433180][ T8016] should_fail_ex+0x497/0x5b0 [ 178.434891][ T8016] ? mark_held_locks+0x9f/0xe0 [ 178.436614][ T8016] null_queue_rq+0x251/0x1010 [ 178.438321][ T8016] null_queue_rqs+0x111/0x230 [ 178.440013][ T8016] ? __pfx_null_queue_rqs+0x10/0x10 [ 178.441878][ T8016] ? trace_lock_acquire+0x14a/0x1d0 [ 178.443754][ T8016] ? blk_mq_flush_plug_list+0xbcc/0x1be0 [ 178.445761][ T8016] __blk_mq_flush_plug_list+0x97/0xc0 [ 178.447692][ T8016] blk_mq_flush_plug_list+0xbfe/0x1be0 [ 178.449644][ T8016] ? rcu_is_watching+0x12/0xc0 [ 178.451391][ T8016] ? trace_block_plug+0x188/0x210 [ 178.453205][ T8016] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 178.455326][ T8016] ? blk_mq_submit_bio+0x1749/0x2a90 [ 178.457216][ T8016] __blk_flush_plug+0x2c5/0x4b0 [ 178.458998][ T8016] ? __pfx___blk_flush_plug+0x10/0x10 [ 178.460913][ T8016] ? ktime_get+0xd9/0x1a0 [ 178.462473][ T8016] ? __pfx_lock_release+0x10/0x10 [ 178.464284][ T8016] __submit_bio+0x3fb/0x4d0 [ 178.465918][ T8016] ? __pfx___submit_bio+0x10/0x10 [ 178.467717][ T8016] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 178.469751][ T8016] ? lockdep_hardirqs_on+0x7c/0x110 [ 178.471643][ T8016] submit_bio_noacct_nocheck+0x6fb/0xd70 [ 178.473643][ T8016] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 178.475844][ T8016] ? __pfx___might_resched+0x10/0x10 [ 178.477731][ T8016] ? __pfx_lock_release+0x10/0x10 [ 178.479561][ T8016] submit_bio_noacct+0x9e6/0x1f10 [ 178.481373][ T8016] submit_bio_wait+0x10a/0x240 [ 178.483105][ T8016] ? __pfx_submit_bio_wait+0x10/0x10 [ 178.485000][ T8016] hfsplus_submit_bio+0x201/0x280 [ 178.486808][ T8016] hfsplus_read_wrapper+0x497/0xff0 [ 178.488664][ T8016] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 178.490710][ T8016] ? do_raw_spin_lock+0x12d/0x2c0 [ 178.492512][ T8016] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 178.494429][ T8016] ? lock_acquire+0x2f/0xb0 [ 178.496063][ T8016] ? find_nls+0x1a/0x170 [ 178.497585][ T8016] ? do_raw_spin_unlock+0x172/0x230 [ 178.499461][ T8016] ? _raw_spin_unlock+0x28/0x50 [ 178.501195][ T8016] ? find_nls+0x125/0x170 [ 178.502756][ T8016] hfsplus_fill_super+0x352/0x1bc0 [ 178.504577][ T8016] ? bpf_trace_run2+0x266/0x590 [ 178.506330][ T8016] ? __pfx_lock_release+0x10/0x10 [ 178.508123][ T8016] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 178.510093][ T8016] ? bpf_trace_run2+0x2a6/0x590 [ 178.511879][ T8016] ? do_raw_spin_lock+0x12d/0x2c0 [ 178.513684][ T8016] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 178.515606][ T8016] ? set_blocksize+0x2ab/0x360 [ 178.517316][ T8016] ? sb_set_blocksize+0xf6/0x120 [ 178.519090][ T8016] ? setup_bdev_super+0x369/0x730 [ 178.520886][ T8016] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 178.522866][ T8016] mount_bdev+0x1e3/0x2d0 [ 178.524421][ T8016] ? __pfx_mount_bdev+0x10/0x10 [ 178.526189][ T8016] ? __pfx_hfsplus_mount+0x10/0x10 [ 178.527829][ T8016] legacy_get_tree+0x109/0x220 [ 178.529593][ T8016] vfs_get_tree+0x8f/0x380 [ 178.531228][ T8016] path_mount+0x6e1/0x1f10 [ 178.532843][ T8016] ? kmem_cache_free+0x152/0x4b0 [ 178.534634][ T8016] ? __pfx_path_mount+0x10/0x10 [ 178.536389][ T8016] ? putname+0x12e/0x170 [ 178.537928][ T8016] __ia32_sys_mount+0x292/0x310 [ 178.539692][ T8016] ? __pfx___ia32_sys_mount+0x10/0x10 [ 178.541606][ T8016] __do_fast_syscall_32+0x73/0x120 [ 178.543446][ T8016] do_fast_syscall_32+0x32/0x80 [ 178.545179][ T8016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 178.547423][ T8016] RIP: 0023:0xf7fe2579 [ 178.548875][ T8016] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 178.555623][ T8016] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 178.558567][ T8016] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000200001c0 [ 178.561359][ T8016] RDX: 0000000020000040 RSI: 0000000000008000 RDI: 0000000000000000 [ 178.564158][ T8016] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 178.566937][ T8016] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 178.569911][ T8016] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 178.572776][ T8016] [ 178.612234][ T8018] FAULT_INJECTION: forcing a failure. [ 178.612234][ T8018] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.616876][ T8018] CPU: 1 UID: 0 PID: 8018 Comm: syz.0.795 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 178.620715][ T8018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 178.624014][ T8018] Call Trace: [ 178.624931][ T8018] [ 178.626033][ T8018] dump_stack_lvl+0x16c/0x1f0 [ 178.627790][ T8018] should_fail_ex+0x497/0x5b0 [ 178.629159][ T8018] __fpu_restore_sig+0xa9c/0x1430 [ 178.630542][ T8018] ? __pfx___fpu_restore_sig+0x10/0x10 [ 178.631985][ T8018] ? lock_acquire+0x2f/0xb0 [ 178.633499][ T8018] ? __might_fault+0xe3/0x190 [ 178.635237][ T8018] ? __might_fault+0xe3/0x190 [ 178.636568][ T8018] fpu__restore_sig+0x102/0x180 [ 178.637839][ T8018] ia32_restore_sigcontext+0x40f/0x5d0 [ 178.639265][ T8018] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 178.640921][ T8018] ? __pfx_lock_release+0x10/0x10 [ 178.642732][ T8018] ? _raw_spin_unlock_irq+0x23/0x50 [ 178.644583][ T8018] ? lockdep_hardirqs_on+0x7c/0x110 [ 178.646488][ T8018] __do_compat_sys_rt_sigreturn+0x116/0x1f0 [ 178.648636][ T8018] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 178.650903][ T8018] do_int80_emulation+0x104/0x200 [ 178.652720][ T8018] asm_int80_emulation+0x1a/0x20 [ 178.654564][ T8018] RIP: 0023:0xf7f4f577 [ 178.655952][ T8018] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 [ 178.662842][ T8018] RSP: 002b:00000000f56d656c EFLAGS: 00000296 [ 178.665040][ T8018] RAX: 00000000000000f0 RBX: 000000002000cffc RCX: 000000000000000b [ 178.667899][ T8018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020048000 [ 178.670748][ T8018] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 178.673544][ T8018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.676406][ T8018] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 178.679089][ T8018] [ 179.646414][ T5402] usb 6-1: USB disconnect, device number 8 [ 179.685510][ T8029] nbd: must specify a size in bytes for the device [ 179.765961][ T8032] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 179.811612][ T8034] FAULT_INJECTION: forcing a failure. [ 179.811612][ T8034] name failslab, interval 1, probability 0, space 0, times 0 [ 179.816046][ T8034] CPU: 2 UID: 0 PID: 8034 Comm: syz.0.801 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 179.819732][ T8034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 179.823472][ T8034] Call Trace: [ 179.824633][ T8034] [ 179.825663][ T8034] dump_stack_lvl+0x16c/0x1f0 [ 179.827332][ T8034] should_fail_ex+0x497/0x5b0 [ 179.828964][ T8034] should_failslab+0xc2/0x120 [ 179.830808][ T8034] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 179.832704][ T8034] ? skb_clone+0x190/0x3f0 [ 179.834382][ T8034] skb_clone+0x190/0x3f0 [ 179.835898][ T8034] netlink_deliver_tap+0xb26/0xcf0 [ 179.837657][ T8034] netlink_unicast+0x5e1/0x7f0 [ 179.839363][ T8034] ? __pfx_netlink_unicast+0x10/0x10 [ 179.841401][ T8034] ? __phys_addr_symbol+0x30/0x80 [ 179.843472][ T8034] ? __check_object_size+0x488/0x710 [ 179.845424][ T8034] netlink_sendmsg+0x8b8/0xd70 [ 179.847099][ T8034] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.848904][ T8034] ? lock_acquire+0x2f/0xb0 [ 179.850500][ T8034] ____sys_sendmsg+0x9ae/0xb40 [ 179.852138][ T8034] ? __pfx_____sys_sendmsg+0x10/0x10 [ 179.853927][ T8034] ? get_compat_msghdr+0x11b/0x170 [ 179.855768][ T8034] ? __pfx___lock_acquire+0x10/0x10 [ 179.857576][ T8034] ___sys_sendmsg+0x135/0x1e0 [ 179.859206][ T8034] ? __pfx____sys_sendmsg+0x10/0x10 [ 179.861129][ T8034] ? lock_acquire+0x2f/0xb0 [ 179.862916][ T8034] ? __fget_files+0x40/0x3f0 [ 179.864612][ T8034] ? fdget+0x176/0x210 [ 179.866034][ T8034] __sys_sendmsg+0x117/0x1f0 [ 179.867685][ T8034] ? __pfx___sys_sendmsg+0x10/0x10 [ 179.869524][ T8034] ? __fget_files+0x244/0x3f0 [ 179.871220][ T8034] __do_fast_syscall_32+0x73/0x120 [ 179.873093][ T8034] do_fast_syscall_32+0x32/0x80 [ 179.874856][ T8034] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 179.876994][ T8034] RIP: 0023:0xf7f4f579 [ 179.878407][ T8034] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 179.885066][ T8034] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 179.887968][ T8034] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 179.890873][ T8034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 179.893870][ T8034] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 179.896717][ T8034] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 179.899414][ T8034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.902094][ T8034] [ 179.906878][ T8034] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 180.085504][ T8044] bridge_slave_1: left allmulticast mode [ 180.087123][ T8044] bridge_slave_1: left promiscuous mode [ 180.089796][ T8044] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.101298][ T8044] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 180.610704][ T8051] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 183.649411][ T36] null_blk: rq ffff888024191680 timed out [ 183.651369][ T36] timeout error, dev nullb0, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 184.478789][ T65] Bluetooth: hci2: command 0x0405 tx timeout [ 189.649162][ T8083] netlink: 9 bytes leftover after parsing attributes in process `syz.0.817'. [ 191.109373][ T8089] FAULT_INJECTION: forcing a failure. [ 191.109373][ T8089] name failslab, interval 1, probability 0, space 0, times 0 [ 191.114545][ T8089] CPU: 1 UID: 0 PID: 8089 Comm: syz.1.818 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 191.117281][ T8089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 191.120065][ T8089] Call Trace: [ 191.120937][ T8089] [ 191.121704][ T8089] dump_stack_lvl+0x16c/0x1f0 [ 191.122953][ T8089] should_fail_ex+0x497/0x5b0 [ 191.124182][ T8089] ? fs_reclaim_acquire+0xae/0x160 [ 191.125511][ T8089] should_failslab+0xc2/0x120 [ 191.126753][ T8089] __kmalloc_noprof+0xcb/0x410 [ 191.128012][ T8089] ? __pfx_d_absolute_path+0x10/0x10 [ 191.129394][ T8089] tomoyo_encode2+0x100/0x3e0 [ 191.130652][ T8089] tomoyo_realpath_from_path+0x1a7/0x710 [ 191.132126][ T8089] tomoyo_path_number_perm+0x245/0x5b0 [ 191.133540][ T8089] ? tomoyo_path_number_perm+0x232/0x5b0 [ 191.135010][ T8089] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 191.136574][ T8089] ? trace_lock_acquire+0x14a/0x1d0 [ 191.137933][ T8089] ? lock_acquire+0x2f/0xb0 [ 191.139128][ T8089] ? __fget_files+0x40/0x3f0 [ 191.140335][ T8089] ? __fget_files+0x244/0x3f0 [ 191.141569][ T8089] security_file_ioctl_compat+0x9b/0x240 [ 191.143051][ T8089] __do_compat_sys_ioctl+0x52/0x2b0 [ 191.144420][ T8089] __do_fast_syscall_32+0x73/0x120 [ 191.145760][ T8089] do_fast_syscall_32+0x32/0x80 [ 191.147051][ T8089] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 191.148689][ T8089] RIP: 0023:0xf741e579 [ 191.149769][ T8089] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 191.154750][ T8089] RSP: 002b:00000000f56e556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 191.156909][ T8089] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0844123 [ 191.158959][ T8089] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 191.161004][ T8089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 191.163055][ T8089] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 191.165100][ T8089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 191.167155][ T8089] [ 191.194678][ T8089] ERROR: Out of memory at tomoyo_realpath_from_path. [ 191.197134][ T65] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 191.204023][ T65] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 191.213351][ T65] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 191.216523][ T65] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 191.221162][ T65] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 191.227897][ T65] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 191.245538][ T5353] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 191.252334][ T5353] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 191.255631][ T5353] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 191.259561][ T5353] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 191.264050][ T5353] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 191.266633][ T5353] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 191.401603][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.535179][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.549678][ T8090] chnl_net:caif_netlink_parms(): no params data found [ 191.568409][ T8092] chnl_net:caif_netlink_parms(): no params data found [ 191.699613][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.706103][ T8090] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.708040][ T8090] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.710389][ T8090] bridge_slave_0: entered allmulticast mode [ 191.713015][ T8090] bridge_slave_0: entered promiscuous mode [ 191.737976][ T8090] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.739914][ T8090] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.741778][ T8090] bridge_slave_1: entered allmulticast mode [ 191.743784][ T8090] bridge_slave_1: entered promiscuous mode [ 191.787670][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.809875][ T8092] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.811810][ T8092] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.815661][ T8092] bridge_slave_0: entered allmulticast mode [ 191.818956][ T8092] bridge_slave_0: entered promiscuous mode [ 191.823907][ T8090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.827709][ T8090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.830736][ T8092] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.832616][ T8092] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.834556][ T8092] bridge_slave_1: entered allmulticast mode [ 191.838272][ T8092] bridge_slave_1: entered promiscuous mode [ 191.891475][ T8090] team0: Port device team_slave_0 added [ 191.895448][ T8090] team0: Port device team_slave_1 added [ 191.916337][ T39] kauditd_printk_skb: 40 callbacks suppressed [ 191.916348][ T39] audit: type=1326 audit(1728366163.898:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8115 comm="syz.0.824" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x0 [ 191.937534][ T8092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.954532][ T8090] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.956430][ T8090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.963569][ T8090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.969078][ T8092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.972217][ T8090] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.974067][ T8090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.980845][ T8090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.228898][ T12] bridge_slave_1: left allmulticast mode [ 192.230459][ T12] bridge_slave_1: left promiscuous mode [ 192.232021][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.249581][ T12] bridge_slave_0: left allmulticast mode [ 192.251115][ T12] bridge_slave_0: left promiscuous mode [ 192.252627][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.285064][ T65] Bluetooth: hci3: command tx timeout [ 193.468749][ T65] Bluetooth: hci4: command tx timeout [ 194.849331][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.851010][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.616397][ T65] Bluetooth: hci3: command tx timeout [ 195.617856][ T65] Bluetooth: hci4: command tx timeout [ 196.851467][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 196.856290][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 196.860065][ T12] bond0 (unregistering): Released all slaves [ 196.882456][ T8092] team0: Port device team_slave_0 added [ 196.886720][ T8090] hsr_slave_0: entered promiscuous mode [ 196.889017][ T8090] hsr_slave_1: entered promiscuous mode [ 196.890947][ T8090] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 196.892852][ T8090] Cannot create hsr debugfs directory [ 196.895334][ T8092] team0: Port device team_slave_1 added [ 196.945748][ T8092] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.948771][ T8092] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.955443][ T8092] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.979671][ T8092] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.981587][ T8092] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.988277][ T8092] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.070030][ T8092] hsr_slave_0: entered promiscuous mode [ 197.071998][ T8092] hsr_slave_1: entered promiscuous mode [ 197.075240][ T8092] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.077761][ T8092] Cannot create hsr debugfs directory SYZFAIL: ShmemBuilder: too large output offset size=21 consumed=-155 (errno 4: Interrupted system call) [ 197.307358][ T12] hsr_slave_0: left promiscuous mode [ 197.341594][ T12] hsr_slave_1: left promiscuous mode [ 197.347281][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.349411][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 197.352235][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.354277][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 197.371207][ T12] veth1_macvtap: left promiscuous mode [ 197.372715][ T12] veth0_macvtap: left promiscuous mode [ 197.374219][ T12] veth1_vlan: left promiscuous mode [ 197.375605][ T12] veth0_vlan: left promiscuous mode [ 197.688868][ T5353] Bluetooth: hci3: command tx timeout [ 197.981247][ T12] team0 (unregistering): Port device team_slave_1 removed [ 198.050384][ T12] team0 (unregistering): Port device team_slave_0 removed [ 198.538540][ T8126] syz_tun (unregistering): left promiscuous mode [ 199.210854][ T12] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.275991][ T12] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.358144][ T12] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.434352][ T12] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.579291][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.582280][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.649340][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.653171][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.733517][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.737099][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.826669][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 199.830091][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.936310][ T12] bridge_slave_1: left allmulticast mode [ 199.938203][ T12] bridge_slave_1: left promiscuous mode [ 199.940538][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.947725][ T12] bridge_slave_0: left allmulticast mode [ 199.950693][ T12] bridge_slave_0: left promiscuous mode [ 199.952721][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.957780][ T12] bridge_slave_1: left allmulticast mode [ 199.960341][ T12] bridge_slave_1: left promiscuous mode [ 199.962331][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.965959][ T12] bridge_slave_0: left allmulticast mode [ 199.967924][ T12] bridge_slave_0: left promiscuous mode [ 199.970944][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.974711][ T12] team0: left allmulticast mode [ 199.976138][ T12] bridge0: port 1(team0) entered disabled state [ 199.980553][ T12] bridge_slave_1: left allmulticast mode [ 199.982509][ T12] bridge_slave_1: left promiscuous mode [ 199.984496][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.989324][ T12] bridge_slave_0: left allmulticast mode [ 199.991459][ T12] bridge_slave_0: left promiscuous mode [ 199.993225][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.651348][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 200.655041][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 200.658445][ T12] bond0 (unregistering): Released all slaves [ 200.663206][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 200.666878][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 200.670455][ T12] bond0 (unregistering): Released all slaves [ 200.744302][ T12] bond0 (unregistering): Released all slaves [ 200.810543][ T12] bond1 (unregistering): Released all slaves [ 200.880432][ T12] bond2 (unregistering): Released all slaves [ 200.950217][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 200.954939][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 200.958462][ T12] bond0 (unregistering): Released all slaves [ 201.030956][ T12] bond1 (unregistering): Released all slaves [ 201.152218][ T12] tipc: Left network mode [ 201.162197][ T12] tipc: Disabling bearer [ 201.164239][ T12] tipc: Left network mode [ 201.652739][ T12] hsr_slave_0: left promiscuous mode [ 201.654545][ T12] hsr_slave_1: left promiscuous mode [ 201.656537][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.658881][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.662355][ T12] hsr_slave_0: left promiscuous mode [ 201.664238][ T12] hsr_slave_1: left promiscuous mode [ 201.666345][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.671394][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.674584][ T12] batadv_slave_1: left promiscuous mode [ 201.681644][ T12] hsr_slave_0: left promiscuous mode [ 201.683383][ T12] hsr_slave_1: left promiscuous mode [ 201.686590][ T12] hsr_slave_0: left promiscuous mode [ 201.688936][ T12] hsr_slave_1: left promiscuous mode [ 201.690984][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.692932][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.695328][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.697280][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.733188][ T12] veth1_macvtap: left promiscuous mode [ 201.734720][ T12] veth0_macvtap: left promiscuous mode [ 201.736206][ T12] veth1_vlan: left promiscuous mode [ 201.737608][ T12] veth0_vlan: left promiscuous mode [ 201.739920][ T12] veth1_macvtap: left promiscuous mode [ 201.741390][ T12] veth0_macvtap: left promiscuous mode [ 201.742882][ T12] veth1_vlan: left promiscuous mode [ 201.744281][ T12] veth0_vlan: left promiscuous mode [ 201.957210][ T12] team0 (unregistering): Port device team_slave_1 removed [ 201.998639][ T12] team0 (unregistering): Port device team_slave_0 removed [ 202.319678][ T12] team0 (unregistering): Port device team_slave_1 removed [ 202.367070][ T12] team0 (unregistering): Port device team_slave_0 removed [ 204.485060][ T12] team0 (unregistering): Port device team_slave_1 removed [ 204.577853][ T12] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 05:42:49 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000001 RSI=ffffea0001a53e40 RDI=ffffc900068efcb8 RBP=00000000f620b000 RSP=ffffc900068ef858 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=0000000000000000 R14=ffffc900068ef9a8 R15=ffffea0001a53e40 RIP=ffffffff81d973bc RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f62f1cb6440 CR3=0000000060c46000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000020210058 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000005e7247 RBX=0000000000000001 RCX=ffffffff8b130829 RDX=0000000000000000 RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb123a0 RBP=ffffed10036eb910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed10056a7025 R10=ffff88802b53812b R11=0000000000000000 R12=0000000000000001 R13=ffff88801b75c880 R14=ffffffff901cd188 R15=0000000000000000 RIP=ffffffff8b131c0f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fff49bb64c8 CR3=000000002a4c0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004080 Opmask01=0000000000000000 Opmask02=000000000000ffdf Opmask03=0000000000000000 Opmask04=00000000ffffffdf Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff86a85ae0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 83d6ec5899bd9cbf 737326e3ede90748 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000041 00005595c7c6ce00 44455a494c414954 494e495f43455355 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656565692f34316d 697377682f6d6973 77685f3131323038 63616d2f6c617574 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000141 0000000038326c6c 696b66722f353179 68702f3131323038 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffaa6a383ad0bc 00000005595c4b15 00005595c7c5b860 00002af30656f09b ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffbd 00007ff7dfdffff7 f6f7ffd5fffdff7f 5c007ff7dffffcff ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a2433273f397b27 697a787c69303b7e 69305f474f5b647c 69303a2433273f39 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000231 0000000000000030 66722f0031706f6f 00004e4f5341453b ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000231 0000000000000030 00002f0031706f10 00004e4f53414531 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff848f066d RDX=0000000000000002 RSI=0000000000000004 RDI=0000000000000004 RBP=ffffc900030f7538 RSP=ffffc900030f73f0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffffffff8bb1ced2 R13=dffffc0000000000 R14=0000000000000002 R15=0000000000000004 RIP=ffffffff818cba0c RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f4ffdcc3d00 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000559f0c755000 CR3=00000000009fa000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=b8883811b8883811 b8883811b8883811 b8883811b8883811 b8883811b8883811 b8883811b8883811 b8883811b8883811 b8883811b8883811 b8883811b8883811 ZMM22=9451241294512412 9451241294512412 9451241294512412 9451241294512412 9451241294512412 9451241294512412 9451241294512412 9451241294512412 ZMM23=63ab863663ab8636 63ab863663ab8636 63ab863663ab8636 63ab863663ab8636 63ab863663ab8636 63ab863663ab8636 63ab863663ab8636 63ab863663ab8636 ZMM24=cfa69d8ccfa69d8c cfa69d8ccfa69d8c cfa69d8ccfa69d8c cfa69d8ccfa69d8c cfa69d8ccfa69d8c cfa69d8ccfa69d8c cfa69d8ccfa69d8c cfa69d8ccfa69d8c ZMM25=640cb372640cb372 640cb372640cb372 640cb372640cb372 640cb372640cb372 640cb372640cb372 640cb372640cb372 640cb372640cb372 640cb372640cb372 ZMM26=f9b71927f9b71927 f9b71927f9b71927 f9b71927f9b71927 f9b71927f9b71927 f9b71927f9b71927 f9b71927f9b71927 f9b71927f9b71927 f9b71927f9b71927 ZMM27=0bd7c2ec0bd7c2ec 0bd7c2ec0bd7c2ec 0bd7c2ec0bd7c2ec 0bd7c2ec0bd7c2ec 0bd7c2ec0bd7c2ec 0bd7c2ec0bd7c2ec 0bd7c2ec0bd7c2ec 0bd7c2ec0bd7c2ec ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=7f0500007f050000 7f0500007f050000 7f0500007f050000 7f0500007f050000 7f0500007f050000 7f0500007f050000 7f0500007f050000 7f0500007f050000 info registers vcpu 3 CPU#3 RAX=1ffff110035968bb RBX=0000000000000001 RCX=ffffffff81c75d1d RDX=ffffed10035968bc RSI=0000000000000008 RDI=ffff88801acb45d8 RBP=0000000000000001 RSP=ffffc90000e6f560 R8 =0000000000000001 R9 =ffffed10035968bb R10=ffff88801acb45df R11=0000000000000000 R12=dffffc0000000000 R13=ffff88801acb4618 R14=ffff88801acb45d8 R15=ffff88801acb4568 RIP=ffffffff81c75d29 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055b173f58131 CR3=00000000007e2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000025800000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000