last executing test programs: 15.259106804s ago: executing program 0 (id=1825): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fanotify_init(0x0, 0x0) memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) 14.550148287s ago: executing program 0 (id=1826): gettid() open(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) pwritev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}], 0x1, 0x800000, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x24002de8) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) 8.524148808s ago: executing program 0 (id=1844): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000100)='./file0\x00') open(&(0x7f0000000340)='./bus\x00', 0x325081, 0x0) 8.368797807s ago: executing program 0 (id=1845): socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x12, 0x10, 0xfa00, {&(0x7f0000005480)}}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4048804) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$int_in(r1, 0x5452, &(0x7f0000000280)=0xffffffffffffffff) sendto$inet6(r1, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r1, 0x1) socket$nl_route(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x90) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000000), 0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x198780, 0x0) socket$inet(0x2, 0x3, 0x2) 3.949028372s ago: executing program 3 (id=1868): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0xfffffff8, 0x101, 0x0, 0x1, 0x2}, 0x48) 3.889916204s ago: executing program 3 (id=1869): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x40000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 3.829559108s ago: executing program 3 (id=1870): socket(0x2, 0x5, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_CAPBSET_DROP(0x18, 0x0) capset(&(0x7f00000003c0)={0x20080522}, &(0x7f0000000440)={0x0, 0x0, 0x7ff}) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r2, 0x31d}, 0x14}}, 0x4) r3 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000240)={0x80000001, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}}, 0x1}, 0x8c) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) syz_emit_ethernet(0x85, &(0x7f00000007c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x4f, 0x6, 0x0, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, {[], {{0xfffe, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}, {"3cd88ef92cca2e0bd9d7c9da05c791671d910496d8d58afefffffffffffffffdca3a9650b27ecd3027c41349bc01b05706a9a7db3a2413c7d6f5f9"}}}}}}}, 0x0) syz_emit_ethernet(0x90, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaabaaaaaa0180c200000086dd60890000005a0600fe8036fc80c109000000070000000000000074fa334316955c283aa3385e000000000000bbfe800000b6e54f89e8d204000000000000000022a374b023389e352fa4e2f85e7b841f840a9acd475d7d9cd41a7a9ebab8453781e97e7e9d88da5d7dec3c40686e6c3c2c49b89e00b051b7524e55f49365ebe88da04c801d8daaa6a3f643d22fe4fed48d526295dcaa04a2ee8eb1", @ANYRES32=0x41424344, @ANYBLOB], 0x0) socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$PNPIPE_ENCAP(r4, 0x113, 0x1, &(0x7f0000000000), 0x0) 3.675901625s ago: executing program 3 (id=1871): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4) recvmmsg(r0, &(0x7f0000001900)=[{{0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x37}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000000740)=""/4096, 0x1000}], 0x1}, 0x4}], 0x2, 0x0, 0x0) 3.569196038s ago: executing program 3 (id=1872): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x2c, 0x0, 0x2, 0x0, 0x0, 0x0, {}, [@CTA_EXPECT_MASTER={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}]}, 0x2c}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x24d8}], 0x1}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[], 0x58}}, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x28}}, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@deltaction={0x50, 0x31, 0x20, 0x70bd26, 0x25dfdbff, {}, [@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x200, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}, @TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x316b}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1ff}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) setsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x4400, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wg1\x00', 0x0}) clock_settime(0xa, 0x0) openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_trace', 0x834000, 0x88) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x900, 0x0) r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000000100)={{0x1, 0x1, 0x18, r6}, './file1/file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001800), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000000)={{0x0, 0x2}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001c00010400000000000000000200", @ANYRES32=r3, @ANYBLOB], 0x30}}, 0x0) writev(r2, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x1fffffffffffffd2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 3.450398067s ago: executing program 1 (id=1873): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r3, &(0x7f00000004c0)=[{&(0x7f0000000240)="2ccb", 0x2}], 0x1) splice(r1, 0x0, r3, 0x0, 0xf3a, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) splice(r2, 0x0, r4, 0x0, 0x7f, 0x0) write$binfmt_script(r3, &(0x7f0000000580)={'#! ', './file1'}, 0xb) close_range(r0, 0xffffffffffffffff, 0x0) 3.269667916s ago: executing program 3 (id=1874): r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r2) write$char_usb(r3, &(0x7f0000000140)='0', 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x44, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r4}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4, 0x5, 0x0, 0x0, [{0x8, 0x0, 0x0, 0x0, 0x123e}, {0x8, 0x6}, {0x8}]}}]}]}, 0x44}}, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b696733552eca3e954943a18709f72fbd259a936c67e", 0x1a}, {&(0x7f0000000100)="3a10bd003aba0c702633", 0xa}], 0x2, &(0x7f0000000740)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a7ce45002bdb85e47ab3e39597e422ffab456dd963a00000000180000000000000017010000040000000602000000400000180000000000000017010000030000000100000000000079240809000000ac87448793609bd8299d6dfc465829b711ce28eb8f568438917ebd0699be96bd1485f6aaa8486e00000000e301f2e09aebda6eeb1c61f96b6d3f91c0f8c1ffbb85cfdd5b8b437a3720ba4cdfb681516c3a240207b6bbdfb37747cc7411886fdba55bcbfa68226644556e8117f9f9fc5be3b7095b2ab7c19b0c6fada03a7f9b9172f0cc960ee263e82e3232edea82b9736d65309e0ad2922ecbb7cde9ce78555fabb941d114e83b37255d6b43b2927696e4f4cf3b23086021fe4e33d049de5318ef3803ceacddc02734c96a9765486a9bf8d65791b000000000000000000000000000000000000000009d97cea3f950d55b265e480ff02c27bda4848c64ca7dcbcd060b9c0dea483c6069d2cdc473cfacc9052cc2c9e3ee037042fd329173c5e7c9ef8800a51332df5a08602a72a553035711cb9159757303a5e7d389786df44441dc82a9d32c56db8a8b3578cd0faabfa23fb46e22b45a464e35315d8c2dd3fae8b530cf8eb0d8dcb682772bed766be5208e61eab965c6c9a217a4e13f0085626c0408f381205251c18a8f6a"], 0x60}], 0x1, 0x8001) recvmmsg(r5, &(0x7f0000008c40)=[{{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000000580)=""/227, 0xe3}, {&(0x7f0000000680)=""/181, 0xb5}, {&(0x7f0000001d80)=""/245, 0xf5}, {0x0}, {&(0x7f0000001e80)=""/222, 0xde}, {&(0x7f0000001f80)=""/11, 0xb}], 0x6}}, {{0x0, 0x0, &(0x7f0000002340)=[{0x0}, {0x0}, {&(0x7f0000000400)=""/138, 0x8a}], 0x3}}, {{0x0, 0x0, &(0x7f00000036c0)}}, {{0x0, 0x0, &(0x7f0000004b40)}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000008580)=[{&(0x7f0000006140)=""/7, 0x7}, {&(0x7f0000006180)=""/131, 0x83}, {&(0x7f0000006240)=""/243, 0xf3}, {&(0x7f0000007340)=""/181, 0xb5}, {&(0x7f0000000300)=""/75, 0x4b}], 0x5}}], 0x6, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000280)={{}, {}, [], {}, [], {0x8}}, 0x24, 0x0) 3.143860647s ago: executing program 1 (id=1875): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) syz_clone3(&(0x7f0000000880)={0x100000, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x0], 0x1}, 0x58) 2.849478778s ago: executing program 1 (id=1876): socket$l2tp(0x2, 0x2, 0x73) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400), 0x0, &(0x7f0000008640), 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) unshare(0x62040200) unshare(0x62040200) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x20001300, 0x20001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0x7fffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0xe0) r1 = socket$igmp(0x2, 0x3, 0x2) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000005400)={'filter\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f0000005480)=0x78) ftruncate(0xffffffffffffffff, 0x200004) syz_usb_connect(0x0, 0x24, 0x0, 0x0) 2.554706506s ago: executing program 0 (id=1877): r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000300)="ab", 0x14078, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x2c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}]}, 0x2c}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.205110843s ago: executing program 2 (id=1879): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000b40)={0x2, 0x4e22, @empty}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @remote}, 0x10) 2.160154905s ago: executing program 2 (id=1880): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$afs(&(0x7f0000000100), &(0x7f0000000340)='./file0\x00', &(0x7f0000000400), 0x8, 0x0) 2.072399437s ago: executing program 2 (id=1881): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r0, &(0x7f0000001600)=[{&(0x7f0000001300)=""/244, 0xf4}], 0x1) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df00000000000000000009f600"}) r1 = syz_open_pts(r0, 0x101) r2 = dup3(r1, r0, 0x0) write$UHID_INPUT(r2, &(0x7f00000001c0)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c) 2.07216567s ago: executing program 1 (id=1882): r0 = socket$inet(0x2, 0x3, 0x4) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@TCA_RATE={0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) 1.95008124s ago: executing program 2 (id=1883): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff", @ANYRES32=r4, @ANYBLOB="00000000010000001c0012000c000100"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_basic={{0xa}, {0x10, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x0, 0x7}}, @TCA_BASIC_POLICE={0x4}]}}]}, 0x40}}, 0x0) 1.871677231s ago: executing program 2 (id=1884): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents(r2, &(0x7f0000000040)=""/54, 0x36) 1.871544324s ago: executing program 1 (id=1885): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) rmdir(0x0) 90.441004ms ago: executing program 1 (id=1886): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "7f31dd00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup(r2) read(r2, 0x0, 0x7a) read$snapshot(r3, 0x0, 0x0) 61.448592ms ago: executing program 0 (id=1887): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r0, 0xffffffffffffffff, 0x26}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, 0x0, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000580)={'vxcan0\x00', 0x0}) connect$can_bcm(r2, &(0x7f00000005c0)={0x1d, r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0) 0s ago: executing program 2 (id=1888): socket$inet6_tcp(0xa, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {&(0x7f00000003c0)=""/164, 0xa4}], 0x2, 0x0, 0x9) r1 = socket(0x40000000002, 0x3, 0x2) recvmmsg(r1, &(0x7f0000000240)=[{{0x0, 0xfffffffffffffea7, 0x0, 0x0, 0x0, 0xfffffffffffffec8}}], 0x4000000000002c5, 0x2, 0x0) r2 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000140)='veth1_virt_wifi\x00', 0x10) setsockopt$inet_int(r2, 0x0, 0x4, &(0x7f0000000080), 0x4) sendto$unix(r2, 0x0, 0x0, 0x0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) syz_emit_ethernet(0x7e, &(0x7f0000000300)={@local, @link_local={0x1, 0x80, 0xc2, 0x10}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x48, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x12, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @window={0x3, 0x3}, @sack={0x5, 0xa, [0x0, 0x0]}, @mptcp=@mp_fclose={0x1e, 0xc}, @mptcp=@synack={0x1e, 0x10}]}}}}}}}}, 0x0) kernel console output (not intermixed with test programs): [ 458.255552][ T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 458.306532][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.325002][ T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 458.326654][T10370] 9pnet_fd: Insufficient options for proto=fd [ 458.342415][ T30] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 458.345275][ T30] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 458.345302][ T30] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 458.345319][ T30] usb 5-1: Manufacturer: syz [ 458.347231][ T30] usb 5-1: config 0 descriptor?? [ 458.804239][ T30] appleir 0003:05AC:8243.0007: unknown main item tag 0x0 [ 458.809064][ T30] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 458.860745][ T30] appleir 0003:05AC:8243.0007: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 459.437408][T10363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 459.468375][T10363] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 459.691849][ T30] usb 5-1: USB disconnect, device number 8 [ 460.249381][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.439519][ T5397] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 460.741089][ T5397] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 460.744321][ T5397] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 460.748504][ T5397] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 460.759374][ T5397] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 460.824352][ T5397] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 460.828198][ T5397] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.848709][ T5397] usb 7-1: config 0 descriptor?? [ 460.861372][T10404] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 461.097847][T10404] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 461.118133][T10404] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 461.314023][ T5397] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 461.331414][ T5397] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 461.363620][ T5397] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 461.882526][ T5397] usb 7-1: USB disconnect, device number 9 [ 462.088515][ T9614] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 462.103396][T10424] netlink: 1264 bytes leftover after parsing attributes in process `syz.2.1371'. [ 462.114711][ T9614] Bluetooth: hci1: unexpected event 0x34 length: 10 > 6 [ 463.463886][T10449] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1378'. [ 463.593193][T10457] fuse: Unknown parameter 'f‡' [ 463.617905][T10457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1380'. [ 464.009456][ C2] vkms_vblank_simulate: vblank timer overrun [ 464.088224][ C2] vkms_vblank_simulate: vblank timer overrun [ 464.105450][T10471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 465.817179][T10506] syzkaller0: entered promiscuous mode [ 465.820254][T10506] syzkaller0: entered allmulticast mode [ 466.278166][T10512] netlink: 'syz.3.1393': attribute type 1 has an invalid length. [ 466.410938][T10514] netlink: 'syz.3.1394': attribute type 1 has an invalid length. [ 467.252492][ C2] vkms_vblank_simulate: vblank timer overrun [ 467.674611][ C2] vkms_vblank_simulate: vblank timer overrun [ 468.143453][ C2] vkms_vblank_simulate: vblank timer overrun [ 468.372266][ C2] vkms_vblank_simulate: vblank timer overrun [ 469.042632][ T9614] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 469.048366][ T9614] Bluetooth: hci2: Injecting HCI hardware error event [ 469.057194][ T4776] Bluetooth: hci2: hardware error 0x00 [ 471.000701][T10516] ipvlan0: entered allmulticast mode [ 471.004089][T10516] veth0_vlan: entered allmulticast mode [ 471.066213][T10532] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1398'. [ 471.271462][ T4776] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 471.285326][T10540] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1398'. [ 471.324522][T10540] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 471.329769][T10540] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 471.337572][T10540] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 471.343545][T10540] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 471.838225][T10552] netlink: 'syz.0.1402': attribute type 1 has an invalid length. [ 471.846138][T10551] [U]  [ 472.058803][T10554] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1403'. [ 472.062860][T10554] tipc: Started in network mode [ 472.065293][T10554] tipc: Node identity , cluster identity 4711 [ 472.074414][T10554] tipc: Failed to set node id, please configure manually [ 472.077225][T10554] tipc: Enabling of bearer rejected, failed to enable media [ 473.403960][ T1125] Bluetooth: hci4: Frame reassembly failed (-84) [ 475.429421][ T4776] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 476.265228][ T39] kauditd_printk_skb: 65 callbacks suppressed [ 476.265242][ T39] audit: type=1326 audit(1725817112.396:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1405" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7fc00000 [ 477.337571][T10589] mkiss: ax0: crc mode is auto. [ 477.907113][T10599] sctp: [Deprecated]: syz.3.1415 (pid 10599) Use of int in max_burst socket option. [ 477.907113][T10599] Use struct sctp_assoc_value instead [ 478.035608][T10601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1416'. [ 478.894956][T10617] usb 1-1: USB disconnect, device number 2 [ 479.266325][ C0] vkms_vblank_simulate: vblank timer overrun [ 479.834364][ C0] vkms_vblank_simulate: vblank timer overrun [ 480.290844][T10630] tipc: Enabled bearer , priority 10 [ 481.291631][ T35] tipc: Node number set to 352321594 [ 481.667869][ C0] vkms_vblank_simulate: vblank timer overrun [ 481.972324][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.088259][ C0] vkms_vblank_simulate: vblank timer overrun [ 483.277924][ T39] audit: type=1804 audit(1725817119.406:197): pid=10649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1431" name="/newroot/46/bus/bus" dev="overlay" ino=273 res=1 errno=0 [ 484.071810][T10669] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1436'. [ 485.230087][ T6412] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 485.451517][ T6412] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 485.457215][ T6412] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 485.466565][ T6412] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 485.474501][ T6412] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 485.479310][ T6412] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.487056][T10683] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 485.492279][ T6412] hub 7-1:1.0: bad descriptor, ignoring hub [ 485.495373][ T6412] hub 7-1:1.0: probe with driver hub failed with error -5 [ 485.500688][ T6412] cdc_wdm 7-1:1.0: skipping garbage [ 485.519363][ T6412] cdc_wdm 7-1:1.0: skipping garbage [ 485.522400][ T6412] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 485.524873][ T6412] cdc_wdm 7-1:1.0: Unknown control protocol [ 485.981487][ T1294] usb 7-1: USB disconnect, device number 10 [ 488.498200][ C0] vkms_vblank_simulate: vblank timer overrun [ 488.578220][ C0] vkms_vblank_simulate: vblank timer overrun [ 489.272173][T10758] Bluetooth: MGMT ver 1.23 [ 489.309400][T10763] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1463'. [ 489.315993][T10761] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1463'. [ 489.384270][T10764] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 489.387901][T10764] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 489.401101][T10764] vhci_hcd vhci_hcd.0: Device attached [ 489.421193][T10765] vhci_hcd: connection closed [ 489.421890][ T11] vhci_hcd: stop threads [ 489.427418][ T11] vhci_hcd: release socket [ 489.430176][ T11] vhci_hcd: disconnect device [ 489.454268][T10769] fuse: Bad value for 'fd' [ 489.473560][T10758] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 489.476333][T10758] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 489.531587][T10758] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 489.546261][T10758] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 489.549993][T10758] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 489.555496][T10758] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 489.690340][T10774] tmpfs: Bad value for 'mpol' [ 489.703649][T10774] netlink: 'syz.1.1466': attribute type 13 has an invalid length. [ 490.040578][ T58] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 490.178072][T10785] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1470'. [ 490.202796][T10785] 0ªX¹¦D: renamed from gretap0 (while UP) [ 490.222381][ T58] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 490.237019][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.255151][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 490.261920][ T58] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 490.269457][ T58] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 490.274250][ T58] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 490.277999][ T58] usb 5-1: Manufacturer: syz [ 490.280067][T10785] 0ªX¹¦D: entered allmulticast mode [ 490.282903][T10785] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 490.301608][ T58] usb 5-1: config 0 descriptor?? [ 490.337622][ C0] vkms_vblank_simulate: vblank timer overrun [ 490.411976][T10786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1470'. [ 490.439550][ T1294] usb 6-1: new full-speed USB device number 13 using dummy_hcd [ 490.642365][ T1294] usb 6-1: not running at top speed; connect to a high speed hub [ 490.647788][ T1294] usb 6-1: config 1 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 490.659199][ T1294] usb 6-1: config 1 interface 0 altsetting 8 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 490.667454][ T1294] usb 6-1: config 1 interface 0 has no altsetting 0 [ 490.675969][ T1294] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 490.682020][ T1294] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.688115][ T1294] usb 6-1: Product: syz [ 490.690775][ T1294] usb 6-1: Manufacturer: syz [ 490.696777][ T1294] usb 6-1: SerialNumber: syz [ 490.718245][T10783] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 490.722867][T10783] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 490.796002][ T58] appleir 0003:05AC:8243.0009: unknown main item tag 0x0 [ 490.800615][ T58] appleir 0003:05AC:8243.0009: No inputs registered, leaving [ 490.853044][ T58] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 491.173181][T10783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 491.188567][T10783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.220675][T10783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 491.261863][T10783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.322000][ T1294] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71 [ 491.341427][ T1294] usb 6-1: USB disconnect, device number 13 [ 491.523133][ T4776] Bluetooth: hci1: command 0x0c1a tx timeout [ 491.598868][ T4776] Bluetooth: hci3: command 0x0c1a tx timeout [ 491.885702][ T4776] Bluetooth: hci1: unexpected subevent 0x01 length: 78 > 18 [ 492.660693][ T39] audit: type=1326 audit(1725817128.793:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10811 comm="syz.3.1478" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x0 [ 492.746502][T10799] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 492.750859][T10799] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 492.781261][T10799] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 492.887519][ T1294] usb 5-1: USB disconnect, device number 9 [ 494.156021][ T9614] Bluetooth: hci1: command 0x0c1a tx timeout [ 494.318991][T10840] tmpfs: Unknown parameter 'siÃaze*8' [ 494.870263][ T9614] Bluetooth: hci3: command 0x0c1a tx timeout [ 494.887967][T10855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1489'. [ 494.976421][ T4776] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 495.010209][ T4776] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 495.063913][T10857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1489'. [ 496.239237][ T4776] Bluetooth: hci1: command 0x0c1a tx timeout [ 496.359646][T10866] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1491'. [ 496.363454][T10866] openvswitch: netlink: VXLAN extension message has 13 unknown bytes. [ 496.784866][T10869] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 496.959446][ T4776] Bluetooth: hci3: command 0x0c1a tx timeout [ 497.649303][ T5397] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 497.846892][ T5397] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 497.853401][ T5397] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 497.861438][ T5397] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 497.873912][ T5397] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 497.878956][ T5397] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.895536][T10878] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 497.900331][ T5397] hub 6-1:1.0: bad descriptor, ignoring hub [ 497.904857][ T5397] hub 6-1:1.0: probe with driver hub failed with error -5 [ 497.916541][ T5397] cdc_wdm 6-1:1.0: skipping garbage [ 497.918730][ T5397] cdc_wdm 6-1:1.0: skipping garbage [ 497.942400][ T5397] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 497.945089][ T5397] cdc_wdm 6-1:1.0: Unknown control protocol [ 498.121396][ T35] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 498.310200][ T4776] Bluetooth: hci1: command 0x0c1a tx timeout [ 498.314870][ T35] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 498.329217][ T35] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 498.336042][ T35] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 498.340627][ T35] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 498.344253][ T35] usb 8-1: Manufacturer: syz [ 498.348656][ T35] usb 8-1: config 0 descriptor?? [ 498.449257][ T35] rc_core: IR keymap rc-hauppauge not found [ 498.453267][ T35] Registered IR keymap rc-empty [ 498.457165][ T35] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 498.480705][ T35] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input58 [ 498.578108][ C1] vkms_vblank_simulate: vblank timer overrun [ 498.603740][T10878] usb 6-1: reset full-speed USB device number 14 using dummy_hcd [ 498.749174][T10883] ptrace attach of "/syz-executor exec"[10890] was attempted by "/syz-executor exec"[10883] [ 498.832379][T10887] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 498.849829][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.852940][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.855578][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.859904][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.864023][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.868185][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.876332][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.880003][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.883371][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.886581][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.889864][ C3] hrtimer: interrupt took 13548752 ns [ 498.892569][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.895816][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.899123][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.902325][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.905180][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.909557][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.914578][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.917562][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.920983][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 498.924652][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 498.989875][ T30] usb 8-1: USB disconnect, device number 10 [ 499.360140][ T10] usb 6-1: USB disconnect, device number 14 [ 499.829286][ T35] usb 8-1: new full-speed USB device number 11 using dummy_hcd [ 499.899750][T10904] xt_NFQUEUE: number of total queues is 0 [ 499.981236][T10906] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1502'. [ 499.985808][T10906] tipc: Started in network mode [ 499.988223][T10906] tipc: Node identity 0000000000000000000f00000000003a, cluster identity 4711 [ 499.993188][T10906] tipc: Enabling of bearer rejected, failed to enable media [ 500.035669][T10908] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 500.082503][ T35] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 500.088923][ T35] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 500.100463][ T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 500.108740][ T35] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 500.115139][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.128298][T10901] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 500.136322][ T35] hub 8-1:1.0: bad descriptor, ignoring hub [ 500.151645][ T35] hub 8-1:1.0: probe with driver hub failed with error -5 [ 500.156747][ T35] cdc_wdm 8-1:1.0: skipping garbage [ 500.158751][ T35] cdc_wdm 8-1:1.0: skipping garbage [ 500.188238][ T35] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 500.201092][ T35] cdc_wdm 8-1:1.0: Unknown control protocol [ 500.318278][ T5400] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 500.529385][ T5400] usb 6-1: Using ep0 maxpacket: 8 [ 500.533651][ T5400] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 500.557188][ T5400] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 500.584810][ T5400] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 500.594501][ T5400] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 500.603707][ T5400] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 500.608627][ T5400] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.862127][ T5400] usb 6-1: GET_CAPABILITIES returned 0 [ 500.867353][ T5400] usbtmc 6-1:16.0: can't read capabilities [ 500.969173][ T73] Bluetooth: hci4: Frame reassembly failed (-84) [ 501.190013][T10901] usb 8-1: reset full-speed USB device number 11 using dummy_hcd [ 501.325825][T10932] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1508'. [ 501.399895][T10916] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 501.420528][ T5400] usb 6-1: USB disconnect, device number 15 [ 502.019597][ T10] usb 8-1: USB disconnect, device number 11 [ 502.076970][ T5397] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 502.206417][T10946] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1513'. [ 502.284907][T10948] syz.1.1514: attempt to access beyond end of device [ 502.284907][T10948] loop1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 502.311383][ T5397] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 502.318644][ T5397] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 502.323351][ T5397] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 502.328468][ T5397] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 502.353685][ T5397] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.382787][T10940] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 502.388224][ T5397] hub 7-1:1.0: bad descriptor, ignoring hub [ 502.393552][ T5397] hub 7-1:1.0: probe with driver hub failed with error -5 [ 502.397883][ T5397] cdc_wdm 7-1:1.0: skipping garbage [ 502.402640][ T5397] cdc_wdm 7-1:1.0: skipping garbage [ 502.418665][ T5397] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 502.430139][ T5397] cdc_wdm 7-1:1.0: Unknown control protocol [ 502.448522][T10952] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1515'. [ 502.912307][ T35] usb 7-1: USB disconnect, device number 11 [ 503.029374][ T4776] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 503.601888][T10985] No control pipe specified [ 504.059217][ T58] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 504.256900][ T58] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 504.269739][ T58] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 504.273531][ T58] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 504.278638][ T58] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 504.299803][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.327332][T10987] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 504.333013][ T58] hub 5-1:1.0: bad descriptor, ignoring hub [ 504.335640][ T58] hub 5-1:1.0: probe with driver hub failed with error -5 [ 504.343955][ T58] cdc_wdm 5-1:1.0: skipping garbage [ 504.346223][ T58] cdc_wdm 5-1:1.0: skipping garbage [ 504.367321][ T58] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 504.370207][ T58] cdc_wdm 5-1:1.0: Unknown control protocol [ 505.040375][T10987] usb 5-1: reset full-speed USB device number 10 using dummy_hcd [ 505.129343][ T10] usb 8-1: new full-speed USB device number 12 using dummy_hcd [ 505.272308][T10999] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 505.321628][ T10] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 505.325428][ T10] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 505.328919][ T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 505.334793][ T10] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 505.340250][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.348948][T11004] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 505.370145][ T10] hub 8-1:1.0: bad descriptor, ignoring hub [ 505.372984][ T10] hub 8-1:1.0: probe with driver hub failed with error -5 [ 505.376862][ T10] cdc_wdm 8-1:1.0: skipping garbage [ 505.379897][ T10] cdc_wdm 8-1:1.0: skipping garbage [ 505.383786][ T10] cdc_wdm 8-1:1.0: cdc-wdm1: USB WDM device [ 505.386553][ T10] cdc_wdm 8-1:1.0: Unknown control protocol [ 505.853140][T11015] FAULT_INJECTION: forcing a failure. [ 505.853140][T11015] name failslab, interval 1, probability 0, space 0, times 0 [ 505.858393][T11015] CPU: 0 UID: 0 PID: 11015 Comm: syz.2.1535 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 505.878434][T11015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 505.879429][ C2] wdm_int_callback: 29 callbacks suppressed [ 505.879445][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 505.883811][T11015] Call Trace: [ 505.883823][T11015] [ 505.886483][ C2] wdm_int_callback: 29 callbacks suppressed [ 505.886497][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 505.889240][T11015] dump_stack_lvl+0x16c/0x1f0 [ 505.896782][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 505.896802][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 505.897014][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 505.897028][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 505.897234][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 505.897247][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 505.929833][T11015] should_fail_ex+0x497/0x5b0 [ 505.932498][T11015] ? fs_reclaim_acquire+0xae/0x160 [ 505.934903][T11015] should_failslab+0xc2/0x120 [ 505.937137][T11015] __kmalloc_cache_node_noprof+0x6e/0x360 [ 505.939396][T11015] ? __get_vm_area_node+0xe1/0x2d0 [ 505.941728][T11015] __get_vm_area_node+0xe1/0x2d0 [ 505.944421][T11015] ? mark_lock+0xb5/0xc60 [ 505.948281][T11015] __vmalloc_node_range_noprof+0x270/0x14e0 [ 505.952252][T11015] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 505.954734][T11015] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 505.957187][T11015] ? hlock_class+0x4e/0x130 [ 505.959312][T11015] ? aa_get_newest_label+0x376/0x680 [ 505.961461][T11015] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 505.964026][T11015] ? __pfx_aa_get_newest_label+0x10/0x10 [ 505.966206][T11015] ? mark_lock+0xb5/0xc60 [ 505.967906][T11015] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 505.970115][T11015] __vmalloc_noprof+0x6d/0x90 [ 505.972233][T11015] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 505.974796][T11015] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 505.977529][T11015] bpf_prog_alloc+0x3b/0x240 [ 505.979592][T11015] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 505.982255][T11015] bpf_prog_load+0x1758/0x2670 [ 505.984366][T11015] ? hlock_class+0x4e/0x130 [ 505.986219][T11015] ? __pfx_bpf_prog_load+0x10/0x10 [ 505.988645][T11015] ? find_held_lock+0x2d/0x110 [ 505.991101][T11015] ? security_bpf+0x8c/0xc0 [ 505.993206][T11015] __sys_bpf+0x9e0/0x55e0 [ 505.995398][T11015] ? __pfx___sys_bpf+0x10/0x10 [ 505.997456][T11015] ? ksys_write+0x12f/0x260 [ 505.999812][T11015] ? find_held_lock+0x2d/0x110 [ 506.002903][T11015] ? ksys_write+0x21c/0x260 [ 506.004910][T11015] ? __pfx_lock_release+0x10/0x10 [ 506.007178][T11015] ? vfs_write+0x14d/0x1140 [ 506.009122][T11015] ? __mutex_unlock_slowpath+0x164/0x650 [ 506.011288][T11015] ? fput+0x32/0x390 [ 506.012901][T11015] ? ksys_write+0x1ab/0x260 [ 506.014895][T11015] ? __pfx_ksys_write+0x10/0x10 [ 506.016903][T11015] __ia32_sys_bpf+0x76/0xe0 [ 506.018946][T11015] __do_fast_syscall_32+0x73/0x120 [ 506.021193][T11015] do_fast_syscall_32+0x32/0x80 [ 506.023506][T11015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 506.026216][T11015] RIP: 0023:0xf747e579 [ 506.027948][T11015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 506.036885][T11015] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 506.041168][T11015] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 506.044533][T11015] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.048111][T11015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 506.052165][T11015] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 506.056443][T11015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 506.060323][T11015] [ 506.073814][T11015] syz.2.1535: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 506.090427][T11015] CPU: 1 UID: 0 PID: 11015 Comm: syz.2.1535 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 506.105875][T11015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 506.110785][T11015] Call Trace: [ 506.112171][T11015] [ 506.113344][T11015] dump_stack_lvl+0x16c/0x1f0 [ 506.115218][T11015] warn_alloc+0x24d/0x3a0 [ 506.116926][T11015] ? __pfx_warn_alloc+0x10/0x10 [ 506.134270][T11015] ? fs_reclaim_acquire+0xae/0x160 [ 506.145426][T11015] ? trace_kmalloc+0x2d/0xe0 [ 506.147763][T11015] ? __kasan_kmalloc+0x8a/0xb0 [ 506.150267][T11015] ? __get_vm_area_node+0x1bc/0x2d0 [ 506.164188][T11015] __vmalloc_node_range_noprof+0xc0d/0x14e0 [ 506.167217][T11015] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 506.169721][T11015] ? hlock_class+0x4e/0x130 [ 506.171903][T11015] ? aa_get_newest_label+0x376/0x680 [ 506.174586][T11015] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 506.177076][T11015] ? __pfx_aa_get_newest_label+0x10/0x10 [ 506.189797][T11015] ? mark_lock+0xb5/0xc60 [ 506.192155][T11015] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 506.196281][T11015] __vmalloc_noprof+0x6d/0x90 [ 506.198855][T11015] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 506.203860][T11015] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 506.222747][T11015] bpf_prog_alloc+0x3b/0x240 [ 506.224763][T11015] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 506.227498][T11015] bpf_prog_load+0x1758/0x2670 [ 506.229702][T11015] ? hlock_class+0x4e/0x130 [ 506.231673][T11015] ? __pfx_bpf_prog_load+0x10/0x10 [ 506.233681][T11015] ? find_held_lock+0x2d/0x110 [ 506.251718][T11015] ? security_bpf+0x8c/0xc0 [ 506.254516][T11015] __sys_bpf+0x9e0/0x55e0 [ 506.257118][T11015] ? __pfx___sys_bpf+0x10/0x10 [ 506.259585][T11015] ? ksys_write+0x12f/0x260 [ 506.261339][T11015] ? find_held_lock+0x2d/0x110 [ 506.264088][T11015] ? ksys_write+0x21c/0x260 [ 506.266860][T11015] ? __pfx_lock_release+0x10/0x10 [ 506.270193][T11015] ? vfs_write+0x14d/0x1140 [ 506.284635][T11015] ? __mutex_unlock_slowpath+0x164/0x650 [ 506.288268][T11015] ? fput+0x32/0x390 [ 506.290783][T11015] ? ksys_write+0x1ab/0x260 [ 506.290827][ T58] usb 5-1: USB disconnect, device number 10 [ 506.293712][T11015] ? __pfx_ksys_write+0x10/0x10 [ 506.293749][T11015] __ia32_sys_bpf+0x76/0xe0 [ 506.293778][T11015] __do_fast_syscall_32+0x73/0x120 [ 506.320249][T11015] do_fast_syscall_32+0x32/0x80 [ 506.323394][T11015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 506.327421][T11015] RIP: 0023:0xf747e579 [ 506.329958][T11015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 506.341583][T11015] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 506.345841][T11015] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 506.349326][T11015] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.353357][T11015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 506.356923][T11015] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 506.360747][T11015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 506.364855][T11015] [ 506.366753][ T1294] usb 8-1: USB disconnect, device number 12 [ 506.375628][T11015] Mem-Info: [ 506.379233][T11015] active_anon:6332 inactive_anon:11 isolated_anon:0 [ 506.379233][T11015] active_file:2720 inactive_file:13564 isolated_file:0 [ 506.379233][T11015] unevictable:786 dirty:371 writeback:0 [ 506.379233][T11015] slab_reclaimable:5388 slab_unreclaimable:52849 [ 506.379233][T11015] mapped:17595 shmem:1093 pagetables:675 [ 506.379233][T11015] sec_pagetables:319 bounce:0 [ 506.379233][T11015] kernel_misc_reclaimable:0 [ 506.379233][T11015] free:115595 free_pcp:4454 free_cma:0 [ 506.407292][T11015] Node 0 active_anon:0kB inactive_anon:20kB active_file:0kB inactive_file:12kB unevictable:1608kB isolated(anon):0kB isolated(file):0kB mapped:1680kB dirty:8kB writeback:0kB shmem:1544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9072kB pagetables:908kB sec_pagetables:1176kB all_unreclaimable? no [ 506.425607][T11015] Node 1 active_anon:25328kB inactive_anon:24kB active_file:10880kB inactive_file:54244kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:68700kB dirty:1476kB writeback:0kB shmem:2828kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1796kB pagetables:1792kB sec_pagetables:100kB all_unreclaimable? no [ 506.444881][T11015] Node 0 DMA free:944kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:256kB local_pcp:12kB free_cma:0kB [ 506.456544][T11015] lowmem_reserve[]: 0 275 0 0 0 [ 506.458805][T11015] Node 0 DMA32 free:19072kB boost:0kB min:14004kB low:17504kB high:21004kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:20kB active_file:0kB inactive_file:12kB unevictable:1608kB writepending:8kB present:1032192kB managed:308892kB mlocked:72kB bounce:0kB free_pcp:1100kB local_pcp:64kB free_cma:0kB [ 506.475824][T11015] lowmem_reserve[]: 0 0 0 0 0 [ 506.478899][T11015] Node 1 DMA32 free:441988kB boost:0kB min:47044kB low:58804kB high:70564kB reserved_highatomic:0KB active_anon:25328kB inactive_anon:24kB active_file:10880kB inactive_file:54244kB unevictable:1536kB writepending:1476kB present:1048436kB managed:946208kB mlocked:0kB bounce:0kB free_pcp:17076kB local_pcp:388kB free_cma:0kB [ 506.492845][T11015] lowmem_reserve[]: 0 0 0 0 0 [ 506.494854][T11015] Node 0 DMA: 38*4kB (UE) 29*8kB (UE) 7*16kB (UE) 14*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 944kB [ 506.501857][T11015] Node 0 DMA32: 93*4kB (UMH) 90*8kB (UMH) 43*16kB (UME) 67*32kB (UMEH) 30*64kB (UME) 16*128kB (UME) 7*256kB (UM) 11*512kB (UM) 4*1024kB (M) 0*2048kB 0*4096kB = 19412kB [ 506.509022][T11015] Node 1 DMA32: 324*4kB (UM) 187*8kB (UME) 108*16kB (UME) 190*32kB (UME) 110*64kB (UME) 93*128kB (UME) 38*256kB (UME) 40*512kB (UME) 17*1024kB (UM) 16*2048kB (M) 81*4096kB (UM) = 441704kB [ 506.516974][T11015] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 506.521274][T11015] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 506.525269][T11015] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 506.525594][T11022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1537'. [ 506.529766][T11015] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 506.539777][T11015] 17765 total pagecache pages [ 506.542528][T11015] 370 pages in swap cache [ 506.559845][T11015] Free swap = 119036kB [ 506.561721][T11015] Total swap = 124996kB [ 506.563638][T11015] 524155 pages RAM [ 506.565315][T11015] 0 pages HighMem/MovableOnly [ 506.567235][T11015] 206540 pages reserved [ 506.568986][T11015] 0 pages cma reserved [ 506.709457][T11031] __vm_enough_memory: pid: 11031, comm: syz.2.1539, bytes: 4294963200 not enough memory for the allocation [ 506.825016][T11035] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1541'. [ 506.924195][T11039] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 507.038298][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.136175][T11044] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1543'. [ 507.150017][T11044] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1543'. [ 507.171595][T11044] input: syz0 as /devices/virtual/input/input60 [ 507.262277][T11044] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 507.613355][T11055] FAULT_INJECTION: forcing a failure. [ 507.613355][T11055] name failslab, interval 1, probability 0, space 0, times 0 [ 507.631822][T11055] CPU: 0 UID: 0 PID: 11055 Comm: syz.2.1546 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 507.644121][T11055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 507.648272][T11055] Call Trace: [ 507.649548][T11055] [ 507.650728][T11055] dump_stack_lvl+0x16c/0x1f0 [ 507.652566][T11055] should_fail_ex+0x497/0x5b0 [ 507.654394][T11055] ? fs_reclaim_acquire+0xae/0x160 [ 507.656382][T11055] should_failslab+0xc2/0x120 [ 507.671752][T11055] kmem_cache_alloc_node_noprof+0x71/0x310 [ 507.674135][T11055] ? alloc_vmap_area+0x636/0x2a70 [ 507.676101][T11055] alloc_vmap_area+0x636/0x2a70 [ 507.677969][T11055] ? __pfx_alloc_vmap_area+0x10/0x10 [ 507.680795][T11055] __get_vm_area_node+0x17e/0x2d0 [ 507.682805][T11055] ? mark_lock+0xb5/0xc60 [ 507.684465][T11055] __vmalloc_node_range_noprof+0x270/0x14e0 [ 507.699508][T11055] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 507.701873][T11055] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 507.704195][T11055] ? hlock_class+0x4e/0x130 [ 507.707187][T11055] ? aa_get_newest_label+0x376/0x680 [ 507.709634][T11055] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 507.722829][T11055] ? __pfx_aa_get_newest_label+0x10/0x10 [ 507.725401][T11055] ? mark_lock+0xb5/0xc60 [ 507.727905][T11055] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 507.730206][T11055] __vmalloc_noprof+0x6d/0x90 [ 507.733628][T11055] ? bpf_prog_alloc_no_stats+0x54/0x5e0 [ 507.736410][T11055] bpf_prog_alloc_no_stats+0x54/0x5e0 [ 507.739197][T11055] bpf_prog_alloc+0x3b/0x240 [ 507.741519][T11055] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 507.744375][T11055] bpf_prog_load+0x1758/0x2670 [ 507.746738][T11055] ? hlock_class+0x4e/0x130 [ 507.749091][T11055] ? __pfx_bpf_prog_load+0x10/0x10 [ 507.752093][T11055] ? find_held_lock+0x2d/0x110 [ 507.755593][T11055] ? security_bpf+0x8c/0xc0 [ 507.758311][T11055] __sys_bpf+0x9e0/0x55e0 [ 507.760867][T11055] ? __pfx___sys_bpf+0x10/0x10 [ 507.765665][T11055] ? ksys_write+0x12f/0x260 [ 507.767721][T11055] ? find_held_lock+0x2d/0x110 [ 507.771040][T11055] ? ksys_write+0x21c/0x260 [ 507.774763][T11055] ? __pfx_lock_release+0x10/0x10 [ 507.777203][T11055] ? vfs_write+0x14d/0x1140 [ 507.779287][T11055] ? __mutex_unlock_slowpath+0x164/0x650 [ 507.782171][T11055] ? fput+0x32/0x390 [ 507.784174][T11055] ? ksys_write+0x1ab/0x260 [ 507.786401][T11055] ? __pfx_ksys_write+0x10/0x10 [ 507.788506][T11055] __ia32_sys_bpf+0x76/0xe0 [ 507.790653][T11055] __do_fast_syscall_32+0x73/0x120 [ 507.792605][T11055] do_fast_syscall_32+0x32/0x80 [ 507.794494][T11055] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 507.796940][T11055] RIP: 0023:0xf747e579 [ 507.798929][T11055] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 507.810519][T11055] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 507.815567][T11055] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 507.820488][T11055] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 507.823878][T11055] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 507.828475][T11055] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 507.831823][T11055] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 507.835361][T11055] [ 507.890259][T11063] input: syz0 as /devices/virtual/input/input61 [ 507.934622][T11065] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1550'. [ 507.939637][T11065] tipc: Started in network mode [ 507.942432][T11065] tipc: Node identity 0000000000000000003f00000000003a, cluster identity 4711 [ 507.947284][T11065] tipc: Enabling of bearer rejected, failed to enable media [ 508.494361][ T984] kernel write not supported for file /snd/pcmC0D0p (pid: 984 comm: kworker/1:2) [ 508.647308][T11090] netlink: 'syz.3.1559': attribute type 1 has an invalid length. [ 508.974820][ T1207] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.081389][ T1207] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.183762][ T1207] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.376079][ T9614] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 509.400452][ T9614] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 509.424014][ T9614] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 509.449844][ T9614] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 509.465234][ T9614] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 509.483690][ T9614] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 509.485921][ T1207] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.916591][T11113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.266916][T11103] chnl_net:caif_netlink_parms(): no params data found [ 510.345608][ T39] audit: type=1800 audit(1725817146.483:199): pid=11113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.1568" name="/ocfs2_control" dev="devtmpfs" ino=107 res=0 errno=0 [ 510.511487][ T1207] bridge_slave_1: left allmulticast mode [ 510.515515][ T1207] bridge_slave_1: left promiscuous mode [ 510.518637][ T1207] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.623807][ T1207] bridge_slave_0: left allmulticast mode [ 510.626369][ T1207] bridge_slave_0: left promiscuous mode [ 510.650363][ T1207] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.678448][ T9614] Bluetooth: hci3: command tx timeout [ 512.204363][ T1207] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 512.249914][ T1207] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 512.299418][ T1207] bond0 (unregistering): Released all slaves [ 512.486554][T11103] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.497026][T11103] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.507180][T11103] bridge_slave_0: entered allmulticast mode [ 512.533153][T11103] bridge_slave_0: entered promiscuous mode [ 512.564631][ T1207] tipc: Left network mode [ 512.583427][T11103] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.587070][T11103] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.590705][T11103] bridge_slave_1: entered allmulticast mode [ 512.594843][T11103] bridge_slave_1: entered promiscuous mode [ 512.908158][T11103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 513.204621][T11103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 513.604365][T11103] team0: Port device team_slave_0 added [ 513.710747][T11103] team0: Port device team_slave_1 added [ 513.762057][ T9614] Bluetooth: hci3: command tx timeout [ 513.944055][ T1207] hsr_slave_0: left promiscuous mode [ 513.949493][ T1207] hsr_slave_1: left promiscuous mode [ 513.967578][ T1207] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 513.972421][ T1207] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 514.000445][ T1207] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 514.004383][ T1207] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 514.212765][ T1207] veth0_macvtap: left promiscuous mode [ 514.235962][ T1207] veth1_vlan: left promiscuous mode [ 514.239360][ T1207] veth0_vlan: left promiscuous mode [ 514.742479][ T3002] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 514.938785][ T3002] usb 6-1: Using ep0 maxpacket: 8 [ 515.003068][ T3002] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 515.008025][ T3002] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 515.034123][ T3002] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 18032, setting to 1024 [ 515.042802][ T3002] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1024 [ 515.063782][ T3002] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 515.080029][ T3002] usb 6-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 515.088575][ T3002] usb 6-1: New USB device found, idVendor=0403, idProduct=6015, bcdDevice= 0.6d [ 515.095109][ T3002] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.102829][ T3002] usb 6-1: Product: syz [ 515.104842][ T3002] usb 6-1: Manufacturer: syz [ 515.106995][ T3002] usb 6-1: SerialNumber: syz [ 515.111970][ T3002] usb 6-1: config 0 descriptor?? [ 515.115444][T11168] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 515.121949][ T3002] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 515.128258][ T3002] usb 6-1: Detected SIO [ 515.134443][ T3002] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 515.918530][ T9614] Bluetooth: hci3: command tx timeout [ 517.637749][ T35] usb 6-1: USB disconnect, device number 16 [ 517.647558][ T35] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 517.667470][ T35] ftdi_sio 6-1:0.0: device disconnected [ 517.736643][ T1207] team0 (unregistering): Port device team_slave_1 removed [ 518.009354][ T9614] Bluetooth: hci3: command tx timeout [ 518.145405][ T1207] team0 (unregistering): Port device team_slave_0 removed [ 520.215596][T11103] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 520.219981][T11103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 520.269974][T11103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 520.321547][T11103] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 520.326400][T11103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 520.340436][T11103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 520.624910][T11103] hsr_slave_0: entered promiscuous mode [ 520.659482][T11103] hsr_slave_1: entered promiscuous mode [ 520.727503][T11103] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 520.731792][T11103] Cannot create hsr debugfs directory [ 520.833113][T11197] netlink: 'syz.2.1583': attribute type 10 has an invalid length. [ 524.702803][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 526.050192][T11103] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 526.099320][T11103] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 526.182921][T11103] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 526.257804][T11103] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 526.421688][T11103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 526.467926][T11103] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.490622][ T1104] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.494315][ T1104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.523589][ T1207] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.527265][ T1207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.661184][T11103] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 526.673011][T11103] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 527.103050][T11271] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1594'. [ 527.243947][T11103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 527.348804][T11103] veth0_vlan: entered promiscuous mode [ 527.368216][T11103] veth1_vlan: entered promiscuous mode [ 527.417644][T11103] veth0_macvtap: entered promiscuous mode [ 527.436050][T11103] veth1_macvtap: entered promiscuous mode [ 527.470941][T11103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.476189][T11103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.482620][T11103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.487588][T11103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.492881][T11103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.499219][T11103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.508277][T11103] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 527.516747][T11103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.523629][T11103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.528745][T11103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.534406][T11103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.555314][T11103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.559893][T11103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.566540][T11103] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 527.593098][T11103] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.597278][T11103] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.602217][T11103] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.606367][T11103] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.780296][ T203] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 527.797802][ T203] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 527.875136][ T1207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 527.882868][ T1207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 529.961628][T11310] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 531.082826][T11320] usb usb8: usbfs: process 11320 (syz.1.1600) did not claim interface 0 before use [ 531.259243][ T6413] usb 7-1: new full-speed USB device number 12 using dummy_hcd [ 531.481145][ T6413] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 531.485709][ T6413] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 531.499344][ T6413] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 531.503929][ T6413] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 531.507700][ T6413] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.532207][T11322] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 531.551366][ T6413] hub 7-1:1.0: bad descriptor, ignoring hub [ 531.554029][ T6413] hub 7-1:1.0: probe with driver hub failed with error -5 [ 531.557999][ T6413] cdc_wdm 7-1:1.0: skipping garbage [ 531.571285][ T6413] cdc_wdm 7-1:1.0: skipping garbage [ 531.580091][ T6413] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 531.587838][ T6413] cdc_wdm 7-1:1.0: Unknown control protocol [ 532.591254][T11322] usb 7-1: reset full-speed USB device number 12 using dummy_hcd [ 532.781583][T11352] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1609'. [ 532.824432][T11344] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 533.209783][ T1294] usb 7-1: USB disconnect, device number 12 [ 533.278869][T11354] FAULT_INJECTION: forcing a failure. [ 533.278869][T11354] name failslab, interval 1, probability 0, space 0, times 0 [ 533.286994][T11354] CPU: 0 UID: 0 PID: 11354 Comm: syz.0.1610 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 533.292091][T11354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 533.298572][T11354] Call Trace: [ 533.300759][T11354] [ 533.302659][T11354] dump_stack_lvl+0x16c/0x1f0 [ 533.304987][T11354] should_fail_ex+0x497/0x5b0 [ 533.307363][T11354] ? fs_reclaim_acquire+0xae/0x160 [ 533.310030][T11354] should_failslab+0xc2/0x120 [ 533.312331][T11354] kmem_cache_alloc_node_noprof+0x71/0x310 [ 533.315293][T11354] ? alloc_vmap_area+0x636/0x2a70 [ 533.317709][T11354] alloc_vmap_area+0x636/0x2a70 [ 533.320778][T11354] ? __pfx_alloc_vmap_area+0x10/0x10 [ 533.324940][T11354] __get_vm_area_node+0x17e/0x2d0 [ 533.327694][T11354] __vmalloc_node_range_noprof+0x270/0x14e0 [ 533.330482][T11354] ? bpf_check+0x1fa/0xb3b0 [ 533.332979][T11354] ? rcu_read_unlock+0x17/0x60 [ 533.335622][T11354] ? __pfx_lock_release+0x10/0x10 [ 533.338075][T11354] ? bpf_check+0x1fa/0xb3b0 [ 533.340701][T11354] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 533.343951][T11354] ? ___kmalloc_large_node+0x127/0x1a0 [ 533.346849][T11354] ? lockdep_hardirqs_on+0x7c/0x110 [ 533.349867][T11354] ? bpf_check+0x1fa/0xb3b0 [ 533.352244][T11354] vzalloc_noprof+0x6b/0x90 [ 533.354821][T11354] ? bpf_check+0x1fa/0xb3b0 [ 533.357470][T11354] bpf_check+0x1fa/0xb3b0 [ 533.359891][T11354] ? __pfx___lock_acquire+0x10/0x10 [ 533.362415][T11354] ? __pfx_bpf_check+0x10/0x10 [ 533.364657][T11354] ? ktime_get_with_offset+0x13a/0x240 [ 533.367224][T11354] ? __pfx_lock_release+0x10/0x10 [ 533.369457][T11354] ? find_held_lock+0x2d/0x110 [ 533.371777][T11354] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 533.375019][T11354] ? lockdep_hardirqs_on+0x7c/0x110 [ 533.377746][T11354] ? read_tsc+0x9/0x20 [ 533.381556][T11354] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 533.385059][T11354] ? bpf_obj_name_cpy+0x156/0x1b0 [ 533.387764][T11354] bpf_prog_load+0xe3f/0x2670 [ 533.389949][T11354] ? __pfx_bpf_prog_load+0x10/0x10 [ 533.392352][T11354] ? find_held_lock+0x2d/0x110 [ 533.395003][T11354] ? security_bpf+0x8c/0xc0 [ 533.397575][T11354] __sys_bpf+0x9e0/0x55e0 [ 533.399860][T11354] ? __pfx___sys_bpf+0x10/0x10 [ 533.402588][T11354] ? ksys_write+0x12f/0x260 [ 533.404978][T11354] ? find_held_lock+0x2d/0x110 [ 533.407339][T11354] ? ksys_write+0x21c/0x260 [ 533.409889][T11354] ? __pfx_lock_release+0x10/0x10 [ 533.412747][T11354] ? vfs_write+0x14d/0x1140 [ 533.415019][T11354] ? __mutex_unlock_slowpath+0x164/0x650 [ 533.417670][T11354] ? fput+0x32/0x390 [ 533.420315][T11354] ? ksys_write+0x1ab/0x260 [ 533.423245][T11354] ? __pfx_ksys_write+0x10/0x10 [ 533.425662][T11354] __ia32_sys_bpf+0x76/0xe0 [ 533.427952][T11354] __do_fast_syscall_32+0x73/0x120 [ 533.430411][T11354] do_fast_syscall_32+0x32/0x80 [ 533.432680][T11354] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 533.436135][T11354] RIP: 0023:0xf7f40579 [ 533.438423][T11354] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 533.453118][T11354] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 533.457181][T11354] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 533.461614][T11354] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 533.465540][T11354] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 533.469210][T11354] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 533.473198][T11354] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 533.477032][T11354] [ 533.478747][ C0] vkms_vblank_simulate: vblank timer overrun [ 533.499403][T11354] warn_alloc: 1 callbacks suppressed [ 533.499417][T11354] syz.0.1610: vmalloc error: size 2016, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 533.526533][T11354] CPU: 0 UID: 0 PID: 11354 Comm: syz.0.1610 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 533.532133][T11354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 533.548336][T11354] Call Trace: [ 533.565958][T11354] [ 533.567558][T11354] dump_stack_lvl+0x16c/0x1f0 [ 533.570259][T11354] warn_alloc+0x24d/0x3a0 [ 533.572391][T11354] ? __pfx_warn_alloc+0x10/0x10 [ 533.574661][T11354] ? lockdep_hardirqs_on+0x7c/0x110 [ 533.577002][T11354] ? __get_vm_area_node+0x27d/0x2d0 [ 533.579604][T11354] ? __get_vm_area_node+0x1bc/0x2d0 [ 533.581932][T11354] __vmalloc_node_range_noprof+0xc0d/0x14e0 [ 533.584632][T11354] ? rcu_read_unlock+0x17/0x60 [ 533.586748][T11354] ? __pfx_lock_release+0x10/0x10 [ 533.605848][T11354] ? bpf_check+0x1fa/0xb3b0 [ 533.608050][T11354] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 533.611969][T11354] ? ___kmalloc_large_node+0x127/0x1a0 [ 533.614538][T11354] ? lockdep_hardirqs_on+0x7c/0x110 [ 533.616880][T11354] ? bpf_check+0x1fa/0xb3b0 [ 533.619074][T11354] vzalloc_noprof+0x6b/0x90 [ 533.630582][T11354] ? bpf_check+0x1fa/0xb3b0 [ 533.632705][T11354] bpf_check+0x1fa/0xb3b0 [ 533.650693][T11354] ? __pfx___lock_acquire+0x10/0x10 [ 533.653172][T11354] ? __pfx_bpf_check+0x10/0x10 [ 533.655402][T11354] ? ktime_get_with_offset+0x13a/0x240 [ 533.657724][T11354] ? __pfx_lock_release+0x10/0x10 [ 533.659801][T11354] ? find_held_lock+0x2d/0x110 [ 533.661910][T11354] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 533.664710][T11354] ? lockdep_hardirqs_on+0x7c/0x110 [ 533.682582][T11354] ? read_tsc+0x9/0x20 [ 533.684279][T11354] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 533.686746][T11354] ? bpf_obj_name_cpy+0x156/0x1b0 [ 533.689130][T11354] bpf_prog_load+0xe3f/0x2670 [ 533.691233][T11354] ? __pfx_bpf_prog_load+0x10/0x10 [ 533.693515][T11354] ? find_held_lock+0x2d/0x110 [ 533.695733][T11354] ? security_bpf+0x8c/0xc0 [ 533.697706][T11354] __sys_bpf+0x9e0/0x55e0 [ 533.706504][T11354] ? __pfx___sys_bpf+0x10/0x10 [ 533.708303][T11354] ? ksys_write+0x12f/0x260 [ 533.710503][T11354] ? find_held_lock+0x2d/0x110 [ 533.725915][T11354] ? ksys_write+0x21c/0x260 [ 533.728196][T11354] ? __pfx_lock_release+0x10/0x10 [ 533.730555][T11354] ? vfs_write+0x14d/0x1140 [ 533.732532][T11354] ? __mutex_unlock_slowpath+0x164/0x650 [ 533.734898][T11354] ? fput+0x32/0x390 [ 533.736434][T11354] ? ksys_write+0x1ab/0x260 [ 533.738456][T11354] ? __pfx_ksys_write+0x10/0x10 [ 533.743181][T11354] __ia32_sys_bpf+0x76/0xe0 [ 533.745188][T11354] __do_fast_syscall_32+0x73/0x120 [ 533.747428][T11354] do_fast_syscall_32+0x32/0x80 [ 533.763077][T11354] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 533.765830][T11354] RIP: 0023:0xf7f40579 [ 533.767427][T11354] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 533.786095][T11354] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 533.789082][T11354] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 533.791821][T11354] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 533.797264][T11354] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 533.809787][T11354] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 533.814086][T11354] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 533.820771][T11354] [ 533.822296][ C0] vkms_vblank_simulate: vblank timer overrun [ 533.845754][T11354] Mem-Info: [ 533.847476][T11354] active_anon:6203 inactive_anon:7 isolated_anon:0 [ 533.847476][T11354] active_file:2692 inactive_file:13576 isolated_file:0 [ 533.847476][T11354] unevictable:786 dirty:363 writeback:0 [ 533.847476][T11354] slab_reclaimable:5382 slab_unreclaimable:53555 [ 533.847476][T11354] mapped:18171 shmem:1052 pagetables:634 [ 533.847476][T11354] sec_pagetables:320 bounce:0 [ 533.847476][T11354] kernel_misc_reclaimable:0 [ 533.847476][T11354] free:118400 free_pcp:857 free_cma:0 [ 533.868381][T11354] Node 0 active_anon:24kB inactive_anon:12kB active_file:8kB inactive_file:24kB unevictable:1608kB isolated(anon):0kB isolated(file):0kB mapped:1532kB dirty:8kB writeback:0kB shmem:1544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9124kB pagetables:856kB sec_pagetables:1176kB all_unreclaimable? no [ 533.926124][T11354] Node 1 active_anon:24788kB inactive_anon:16kB active_file:10760kB inactive_file:54280kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:71152kB dirty:1444kB writeback:0kB shmem:2664kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1696kB pagetables:1680kB sec_pagetables:104kB all_unreclaimable? no [ 533.947587][T11354] Node 0 DMA free:936kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:196kB local_pcp:12kB free_cma:0kB [ 533.978804][T11354] lowmem_reserve[]: 0 275 0 0 0 [ 533.981694][T11354] Node 0 DMA32 free:21336kB boost:0kB min:14004kB low:17504kB high:21004kB reserved_highatomic:4096KB active_anon:24kB inactive_anon:12kB active_file:0kB inactive_file:24kB unevictable:1608kB writepending:8kB present:1032192kB managed:308892kB mlocked:72kB bounce:0kB free_pcp:1064kB local_pcp:0kB free_cma:0kB [ 534.002789][T11354] lowmem_reserve[]: 0 0 0 0 0 [ 534.005062][T11354] Node 1 DMA32 free:451404kB boost:0kB min:47044kB low:58804kB high:70564kB reserved_highatomic:0KB active_anon:24788kB inactive_anon:16kB active_file:10760kB inactive_file:54280kB unevictable:1536kB writepending:1444kB present:1048436kB managed:946208kB mlocked:0kB bounce:0kB free_pcp:2532kB local_pcp:272kB free_cma:0kB [ 534.016998][T11354] lowmem_reserve[]: 0 0 0 0 0 [ 534.018775][T11354] Node 0 DMA: 20*4kB (U) 55*8kB (UE) 10*16kB (UE) 8*32kB (E) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 936kB [ 534.025388][T11354] Node 0 DMA32: 434*4kB (UMH) 128*8kB (UMEH) 55*16kB (UME) 64*32kB (UMEH) 38*64kB (UME) 15*128kB (UME) 7*256kB (UM) 11*512kB (UM) 4*1024kB (M) 0*2048kB 0*4096kB = 21560kB [ 534.032868][T11354] Node 1 DMA32: 1157*4kB (UM) 988*8kB (UME) 381*16kB (UME) 168*32kB (UME) 154*64kB (UME) 94*128kB (UME) 45*256kB (M) 30*512kB (UME) 17*1024kB (UM) 16*2048kB (M) 80*4096kB (UM) = 450628kB [ 534.041553][T11354] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 534.045870][T11354] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 534.053848][T11354] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 534.058483][T11354] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 534.063071][T11354] 17647 total pagecache pages [ 534.066201][T11354] 305 pages in swap cache [ 534.068786][T11354] Free swap = 119096kB [ 534.070747][T11354] Total swap = 124996kB [ 534.072604][T11354] 524155 pages RAM [ 534.075139][T11354] 0 pages HighMem/MovableOnly [ 534.078048][T11354] 206540 pages reserved [ 534.085510][T11354] 0 pages cma reserved [ 534.187925][T11356] input: syz1 as /devices/virtual/input/input62 [ 534.217520][T11356] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1611'. [ 535.726075][ C0] vkms_vblank_simulate: vblank timer overrun [ 535.833893][ T9614] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 535.908628][ T6413] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 536.092570][ T6413] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 536.097939][ T6413] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 536.102484][ T6413] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 536.107836][ T6413] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 536.131242][ T6413] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.138365][T11376] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 536.145000][ T6413] hub 5-1:1.0: bad descriptor, ignoring hub [ 536.148039][ T6413] hub 5-1:1.0: probe with driver hub failed with error -5 [ 536.169557][ T6413] cdc_wdm 5-1:1.0: skipping garbage [ 536.172166][ T6413] cdc_wdm 5-1:1.0: skipping garbage [ 536.202696][ T6413] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 536.205322][ T6413] cdc_wdm 5-1:1.0: Unknown control protocol [ 536.870031][T11376] usb 5-1: reset full-speed USB device number 11 using dummy_hcd [ 537.077163][T11389] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 537.582741][ T57] usb 5-1: USB disconnect, device number 11 [ 537.783411][ C0] vkms_vblank_simulate: vblank timer overrun [ 537.792301][ T4776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 537.818337][ T4776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 537.841848][ T4776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 537.884665][ T4776] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 537.890600][ T4776] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 537.894631][ T4776] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 538.223944][T11394] chnl_net:caif_netlink_parms(): no params data found [ 538.480797][ C0] vkms_vblank_simulate: vblank timer overrun [ 538.598457][T11394] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.605024][T11394] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.609323][T11394] bridge_slave_0: entered allmulticast mode [ 538.613827][T11394] bridge_slave_0: entered promiscuous mode [ 538.666914][ T1207] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 538.672754][ T1207] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.687687][T11394] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.693428][T11394] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.696870][T11394] bridge_slave_1: entered allmulticast mode [ 538.701430][T11394] bridge_slave_1: entered promiscuous mode [ 538.864061][ T1207] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 538.870896][ T1207] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.925459][T11394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 538.942464][T11394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 539.135699][ T1207] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 539.142615][ T1207] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.243787][T11394] team0: Port device team_slave_0 added [ 539.265937][T11394] team0: Port device team_slave_1 added [ 539.275601][ T39] audit: type=1326 audit(1725817175.413:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11407 comm="syz.0.1625" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f40579 code=0x0 [ 539.315833][ T1207] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 539.321395][ T1207] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.389911][T11394] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.392676][T11394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.416214][T11394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.430323][T11394] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.433902][T11394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.447457][T11394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.630742][T11394] hsr_slave_0: entered promiscuous mode [ 539.644628][T11394] hsr_slave_1: entered promiscuous mode [ 539.648563][T11394] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 539.654323][T11394] Cannot create hsr debugfs directory [ 539.818223][ T1207] bridge_slave_1: left allmulticast mode [ 539.833418][ T1207] bridge_slave_1: left promiscuous mode [ 539.837780][ T1207] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.895446][ T1207] bridge_slave_0: left allmulticast mode [ 539.897982][ T1207] bridge_slave_0: left promiscuous mode [ 539.900868][ T1207] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.989469][ T4776] Bluetooth: hci2: command tx timeout [ 540.537569][T11414] syz.0.1626 (11414): drop_caches: 2 [ 541.306815][ T1207] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 541.314031][ T1207] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 541.368851][ T1207] bond0 (unregistering): Released all slaves [ 541.640651][ T1207] tipc: Left network mode [ 542.069344][ T4776] Bluetooth: hci2: command tx timeout [ 542.450339][ T1207] hsr_slave_0: left promiscuous mode [ 542.454143][ T1207] hsr_slave_1: left promiscuous mode [ 542.458182][ T1207] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 542.461634][ T1207] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 542.481321][ T1207] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 542.484671][ T1207] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 542.580969][ T1207] veth1_macvtap: left promiscuous mode [ 542.583648][ T1207] veth0_macvtap: left promiscuous mode [ 542.586552][ T1207] veth1_vlan: left promiscuous mode [ 542.589812][ T1207] veth0_vlan: left promiscuous mode [ 542.885883][ C1] vkms_vblank_simulate: vblank timer overrun [ 544.149275][ T4776] Bluetooth: hci2: command tx timeout [ 544.449015][T11445] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 545.594726][ T1207] team0 (unregistering): Port device team_slave_1 removed [ 546.230525][ T4776] Bluetooth: hci2: command tx timeout [ 546.462367][ T1207] team0 (unregistering): Port device team_slave_0 removed [ 549.355820][T11462] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1639'. [ 549.361630][T11462] tipc: Enabling of bearer rejected, failed to enable media [ 549.810587][T11394] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 549.962105][T11394] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 549.997061][ C3] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 550.040759][T11394] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 550.043202][T11488] [U]  [ 550.146727][T11394] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 550.376949][T11394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 550.397513][T11394] 8021q: adding VLAN 0 to HW filter on device team0 [ 550.419034][ T203] bridge0: port 1(bridge_slave_0) entered blocking state [ 550.422476][ T203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 550.432940][ T203] bridge0: port 2(bridge_slave_1) entered blocking state [ 550.436864][ T203] bridge0: port 2(bridge_slave_1) entered forwarding state [ 550.518675][T11394] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 550.529280][T11394] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 550.788116][T11394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 550.847867][T11394] veth0_vlan: entered promiscuous mode [ 550.857564][T11394] veth1_vlan: entered promiscuous mode [ 550.931937][T11394] veth0_macvtap: entered promiscuous mode [ 550.948391][T11394] veth1_macvtap: entered promiscuous mode [ 550.969714][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 550.975543][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 550.982760][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 550.987914][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 550.993145][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 551.001880][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 551.008974][T11394] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 551.021356][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 551.060930][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 551.072537][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 551.099585][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 551.103743][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 551.145285][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 551.158224][T11394] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 551.180047][T11394] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.206899][T11394] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.223347][T11394] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.227307][T11394] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.479432][ T6412] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 551.526206][ T203] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.529542][ T203] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.564963][ T203] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.570500][ T203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.701369][ T6412] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 551.706390][ T6412] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 551.713315][ T6412] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 551.729362][ T6412] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 551.734576][ T6412] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.736177][T11517] FAULT_INJECTION: forcing a failure. [ 551.736177][T11517] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 551.744775][T11513] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 551.754130][T11517] CPU: 0 UID: 0 PID: 11517 Comm: syz.3.1622 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 551.756160][ T6412] hub 5-1:1.0: bad descriptor, ignoring hub [ 551.776039][T11517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 551.776059][T11517] Call Trace: [ 551.776067][T11517] [ 551.776077][T11517] dump_stack_lvl+0x16c/0x1f0 [ 551.776103][T11517] should_fail_ex+0x497/0x5b0 [ 551.776124][T11517] ? fs_reclaim_acquire+0xae/0x160 [ 551.776155][T11517] should_fail_alloc_page+0xe7/0x130 [ 551.776178][T11517] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 551.776212][T11517] __alloc_pages_noprof+0x194/0x2460 [ 551.776235][T11517] ? unwind_get_return_address+0x45/0xe0 [ 551.802112][ T6412] hub 5-1:1.0: probe with driver hub failed with error -5 [ 551.809616][T11517] ? arch_stack_walk+0x118/0x170 [ 551.809649][T11517] ? hlock_class+0x4e/0x130 [ 551.809666][T11517] ? mark_lock+0xb5/0xc60 [ 551.809688][T11517] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 551.809710][T11517] ? __pfx_mark_lock+0x10/0x10 [ 551.809730][T11517] ? stack_trace_save+0x95/0xd0 [ 551.891475][T11517] ? __pfx_stack_trace_save+0x10/0x10 [ 551.894463][T11517] ? stack_depot_save_flags+0x28/0x900 [ 551.897666][T11517] ? kasan_save_stack+0x42/0x60 [ 551.899943][T11517] ? kasan_save_stack+0x33/0x60 [ 551.902093][T11517] ? kasan_save_track+0x14/0x30 [ 551.904328][T11517] ? __kasan_slab_alloc+0x89/0x90 [ 551.906888][T11517] ? kmem_cache_alloc_node_noprof+0x153/0x310 [ 551.909390][T11517] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 551.916103][T11517] ? policy_nodemask+0xea/0x4e0 [ 551.927955][T11517] alloc_pages_mpol_noprof+0x275/0x610 [ 551.930369][T11517] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 551.932987][T11517] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 551.936132][T11517] get_free_pages_noprof+0xc/0x40 [ 551.939050][T11517] kasan_populate_vmalloc_pte+0x2d/0x160 [ 551.944342][T11517] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 551.950667][T11517] __apply_to_page_range+0x795/0xdd0 [ 551.954981][T11517] ? __pfx___apply_to_page_range+0x10/0x10 [ 551.958856][T11517] ? insert_vmap_area+0x2ef/0x4d0 [ 551.962425][T11517] alloc_vmap_area+0x93e/0x2a70 [ 551.965584][T11517] ? __pfx_alloc_vmap_area+0x10/0x10 [ 551.968692][T11517] __get_vm_area_node+0x17e/0x2d0 [ 551.978676][T11517] __vmalloc_node_range_noprof+0x270/0x14e0 [ 551.985516][T11517] ? bpf_check+0x1fa/0xb3b0 [ 551.987407][T11517] ? rcu_read_unlock+0x17/0x60 [ 551.989398][T11517] ? __pfx_lock_release+0x10/0x10 [ 551.991488][T11517] ? bpf_check+0x1fa/0xb3b0 [ 551.993383][T11517] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 551.995985][T11517] ? ___kmalloc_large_node+0x127/0x1a0 [ 552.014510][T11517] ? lockdep_hardirqs_on+0x7c/0x110 [ 552.017235][T11517] ? bpf_check+0x1fa/0xb3b0 [ 552.019523][T11517] vzalloc_noprof+0x6b/0x90 [ 552.034196][T11517] ? bpf_check+0x1fa/0xb3b0 [ 552.036203][T11517] bpf_check+0x1fa/0xb3b0 [ 552.038208][T11517] ? __pfx___lock_acquire+0x10/0x10 [ 552.040612][T11517] ? __pfx_bpf_check+0x10/0x10 [ 552.043049][T11517] ? ktime_get_with_offset+0x13a/0x240 [ 552.045580][T11517] ? __pfx_lock_release+0x10/0x10 [ 552.047847][T11517] ? find_held_lock+0x2d/0x110 [ 552.055352][T11517] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 552.058516][T11517] ? lockdep_hardirqs_on+0x7c/0x110 [ 552.060581][T11517] ? read_tsc+0x9/0x20 [ 552.062192][T11517] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 552.074802][T11517] ? bpf_obj_name_cpy+0x156/0x1b0 [ 552.076986][T11517] bpf_prog_load+0xe3f/0x2670 [ 552.079287][T11517] ? __pfx_bpf_prog_load+0x10/0x10 [ 552.095032][T11517] ? find_held_lock+0x2d/0x110 [ 552.097567][T11517] ? security_bpf+0x8c/0xc0 [ 552.100105][T11517] __sys_bpf+0x9e0/0x55e0 [ 552.102325][T11517] ? __pfx___sys_bpf+0x10/0x10 [ 552.104455][T11517] ? ksys_write+0x12f/0x260 [ 552.106299][T11517] ? find_held_lock+0x2d/0x110 [ 552.108054][T11517] ? ksys_write+0x21c/0x260 [ 552.125762][T11517] ? __pfx_lock_release+0x10/0x10 [ 552.127873][T11517] ? vfs_write+0x14d/0x1140 [ 552.130115][T11517] ? __mutex_unlock_slowpath+0x164/0x650 [ 552.133187][T11517] ? fput+0x32/0x390 [ 552.135166][T11517] ? ksys_write+0x1ab/0x260 [ 552.137354][T11517] ? __pfx_ksys_write+0x10/0x10 [ 552.139589][T11517] __ia32_sys_bpf+0x76/0xe0 [ 552.141499][T11517] __do_fast_syscall_32+0x73/0x120 [ 552.158205][T11517] do_fast_syscall_32+0x32/0x80 [ 552.160623][T11517] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 552.163892][T11517] RIP: 0023:0xf7f46579 [ 552.165951][T11517] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 552.188237][T11517] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 552.191360][T11517] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 552.194077][T11517] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 552.196990][T11517] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 552.215333][T11517] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 552.219039][T11517] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 552.224260][T11517] [ 552.226627][ T6412] cdc_wdm 5-1:1.0: skipping garbage [ 552.229403][ T6412] cdc_wdm 5-1:1.0: skipping garbage [ 552.235283][ T6412] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 552.238396][ T6412] cdc_wdm 5-1:1.0: Unknown control protocol [ 552.246760][T11517] syz.3.1622: vmalloc error: size 2016, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 552.254731][T11517] CPU: 0 UID: 0 PID: 11517 Comm: syz.3.1622 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 552.254752][T11517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 552.254761][T11517] Call Trace: [ 552.254766][T11517] [ 552.254772][T11517] dump_stack_lvl+0x16c/0x1f0 [ 552.254792][T11517] warn_alloc+0x24d/0x3a0 [ 552.254810][T11517] ? __pfx_warn_alloc+0x10/0x10 [ 552.254825][T11517] ? lockdep_hardirqs_on+0x7c/0x110 [ 552.254846][T11517] ? __get_vm_area_node+0x27d/0x2d0 [ 552.254865][T11517] ? __get_vm_area_node+0x1bc/0x2d0 [ 552.254884][T11517] __vmalloc_node_range_noprof+0xc0d/0x14e0 [ 552.254905][T11517] ? rcu_read_unlock+0x17/0x60 [ 552.254920][T11517] ? __pfx_lock_release+0x10/0x10 [ 552.254938][T11517] ? bpf_check+0x1fa/0xb3b0 [ 552.254981][T11517] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 552.255005][T11517] ? ___kmalloc_large_node+0x127/0x1a0 [ 552.255024][T11517] ? lockdep_hardirqs_on+0x7c/0x110 [ 552.255042][T11517] ? bpf_check+0x1fa/0xb3b0 [ 552.255061][T11517] vzalloc_noprof+0x6b/0x90 [ 552.255078][T11517] ? bpf_check+0x1fa/0xb3b0 [ 552.255097][T11517] bpf_check+0x1fa/0xb3b0 [ 552.255120][T11517] ? __pfx___lock_acquire+0x10/0x10 [ 552.255144][T11517] ? __pfx_bpf_check+0x10/0x10 [ 552.255165][T11517] ? ktime_get_with_offset+0x13a/0x240 [ 552.255182][T11517] ? __pfx_lock_release+0x10/0x10 [ 552.255198][T11517] ? find_held_lock+0x2d/0x110 [ 552.255216][T11517] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 552.255233][T11517] ? lockdep_hardirqs_on+0x7c/0x110 [ 552.255249][T11517] ? read_tsc+0x9/0x20 [ 552.255265][T11517] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 552.255285][T11517] ? bpf_obj_name_cpy+0x156/0x1b0 [ 552.255305][T11517] bpf_prog_load+0xe3f/0x2670 [ 552.255326][T11517] ? __pfx_bpf_prog_load+0x10/0x10 [ 552.255342][T11517] ? find_held_lock+0x2d/0x110 [ 552.255370][T11517] ? security_bpf+0x8c/0xc0 [ 552.255392][T11517] __sys_bpf+0x9e0/0x55e0 [ 552.255412][T11517] ? __pfx___sys_bpf+0x10/0x10 [ 552.255430][T11517] ? ksys_write+0x12f/0x260 [ 552.255447][T11517] ? find_held_lock+0x2d/0x110 [ 552.255463][T11517] ? ksys_write+0x21c/0x260 [ 552.255479][T11517] ? __pfx_lock_release+0x10/0x10 [ 552.255498][T11517] ? vfs_write+0x14d/0x1140 [ 552.255518][T11517] ? __mutex_unlock_slowpath+0x164/0x650 [ 552.255548][T11517] ? fput+0x32/0x390 [ 552.255568][T11517] ? ksys_write+0x1ab/0x260 [ 552.255583][T11517] ? __pfx_ksys_write+0x10/0x10 [ 552.255603][T11517] __ia32_sys_bpf+0x76/0xe0 [ 552.255622][T11517] __do_fast_syscall_32+0x73/0x120 [ 552.255643][T11517] do_fast_syscall_32+0x32/0x80 [ 552.255661][T11517] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 552.255677][T11517] RIP: 0023:0xf7f46579 [ 552.255689][T11517] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 552.255702][T11517] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 552.255717][T11517] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 552.255726][T11517] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 552.255734][T11517] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 552.255743][T11517] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 552.255751][T11517] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 552.255768][T11517] [ 552.255806][T11517] Mem-Info: [ 552.255813][T11517] active_anon:20841 inactive_anon:5 isolated_anon:0 [ 552.255813][T11517] active_file:2777 inactive_file:13604 isolated_file:0 [ 552.255813][T11517] unevictable:786 dirty:92 writeback:0 [ 552.255813][T11517] slab_reclaimable:5348 slab_unreclaimable:51629 [ 552.255813][T11517] mapped:17412 shmem:15495 pagetables:694 [ 552.255813][T11517] sec_pagetables:321 bounce:0 [ 552.255813][T11517] kernel_misc_reclaimable:0 [ 552.255813][T11517] free:101213 free_pcp:4803 free_cma:0 [ 552.255846][T11517] Node 0 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:12kB unevictable:1608kB isolated(anon):0kB isolated(file):0kB mapped:1564kB dirty:4kB writeback:4kB shmem:1544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9076kB pagetables:952kB sec_pagetables:1176kB all_unreclaimable? no [ 552.255879][T11517] Node 1 active_anon:83364kB inactive_anon:20kB active_file:11108kB inactive_file:54404kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:68084kB dirty:364kB writeback:0kB shmem:60436kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1720kB pagetables:1824kB sec_pagetables:108kB all_unreclaimable? no [ 552.255911][T11517] Node 0 DMA free:952kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:0kB free_cma:0kB [ 552.255946][T11517] lowmem_reserve[]: 0 275 0 0 0 [ 552.255970][T11517] Node 0 DMA32 free:21248kB boost:0kB min:14004kB low:17504kB high:21004kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:12kB unevictable:1608kB writepending:8kB present:1032192kB managed:308892kB mlocked:72kB bounce:0kB free_pcp:3228kB local_pcp:1420kB free_cma:0kB [ 552.256009][T11517] lowmem_reserve[]: 0 0 0 0 0 [ 552.256033][T11517] Node 1 DMA32 free:382652kB boost:0kB min:47044kB low:58804kB high:70564kB reserved_highatomic:0KB active_anon:83364kB inactive_anon:20kB active_file:11108kB inactive_file:54404kB unevictable:1536kB writepending:332kB present:1048436kB managed:946208kB mlocked:0kB bounce:0kB free_pcp:15964kB local_pcp:13840kB free_cma:0kB [ 552.256069][T11517] lowmem_reserve[]: 0 0 0 0 0 [ 552.256093][T11517] Node 0 DMA: 42*4kB (U) 46*8kB (UE) 5*16kB (E) 11*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 968kB [ 552.256178][T11517] Node 0 DMA32: 230*4kB (UMH) 131*8kB (UMEH) 47*16kB (UME) 77*32kB (UMEH) 40*64kB (UME) 15*128kB (UME) 7*256kB (UM) 11*512kB (UM) 4*1024kB (M) 0*2048kB 0*4096kB = 21184kB [ 552.256282][T11517] Node 1 DMA32: 1*4kB (U) 19*8kB (ME) 28*16kB (UME) 94*32kB (UME) 72*64kB (UME) 44*128kB (UME) 32*256kB (UM) 12*512kB (UME) 12*1024kB (UM) 5*2048kB (M) 81*4096kB (UM) = 382492kB [ 552.256393][T11517] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 552.256404][T11517] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 552.256415][T11517] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 552.256425][T11517] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 552.256435][T11517] 32203 total pagecache pages [ 552.256440][T11517] 309 pages in swap cache [ 552.256445][T11517] Free swap = 118072kB [ 552.256450][T11517] Total swap = 124996kB [ 552.256455][T11517] 524155 pages RAM [ 552.256460][T11517] 0 pages HighMem/MovableOnly [ 552.256464][T11517] 206540 pages reserved [ 552.256469][T11517] 0 pages cma reserved [ 552.280704][ T6412] usb 5-1: USB disconnect, device number 12 [ 552.385334][T11526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1654'. [ 552.402356][T11522] [U]  [ 552.805276][ T6412] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 553.011364][ T6412] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 553.017540][ T6412] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 553.043656][ T6412] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 553.048718][ T6412] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 553.069517][ T6412] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.082604][T11515] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 553.087990][ T6412] hub 5-1:1.0: bad descriptor, ignoring hub [ 553.114463][ T6412] hub 5-1:1.0: probe with driver hub failed with error -5 [ 553.138242][ T6412] cdc_wdm 5-1:1.0: skipping garbage [ 553.141026][ T6412] cdc_wdm 5-1:1.0: skipping garbage [ 553.155164][ T6412] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 553.158120][ T6412] cdc_wdm 5-1:1.0: Unknown control protocol [ 553.458557][T11561] can0: slcan on ttyprintk. [ 553.789492][ T3002] usb 5-1: USB disconnect, device number 13 [ 554.020551][T11563] can0 (unregistered): slcan off ttyprintk. [ 554.730298][T11578] syz.3.1661: attempt to access beyond end of device [ 554.730298][T11578] loop3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 554.736079][T11578] vxfs: unable to read disk superblock at 1 [ 554.749569][T11578] syz.3.1661: attempt to access beyond end of device [ 554.749569][T11578] loop3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 554.757252][T11578] vxfs: unable to read disk superblock at 8 [ 554.762818][T11578] vxfs: can't find superblock. [ 555.362854][ T8] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 555.551470][T11587] ecryptfs_parse_options: eCryptfs: unrecognized option [&@] [ 555.556554][T11587] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 555.563718][T11587] Error parsing options; rc = [-22] [ 555.572251][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.578620][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.584531][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 555.593513][ T8] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 555.604595][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.612670][T11587] cifs: Unknown parameter 'mode' [ 555.620876][ T8] usb 5-1: config 0 descriptor?? [ 556.090300][ T8] plantronics 0003:047F:FFFF.000A: unknown main item tag 0xe [ 556.094972][ T8] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x7 [ 556.142771][ T8] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 556.150334][ T8] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 556.293667][T11589] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1665'. [ 556.381726][T11583] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1663'. [ 556.392327][ T8] usb 5-1: USB disconnect, device number 14 [ 557.142135][T11609] netlink: 'syz.1.1671': attribute type 1 has an invalid length. [ 557.147554][T11608] [U]  [ 557.880238][ T58] usb 6-1: new full-speed USB device number 17 using dummy_hcd [ 558.098547][ T58] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 558.103179][ T58] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 558.107039][ T58] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 558.128118][ T58] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 558.134916][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.163519][T11619] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 558.170392][ T58] hub 6-1:1.0: bad descriptor, ignoring hub [ 558.173854][ T58] hub 6-1:1.0: probe with driver hub failed with error -5 [ 558.179328][ T58] cdc_wdm 6-1:1.0: skipping garbage [ 558.182225][ T58] cdc_wdm 6-1:1.0: skipping garbage [ 558.189505][ T58] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 558.193367][ T58] cdc_wdm 6-1:1.0: Unknown control protocol [ 558.665851][T11625] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1676'. [ 558.721625][ T9614] Bluetooth: hci2: command 0x0405 tx timeout [ 558.910804][T11630] input: syz1 as /devices/virtual/input/input64 [ 559.329490][T11619] cdc_wdm 6-1:1.0: Error autopm - -16 [ 559.333422][ T6412] usb 6-1: USB disconnect, device number 17 [ 562.071361][ T4776] Bluetooth: hci4: command 0x1003 tx timeout [ 562.075153][ T9614] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 562.354177][T11645] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1683'. [ 562.359633][T11646] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1683'. [ 562.768997][T11660] [U] [ 562.771262][T11660] [U] [ 562.772843][T11660] [U] [ 562.785401][T11660] [U] [ 562.791310][T11660] [U] [ 562.792959][T11660] [U] [ 562.794376][T11660] [U] [ 562.795860][T11660] [U] [ 562.797338][T11660] [U] [ 562.798615][T11660] [U] [ 562.808236][T11660] [U] [ 562.809596][T11660] [U] [ 562.823125][T11660] [U] [ 562.824397][T11660] [U] [ 562.826422][T11660] [U] [ 562.828337][T11660] [U] [ 562.837150][T11660] [U] [ 562.838837][T11660] [U] [ 562.850926][T11660] [U] [ 562.852293][T11660] [U] [ 562.857151][T11660] [U] [ 562.859015][T11660] [U] [ 562.860694][T11660] [U] [ 562.862354][T11660] [U] [ 562.865699][T11660] [U] [ 562.867562][T11660] [U] [ 562.869361][T11660] [U] [ 562.871016][T11660] [U] [ 562.872791][T11660] [U] [ 562.874603][T11660] [U] [ 562.876180][T11660] [U] [ 562.877854][T11660] [U] [ 562.879586][T11660] [U] [ 562.881150][T11660] [U] [ 562.882852][T11660] [U] [ 562.884497][T11660] [U] [ 562.886151][T11660] [U] [ 562.891251][T11660] [U] [ 562.892728][T11660] [U] [ 562.895466][T11660] [U] [ 562.897992][T11660] [U] [ 562.899519][T11660] [U] [ 562.901335][T11660] [U] [ 562.903164][T11660] [U] [ 562.905131][T11660] [U] [ 562.906674][T11660] [U] [ 562.908160][T11660] [U] [ 562.909679][T11660] [U] [ 562.912673][T11660] [U] [ 562.930179][T11660] [U] [ 562.931910][T11660] [U] [ 562.933470][T11660] [U] [ 562.935568][T11660] [U] [ 562.937076][T11660] [U] [ 562.938518][T11660] [U] [ 562.939619][T11660] [U] [ 562.941120][T11660] [U] [ 562.942235][T11660] [U] [ 562.943292][T11660] [U] [ 562.944314][T11660] [U] [ 562.945552][T11660] [U] [ 562.946640][T11660] [U] [ 562.947690][T11660] [U] [ 562.948748][T11660] [U] [ 562.950326][T11660] [U] [ 562.951553][T11660] [U] [ 562.952783][T11660] [U] [ 562.956634][T11660] [U] [ 562.958832][T11660] [U] [ 562.961949][T11660] [U] [ 562.963590][T11660] [U] [ 562.964796][T11660] [U] [ 562.970295][T11660] [U] [ 562.971646][T11660] [U] [ 562.973137][T11660] [U] [ 562.974622][T11660] [U] [ 562.976295][T11660] [U] [ 562.983416][T11660] [U] [ 562.985289][T11660] [U] [ 562.987200][T11660] [U] [ 562.992506][T11660] [U] [ 562.993989][T11660] [U] [ 562.995382][T11660] [U] [ 562.996805][T11660] [U] [ 562.998662][T11660] [U] [ 563.000486][T11660] [U] [ 563.002309][T11660] [U] [ 563.004171][T11660] [U] [ 563.010120][T11660] [U] [ 563.012154][T11660] [U] [ 563.013454][T11660] [U] [ 563.015200][T11660] [U] [ 563.017898][T11660] [U] [ 563.019665][T11660] [U] [ 563.021067][T11660] [U] [ 563.022448][T11660] [U] [ 563.024624][T11660] [U] [ 563.026375][T11660] [U] [ 563.028201][T11660] [U] [ 563.029803][T11660] [U] [ 563.031758][T11660] [U] [ 563.033334][T11660] [U] [ 563.034777][T11660] [U] [ 563.036301][T11660] [U] [ 563.038072][T11660] [U] [ 563.039623][T11660] [U] [ 563.041039][T11660] [U] [ 563.042415][T11660] [U] [ 563.048394][T11660] [U] [ 563.050024][T11660] [U] [ 563.051839][T11660] [U] [ 563.054044][T11660] [U] [ 563.056615][T11660] [U] [ 563.058538][T11660] [U] [ 563.060843][T11660] [U] [ 563.062755][T11660] [U] [ 563.066057][T11660] [U] [ 563.069985][T11660] [U] [ 563.071816][T11660] [U] [ 563.073453][T11660] [U] [ 563.075696][T11660] [U] [ 563.077597][T11660] [U] [ 563.079437][T11660] [U] [ 563.081100][T11660] [U] [ 563.083684][T11660] [U] [ 563.085586][T11660] [U] [ 563.087423][T11660] [U] [ 563.103568][T11659] [U] [ 563.380033][T11669] netlink: 'syz.1.1691': attribute type 1 has an invalid length. [ 564.222423][T11694] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1699'. [ 564.764925][T11686] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1696'. [ 566.084225][T11703] netlink: 'syz.1.1701': attribute type 1 has an invalid length. [ 566.146665][T11702] [U]  [ 567.379731][T11714] netlink: 'syz.1.1705': attribute type 7 has an invalid length. [ 567.399302][T11715] fuse: Bad value for 'group_id' [ 567.402086][T11715] fuse: Bad value for 'group_id' [ 567.405882][T11714] netlink: 'syz.1.1705': attribute type 39 has an invalid length. [ 568.331395][T11725] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1708'. [ 568.335916][T11725] tipc: Started in network mode [ 568.338833][T11725] tipc: Node identity 0000000000000000f0ff00000000003a, cluster identity 4711 [ 568.343584][T11725] tipc: Enabling of bearer rejected, failed to enable media [ 568.472047][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 569.206800][T11735] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1711'. [ 569.207462][T11734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1711'. [ 569.219014][T11733] netlink: 'syz.2.1710': attribute type 1 has an invalid length. [ 569.235441][T11731] [U]  [ 569.673109][ T1294] usb 8-1: new full-speed USB device number 13 using dummy_hcd [ 569.924560][ T1294] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 569.945920][ T1294] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 569.971115][ T1294] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 569.986372][ T1294] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 569.991663][ T1294] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.022974][T11738] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 570.034456][ T1294] hub 8-1:1.0: bad descriptor, ignoring hub [ 570.037863][ T1294] hub 8-1:1.0: probe with driver hub failed with error -5 [ 570.054753][ T1294] cdc_wdm 8-1:1.0: skipping garbage [ 570.057209][ T1294] cdc_wdm 8-1:1.0: skipping garbage [ 570.085457][ T1294] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 570.089419][ T1294] cdc_wdm 8-1:1.0: Unknown control protocol [ 570.179676][T11743] mkiss: ax0: crc mode is auto. [ 571.763178][T11752] input: syz1 as /devices/virtual/input/input66 [ 573.425738][T11769] netlink: 'syz.1.1721': attribute type 1 has an invalid length. [ 573.431921][T11768] [U]  [ 574.850206][T11738] cdc_wdm 8-1:1.0: Error autopm - -16 [ 574.865119][ T9818] usb 8-1: USB disconnect, device number 13 [ 575.205444][ T9614] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 575.352226][T11785] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 575.356533][T11785] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 575.856235][T11782] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1725'. [ 575.865332][T11782] netlink: 'syz.1.1725': attribute type 1 has an invalid length. [ 575.903962][T11782] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1725'. [ 576.462100][ T9614] Bluetooth: hci2: unexpected event for opcode 0x0c38 [ 576.557441][T11797] sg_write: data in/out 768/1 bytes for SCSI command 0x0-- guessing data in; [ 576.557441][T11797] program syz.3.1730 not setting count and/or reply_len properly [ 579.009691][ T6413] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 579.534953][T11845] misc userio: No port type given on /dev/userio [ 579.635531][ T6413] usb 5-1: unable to get BOS descriptor or descriptor too short [ 579.640050][ T6413] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 579.643732][ T6413] usb 5-1: can't read configurations, error -71 [ 580.017690][T11850] netlink: 'syz.2.1744': attribute type 1 has an invalid length. [ 580.481709][ T9614] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 580.487110][ T9614] Bluetooth: hci2: Injecting HCI hardware error event [ 580.495745][ T4776] Bluetooth: hci2: hardware error 0x00 [ 580.741324][T11857] IPVS: set_ctl: invalid protocol: 43 100.1.1.0:20003 [ 581.259373][T11870] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1750'. [ 582.630575][ T4776] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 582.863442][T11883] netlink: 'syz.0.1753': attribute type 1 has an invalid length. [ 582.870517][T11881] [U]  [ 583.809452][ T3002] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 583.849882][ T30] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 584.011438][ T3002] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 584.015333][ T3002] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 584.018649][ T3002] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 584.041749][ T30] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 584.047913][ T30] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 584.055773][ T30] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 584.057795][ T3002] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 584.067155][ T30] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 584.069391][ T3002] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.073580][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.101409][T11895] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 584.108022][ T30] hub 6-1:1.0: bad descriptor, ignoring hub [ 584.112965][ T30] hub 6-1:1.0: probe with driver hub failed with error -5 [ 584.118270][ T30] cdc_wdm 6-1:1.0: skipping garbage [ 584.123399][T11896] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 584.127580][ T30] cdc_wdm 6-1:1.0: skipping garbage [ 584.171023][ T3002] hub 5-1:1.0: bad descriptor, ignoring hub [ 584.171928][ T30] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 584.177486][ T3002] hub 5-1:1.0: probe with driver hub failed with error -5 [ 584.194277][ T3002] cdc_wdm 5-1:1.0: skipping garbage [ 584.196653][ T3002] cdc_wdm 5-1:1.0: skipping garbage [ 584.205432][ T30] cdc_wdm 6-1:1.0: Unknown control protocol [ 584.206051][ T3002] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device [ 584.231908][ T3002] cdc_wdm 5-1:1.0: Unknown control protocol [ 584.572034][ T30] usb 5-1: USB disconnect, device number 17 [ 585.285260][ T1294] usb 6-1: USB disconnect, device number 18 [ 585.291323][T11895] cdc_wdm 6-1:1.0: Error autopm - -16 [ 585.321907][T11896] cdc_wdm 6-1:1.0: Error autopm - -16 [ 585.331765][T11904] cdc_wdm 6-1:1.0: Error autopm - -16 [ 585.361884][T11903] cdc_wdm 6-1:1.0: Error autopm - -16 [ 585.466820][T11920] netlink: 'syz.2.1762': attribute type 1 has an invalid length. [ 585.472348][T11919] [U]  [ 586.264001][T11943] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1767'. [ 586.313884][T11944] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1768'. [ 586.820864][T11958] netlink: 'syz.2.1772': attribute type 1 has an invalid length. [ 586.831576][T11957] [U]  [ 587.709262][ T5394] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 587.918551][ T5394] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 587.922951][ T5394] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 587.926967][ T5394] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 587.949178][ T5394] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 587.954654][ T5394] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.976276][T11967] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 587.980761][ T5394] hub 7-1:1.0: bad descriptor, ignoring hub [ 588.009315][ T5394] hub 7-1:1.0: probe with driver hub failed with error -5 [ 588.012783][ T5394] cdc_wdm 7-1:1.0: skipping garbage [ 588.053307][ T5394] cdc_wdm 7-1:1.0: skipping garbage [ 588.090868][ T5394] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 588.093346][ T5394] cdc_wdm 7-1:1.0: Unknown control protocol [ 588.849149][T11972] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 588.852233][T11972] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 588.855112][T11972] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 588.860613][T11972] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 588.887167][ T9614] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 588.917750][ T9614] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 588.937665][ T9614] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 588.973231][ T9614] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 589.006935][ T9614] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 589.012456][ T9614] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 589.159282][ T57] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 589.201993][T11967] usb 7-1: reset full-speed USB device number 13 using dummy_hcd [ 589.369230][ T57] usb 6-1: Using ep0 maxpacket: 32 [ 589.385461][ T1100] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.395068][ T57] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 589.399450][ T57] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 589.403371][ T57] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 589.407617][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 589.411944][ T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 589.416164][ T57] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 589.422003][ T57] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 589.426370][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.435232][ T57] usb 6-1: config 0 descriptor?? [ 589.435727][T11980] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 589.506852][ T1100] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.605829][ T1100] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.656513][ T57] usblp 6-1:0.0: usblp1: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 589.664842][T11984] chnl_net:caif_netlink_parms(): no params data found [ 589.680172][ T57] usb 6-1: USB disconnect, device number 19 [ 589.775047][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.776349][ T57] usblp1: removed [ 589.778746][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.780540][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.780554][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.780736][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.803355][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.811047][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.824582][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.827006][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.829377][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.852901][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.855590][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.874161][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.885722][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.888435][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.891081][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.893727][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.896373][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.908326][ C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 589.913973][ C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 589.980914][ T1100] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.079577][ T6413] usb 7-1: USB disconnect, device number 13 [ 590.153442][ T4776] Bluetooth: hci1: command 0x0c1a tx timeout [ 590.213488][T11984] bridge0: port 1(bridge_slave_0) entered blocking state [ 590.216335][T11984] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.219669][T11984] bridge_slave_0: entered allmulticast mode [ 590.223722][T11984] bridge_slave_0: entered promiscuous mode [ 590.228744][T11984] bridge0: port 2(bridge_slave_1) entered blocking state [ 590.231836][T11984] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.236445][T11984] bridge_slave_1: entered allmulticast mode [ 590.246573][T11984] bridge_slave_1: entered promiscuous mode [ 590.302907][ T57] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 590.368484][T11984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 590.377674][T11984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 590.509343][ T57] usb 6-1: Using ep0 maxpacket: 32 [ 590.530245][ T57] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 590.534178][ T57] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 590.538216][ T57] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 590.550674][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 590.554650][ T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 590.559731][ T57] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 590.565545][ T57] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 590.569555][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.580167][ T57] usb 6-1: config 0 descriptor?? [ 590.656827][T11984] team0: Port device team_slave_0 added [ 590.676702][ T1100] bridge_slave_1: left allmulticast mode [ 590.699212][ T1100] bridge_slave_1: left promiscuous mode [ 590.702947][ T1100] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.723973][ T1100] bridge_slave_0: left allmulticast mode [ 590.727036][ T1100] bridge_slave_0: left promiscuous mode [ 590.730948][ T1100] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.796141][ T57] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 590.869346][ T4776] Bluetooth: hci3: command 0x0c1a tx timeout [ 591.116193][ T4776] Bluetooth: hci4: command tx timeout [ 591.903390][ T1294] usb 6-1: USB disconnect, device number 20 [ 591.908197][ T1294] usblp0: removed [ 591.946870][ T1100] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 591.960832][T12037] block device autoloading is deprecated and will be removed. [ 592.010046][ T1100] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 592.026690][ T1100] bond0 (unregistering): Released all slaves [ 592.081068][T11984] team0: Port device team_slave_1 added [ 592.294672][ T1100] tipc: Left network mode [ 592.409345][T11984] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 592.412778][T11984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.431445][T11984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 592.439064][T11984] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 592.443730][T11984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.484956][T11984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 592.868916][T11984] hsr_slave_0: entered promiscuous mode [ 592.878992][T11984] hsr_slave_1: entered promiscuous mode [ 592.885586][T11984] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 592.890727][T11984] Cannot create hsr debugfs directory [ 592.899220][ T10] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 592.949256][ T4776] Bluetooth: hci3: command 0x0c1a tx timeout [ 593.145817][ T1100] hsr_slave_0: left promiscuous mode [ 593.148958][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 593.196192][ T1100] hsr_slave_1: left promiscuous mode [ 593.199506][ T4776] Bluetooth: hci4: command tx timeout [ 593.208471][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 593.212757][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 593.217018][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.223585][ T10] usb 6-1: Product: syz [ 593.225814][ T10] usb 6-1: Manufacturer: syz [ 593.228033][ T10] usb 6-1: SerialNumber: syz [ 593.235184][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 593.241288][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 593.265859][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 593.362030][ T1100] veth1_macvtap: left promiscuous mode [ 593.365129][ T1100] veth0_macvtap: left promiscuous mode [ 593.368323][ T1100] veth1_vlan: left promiscuous mode [ 593.373115][ T1100] veth0_vlan: left promiscuous mode [ 593.507285][ T10] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 21 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 593.796235][T12059] UBIFS error (pid: 12059): cannot open "./file0", error -22 [ 595.033644][ T4776] Bluetooth: hci3: command 0x0c1a tx timeout [ 595.141824][ T39] audit: type=1326 audit(1725817231.263:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12078 comm="syz.0.1802" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f40579 code=0x0 [ 595.269256][ T4776] Bluetooth: hci4: command tx timeout [ 595.286794][ T984] usb 6-1: USB disconnect, device number 21 [ 595.287567][ C0] usblp0: nonzero write bulk status received: -71 [ 595.354430][T12055] usblp0: removed [ 596.063351][T12086] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1805'. [ 596.719280][ T984] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 596.902272][ T984] usb 5-1: Using ep0 maxpacket: 32 [ 596.914872][ T984] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 596.934166][ T984] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 596.957753][ T984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.961663][ T984] usb 5-1: Product: syz [ 596.964182][ T984] usb 5-1: Manufacturer: syz [ 596.980412][ T984] usb 5-1: SerialNumber: syz [ 596.986699][ T984] usb 5-1: config 0 descriptor?? [ 597.002435][T12088] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 597.017554][ T984] hub 5-1:0.0: bad descriptor, ignoring hub [ 597.021735][ T984] hub 5-1:0.0: probe with driver hub failed with error -5 [ 597.029669][ T984] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input69 [ 597.245620][ T984] usb 5-1: USB disconnect, device number 18 [ 597.263534][ C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 597.352018][ T4776] Bluetooth: hci4: command tx timeout [ 597.583844][ T1100] team0 (unregistering): Port device team_slave_1 removed [ 598.018739][ T1100] team0 (unregistering): Port device team_slave_0 removed [ 600.174719][T12094] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1808'. [ 601.678471][T12140] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1822'. [ 602.156652][T11984] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 602.206958][T11984] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 602.230004][T11984] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 602.276235][T11984] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 602.743721][T11984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 602.854603][T11984] 8021q: adding VLAN 0 to HW filter on device team0 [ 603.000858][ T1125] bridge0: port 1(bridge_slave_0) entered blocking state [ 603.004129][ T1125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 603.017083][ T1125] bridge0: port 2(bridge_slave_1) entered blocking state [ 603.020421][ T1125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 603.218826][T11984] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 603.842440][T11984] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 603.919548][T11984] veth0_vlan: entered promiscuous mode [ 603.950029][T11984] veth1_vlan: entered promiscuous mode [ 604.013383][T11984] veth0_macvtap: entered promiscuous mode [ 604.034651][T11984] veth1_macvtap: entered promiscuous mode [ 604.063597][T11984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.073654][T11984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.077798][T11984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.083512][T11984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.091586][T11984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.098087][T11984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.106568][T11984] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 604.114568][T11984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 604.120084][T11984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.124825][T11984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 604.129515][T11984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.133587][T11984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 604.138025][T11984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.157275][T11984] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 604.184127][T11984] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.187593][T11984] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.191618][T11984] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.223881][T11984] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.546730][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 604.550292][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 604.604273][ T203] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 604.630256][ T203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 604.903844][T12182] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1780'. [ 605.777083][T12191] binder: 12187:12191 ioctl c0306201 0 returned -14 [ 606.942639][T12200] tmpfs: Bad value for 'huge' [ 608.284446][T12209] tmpfs: Bad value for 'huge' [ 608.922077][T12205] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 613.829202][ T6413] usb 7-1: new full-speed USB device number 14 using dummy_hcd [ 613.969176][T12284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 614.011123][T12284] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1864'. [ 614.011588][ T6413] usb 7-1: config 1 interface 0 has no altsetting 0 [ 614.034217][ T6413] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 614.037787][ T6413] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 614.047461][ T6413] usb 7-1: Product: syz [ 614.049568][ T6413] usb 7-1: Manufacturer: syz [ 614.051683][ T6413] usb 7-1: SerialNumber: syz [ 614.717116][ T6413] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 615.624495][T12302] No control pipe specified [ 615.634475][T12302] ALSA: seq fatal error: cannot create timer (-22) [ 616.019253][ T57] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 616.269625][ T57] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 616.312095][ T57] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.329661][ T57] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.333729][ T57] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.337692][ T57] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.340367][T12313] ebtables: wrong size: *len 120, entries_size 144, replsz 144 [ 616.369196][ T57] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.418116][ T57] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.423192][ T57] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.426631][ T57] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.448382][ T57] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.479213][ T57] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.483544][ T57] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.490814][ T57] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.497455][ T57] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.503575][ T57] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.521128][ T57] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.545328][ T57] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.548982][ T57] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.555807][ T30] usb 7-1: USB disconnect, device number 14 [ 616.593011][ T39] audit: type=1326 audit(1725817252.733:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12318 comm="syz.0.1877" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f40579 code=0x0 [ 616.601079][ T57] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.615853][T12277] usblp0: removed [ 616.641025][ T57] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.644565][ T57] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.648526][ T57] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.665912][ T57] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 616.669551][ T57] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 616.673856][ T57] usb 8-1: config 0 interface 0 has no altsetting 0 [ 616.693218][ T57] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 616.696653][ T57] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 616.700262][ T57] usb 8-1: Product: syz [ 616.715204][ T57] usb 8-1: Manufacturer: syz [ 616.717101][ T57] usb 8-1: SerialNumber: syz [ 616.721246][ T57] usb 8-1: config 0 descriptor?? [ 616.728128][ T57] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 616.752671][T12323] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1878'. [ 616.873489][T12327] kAFS: Can only specify source 'none' with -o dyn [ 616.972852][ T30] usb 8-1: USB disconnect, device number 14 [ 616.977039][ T30] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 617.058594][T12334] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1883'. [ 619.012959][T12343] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1887'. [ 619.160378][T12342] ------------[ cut here ]------------ [ 619.164669][T12342] name '47334' [ 619.168344][T12342] WARNING: CPU: 2 PID: 12342 at fs/proc/generic.c:711 remove_proc_entry+0x268/0x470 [ 619.172185][T12342] Modules linked in: [ 619.175832][T12342] CPU: 2 UID: 0 PID: 12342 Comm: syz.0.1887 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 619.201202][T12342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 619.208050][T12342] RIP: 0010:remove_proc_entry+0x268/0x470 [ 619.211237][T12342] Code: 08 eb a2 e8 fa dc 67 ff 48 c7 c7 80 ce ff 8d e8 de ab e7 08 e8 e9 dc 67 ff 90 48 c7 c7 40 e1 60 8b 4c 89 e6 e8 59 95 2a ff 90 <0f> 0b 90 90 e9 72 ff ff ff e8 ca dc 67 ff 49 8d be 98 00 00 00 48 [ 619.251579][T12342] RSP: 0018:ffffc90003d87c88 EFLAGS: 00010286 [ 619.254169][T12342] RAX: 0000000000000000 RBX: 1ffff920007b0f93 RCX: ffffffff814dd439 [ 619.257193][T12342] RDX: ffff8880254fc880 RSI: ffffffff814dd446 RDI: 0000000000000001 [ 619.268917][T12342] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 619.271842][T12342] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888029dfd548 [ 619.275189][T12342] R13: dffffc0000000000 R14: ffff888021f2b400 R15: ffff888026ae4ec0 [ 619.278791][T12342] FS: 0000000000000000(0000) GS:ffff88802b800000(0063) knlGS:0000000057a3d440 [ 619.309418][T12342] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 619.312356][T12342] CR2: 000000000c3551ad CR3: 000000004a3b6000 CR4: 0000000000350ef0 [ 619.337515][T12342] Call Trace: [ 619.339191][T12342] [ 619.340660][T12342] ? show_regs+0x8c/0xa0 [ 619.342652][T12342] ? __warn+0xe5/0x3c0 [ 619.344498][T12342] ? preempt_schedule_notrace+0x62/0xe0 [ 619.346797][T12342] ? remove_proc_entry+0x268/0x470 [ 619.361486][T12342] ? report_bug+0x3c0/0x580 [ 619.363163][T12342] ? handle_bug+0x3d/0x70 [ 619.364675][T12342] ? exc_invalid_op+0x17/0x50 [ 619.366625][T12342] ? asm_exc_invalid_op+0x1a/0x20 [ 619.375543][T12342] ? __warn_printk+0x199/0x350 [ 619.391870][T12342] ? __warn_printk+0x1a6/0x350 [ 619.393677][T12342] ? remove_proc_entry+0x268/0x470 [ 619.395725][T12342] ? remove_proc_entry+0x267/0x470 [ 619.397914][T12342] ? __pfx_lock_release+0x10/0x10 [ 619.418139][T12342] ? __pfx_remove_proc_entry+0x10/0x10 [ 619.420328][T12342] ? mark_held_locks+0x9f/0xe0 [ 619.422437][T12342] ? __local_bh_enable_ip+0xa4/0x120 [ 619.424759][T12342] bcm_release+0x27b/0x8d0 [ 619.426552][T12342] __sock_release+0xb0/0x270 [ 619.428535][T12342] ? __pfx_sock_close+0x10/0x10 [ 619.430888][T12342] sock_close+0x1c/0x30 [ 619.440966][T12342] __fput+0x408/0xbb0 [ 619.442796][T12342] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.445063][T12342] task_work_run+0x14e/0x250 [ 619.447481][T12342] ? __pfx_task_work_run+0x10/0x10 [ 619.452320][T12342] ? __pfx___close_range+0x10/0x10 [ 619.455629][T12342] syscall_exit_to_user_mode+0x27b/0x2a0 [ 619.464454][T12342] __do_fast_syscall_32+0x80/0x120 [ 619.467129][T12342] do_fast_syscall_32+0x32/0x80 [ 619.472829][T12342] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 619.476458][T12342] RIP: 0023:0xf7f40579 [ 619.478612][T12342] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 619.489190][T12342] RSP: 002b:00000000ffa6f03c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4 [ 619.495445][T12342] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 619.500084][T12342] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 619.504470][T12342] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 619.508833][T12342] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 619.512426][T12342] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 619.515109][T12342] [ 619.516187][T12342] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 619.519336][T12342] CPU: 2 UID: 0 PID: 12342 Comm: syz.0.1887 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 619.524478][T12342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 619.531044][T12342] Call Trace: [ 619.533312][T12342] [ 619.534896][T12342] dump_stack_lvl+0x3d/0x1f0 [ 619.537402][T12342] panic+0x6dc/0x7c0 [ 619.539369][T12342] ? __pfx_panic+0x10/0x10 [ 619.541686][T12342] ? show_trace_log_lvl+0x363/0x500 [ 619.545259][T12342] ? check_panic_on_warn+0x1f/0xb0 [ 619.547975][T12342] ? remove_proc_entry+0x268/0x470 [ 619.551590][T12342] check_panic_on_warn+0xab/0xb0 [ 619.555220][T12342] __warn+0xf1/0x3c0 [ 619.557511][T12342] ? preempt_schedule_notrace+0x62/0xe0 [ 619.559974][T12342] ? remove_proc_entry+0x268/0x470 [ 619.562834][T12342] report_bug+0x3c0/0x580 [ 619.564733][T12342] handle_bug+0x3d/0x70 [ 619.566855][T12342] exc_invalid_op+0x17/0x50 [ 619.570154][T12342] asm_exc_invalid_op+0x1a/0x20 [ 619.572816][T12342] RIP: 0010:remove_proc_entry+0x268/0x470 [ 619.576457][T12342] Code: 08 eb a2 e8 fa dc 67 ff 48 c7 c7 80 ce ff 8d e8 de ab e7 08 e8 e9 dc 67 ff 90 48 c7 c7 40 e1 60 8b 4c 89 e6 e8 59 95 2a ff 90 <0f> 0b 90 90 e9 72 ff ff ff e8 ca dc 67 ff 49 8d be 98 00 00 00 48 [ 619.589714][T12342] RSP: 0018:ffffc90003d87c88 EFLAGS: 00010286 [ 619.593473][T12342] RAX: 0000000000000000 RBX: 1ffff920007b0f93 RCX: ffffffff814dd439 [ 619.598747][T12342] RDX: ffff8880254fc880 RSI: ffffffff814dd446 RDI: 0000000000000001 [ 619.602798][T12342] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 619.606387][T12342] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888029dfd548 [ 619.609890][T12342] R13: dffffc0000000000 R14: ffff888021f2b400 R15: ffff888026ae4ec0 [ 619.613397][T12342] ? __warn_printk+0x199/0x350 [ 619.616332][T12342] ? __warn_printk+0x1a6/0x350 [ 619.619478][T12342] ? remove_proc_entry+0x267/0x470 [ 619.622543][T12342] ? __pfx_lock_release+0x10/0x10 [ 619.625806][T12342] ? __pfx_remove_proc_entry+0x10/0x10 [ 619.629430][T12342] ? mark_held_locks+0x9f/0xe0 [ 619.632495][T12342] ? __local_bh_enable_ip+0xa4/0x120 [ 619.635810][T12342] bcm_release+0x27b/0x8d0 [ 619.654723][T12342] __sock_release+0xb0/0x270 [ 619.657387][T12342] ? __pfx_sock_close+0x10/0x10 [ 619.659379][T12342] sock_close+0x1c/0x30 [ 619.661043][T12342] __fput+0x408/0xbb0 [ 619.662650][T12342] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.665520][T12342] task_work_run+0x14e/0x250 [ 619.668328][T12342] ? __pfx_task_work_run+0x10/0x10 [ 619.670621][T12342] ? __pfx___close_range+0x10/0x10 [ 619.672855][T12342] syscall_exit_to_user_mode+0x27b/0x2a0 [ 619.694391][T12342] __do_fast_syscall_32+0x80/0x120 [ 619.696935][T12342] do_fast_syscall_32+0x32/0x80 [ 619.700213][T12342] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 619.703821][T12342] RIP: 0023:0xf7f40579 [ 619.705476][T12342] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 619.731661][T12342] RSP: 002b:00000000ffa6f03c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4 [ 619.736489][T12342] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 619.739551][T12342] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 619.744222][T12342] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 619.755692][T12342] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 619.759575][T12342] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 619.774713][T12342] [ 619.776664][T12342] Kernel Offset: disabled [ 619.778472][T12342] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:40:55 Registers: info registers vcpu 0 CPU#0 RAX=00000000007df1ff RBX=0000000000000000 RCX=ffffffff8b083099 RDX=0000000000000000 RSI=ffffffff8b4cd060 RDI=ffffffff8bb07fe0 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20 R8 =0000000000000001 R9 =ffffed10056c6fd9 R10=ffff88802b637ecb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff9011e698 R15=0000000000000000 RIP=ffffffff8b08448f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5695da4 CR3=000000005c090000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000012800000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff81c81719 RDX=ffff88801fa5c880 RSI=ffffffff81c8181c RDI=0000000000000005 RBP=ffff888045cb2520 RSP=ffffc90000e4f7b0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffff888045cb2500 R13=dffffc0000000000 R14=0000000000000002 R15=ffffc90000e4f860 RIP=ffffffff8171a190 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f56b4dc0 CR3=000000005c090000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000012800000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fc2445 RDI=ffffffff9a516640 RBP=ffffffff9a516600 RSP=ffffc90003d87660 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=000000000000000d R14=ffffffff84fc23e0 R15=0000000000000000 RIP=ffffffff84fc246f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b800000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3551ad CR3=000000004a3b6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000214731 RBX=0000000000000003 RCX=ffffffff8b083099 RDX=0000000000000000 RSI=ffffffff8b4cd060 RDI=ffffffff8bb07fe0 RBP=ffffed100377e488 RSP=ffffc90000497e08 R8 =0000000000000001 R9 =ffffed1005726fd9 R10=ffff88802b937ecb R11=0000000000000000 R12=0000000000000003 R13=ffff88801bbf2440 R14=ffffffff9011e698 R15=0000000000000000 RIP=ffffffff8b08448f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c385bec CR3=000000005fd60000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000