last executing test programs: 10.292360907s ago: executing program 2 (id=5230): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x1de) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f0000000000)=ANY=[], 0x26) preadv(r1, &(0x7f0000000100)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r3 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a0, 0x0, 0x2b8, 0x182, 0x0, 0x0, 0x1d8, 0x3a8, 0x3a8, 0x1d8, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec, 0x0, {0x0, 0xe0ffff00000000}}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xf7db, 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x100, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2fc) getsockname$packet(r1, 0x0, &(0x7f0000000280)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x22, &(0x7f00000006c0)=ANY=[@ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000f8ffffffff12ff007d0f0000b7080000000000007b8af8ff00000000b7080000030000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000085200000010000001800000000feffff00000000010000108520000001000000bf91000084000000b7000000000000009500"/96], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x4a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xfffffffd}, 0x8}, 0x90) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r4) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') close(r4) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r5, 0xc0106407, &(0x7f0000000080)={0x1, 0x951}) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}}) socket$netlink(0x10, 0x3, 0x4) r7 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000000040), 0x1c) r8 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r8, 0x8000010) keyctl$read(0xb, r8, 0x0, 0x0) connect$inet6(r7, &(0x7f0000000340)={0x2, 0x0, 0x0, @dev}, 0x1c) 9.652666043s ago: executing program 2 (id=5233): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x3, 0x80000) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3}) io_setup(0x4, &(0x7f00000001c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x10000000002, 0x0, 0x1, r3}]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) fchdir(r5) r6 = socket$unix(0x1, 0x2, 0x0) bind$unix(r6, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r7 = socket$unix(0x1, 0x2, 0x0) bind$unix(r7, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) connect$unix(r6, &(0x7f0000000180)=@abs={0x1}, 0x25) r8 = dup(r1) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000200)="0f474800abc4e17a7eaa3c000000440f2012350f000000440f01c58fc97002700d0fc7b51d85cd66b9800000c00f3235000800000f302ef30f015e470f01d10f1ac7"}], 0x1, 0x0, 0x0, 0xfffffffffffffd9e) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406d0434c50000000000010902"], 0x0) r10 = socket(0x1f, 0x6, 0xffffffff) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r11, 0x0) setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x482, &(0x7f0000000000)={0x2c, @private=0xa010104, 0x0, 0xfffffffd, 'nq\x00', 0x0, 0x0, 0x2}, 0x2c) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 6.374471735s ago: executing program 2 (id=5245): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$ptp1(0xffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$PTP_PIN_GETFUNC2(r3, 0xc0603d0f, &(0x7f0000000040)={'\x00', 0xfffffff8, 0x1, 0x3}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) setsockopt$sock_void(r0, 0x1, 0xb3a09252f923a13a, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19) 5.334236816s ago: executing program 2 (id=5250): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x3, 0x80000) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3}) io_setup(0x4, &(0x7f00000001c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x10000000002, 0x0, 0x1, r3}]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) fchdir(r5) r6 = socket$unix(0x1, 0x2, 0x0) bind$unix(r6, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r7 = socket$unix(0x1, 0x2, 0x0) bind$unix(r7, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) connect$unix(r6, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x25) r8 = dup(0xffffffffffffffff) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000200)="0f474800abc4e17a7eaa3c000000440f2012350f000000440f01c58fc97002700d0fc7b51d85cd66b9800000c00f3235000800000f302ef30f015e470f01d10f1ac7"}], 0x1, 0x0, 0x0, 0xfffffffffffffd9e) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406d0434c50000000000010902"], 0x0) r10 = socket(0x1f, 0x6, 0xffffffff) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r11, 0x0) setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x482, &(0x7f0000000000)={0x2c, @private=0xa010104, 0x0, 0xfffffffd, 'nq\x00', 0x0, 0x0, 0x2}, 0x2c) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 3.422749706s ago: executing program 0 (id=5259): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) recvmmsg(r0, 0x0, 0x0, 0x3000000, 0x0) 3.321236402s ago: executing program 0 (id=5260): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$ptp1(0xffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$PTP_PIN_GETFUNC2(r3, 0xc0603d0f, &(0x7f0000000040)={'\x00', 0xfffffff8, 0x1, 0x3}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) setsockopt$sock_void(r0, 0x1, 0xb3a09252f923a13a, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19) 3.122213989s ago: executing program 1 (id=5262): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="850000002a0000003500000000000000850000000500000095000000000000001b90b31a08f54ff40571eda5c56ad924a10c7b1e6003c9325fea577f8e56fe212b358f1d0838c8119ed74e74552ce4e6c8093375e35c8250f448a6a31260c2f9fbb70400000000000000b08b7aab5fd5d24dcff1ca14025b73c2da8f550900000000000000c340b111fcee90d6d90100000001000000babdee"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) syz_emit_ethernet(0x46, &(0x7f0000000340)=ANY=[@ANYBLOB="3c82bf073aaebbbbbbbbbbbb86dd6001010000101100fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000001090780200000000"], 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000200)={0x1, 0x101}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000002440)={0x5, 0x0, [{0x3000, 0xc4, &(0x7f0000001280)=""/196}, {0x3000, 0xbc, &(0x7f00000021c0)=""/188}, {0x10000, 0x15, &(0x7f0000001380)=""/21}, {0x4, 0xdc, &(0x7f0000002280)=""/220}, {0x5000, 0xad, &(0x7f0000002380)=""/173}]}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/233, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000670000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6207005d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb5d80efd7da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe5682159fbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3781b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d94462d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a05044baf314113e889468cf13dd92aa0d7744db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534b00d0fea62f0a61535dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263ed7def8924cfcd48a8a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6f00f0ffffa0fdb6487c51ef12c27b30255bc4f8813be88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387c7acb9bbd1da497611ceda25049e48ddacccbb58dddaf9a3510d65383829a51e0f41e661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae75bd68c3e2b770c324a0ab26b6065d7e95a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f0f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449acf18459500f024f9b75885cd79ba32776e4a511c8a4ad922b00000000000000a9241220dfbf7d02ef507ec6fc7f5d37d835f7bed71283c431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc197a51c29443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477e268326af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d13d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8ea5c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a76d41793aabccd3d0c50486eae6793e1f54814a8ee2779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec46edc18d5c287d1435956784003a53eb5fe535ead8857acf0166dbd9f30a9b9c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8adef47ede2076dc538bb97502b4b4350e633dc0a53c2fc9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c005da21073c6d9680d4e547cb727addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cf4eba7ceda6ff8a0c8b18c5e9e2f505e833217557abb257d61af8e8c473a7585436730db75da167481ab8921fe051b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a117cb948247c33abc765a6ba695c3cea5e32a4d1ae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000ff267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfe3f31a34e3e12c58cf172a4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9745b3cabc908e623403c013907523c77f8acc20b9e2fd224ca8f21fab2b10991881e2112f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a805e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd586f42d06c790000087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d667d5a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303dff449c0513b552a75ed48215cc31264a6ff648a95daa0d599dbce303b3b5307572df30429a3b4b115cab0a018f2501272048dd9e69877535e20078e7c28a98f26ace2fa90c68166396a2398d7a266bdc15ce904f25ec7fb2434ee7b5b69bed702ba1e7ed72942f452f1a98a2d949450091075efa823b11f5f5eccd921c04c7c15a5a05750cd85b1300fc00ce275de7559e117f87cb6c3c9a4b9f96149e3fcffa44d7258e9fc818ab3d76ab660a254d998592c31017f816e01a21c08a17ac"], &(0x7f0000000340)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r3, 0x18000000000002a0, 0x10, 0x0, &(0x7f0000000000)="5aee41dea43e63a3f75e64fb7ff20700", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81e8943c, &(0x7f0000000000)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f0000000280)={{r2}, r4, 0x10, @inherit={0x50, &(0x7f0000002500)=ANY=[@ANYBLOB="0100000000000000410000005457c71f136e705865a35700000000ffffffff00000000010000000000000006cf48b4e355a9c12ff6e01927000000030000000000000003000000000000000a000000000000000500"/106]}, @subvolid=0xc72}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000003180)={'gre0\x00', &(0x7f0000003080)={'sit0\x00', 0x0, 0x1, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) 3.071961826s ago: executing program 1 (id=5263): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x3, 0x80000) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3}) io_setup(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f0000000540)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) fchdir(r4) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r6 = socket$unix(0x1, 0x2, 0x0) bind$unix(r6, &(0x7f0000000100)=@abs={0x0, 0x0, 0x4e20}, 0x1c) r7 = dup(r1) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000200)="0f474800abc4e17a7eaa3c000000440f2012350f000000440f01c58fc97002700d0fc7b51d85cd66b9800000c00f3235000800000f302ef30f015e470f01d10f1ac7"}], 0x1, 0x0, 0x0, 0xfffffffffffffd9e) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406d0434c50000000000010902"], 0x0) r9 = socket(0x1f, 0x6, 0xffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, &(0x7f0000000000)={0x2c, @private=0xa010104, 0x0, 0xfffffffd, 'nq\x00', 0x0, 0x0, 0x2}, 0x2c) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 2.333913671s ago: executing program 0 (id=5265): r0 = socket$kcm(0x10, 0x2, 0x0) socket(0x10, 0x3, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_type(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(r2, &(0x7f0000001ec0)=ANY=[@ANYBLOB="004000003a0091"], 0xfe33) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x6) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$HIDIOCGRDESC(r1, 0x90044802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)=ANY=[@ANYRESHEX=r5, @ANYRES16=r5, @ANYBLOB="01000086bed1bdaf328958cbd4e1000000001a672b4037419e040b690d1a663999fd84917af1776bf7b1461663f84682b063685d36a2a7", @ANYRES32=r6, @ANYBLOB="26003300d0000000080211000001080211000000505050505050000000043b030000003e01000000"], 0x44}}, 0x0) sendmsg$NL80211_CMD_TESTMODE(r1, &(0x7f00000001c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYRES64=r0, @ANYRES16=r5, @ANYBLOB="00042dbd7000fcdbdf252d0000000c009900ff000000570000007b004500cb20d08ca8b1e9ba9749fd060e6667ec0e0c09a14896e4372f0892b7c1ba6626f6aa4e962d452008e540a3fc04e58d26fac207ad8b2e34d4ef9bcba31ef65b80c883a67e19832d9511276a6a87305ed483c6b5f910cbf4b5b523d7c8386c030d602744a1867187effdcd6f48d499dae7139e46dedb3aa30030006500ef97e4bd500da1e3a4d3cbe87ad1a674de573403fd55f82eb15434b8c0c8d4660904ff4fee0bbf57786c57418b004500292c9fad365d1f01895016a01c03973c8cf4e635bf6f24f91ddb0b1302a5a12aefee6809073cc88686a1ba1bc04a8bab2380f15b39d265e4113da2319649c05bcbe697b8b50a2113ab8e4e62714fc1b518fe0f296cd83b0715b9025ad940952a52eb5ef9eca1ccdccd9b77a192a4beb822ac4a0b327c57fe9f792eb114aa7b77f7b02dd9011b8600"], 0x158}, 0x1, 0x0, 0x0, 0x4}, 0x40) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r7 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0) ftruncate(r7, 0x80079a0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) lseek(r7, 0x0, 0x4) openat$binderfs_ctrl(0xffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) 2.092082588s ago: executing program 2 (id=5266): prlimit64(0x0, 0x0, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000210100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000072000000850000000700000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='wlan0\x00', 0x10) sendmmsg$inet6(r2, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000000)="c299", 0x2}], 0x1}}], 0x1, 0x4000c000) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x2, 0x2, 0x4}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000240)=ANY=[@ANYRESOCT=r1, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000080000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000000000401500f8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x90) sendto$inet6(r2, &(0x7f0000000140)="6382", 0x5dc, 0x0, 0x0, 0x0) syz_emit_ethernet(0xa6, &(0x7f0000000800)=ANY=[], 0x0) r4 = syz_io_uring_setup(0xeec, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r4, 0x567, 0x0, 0x0, 0x0, 0x0) syz_usb_disconnect(r0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000000)) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x0, 0x0}}, 0x53) write$dsp(r7, &(0x7f00000000c0)="6df4c162dd3a449edff7d66c09", 0xd) ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f00000002c0)=0x3ff) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000000)='GPL\x00', 0x6, 0x4f, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffcc3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='jbd2_handle_stats\x00', r8}, 0x10) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/4\x00') preadv(r9, &(0x7f0000001780)=[{&(0x7f0000000680)=""/262, 0x106}], 0x1, 0x0, 0x0) writev(r7, &(0x7f0000000040)=[{&(0x7f0000000100)='\x00', 0x1}], 0x1) 1.923944732s ago: executing program 0 (id=5269): socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCGL2TPSTATS(r0, 0x40047452, 0x0) 1.851751372s ago: executing program 0 (id=5270): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x1de) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) ioctl$PPPIOCGL2TPSTATS(r0, 0x40047452, 0x0) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, &(0x7f0000000140)={{}, {0x0, 0xc0}, 0x0, 0x4}) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb0100180000005d6f63378f4324220c00000006000000020000000000001302000000000061613000"], 0x0, 0x2a}, 0x20) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=""/228, 0x0, 0xe4}, 0x20) socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, r3, 0x0, 0x3, 0x5}, 0x48) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r5, &(0x7f00000000c0), 0x2) ioctl$TIOCNOTTY(r4, 0x5422) r6 = dup(r4) r7 = io_uring_setup(0x17ba, &(0x7f00000002c0)={0x0, 0xeeeb, 0x2, 0x1, 0x0, 0x0, r6}) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmmsg(r8, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=""/233, 0xe9}], 0x1}}], 0x1, 0x0, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) r9 = syz_open_dev$cec(&(0x7f0000000340), 0x0, 0x0) ioctl$CEC_DQEVENT(r9, 0xc0506107, 0x0) ioctl$CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, &(0x7f0000000180)={0x0, 0x0, 0x0, @lost_msgs}) ioctl$IOC_PR_PREEMPT(r9, 0x40046109, &(0x7f0000000040)={0xd0, 0x0, 0x19}) ioctl$TIOCL_SETVESABLANK(r6, 0x541c, &(0x7f0000000080)) setrlimit(0x0, &(0x7f0000000980)) setrlimit(0x0, &(0x7f0000000100)) 1.851377324s ago: executing program 3 (id=5271): syz_open_dev$usbfs(&(0x7f0000002680), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$ptp1(0xffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$PTP_PIN_GETFUNC2(r2, 0xc0603d0f, &(0x7f0000000040)={'\x00', 0xfffffff8, 0x1, 0x3}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$sock_void(0xffffffffffffffff, 0x1, 0xb3a09252f923a13a, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19) 1.69503186s ago: executing program 1 (id=5272): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000000)={0x2, 'team_slave_0\x00', {0x7}, 0x5e1}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000240)={0xffffffffffffffff}) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) openat$cgroup_ro(r4, &(0x7f0000000100)='cpuset.memory_pressure\x00', 0x0, 0x0) 1.619472076s ago: executing program 1 (id=5273): bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crc32c-generic)\x00'}, 0x58) r0 = socket(0x22, 0x2, 0x1) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b90402000000e8fe55a1180015000600142603600e12090018", 0x27}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x33fe0) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000240)=""/1, &(0x7f0000002180)=0x1) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6) write(r2, &(0x7f0000000040)="5b000000010001", 0x7) 1.604398643s ago: executing program 0 (id=5274): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x3, 0x80000) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3}) io_setup(0x4, &(0x7f00000001c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x10000000002, 0x0, 0x1, r3}]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) fchdir(r5) r6 = socket$unix(0x1, 0x2, 0x0) bind$unix(r6, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r7 = socket$unix(0x1, 0x2, 0x0) bind$unix(r7, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) connect$unix(r6, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x25) dup(r1) r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000200)="0f474800abc4e17a7eaa3c000000440f2012350f000000440f01c58fc97002700d0fc7b51d85cd66b9800000c00f3235000800000f302ef30f015e470f01d10f1ac7"}], 0x1, 0x0, 0x0, 0xfffffffffffffd9e) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406d0434c50000000000010902"], 0x0) r9 = socket(0x1f, 0x6, 0xffffffff) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r10, 0x0) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, &(0x7f0000000000)={0x2c, @private=0xa010104, 0x0, 0xfffffffd, 'nq\x00', 0x0, 0x0, 0x2}, 0x2c) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 1.604049648s ago: executing program 1 (id=5275): r0 = socket$kcm(0x10, 0x2, 0x0) socket(0x10, 0x3, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_type(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(r2, &(0x7f0000001ec0)=ANY=[@ANYBLOB="004000003a0091"], 0xfe33) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x6) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$HIDIOCGRDESC(r1, 0x90044802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)=ANY=[@ANYRESHEX=r5, @ANYRES16=r5, @ANYBLOB="01000086bed1bdaf328958cbd4e1000000001a672b4037419e040b690d1a663999fd84917af1776bf7b1461663f84682b063685d36a2a7", @ANYRES32=r6, @ANYBLOB="26003300d0000000080211000001080211000000505050505050000000043b030000003e01000000"], 0x44}}, 0x0) sendmsg$NL80211_CMD_TESTMODE(r1, &(0x7f00000001c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYRES64=r0, @ANYRES16=r5, @ANYBLOB="00042dbd7000fcdbdf252d0000000c009900ff000000570000007b004500cb20d08ca8b1e9ba9749fd060e6667ec0e0c09a14896e4372f0892b7c1ba6626f6aa4e962d452008e540a3fc04e58d26fac207ad8b2e34d4ef9bcba31ef65b80c883a67e19832d9511276a6a87305ed483c6b5f910cbf4b5b523d7c8386c030d602744a1867187effdcd6f48d499dae7139e46dedb3aa30030006500ef97e4bd500da1e3a4d3cbe87ad1a674de573403fd55f82eb15434b8c0c8d4660904ff4fee0bbf57786c57418b004500292c9fad365d1f01895016a01c03973c8cf4e635bf6f24f91ddb0b1302a5a12aefee6809073cc88686a1ba1bc04a8bab2380f15b39d265e4113da2319649c05bcbe697b8b50a2113ab8e4e62714fc1b518fe0f296cd83b0715b9025ad940952a52eb5ef9eca1ccdccd9b77a192a4beb822ac4a0b327c57fe9f792eb114aa7b77f7b02dd9011b8600"], 0x158}, 0x1, 0x0, 0x0, 0x4}, 0x40) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r7 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0) ftruncate(r7, 0x80079a0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) lseek(r7, 0x0, 0x4) openat$binderfs_ctrl(0xffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) 1.229330525s ago: executing program 1 (id=5276): r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @mcast1}, 0x1c) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x3a9, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009f87854ad98bef03025c32e7aa4a721d28e94ec5feff3a279c2e1c18002e39eaaefec3dfd1eae45a61e4283e8a7ef1eaf70d93a0333a9ff9e"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_usb_connect$cdc_ncm(0x0, 0x91, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0xfffe}, {0xd}, {0x6}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x0, 0x1ff}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0x0, 0x7}, @network_terminal={0x7, 0x24, 0xa, 0x6d}, @mbim={0xc, 0x24, 0x1b, 0x100, 0x59d}]}}}}}]}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_pressure(r3, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 872.19992ms ago: executing program 3 (id=5277): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) (async) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="7472616e733d66642cefa2646e6f3d", @ANYRESOCT=r3, @ANYBLOB=',wfdno=', @ANYRES8=r1, @ANYBLOB=',k']) (async) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x1, 0x0, 0x7}) (async) chmod(&(0x7f0000000140)='./file0\x00', 0x0) keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f00000001c0)='keyring\x00', 0x0) (async) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000200)={0x80000008, 0x1, 0x3, "83eca6080000000000000010000000139c00", 0x59555956}) (async) pipe2$watch_queue(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) (async) r6 = add_key$fscrypt_v1(&(0x7f0000000300), &(0x7f0000000280)={'fscrypt:', @desc3}, &(0x7f0000000380)={0x0, "66cded0eb633a9cdaf90e8166bd36609554fc754fa6ee3010f898c17196497a03482593b1b58afd8aa5f2a24672ad02400", 0x43b}, 0x48, r0) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r4, 0x0) (async) keyctl$KEYCTL_WATCH_KEY(0x5, r6, r5, 0x0) (async) keyctl$update(0x2, r0, 0x0, 0x0) (async) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) socket$pppl2tp(0x18, 0x1, 0x1) (async) r7 = socket$l2tp(0x2, 0x2, 0x73) (async) r8 = syz_open_dev$I2C(&(0x7f0000000a80), 0x0, 0x0) ioctl$I2C_TENBIT(r8, 0x704, 0x0) write$tun(0xffffffffffffffff, &(0x7f00000008c0)=ANY=[@ANYBLOB="010101046700030090000180c2000001aaaaaaaaaaaa81002100000c020000e003000000867bf3421c00c20f0aafcee673b2d9f254300924b3e86a09aa0dabaef01ead01d5d466e21a8c7d2be3c12b0d1721702b630e45fd18d9d5d07190e328edfda74de82f031a17c63ad6087f021dca8c050d4bdde5827a48db68ba9e78d3e61a12af63fe7a8ef31d8b96938725e363fcc7fa9a2c3636de97428a5d9b"], 0x2c) (async) r9 = socket(0x25, 0x3, 0x1) getsockopt$nfc_llcp(r9, 0x65, 0x6, 0x0, 0x20000000) (async) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000480)=@nat={'nat\x00', 0x1b, 0x5, 0x3bc, 0x270, 0x0, 0xffffffff, 0x15c, 0xc8, 0x328, 0x328, 0xffffffff, 0x328, 0x328, 0x5, &(0x7f0000000040), {[{{@ip={@local, @private=0xa010102, 0xff000000, 0xffffff00, 'ip6tnl0\x00', 'veth1_to_hsr\x00', {}, {0xff}, 0x29, 0x1, 0x21}, 0x0, 0x94, 0xc8, 0x0, {}, [@common=@icmp={{0x24}, {0x12, "4584"}}]}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x0, @dev={0xac, 0x14, 0x14, 0x13}, @broadcast, @icmp_id=0x64, @icmp_id=0x66}}}}, {{@ip={@rand_addr=0x64010102, @empty, 0xffffffff, 0x0, 'ip6tnl0\x00', 'veth1_to_team\x00', {0xff}, {}, 0x8, 0x1, 0x2c}, 0x0, 0x70, 0x94}, @common=@unspec=@NFQUEUE0={0x24, 'NFQUEUE\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xcc, 0x114, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x9, 0x5, 0x5, 0x1}}, @common=@addrtype={{0x2c}, {0x120, 0x110, 0x0, 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x3, @ipv6=@loopback, @ipv6=@private1, @icmp_id=0x65, @gre_key=0xd185}}}, {{@ip={@remote, @local, 0xff000000, 0x0, 'veth0_to_batadv\x00', 'vlan1\x00', {}, {}, 0x21, 0x1, 0x19}, 0x0, 0x70, 0xb8}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0xd, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv6=@private0, @icmp_id=0x66, @port=0x4e23}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x418) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) 872.080467ms ago: executing program 3 (id=5278): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) ioctl$USBDEVFS_IOCTL(r0, 0x8933, 0x0) 801.730147ms ago: executing program 3 (id=5279): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000000)={0x0, 0x30000, &(0x7f0000000080)={&(0x7f0000000380)={0x20, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x4}]}, 0x20}}, 0x0) 801.314803ms ago: executing program 3 (id=5280): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0406000000000000005872133b22b9441a168f2463fce7e35d03"], 0x1a) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0x0, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req={0x8000, 0xffffffff, 0x2, 0x8000}, 0x10) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000002500000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x47, 0x10, 0x0, 0x1e}, 0x2d) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r4 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x301, 0x0, 0x0, {0x24}}, 0x14}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_DEST(r5, &(0x7f0000001280)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x4088}, 0xc, &(0x7f0000001240)={&(0x7f00000012c0)=ANY=[@ANYBLOB="84000000", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fcdbdf25060000006b050180060004004e24000008000500000000005c0001800c0007000400000004000000080006006f766600080009000a000000060002006c00000008000b007369700008000500020000000c00070004000000030000000800050001000000080009007700000008000b007369700022f7c83cd12e163701de9ccc7c0556ee4366ff8199188e90d164b7b2ccc26aefc2f3410adf8ee5ab32eb9975bf6508dd7814313cf34fef07758aff80cd0961304b56f2f17b0b82"], 0x84}}, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x12, {"a2e3ad21ed0d09f91b5b090987f70906d038e7ff7fc6e5539b0d3d0e8b089b323b6d07060890e0878f0e1ac6e7049b334a959b3e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0931a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5bcd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39dd0000000039ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00b98e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d877a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) syz_usb_connect$hid(0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x0, 0xc4}, 0x11, &(0x7f0000000080)={0x5, 0xf, 0x11, 0x1, [@ssp_cap={0xc}]}}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) socket$nl_route(0x10, 0x3, 0x0) fchdir(0xffffffffffffffff) 105.635291ms ago: executing program 3 (id=5281): creat(&(0x7f0000000040)='./file0\x00', 0x1de) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000000)=ANY=[], 0x26) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a0, 0x0, 0x2b8, 0x182, 0x0, 0x0, 0x1d8, 0x3a8, 0x3a8, 0x1d8, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec, 0x0, {0x0, 0xe0ffff00000000}}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xf7db, 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x100, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2fc) getsockname$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x47) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r3) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') close(r3) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r4, 0xc0106407, &(0x7f0000000080)={0x1, 0x951}) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}}) socket$netlink(0x10, 0x3, 0x4) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000000040), 0x1c) r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r7, 0x8000010) keyctl$read(0xb, r7, 0x0, 0x0) connect$inet6(r6, &(0x7f0000000340)={0x2, 0x0, 0x0, @dev}, 0x1c) 0s ago: executing program 2 (id=5282): creat(&(0x7f0000000040)='./file0\x00', 0x1de) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000000)=ANY=[], 0x26) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a0, 0x0, 0x2b8, 0x182, 0x0, 0x0, 0x1d8, 0x3a8, 0x3a8, 0x1d8, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec, 0x0, {0x0, 0xe0ffff00000000}}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xf7db, 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x100, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2fc) getsockname$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x47) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r3) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') close(r3) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r4, 0xc0106407, &(0x7f0000000080)={0x1, 0x951}) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}}) socket$netlink(0x10, 0x3, 0x4) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000000040), 0x1c) r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r7, 0x8000010) keyctl$read(0xb, r7, 0x0, 0x0) connect$inet6(r6, &(0x7f0000000340)={0x2, 0x0, 0x0, @dev}, 0x1c) kernel console output (not intermixed with test programs): 6-1: SerialNumber: syz [ 1112.393760][T14667] usb 6-1: config 0 descriptor?? [ 1112.419807][T14667] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1112.429246][T14667] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1112.625617][ T56] usb 6-1: USB disconnect, device number 88 [ 1112.625682][ C3] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 1112.638399][ T56] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 1112.664643][T22382] FAULT_INJECTION: forcing a failure. [ 1112.664643][T22382] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1112.670958][T22382] CPU: 3 PID: 22382 Comm: syz.2.4860 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1112.675419][T22382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1112.680170][T22382] Call Trace: [ 1112.681948][T22382] [ 1112.683400][T22382] dump_stack_lvl+0x16c/0x1f0 [ 1112.685566][T22382] should_fail_ex+0x497/0x5b0 [ 1112.687917][T22382] _copy_from_iter+0x27a/0xfb0 [ 1112.690445][T22382] ? find_held_lock+0x2d/0x110 [ 1112.692774][T22382] ? __pfx__copy_from_iter+0x10/0x10 [ 1112.695029][T22382] ? hlock_class+0x4e/0x130 [ 1112.697003][T22382] ? __lock_acquire+0xc5d/0x3b30 [ 1112.699115][T22382] tun_get_user+0x245/0x3c20 [ 1112.701120][T22382] ? __pfx_tun_get_user+0x10/0x10 [ 1112.703267][T22382] ? find_held_lock+0x2d/0x110 [ 1112.705324][T22382] ? __pfx_lock_release+0x10/0x10 [ 1112.707557][T22382] tun_chr_write_iter+0xe8/0x210 [ 1112.709787][T22382] vfs_write+0x6b6/0x1140 [ 1112.711681][T22382] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1112.714242][T22382] ? __pfx_vfs_write+0x10/0x10 [ 1112.716598][T22382] ? __fget_files+0x256/0x400 [ 1112.718756][T22382] ? __fget_light+0x173/0x210 [ 1112.720815][T22382] ksys_write+0x12f/0x260 [ 1112.722686][T22382] ? __pfx_ksys_write+0x10/0x10 [ 1112.724827][T22382] __do_fast_syscall_32+0x73/0x120 [ 1112.727172][T22382] do_fast_syscall_32+0x32/0x80 [ 1112.729383][T22382] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1112.732146][T22382] RIP: 0023:0xf747d579 [ 1112.733834][T22382] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1112.742265][T22382] RSP: 002b:00000000f5d9557c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 1112.746210][T22382] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000600 [ 1112.749623][T22382] RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000000 [ 1112.752998][T22382] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1112.756313][T22382] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1112.759696][T22382] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1112.763223][T22382] [ 1114.792464][T22441] netlink: 'syz.2.4875': attribute type 12 has an invalid length. [ 1114.795966][T22441] netlink: 197276 bytes leftover after parsing attributes in process `syz.2.4875'. [ 1114.801629][T22441] FAULT_INJECTION: forcing a failure. [ 1114.801629][T22441] name failslab, interval 1, probability 0, space 0, times 0 [ 1114.806906][T22441] CPU: 3 PID: 22441 Comm: syz.2.4875 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1114.810924][T22441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1114.817153][T22441] Call Trace: [ 1114.818677][T22441] [ 1114.820075][T22441] dump_stack_lvl+0x16c/0x1f0 [ 1114.821781][T22441] should_fail_ex+0x497/0x5b0 [ 1114.823615][T22441] should_failslab+0x9/0x20 [ 1114.825245][T22441] kmalloc_node_track_caller_noprof+0xcf/0x440 [ 1114.827777][T22441] ? kvasprintf_const+0x66/0x1a0 [ 1114.829577][T22441] kvasprintf+0xbd/0x160 [ 1114.831102][T22441] ? __pfx_kvasprintf+0x10/0x10 [ 1114.832827][T22441] ? rcu_read_unlock+0x17/0x60 [ 1114.834560][T22441] ? __pfx_lock_release+0x10/0x10 [ 1114.836375][T22441] kvasprintf_const+0x66/0x1a0 [ 1114.838510][T22441] kobject_set_name_vargs+0x5a/0x140 [ 1114.840678][T22441] dev_set_name+0xc8/0x100 [ 1114.842414][T22441] ? __pfx_dev_set_name+0x10/0x10 [ 1114.844535][T22441] ? rcu_is_watching+0x12/0xc0 [ 1114.846342][T22441] ? trace_kmalloc+0x2d/0xe0 [ 1114.847901][T22441] ? wiphy_new_nm+0x797/0x2160 [ 1114.849653][T22441] wiphy_new_nm+0x811/0x2160 [ 1114.851312][T22441] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 1114.854097][T22441] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 1114.856807][T22441] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 1114.858721][T22441] ? __local_bh_enable_ip+0xa4/0x120 [ 1114.860554][T22441] mac80211_hwsim_new_radio+0x203/0x5150 [ 1114.862545][T22441] ? __pfx__printk+0x10/0x10 [ 1114.864264][T22441] ? ___ratelimit+0x24c/0x580 [ 1114.865871][T22441] ? __pfx____ratelimit+0x10/0x10 [ 1114.868150][T22441] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1114.870859][T22441] hwsim_new_radio_nl+0xaf9/0x1240 [ 1114.872901][T22441] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1114.875071][T22441] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1114.877854][T22441] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1114.880410][T22441] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1114.882315][T22441] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1114.884776][T22441] ? ns_capable+0xd7/0x110 [ 1114.886703][T22441] genl_rcv_msg+0x565/0x800 [ 1114.888704][T22441] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1114.890858][T22441] ? __dev_queue_xmit+0x85d/0x4130 [ 1114.893114][T22441] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1114.895356][T22441] netlink_rcv_skb+0x165/0x410 [ 1114.896880][T22441] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1114.898539][T22441] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1114.900174][T22441] ? down_read+0xc9/0x330 [ 1114.901470][T22441] ? __pfx_down_read+0x10/0x10 [ 1114.902966][T22441] ? netlink_deliver_tap+0x1ae/0xcf0 [ 1114.904603][T22441] genl_rcv+0x28/0x40 [ 1114.905836][T22441] netlink_unicast+0x542/0x820 [ 1114.907317][T22441] ? __pfx_netlink_unicast+0x10/0x10 [ 1114.909318][T22441] ? const_folio_flags.constprop.0+0x56/0x150 [ 1114.911838][T22441] ? __phys_addr_symbol+0x30/0x80 [ 1114.913988][T22441] ? __check_object_size+0x48e/0x720 [ 1114.916223][T22441] netlink_sendmsg+0x8b8/0xd70 [ 1114.918303][T22441] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1114.920595][T22441] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1114.922948][T22441] ____sys_sendmsg+0x9b4/0xb50 [ 1114.925025][T22441] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1114.927422][T22441] ? get_compat_msghdr+0x11b/0x170 [ 1114.929816][T22441] ? __pfx___lock_acquire+0x10/0x10 [ 1114.932050][T22441] ___sys_sendmsg+0x135/0x1e0 [ 1114.934060][T22441] ? __pfx____sys_sendmsg+0x10/0x10 [ 1114.936319][T22441] ? ksys_write+0x21c/0x260 [ 1114.938307][T22441] ? __fget_light+0x173/0x210 [ 1114.940322][T22441] __sys_sendmsg+0x117/0x1f0 [ 1114.942347][T22441] ? __pfx___sys_sendmsg+0x10/0x10 [ 1114.944559][T22441] __do_fast_syscall_32+0x73/0x120 [ 1114.946799][T22441] do_fast_syscall_32+0x32/0x80 [ 1114.948948][T22441] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1114.951804][T22441] RIP: 0023:0xf747d579 [ 1114.953646][T22441] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1114.962108][T22441] RSP: 002b:00000000f5d9557c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1114.965951][T22441] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000 [ 1114.969597][T22441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1114.973086][T22441] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1114.976543][T22441] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1114.980479][T22441] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1114.984110][T22441] [ 1115.959007][ T5244] usb 7-1: new high-speed USB device number 80 using dummy_hcd [ 1116.166802][ T5244] usb 7-1: Using ep0 maxpacket: 32 [ 1116.171509][ T5244] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1116.176718][ T5244] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1116.199071][ T5244] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1116.203794][ T5244] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1116.219625][ T5244] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1116.224658][ T5244] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1116.251120][ T5244] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1116.255515][ T5244] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1116.265600][ T5244] usb 7-1: Product: syz [ 1116.267575][ T5244] usb 7-1: Manufacturer: syz [ 1116.275892][ T5244] usb 7-1: SerialNumber: syz [ 1116.455933][T22482] netlink: 'syz.0.4889': attribute type 4 has an invalid length. [ 1116.509519][T22485] x_tables: duplicate underflow at hook 1 [ 1116.509936][ T5244] cdc_ncm 7-1:1.0: bind() failure [ 1116.520038][ T5244] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 1116.523239][ T5244] cdc_ncm 7-1:1.1: bind() failure [ 1116.528184][ T5244] usb 7-1: USB disconnect, device number 80 [ 1116.740745][T22495] netlink: 'syz.0.4894': attribute type 4 has an invalid length. [ 1116.744256][T22495] FAULT_INJECTION: forcing a failure. [ 1116.744256][T22495] name failslab, interval 1, probability 0, space 0, times 0 [ 1116.748962][T22495] CPU: 0 PID: 22495 Comm: syz.0.4894 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1116.753207][T22495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1116.757531][T22495] Call Trace: [ 1116.759057][T22495] [ 1116.760384][T22495] dump_stack_lvl+0x16c/0x1f0 [ 1116.762549][T22495] should_fail_ex+0x497/0x5b0 [ 1116.764602][T22495] should_failslab+0x9/0x20 [ 1116.766555][T22495] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1116.769026][T22495] ? __alloc_skb+0x2b3/0x380 [ 1116.770995][T22495] ? security_capable+0x98/0xd0 [ 1116.773076][T22495] __alloc_skb+0x2b3/0x380 [ 1116.775082][T22495] ? __pfx___alloc_skb+0x10/0x10 [ 1116.777262][T22495] ? genl_rcv_msg+0x4bd/0x800 [ 1116.779512][T22495] netlink_ack+0x164/0xb20 [ 1116.781473][T22495] netlink_rcv_skb+0x327/0x410 [ 1116.783598][T22495] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1116.785793][T22495] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1116.788088][T22495] ? down_read+0xc9/0x330 [ 1116.789970][T22495] ? __pfx_down_read+0x10/0x10 [ 1116.792036][T22495] ? netlink_deliver_tap+0x1ae/0xcf0 [ 1116.794460][T22495] genl_rcv+0x28/0x40 [ 1116.796280][T22495] netlink_unicast+0x542/0x820 [ 1116.798407][T22495] ? __pfx_netlink_unicast+0x10/0x10 [ 1116.800748][T22495] ? __phys_addr_symbol+0x30/0x80 [ 1116.802951][T22495] ? __check_object_size+0x48e/0x720 [ 1116.805257][T22495] netlink_sendmsg+0x8b8/0xd70 [ 1116.807358][T22495] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1116.809777][T22495] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1116.812089][T22495] ____sys_sendmsg+0x9b4/0xb50 [ 1116.814217][T22495] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1116.816510][T22495] ? get_compat_msghdr+0x11b/0x170 [ 1116.818719][T22495] ? __pfx___lock_acquire+0x10/0x10 [ 1116.820917][T22495] ___sys_sendmsg+0x135/0x1e0 [ 1116.822982][T22495] ? __pfx____sys_sendmsg+0x10/0x10 [ 1116.825291][T22495] ? ksys_write+0x21c/0x260 [ 1116.827463][T22495] ? __fget_light+0x173/0x210 [ 1116.829520][T22495] __sys_sendmsg+0x117/0x1f0 [ 1116.831626][T22495] ? __pfx___sys_sendmsg+0x10/0x10 [ 1116.833867][T22495] __do_fast_syscall_32+0x73/0x120 [ 1116.836098][T22495] do_fast_syscall_32+0x32/0x80 [ 1116.838210][T22495] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1116.840936][T22495] RIP: 0023:0xf7473579 [ 1116.842713][T22495] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1116.850741][T22495] RSP: 002b:00000000f5d8b57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1116.854287][T22495] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000480 [ 1116.857625][T22495] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1116.860970][T22495] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1116.864333][T22495] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1116.867720][T22495] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1116.871074][T22495] [ 1116.872460][ C0] vkms_vblank_simulate: vblank timer overrun [ 1116.893393][T22496] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4892'. [ 1118.349187][ T5245] usb 8-1: new high-speed USB device number 76 using dummy_hcd [ 1118.453867][ T65] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1118.459592][ T65] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1118.463937][ T65] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1118.472104][ T65] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1118.476320][ T65] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1118.482708][ T65] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1118.530229][ T5245] usb 8-1: Using ep0 maxpacket: 32 [ 1118.541078][ T5245] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1118.545983][ T5245] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1118.558927][ T5245] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1118.568075][ T5245] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1118.581117][ T5245] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1118.593364][ T5245] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1118.602222][ T5245] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1118.606610][ T5245] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1118.610629][ T5245] usb 8-1: Product: syz [ 1118.612653][ T5245] usb 8-1: Manufacturer: syz [ 1118.614837][ T5245] usb 8-1: SerialNumber: syz [ 1118.688687][ T1089] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1118.828021][ T1089] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1118.886568][ T5245] cdc_ncm 8-1:1.0: bind() failure [ 1118.904069][ T5245] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found [ 1118.914377][ T5245] cdc_ncm 8-1:1.1: bind() failure [ 1118.940729][ T5245] usb 8-1: USB disconnect, device number 76 [ 1119.051819][ T1089] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1119.144361][T22547] chnl_net:caif_netlink_parms(): no params data found [ 1119.198296][ T1089] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1119.367100][T22547] bridge0: port 1(bridge_slave_0) entered blocking state [ 1119.371834][T22547] bridge0: port 1(bridge_slave_0) entered disabled state [ 1119.374675][T22547] bridge_slave_0: entered allmulticast mode [ 1119.378009][T22547] bridge_slave_0: entered promiscuous mode [ 1119.385735][T22547] bridge0: port 2(bridge_slave_1) entered blocking state [ 1119.388466][T22547] bridge0: port 2(bridge_slave_1) entered disabled state [ 1119.399028][T22547] bridge_slave_1: entered allmulticast mode [ 1119.410282][T22547] bridge_slave_1: entered promiscuous mode [ 1119.505964][T22547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1119.525083][T22547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1119.628558][T22547] team0: Port device team_slave_0 added [ 1119.648675][T22547] team0: Port device team_slave_1 added [ 1119.733295][T22547] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1119.736049][T22547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1119.746318][T22547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1119.751916][ T1089] bridge_slave_1: left allmulticast mode [ 1119.753982][ T1089] bridge_slave_1: left promiscuous mode [ 1119.756103][ T1089] bridge0: port 2(bridge_slave_1) entered disabled state [ 1119.763962][ T1089] bridge_slave_0: left allmulticast mode [ 1119.765951][ T1089] bridge_slave_0: left promiscuous mode [ 1119.768199][ T1089] bridge0: port 1(bridge_slave_0) entered disabled state [ 1120.181031][ T1089] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1120.188435][ T1089] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1120.196401][ T1089] bond0 (unregistering): Released all slaves [ 1120.205844][T22547] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1120.209284][T22547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1120.221906][T22547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1120.367477][T22547] hsr_slave_0: entered promiscuous mode [ 1120.371684][T22547] hsr_slave_1: entered promiscuous mode [ 1120.375737][T22547] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1120.380754][T22547] Cannot create hsr debugfs directory [ 1120.558989][ T5205] Bluetooth: hci1: command tx timeout [ 1120.608501][ T1089] hsr_slave_0: left promiscuous mode [ 1120.615218][ T1089] hsr_slave_1: left promiscuous mode [ 1120.619176][ T1089] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1120.623085][ T1089] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1120.627223][ T1089] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1120.632207][ T1089] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1120.659059][T19686] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 1120.681217][ T1089] veth1_macvtap: left promiscuous mode [ 1120.683703][ T1089] veth0_macvtap: left promiscuous mode [ 1120.686323][ T1089] veth1_vlan: left promiscuous mode [ 1120.689112][ T1089] veth0_vlan: left promiscuous mode [ 1120.853178][T19686] usb 5-1: Using ep0 maxpacket: 32 [ 1120.872422][T19686] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1120.877384][T19686] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1120.890471][T19686] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1120.894908][T19686] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1120.899696][T19686] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1120.904226][T19686] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1120.914461][T19686] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1120.918466][T19686] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1120.922024][T19686] usb 5-1: Product: syz [ 1120.924088][T19686] usb 5-1: Manufacturer: syz [ 1120.926468][T19686] usb 5-1: SerialNumber: syz [ 1121.045171][T22594] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1121.289841][ T1353] ieee802154 phy1 wpan1: encryption failed: -22 [ 1122.049822][ T1089] team0 (unregistering): Port device team_slave_1 removed [ 1122.072000][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1122.174645][ T1089] team0 (unregistering): Port device team_slave_0 removed [ 1122.392775][ T5245] usb 8-1: new high-speed USB device number 77 using dummy_hcd [ 1122.582194][ T5245] usb 8-1: Using ep0 maxpacket: 32 [ 1122.607839][ T5245] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 1122.612726][ T5245] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1122.617437][ T5245] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1122.621531][ T5245] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1122.626026][ T5245] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1122.628981][ T5205] Bluetooth: hci1: command tx timeout [ 1122.631751][ T5245] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1122.635687][ T5245] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1122.639454][ T5245] usb 8-1: Product: syz [ 1122.641298][ T5245] usb 8-1: Manufacturer: syz [ 1122.643364][ T5245] usb 8-1: SerialNumber: syz [ 1122.647327][ T5245] usb 8-1: config 0 descriptor?? [ 1122.652551][ T5245] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1122.659499][ T5245] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1122.909201][ T5241] usb 8-1: USB disconnect, device number 77 [ 1122.914140][ T5241] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 1123.109058][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1123.112813][T19686] cdc_ncm 5-1:1.0: bind() failure [ 1123.123685][T19686] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1123.126697][T19686] cdc_ncm 5-1:1.1: bind() failure [ 1123.140690][T19686] usb 5-1: USB disconnect, device number 99 [ 1123.594251][T22547] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1123.602835][T22547] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1123.610774][T22547] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1123.629422][T22547] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1123.726318][T22547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1123.768292][T22547] 8021q: adding VLAN 0 to HW filter on device team0 [ 1123.779913][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 1123.783951][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1123.800266][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 1123.803418][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1123.840121][T22642] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4930'. [ 1123.864596][T22642] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1123.894388][T22642] syzkaller0: entered promiscuous mode [ 1123.896906][T22642] syzkaller0: entered allmulticast mode [ 1123.952976][T22651] netlink: 'syz.3.4932': attribute type 5 has an invalid length. [ 1124.720993][ T5205] Bluetooth: hci1: command tx timeout [ 1125.974345][T22674] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4937'. [ 1126.019622][T22547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1126.067288][T22547] veth0_vlan: entered promiscuous mode [ 1126.074279][T22683] sctp: [Deprecated]: syz.2.4940 (pid 22683) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1126.074279][T22683] Use struct sctp_sack_info instead [ 1126.076452][T22547] veth1_vlan: entered promiscuous mode [ 1126.100317][T22686] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4941'. [ 1126.115673][T22547] veth0_macvtap: entered promiscuous mode [ 1126.125506][T22547] veth1_macvtap: entered promiscuous mode [ 1126.135266][T22547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.140496][T22547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.145045][T22547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.150100][T22547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.155227][T22547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.161431][T22547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.168468][T22547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1126.177634][T22692] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4941'. [ 1126.190538][T22547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.197425][T22547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.202315][T22547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.206999][T22547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.211490][T22547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.216697][T22547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.224454][T22547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1126.229943][T22547] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1126.233752][T22547] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1126.237347][T22547] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1126.241383][T22547] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1126.285294][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.294133][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.297213][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.302712][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.305767][ T90] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1126.305788][ T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1126.309012][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309048][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309059][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309070][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309081][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309092][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309103][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309113][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309124][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309135][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309146][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309157][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309168][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309178][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309189][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309200][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309211][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309222][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309232][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309245][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309256][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309267][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309277][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309288][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309299][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309309][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309320][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309331][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309347][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309364][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309382][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309399][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309416][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309434][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309451][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309470][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309487][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309511][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.309530][ T56] hid-generic 0000:0000:FFFFFFFF.0026: unknown main item tag 0x0 [ 1126.316158][ T56] hid-generic 0000:0000:FFFFFFFF.0026: hidraw1: HID v0.09 Device [syz0] on syz0 [ 1126.348927][T22698] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4945'. [ 1126.350316][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1126.441959][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1126.548255][T22703] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1126.568035][T22701] netlink: 'syz.1.4908': attribute type 4 has an invalid length. [ 1126.695527][T22705] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4948'. [ 1126.719987][T22705] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1126.730337][T22705] syzkaller0: entered promiscuous mode [ 1126.732497][T22705] syzkaller0: entered allmulticast mode [ 1127.104194][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.107278][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.116053][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.121381][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.124107][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.127177][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.130657][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.133498][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.136640][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.142707][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.145934][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.149749][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.153357][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.156285][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.159724][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.162816][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.165998][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.169576][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.173087][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.176671][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.180940][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.185134][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.188686][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.193619][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.197562][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.201565][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.205147][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.208631][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.212674][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.216237][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.220169][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.223778][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.227307][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.231500][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.235106][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.238672][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.242538][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.246035][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.249793][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.252652][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.255554][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.258618][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.261859][T14667] hid-generic 0000:0000:FFFFFFFF.0027: unknown main item tag 0x0 [ 1127.287114][T14667] hid-generic 0000:0000:FFFFFFFF.0027: hidraw1: HID v0.09 Device [syz0] on syz0 [ 1128.171956][ T65] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1128.199835][ T65] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1128.208255][ T65] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1128.229359][ T65] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1128.233909][ T65] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1128.237348][ T65] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1128.772722][T22733] batman_adv: batadv0: Adding interface: veth0_to_hsr [ 1128.775382][T22733] batman_adv: batadv0: The MTU of interface veth0_to_hsr is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1128.789228][T22733] batman_adv: batadv0: Interface activated: veth0_to_hsr [ 1128.860673][ T90] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1128.996868][ T90] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1129.109561][T22753] FAULT_INJECTION: forcing a failure. [ 1129.109561][T22753] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1129.116088][T22753] CPU: 0 PID: 22753 Comm: syz.0.4963 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1129.120593][T22753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1129.125357][T22753] Call Trace: [ 1129.126971][T22753] [ 1129.128350][T22753] dump_stack_lvl+0x16c/0x1f0 [ 1129.130701][T22753] should_fail_ex+0x497/0x5b0 [ 1129.132888][T22753] _copy_to_iter+0x27a/0xfc0 [ 1129.133276][T22735] chnl_net:caif_netlink_parms(): no params data found [ 1129.135018][T22753] ? __pfx__copy_to_iter+0x10/0x10 [ 1129.139676][T22753] ? __virt_addr_valid+0x5e/0x580 [ 1129.141934][T22753] ? __phys_addr_symbol+0x30/0x80 [ 1129.144449][T22753] ? __check_object_size+0x48e/0x720 [ 1129.147023][T22753] seq_read_iter+0xd06/0x12c0 [ 1129.149408][T22753] proc_reg_read_iter+0x223/0x310 [ 1129.151944][T22753] vfs_read+0x869/0xbd0 [ 1129.154032][T22753] ? __pfx_vfs_read+0x10/0x10 [ 1129.156274][T22753] ? __pfx___mutex_lock+0x10/0x10 [ 1129.158679][T22753] ? __fget_files+0x256/0x400 [ 1129.160875][T22753] ksys_read+0x12f/0x260 [ 1129.162920][T22753] ? __pfx_ksys_read+0x10/0x10 [ 1129.165383][T22753] __do_fast_syscall_32+0x73/0x120 [ 1129.167978][T22753] do_fast_syscall_32+0x32/0x80 [ 1129.170315][T22753] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1129.173251][T22753] RIP: 0023:0xf7473579 [ 1129.175156][T22753] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1129.183961][T22753] RSP: 002b:00000000f5d8b57c EFLAGS: 00000292 ORIG_RAX: 0000000000000003 [ 1129.187915][T22753] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000040 [ 1129.191554][T22753] RDX: 000000000000009c RSI: 0000000000000000 RDI: 0000000000000000 [ 1129.195478][T22753] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1129.199297][T22753] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1129.202940][T22753] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1129.206441][T22753] [ 1129.210176][ T35] usb 7-1: new high-speed USB device number 81 using dummy_hcd [ 1129.347739][T22735] bridge0: port 1(bridge_slave_0) entered blocking state [ 1129.351176][T22735] bridge0: port 1(bridge_slave_0) entered disabled state [ 1129.354366][T22735] bridge_slave_0: entered allmulticast mode [ 1129.358576][T22735] bridge_slave_0: entered promiscuous mode [ 1129.364637][T22735] bridge0: port 2(bridge_slave_1) entered blocking state [ 1129.367478][T22735] bridge0: port 2(bridge_slave_1) entered disabled state [ 1129.370496][T22735] bridge_slave_1: entered allmulticast mode [ 1129.374490][T22735] bridge_slave_1: entered promiscuous mode [ 1129.421819][ T35] usb 7-1: config 0 has no interfaces? [ 1129.429113][ T35] usb 7-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1129.432557][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1129.445035][ T35] usb 7-1: config 0 descriptor?? [ 1129.455076][T22735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1129.464170][T22735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1129.531228][T22735] team0: Port device team_slave_0 added [ 1129.538774][T22735] team0: Port device team_slave_1 added [ 1129.597013][T22735] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1129.605796][T22735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1129.616735][T22735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1129.627750][T22735] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1129.631046][T22735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1129.644056][T22735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1129.677118][ T5241] usb 7-1: USB disconnect, device number 81 [ 1129.725596][T22765] Driver unsupported XDP return value 0 on prog (id 194) dev N/A, expect packet loss! [ 1129.744465][T22735] hsr_slave_0: entered promiscuous mode [ 1129.748350][T22735] hsr_slave_1: entered promiscuous mode [ 1129.894395][T22770] FAULT_INJECTION: forcing a failure. [ 1129.894395][T22770] name failslab, interval 1, probability 0, space 0, times 0 [ 1129.904277][T22770] CPU: 2 PID: 22770 Comm: syz.3.4968 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1129.908579][T22770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1129.913302][T22770] Call Trace: [ 1129.914851][T22770] [ 1129.916215][T22770] dump_stack_lvl+0x16c/0x1f0 [ 1129.918342][T22770] should_fail_ex+0x497/0x5b0 [ 1129.920389][T22770] should_failslab+0x9/0x20 [ 1129.922354][T22770] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 1129.924645][T22770] ? skb_clone+0x190/0x3f0 [ 1129.926580][T22770] skb_clone+0x190/0x3f0 [ 1129.928419][T22770] netlink_deliver_tap+0xb26/0xcf0 [ 1129.930638][T22770] netlink_unicast+0x604/0x820 [ 1129.932704][T22770] ? __pfx_netlink_unicast+0x10/0x10 [ 1129.934943][T22770] ? const_folio_flags.constprop.0+0x56/0x150 [ 1129.937529][T22770] ? __phys_addr_symbol+0x30/0x80 [ 1129.939709][T22770] ? __check_object_size+0x48e/0x720 [ 1129.941992][T22770] netlink_sendmsg+0x8b8/0xd70 [ 1129.944164][T22770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1129.946511][T22770] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1129.948802][T22770] ____sys_sendmsg+0x9b4/0xb50 [ 1129.950911][T22770] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1129.953253][T22770] ? get_compat_msghdr+0x11b/0x170 [ 1129.955558][T22770] ? __pfx___lock_acquire+0x10/0x10 [ 1129.957920][T22770] ___sys_sendmsg+0x135/0x1e0 [ 1129.960019][T22770] ? __pfx____sys_sendmsg+0x10/0x10 [ 1129.962335][T22770] ? ksys_write+0x21c/0x260 [ 1129.964374][T22770] ? __fget_light+0x173/0x210 [ 1129.966504][T22770] __sys_sendmsg+0x117/0x1f0 [ 1129.968567][T22770] ? __pfx___sys_sendmsg+0x10/0x10 [ 1129.970829][T22770] __do_fast_syscall_32+0x73/0x120 [ 1129.973118][T22770] do_fast_syscall_32+0x32/0x80 [ 1129.975315][T22770] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1129.978099][T22770] RIP: 0023:0xf73fa579 [ 1129.979907][T22770] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1129.988002][T22770] RSP: 002b:00000000f5d1257c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1129.991529][T22770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 1129.994839][T22770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1129.998122][T22770] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1130.001548][T22770] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1130.004830][T22770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1130.008231][T22770] [ 1130.249487][T22773] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4969'. [ 1130.309237][ T5205] Bluetooth: hci1: command tx timeout [ 1130.324693][T22778] MTD: Couldn't look up './file0': -15 [ 1130.334597][T22778] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4970'. [ 1130.519347][T22786] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 1130.522347][T22786] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1130.542093][T22786] vhci_hcd vhci_hcd.0: Device attached [ 1130.592564][T22787] vhci_hcd: connection closed [ 1130.602419][ T13] vhci_hcd: stop threads [ 1130.605748][ T13] vhci_hcd: release socket [ 1130.607348][ T13] vhci_hcd: disconnect device [ 1130.652760][ T90] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1131.352021][ T90] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1131.574561][ T90] bridge_slave_1: left allmulticast mode [ 1131.577123][ T90] bridge_slave_1: left promiscuous mode [ 1131.580590][ T90] bridge0: port 2(bridge_slave_1) entered disabled state [ 1131.593533][ T90] bridge_slave_0: left allmulticast mode [ 1131.595922][ T90] bridge_slave_0: left promiscuous mode [ 1131.598685][ T90] bridge0: port 1(bridge_slave_0) entered disabled state [ 1131.671248][T19685] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 1131.851113][T19685] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1131.864668][T19685] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1131.876236][T19685] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1131.882548][T19685] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1131.885993][T19685] usb 5-1: Product: 鴴ىî›î¯„é”Ĝ㟮뾿구ë¢ï¿™âŸ¹âŽµæ¬¯ç›œã–æ¾á¤„é–†éµèŸ†é§´é¼Œë¢¼â‘†ê¦®æ½ë‹—壀驂떵䳗﫺గ榋댳脭䡼퓣堑ê¼ï–†à·žè­¤äˆ„ᆳ븊討îŽî¹‰à¨ƒæ‘˩뻭姅궎ã”愇㭽áµà¹¨å€ã¯ˆè«·ç«ˆç‰­éž¥ì”™éˆ á–¦êˆ„刲á¸á€ç†ã€ìº¶å‹ˆí—¬î‰íæž²ã¦à»•æ¼€æ±™è§†å¥™ [ 1131.900058][T19685] usb 5-1: Manufacturer: Ð [ 1131.902204][T19685] usb 5-1: SerialNumber: Ð [ 1132.144478][ T90] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1132.160145][ T90] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1132.162709][T19685] cdc_ncm 5-1:1.0: bind() failure [ 1132.173047][ T90] bond0 (unregistering): Released all slaves [ 1132.178103][T19685] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1132.181680][T19685] cdc_ncm 5-1:1.1: bind() failure [ 1132.191136][T19685] usb 5-1: USB disconnect, device number 100 [ 1132.398956][ T5205] Bluetooth: hci1: command tx timeout [ 1132.596180][ T90] hsr_slave_0: left promiscuous mode [ 1132.599529][ T90] hsr_slave_1: left promiscuous mode [ 1132.603868][ T90] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1132.606890][ T90] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1132.612816][ T90] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1132.616417][ T90] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1132.662992][ T90] veth1_macvtap: left promiscuous mode [ 1132.672810][ T90] veth0_macvtap: left promiscuous mode [ 1132.680312][ T90] veth1_vlan: left promiscuous mode [ 1132.682810][ T90] veth0_vlan: left promiscuous mode [ 1132.704006][T22814] MTD: Couldn't look up './file0': -15 [ 1132.710699][T22814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4979'. [ 1133.442214][T22841] Bluetooth: MGMT ver 1.22 [ 1134.096806][ T90] team0 (unregistering): Port device team_slave_1 removed [ 1134.195670][ T90] team0 (unregistering): Port device team_slave_0 removed [ 1134.469086][ T5205] Bluetooth: hci1: command tx timeout [ 1134.933633][T22847] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4987'. [ 1135.038092][T22735] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1135.048302][T22735] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1135.057088][T22735] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1135.073616][T22735] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1135.102272][T22862] ext3: Unknown parameter 'ip6tnl0' [ 1135.187383][T22735] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1135.224811][T22735] 8021q: adding VLAN 0 to HW filter on device team0 [ 1135.281365][ T816] bridge0: port 1(bridge_slave_0) entered blocking state [ 1135.284465][ T816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1135.293089][ T816] bridge0: port 2(bridge_slave_1) entered blocking state [ 1135.296033][ T816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1135.318522][ T5241] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 1135.522190][ T5241] usb 5-1: config 0 has no interfaces? [ 1135.524657][ T5241] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1135.528582][ T5241] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1135.551897][ T5241] usb 5-1: config 0 descriptor?? [ 1135.604780][T22735] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1135.653409][T22735] veth0_vlan: entered promiscuous mode [ 1135.666849][T22735] veth1_vlan: entered promiscuous mode [ 1135.695299][T22735] veth0_macvtap: entered promiscuous mode [ 1135.704103][T22735] veth1_macvtap: entered promiscuous mode [ 1135.718320][T22735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1135.723406][T22735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1135.727430][T22735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1135.732174][T22735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1135.736307][T22735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1135.740596][T22735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1135.746191][T22735] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1135.756785][T22735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1135.761271][T22735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1135.765419][T22735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1135.770554][T22735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1135.774867][T22735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1135.779026][ T5244] usb 8-1: new high-speed USB device number 78 using dummy_hcd [ 1135.780054][T22735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1135.788016][T22735] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1135.790029][T19685] usb 5-1: USB disconnect, device number 101 [ 1135.796435][T22735] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1135.800893][T22735] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1135.804353][T22735] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1135.807675][T22735] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1135.872991][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1135.876568][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1135.914369][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1135.917774][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1135.969014][ T5244] usb 8-1: Using ep0 maxpacket: 32 [ 1135.973719][ T5244] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 1135.977333][ T5244] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1136.002025][ T5244] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1136.006832][ T5244] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1136.049686][ T5244] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1136.055034][ T5244] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1136.059241][ T5244] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1136.062973][ T5244] usb 8-1: Product: syz [ 1136.064845][ T5244] usb 8-1: Manufacturer: syz [ 1136.067118][ T5244] usb 8-1: SerialNumber: syz [ 1136.077459][ T5244] usb 8-1: config 0 descriptor?? [ 1136.084337][ T5244] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1136.099878][ T5244] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1136.304214][ T56] usb 8-1: USB disconnect, device number 78 [ 1136.311934][ T56] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 1136.505905][ T39] audit: type=1326 audit(1720375033.440:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22896 comm="syz.0.4996" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7473579 code=0x0 [ 1136.558980][ T5205] Bluetooth: hci1: command tx timeout [ 1137.018664][T22907] MTD: Couldn't look up './file0': -15 [ 1137.023711][ T5205] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 1137.024371][T22907] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4999'. [ 1137.938898][ T5244] usb 7-1: new high-speed USB device number 82 using dummy_hcd [ 1137.949086][ T5241] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 1138.116425][ T39] audit: type=1326 audit(1720375035.050:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22939 comm="syz.3.5011" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73fa579 code=0x0 [ 1138.128915][ T5241] usb 5-1: Using ep0 maxpacket: 32 [ 1138.128995][ T5244] usb 7-1: Using ep0 maxpacket: 32 [ 1138.134039][ T5241] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 1138.135855][ T5244] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 1138.137765][ T5241] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1138.142042][ T5244] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1138.147427][ T5241] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1138.157199][ T5241] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1138.159040][ T5244] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1138.168362][ T5241] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1138.175303][ T5241] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1138.177558][ T5244] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1138.179002][ T5241] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1138.179018][ T5241] usb 5-1: Product: syz [ 1138.188924][ T5244] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1138.190374][ T5241] usb 5-1: Manufacturer: syz [ 1138.196225][ T5241] usb 5-1: SerialNumber: syz [ 1138.196602][ T5244] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1138.201542][ T5241] usb 5-1: config 0 descriptor?? [ 1138.203951][ T5244] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1138.210223][ T5241] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1138.215966][ T5241] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1138.219454][ T5244] usb 7-1: Product: syz [ 1138.221442][ T5244] usb 7-1: Manufacturer: syz [ 1138.223572][ T5244] usb 7-1: SerialNumber: syz [ 1138.232354][ T5244] usb 7-1: config 0 descriptor?? [ 1138.240400][ T5244] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1138.245885][ T5244] ldusb 7-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 1138.432939][ T5244] usb 5-1: USB disconnect, device number 102 [ 1138.451180][ T5244] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 1138.451240][T22947] syzkaller1: entered promiscuous mode [ 1138.456403][T22947] syzkaller1: entered allmulticast mode [ 1138.477184][T16879] usb 7-1: USB disconnect, device number 82 [ 1138.482405][T16879] ldusb 7-1:0.0: LD USB Device #1 now disconnected [ 1138.491328][T22947] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5014'. [ 1139.456520][T22968] netlink: 'syz.3.5021': attribute type 1 has an invalid length. [ 1139.562185][ T5241] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 1139.768862][ T5241] usb 5-1: Using ep0 maxpacket: 32 [ 1139.772869][ T5241] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1139.777441][ T5241] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1139.782356][ T5241] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1139.786497][ T5241] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1139.790738][ T5241] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1139.794501][ T5241] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1139.803294][ T5241] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1139.806664][ T5241] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1139.809774][ T5241] usb 5-1: Product: syz [ 1139.811365][ T5241] usb 5-1: Manufacturer: syz [ 1139.813230][ T5241] usb 5-1: SerialNumber: syz [ 1140.024814][ T5241] cdc_ncm 5-1:1.0: bind() failure [ 1140.031792][ T5241] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1140.034452][ T5241] cdc_ncm 5-1:1.1: bind() failure [ 1140.039703][ T5241] usb 5-1: USB disconnect, device number 103 [ 1140.231877][T22987] overlayfs: invalid origin (0000) [ 1140.619243][T22991] 9pnet_fd: Insufficient options for proto=fd [ 1140.763965][T23001] tipc: Started in network mode [ 1140.765901][T23001] tipc: Node identity e67b158e80e, cluster identity 4711 [ 1140.769671][T23001] tipc: Enabled bearer , priority 10 [ 1141.259055][ T5244] usb 7-1: new high-speed USB device number 83 using dummy_hcd [ 1141.450940][ T5244] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1141.455409][ T5244] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1141.470697][ T5244] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1141.474166][ T5244] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1141.477694][ T5244] usb 7-1: Product: 鴴ىî›î¯„é”Ĝ㟮뾿구ë¢ï¿™âŸ¹âŽµæ¬¯ç›œã–æ¾á¤„é–†éµèŸ†é§´é¼Œë¢¼â‘†ê¦®æ½ë‹—壀驂떵䳗﫺గ榋댳脭䡼퓣堑ê¼ï–†à·žè­¤äˆ„ᆳ븊討îŽî¹‰à¨ƒæ‘˩뻭姅궎ã”愇㭽áµà¹¨å€ã¯ˆè«·ç«ˆç‰­éž¥ì”™éˆ á–¦êˆ„刲á¸á€ç†ã€ìº¶å‹ˆí—¬î‰íæž²ã¦à»•æ¼€æ±™è§†å¥™ [ 1141.489035][ T5244] usb 7-1: Manufacturer: Ð [ 1141.490878][ T5244] usb 7-1: SerialNumber: Ð [ 1141.735601][ T5244] cdc_ncm 7-1:1.0: bind() failure [ 1141.753790][ T5244] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 1141.756878][ T5244] cdc_ncm 7-1:1.1: bind() failure [ 1141.769122][ T5244] usb 7-1: USB disconnect, device number 83 [ 1141.910665][ T35] tipc: Node number set to 1721439630 [ 1142.018960][ T5245] usb 6-1: new high-speed USB device number 89 using dummy_hcd [ 1142.202511][ T5245] usb 6-1: Using ep0 maxpacket: 32 [ 1142.207419][ T5245] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1142.212024][ T5245] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1142.216045][ T5245] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1142.220381][T14667] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 1142.224425][ T5245] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1142.228267][ T5245] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1142.233013][ T5245] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1142.240411][ T5245] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1142.244250][ T5245] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1142.247483][ T5245] usb 6-1: Product: syz [ 1142.249289][ T5245] usb 6-1: Manufacturer: syz [ 1142.251151][ T5245] usb 6-1: SerialNumber: syz [ 1142.327768][T23033] 9pnet: Could not find request transport: ·Á Ýa [ 1142.434050][T14667] usb 5-1: config 0 has no interfaces? [ 1142.437222][T14667] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1142.444094][T14667] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1142.452245][T14667] usb 5-1: config 0 descriptor?? [ 1142.479969][ T5245] cdc_ncm 6-1:1.0: bind() failure [ 1142.487958][ T5245] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 1142.491060][ T5245] cdc_ncm 6-1:1.1: bind() failure [ 1142.496977][ T5245] usb 6-1: USB disconnect, device number 89 [ 1142.664437][T14667] usb 5-1: USB disconnect, device number 104 [ 1143.103607][T23050] FAULT_INJECTION: forcing a failure. [ 1143.103607][T23050] name failslab, interval 1, probability 0, space 0, times 0 [ 1143.110717][T23050] CPU: 3 PID: 23050 Comm: syz.3.5047 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1143.115022][T23050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1143.119225][T23050] Call Trace: [ 1143.121002][T23050] [ 1143.122335][T23050] dump_stack_lvl+0x16c/0x1f0 [ 1143.124317][T23050] should_fail_ex+0x497/0x5b0 [ 1143.126148][T23050] should_failslab+0x9/0x20 [ 1143.127881][T23050] kmalloc_trace_noprof+0x6b/0x310 [ 1143.129783][T23050] ? allocate_cgrp_cset_links+0xc6/0x240 [ 1143.132208][T23050] allocate_cgrp_cset_links+0xc6/0x240 [ 1143.134286][T23050] find_css_set+0x998/0x1c40 [ 1143.136261][T23050] ? __pfx_find_css_set+0x10/0x10 [ 1143.138486][T23050] ? __lock_acquire+0xc5d/0x3b30 [ 1143.140581][T23050] ? __pfx_mark_lock+0x10/0x10 [ 1143.142681][T23050] ? cgroup_attach_task+0x483/0x920 [ 1143.145095][T23050] cgroup_migrate_prepare_dst+0x10b/0x7f0 [ 1143.147944][T23050] cgroup_attach_task+0x48f/0x920 [ 1143.150411][T23050] ? __pfx_cgroup_attach_task+0x10/0x10 [ 1143.152701][T23050] ? get_task_cred+0x17f/0x360 [ 1143.154776][T23050] ? __cgroup1_procs_write.constprop.0+0x2ff/0x430 [ 1143.157640][T23050] __cgroup1_procs_write.constprop.0+0x2ff/0x430 [ 1143.160405][T23050] ? __pfx___cgroup1_procs_write.constprop.0+0x10/0x10 [ 1143.163031][T23050] ? __pfx_lock_acquire+0x10/0x10 [ 1143.165206][T23050] cgroup_file_write+0x211/0x7d0 [ 1143.167590][T23050] ? __pfx_cgroup1_procs_write+0x10/0x10 [ 1143.170351][T23050] ? __pfx_cgroup_file_write+0x10/0x10 [ 1143.172707][T23050] kernfs_fop_write_iter+0x343/0x500 [ 1143.174962][T23050] ? __pfx_cgroup_file_write+0x10/0x10 [ 1143.177244][T23050] vfs_write+0x6b6/0x1140 [ 1143.179040][T23050] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1143.181423][T23050] ? __pfx_vfs_write+0x10/0x10 [ 1143.183388][T23050] ? __pfx___mutex_lock+0x10/0x10 [ 1143.185524][T23050] ? __fget_files+0x256/0x400 [ 1143.187596][T23050] ksys_write+0x12f/0x260 [ 1143.189545][T23050] ? __pfx_ksys_write+0x10/0x10 [ 1143.191336][T23050] __do_fast_syscall_32+0x73/0x120 [ 1143.192949][T23050] do_fast_syscall_32+0x32/0x80 [ 1143.194692][T23050] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1143.197233][T23050] RIP: 0023:0xf73fa579 [ 1143.198566][T23050] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1143.206617][T23050] RSP: 002b:00000000f5d1257c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 1143.210401][T23050] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000580 [ 1143.213967][T23050] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000 [ 1143.217185][T23050] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1143.220522][T23050] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1143.223500][T23050] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1143.227298][T23050] [ 1143.426761][T23063] FAULT_INJECTION: forcing a failure. [ 1143.426761][T23063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1143.444212][T23063] CPU: 0 PID: 23063 Comm: syz.2.5051 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1143.448675][T23063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1143.452597][T23063] Call Trace: [ 1143.453853][T23063] [ 1143.455075][T23063] dump_stack_lvl+0x16c/0x1f0 [ 1143.457067][T23063] should_fail_ex+0x497/0x5b0 [ 1143.459174][T23063] _copy_from_iter+0x27a/0xfb0 [ 1143.461536][T23063] ? __alloc_skb+0x200/0x380 [ 1143.463902][T23063] ? __pfx__copy_from_iter+0x10/0x10 [ 1143.466350][T23063] ? __virt_addr_valid+0x5e/0x580 [ 1143.468578][T23063] ? __phys_addr_symbol+0x30/0x80 [ 1143.470678][T23063] ? __check_object_size+0x48e/0x720 [ 1143.472877][T23063] netlink_sendmsg+0x813/0xd70 [ 1143.474874][T23063] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1143.477112][T23063] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1143.479473][T23063] ____sys_sendmsg+0x9b4/0xb50 [ 1143.481663][T23063] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1143.484019][T23063] ? get_compat_msghdr+0x11b/0x170 [ 1143.486277][T23063] ? __pfx___lock_acquire+0x10/0x10 [ 1143.488683][T23063] ___sys_sendmsg+0x135/0x1e0 [ 1143.490727][T23063] ? __pfx____sys_sendmsg+0x10/0x10 [ 1143.492962][T23063] ? ksys_write+0x21c/0x260 [ 1143.494928][T23063] ? __fget_light+0x173/0x210 [ 1143.496895][T23063] __sys_sendmsg+0x117/0x1f0 [ 1143.498868][T23063] ? __pfx___sys_sendmsg+0x10/0x10 [ 1143.501079][T23063] __do_fast_syscall_32+0x73/0x120 [ 1143.503691][T23063] do_fast_syscall_32+0x32/0x80 [ 1143.506130][T23063] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1143.509008][T23063] RIP: 0023:0xf747d579 [ 1143.510986][T23063] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1143.518694][T23063] RSP: 002b:00000000f5d9557c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1143.522358][T23063] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200005c0 [ 1143.525966][T23063] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1143.529414][T23063] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1143.532970][T23063] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1143.536545][T23063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1143.540078][T23063] [ 1143.663889][T23069] syz.0.5052 (23069): drop_caches: 2 [ 1143.668710][T23069] syz.0.5052 (23069): drop_caches: 2 [ 1143.727724][T23067] can: request_module (can-proto-0) failed. [ 1143.908954][ T5241] usb 8-1: new high-speed USB device number 79 using dummy_hcd [ 1144.111937][ T5241] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 1144.117065][ T5241] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1144.123944][ T5241] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1144.139043][ T5241] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1144.145174][ T5241] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1144.150703][ T5241] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1144.159032][ T5241] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1144.168654][ T5241] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1144.174043][ T5241] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1144.180031][ T5241] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1144.191103][ T5241] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1144.197212][ T5241] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1144.220676][ T5241] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1144.236556][ T5241] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1144.243584][ T5241] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1144.248491][ T5241] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1144.255243][ T5241] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1144.259722][ T5241] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1144.265668][ T5241] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1144.270475][ T5241] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1144.274724][ T5241] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1144.280146][ T5241] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1144.285422][ T5241] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1144.289680][ T5241] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1144.301485][ T5241] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1144.319280][ T5241] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1144.323460][ T5241] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1144.327456][ T5241] usb 8-1: Product: syz [ 1144.329724][ T5241] usb 8-1: Manufacturer: syz [ 1144.332073][ T5241] usb 8-1: SerialNumber: syz [ 1144.341399][ T5241] usb 8-1: config 0 descriptor?? [ 1144.380629][ T5241] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 1144.515879][T23089] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 0, id = 0 [ 1144.609435][ T5241] usb 8-1: USB disconnect, device number 79 [ 1144.629200][ T5241] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 1144.817643][T23100] FAULT_INJECTION: forcing a failure. [ 1144.817643][T23100] name failslab, interval 1, probability 0, space 0, times 0 [ 1144.826259][T23100] CPU: 0 PID: 23100 Comm: syz.2.5062 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1144.830857][T23100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1144.835381][T23100] Call Trace: [ 1144.836855][T23100] [ 1144.838179][T23100] dump_stack_lvl+0x16c/0x1f0 [ 1144.840237][T23100] should_fail_ex+0x497/0x5b0 [ 1144.842331][T23100] should_failslab+0x9/0x20 [ 1144.844431][T23100] __kmalloc_noprof+0xcf/0x420 [ 1144.846653][T23100] start_sync_thread+0x7e8/0x2740 [ 1144.848916][T23100] ? __pfx_sync_thread_backup+0x10/0x10 [ 1144.851602][T23100] ? find_held_lock+0x2d/0x110 [ 1144.853961][T23100] ? __pfx_start_sync_thread+0x10/0x10 [ 1144.856725][T23100] ? __might_fault+0x13b/0x190 [ 1144.858916][T23100] ? __pfx_lock_release+0x10/0x10 [ 1144.861189][T23100] ? __pfx___might_resched+0x10/0x10 [ 1144.863513][T23100] ? __might_fault+0xe3/0x190 [ 1144.865536][T23100] ? read_word_at_a_time+0xe/0x20 [ 1144.867843][T23100] ? do_ip_vs_set_ctl+0x41c/0x1070 [ 1144.870366][T23100] do_ip_vs_set_ctl+0x41c/0x1070 [ 1144.873015][T23100] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 1144.875774][T23100] ? __pfx_lock_release+0x10/0x10 [ 1144.878071][T23100] ? trace_contention_end+0xea/0x140 [ 1144.880418][T23100] ? __mutex_unlock_slowpath+0x164/0x650 [ 1144.882946][T23100] ? nf_setsockopt+0x8a/0xf0 [ 1144.884998][T23100] nf_setsockopt+0x8a/0xf0 [ 1144.886989][T23100] ip_setsockopt+0xcb/0xf0 [ 1144.889291][T23100] tcp_setsockopt+0xa4/0x100 [ 1144.892842][T23100] smc_setsockopt+0x1b4/0xc00 [ 1144.894990][T23100] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1144.897611][T23100] ? __pfx_smc_setsockopt+0x10/0x10 [ 1144.899926][T23100] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 1144.902403][T23100] ? __pfx_smc_setsockopt+0x10/0x10 [ 1144.904748][T23100] do_sock_setsockopt+0x222/0x480 [ 1144.907005][T23100] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1144.909456][T23100] ? __fget_light+0x173/0x210 [ 1144.911593][T23100] __sys_setsockopt+0x1a4/0x270 [ 1144.913918][T23100] ? __pfx___sys_setsockopt+0x10/0x10 [ 1144.916469][T23100] ? fput+0x32/0x390 [ 1144.918405][T23100] ? ksys_write+0x1ab/0x260 [ 1144.920493][T23100] ? __pfx_ksys_write+0x10/0x10 [ 1144.922688][T23100] __ia32_sys_setsockopt+0xbc/0x160 [ 1144.925109][T23100] ? lockdep_hardirqs_on+0x7c/0x110 [ 1144.927593][T23100] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1144.930916][T23100] __do_fast_syscall_32+0x73/0x120 [ 1144.933325][T23100] do_fast_syscall_32+0x32/0x80 [ 1144.935533][T23100] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1144.938358][T23100] RIP: 0023:0xf747d579 [ 1144.940172][T23100] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1144.948997][T23100] RSP: 002b:00000000f5d9557c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 1144.952561][T23100] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 1144.955994][T23100] RDX: 000000000000048b RSI: 0000000020003640 RDI: 0000000000000018 [ 1144.959639][T23100] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1144.963734][T23100] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1144.967509][T23100] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1144.971039][T23100] [ 1144.972708][ T56] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1145.163692][ T56] usb 5-1: config 0 has no interfaces? [ 1145.165983][ T56] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1145.170059][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1145.175743][ T56] usb 5-1: config 0 descriptor?? [ 1145.390689][T14667] usb 5-1: USB disconnect, device number 105 [ 1145.839793][ T5205] Bluetooth: hci1: ACL packet for unknown connection handle 1583 [ 1145.907081][ T5205] Bluetooth: hci1: ACL packet for unknown connection handle 712 [ 1146.854710][ T5205] Bluetooth: hci1: ACL packet for unknown connection handle 1583 [ 1146.915158][T23160] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5078'. [ 1146.924824][T23156] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5078'. [ 1147.869488][ T56] usb 6-1: new high-speed USB device number 90 using dummy_hcd [ 1148.071854][ T56] usb 6-1: config 0 has no interfaces? [ 1148.075061][ T56] usb 6-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1148.097722][ T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1148.124268][ T56] usb 6-1: config 0 descriptor?? [ 1148.358744][T14667] usb 6-1: USB disconnect, device number 90 [ 1148.632602][ T39] audit: type=1326 audit(1720375045.570:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23194 comm="syz.2.5088" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf747d579 code=0x0 [ 1149.001106][T14667] usb 7-1: new high-speed USB device number 84 using dummy_hcd [ 1149.151620][T23215] FAULT_INJECTION: forcing a failure. [ 1149.151620][T23215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1149.161926][T23215] CPU: 0 PID: 23215 Comm: syz.1.5092 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1149.166309][T23215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1149.171470][T23215] Call Trace: [ 1149.172901][T23215] [ 1149.174195][T23215] dump_stack_lvl+0x16c/0x1f0 [ 1149.176258][T23215] should_fail_ex+0x497/0x5b0 [ 1149.178383][T23215] _copy_from_iter+0x27a/0xfb0 [ 1149.180672][T23215] ? __alloc_skb+0x200/0x380 [ 1149.182843][T23215] ? __pfx__copy_from_iter+0x10/0x10 [ 1149.185281][T23215] ? __virt_addr_valid+0x5e/0x580 [ 1149.187725][T23215] ? __phys_addr_symbol+0x30/0x80 [ 1149.190156][T23215] ? __check_object_size+0x4a7/0x720 [ 1149.192529][T23215] netlink_sendmsg+0x813/0xd70 [ 1149.194703][T23215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1149.197003][T23215] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1149.199308][T23215] ____sys_sendmsg+0x9b4/0xb50 [ 1149.201477][T23215] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1149.203967][T23215] ? get_compat_msghdr+0x11b/0x170 [ 1149.206106][T23215] ? __pfx___lock_acquire+0x10/0x10 [ 1149.207947][T23215] ___sys_sendmsg+0x135/0x1e0 [ 1149.209991][T23215] ? __pfx____sys_sendmsg+0x10/0x10 [ 1149.212152][T23215] ? ksys_write+0x21c/0x260 [ 1149.213676][T23215] ? __fget_light+0x173/0x210 [ 1149.215270][T23215] __sys_sendmsg+0x117/0x1f0 [ 1149.217279][T23215] ? __pfx___sys_sendmsg+0x10/0x10 [ 1149.219284][T23215] __do_fast_syscall_32+0x73/0x120 [ 1149.221382][T23215] do_fast_syscall_32+0x32/0x80 [ 1149.223843][T23215] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1149.226814][T23215] RIP: 0023:0xf7437579 [ 1149.228573][T23215] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1149.237420][T23215] RSP: 002b:00000000f5d4f57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1149.241084][T23215] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 1149.245317][T23215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1149.266522][T23215] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1149.270169][T23215] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1149.273315][T23215] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1149.276481][T23215] [ 1149.280251][T14667] usb 7-1: config 0 has no interfaces? [ 1149.282880][T14667] usb 7-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1149.287289][T14667] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1149.296767][T14667] usb 7-1: config 0 descriptor?? [ 1149.939462][T23221] 9pnet_fd: Insufficient options for proto=fd [ 1151.627601][T16879] usb 7-1: USB disconnect, device number 84 [ 1152.086715][ T56] usb 6-1: new high-speed USB device number 91 using dummy_hcd [ 1152.122491][T23289] openvswitch: netlink: Key type 16156 is out of range max 32 [ 1152.142291][T23289] FAULT_INJECTION: forcing a failure. [ 1152.142291][T23289] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1152.148328][T23289] CPU: 0 PID: 23289 Comm: syz.0.5110 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1152.152105][T23289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1152.156664][T23289] Call Trace: [ 1152.157871][T23289] [ 1152.159015][T23289] dump_stack_lvl+0x16c/0x1f0 [ 1152.161096][T23289] should_fail_ex+0x497/0x5b0 [ 1152.163048][T23289] _copy_from_user+0x30/0xf0 [ 1152.165079][T23289] copy_mount_options+0x76/0x190 [ 1152.167061][T23289] __ia32_sys_mount+0x1ad/0x320 [ 1152.169024][T23289] ? __pfx___ia32_sys_mount+0x10/0x10 [ 1152.171026][T23289] __do_fast_syscall_32+0x73/0x120 [ 1152.172916][T23289] do_fast_syscall_32+0x32/0x80 [ 1152.174765][T23289] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1152.177008][T23289] RIP: 0023:0xf7473579 [ 1152.178448][T23289] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1152.186100][T23289] RSP: 002b:00000000f5d4957c EFLAGS: 00000292 ORIG_RAX: 0000000000000015 [ 1152.190042][T23289] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 1152.193669][T23289] RDX: 0000000020000080 RSI: 0000000000000008 RDI: 0000000020000540 [ 1152.196810][T23289] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1152.199852][T23289] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1152.202922][T23289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1152.206046][T23289] [ 1152.279750][ T56] usb 6-1: Using ep0 maxpacket: 32 [ 1152.283913][T23293] FAULT_INJECTION: forcing a failure. [ 1152.283913][T23293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1152.289243][T23293] CPU: 0 PID: 23293 Comm: syz.3.5113 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1152.290395][ T56] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 1152.293125][T23293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1152.293137][T23293] Call Trace: [ 1152.293143][T23293] [ 1152.293149][T23293] dump_stack_lvl+0x16c/0x1f0 [ 1152.293168][T23293] should_fail_ex+0x497/0x5b0 [ 1152.293187][T23293] _copy_to_iter+0x27a/0xfc0 [ 1152.296800][ T56] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1152.301335][T23293] ? __pfx__copy_to_iter+0x10/0x10 [ 1152.301370][T23293] ? preempt_schedule_thunk+0x1a/0x30 [ 1152.301393][T23293] ? __virt_addr_valid+0x5e/0x580 [ 1152.301418][T23293] ? __phys_addr_symbol+0x30/0x80 [ 1152.301442][T23293] ? __check_object_size+0x48e/0x720 [ 1152.301465][T23293] seq_read_iter+0xd06/0x12c0 [ 1152.306463][ T56] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1152.308446][T23293] proc_reg_read_iter+0x223/0x310 [ 1152.310531][ T56] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1152.314466][T23293] vfs_read+0x869/0xbd0 [ 1152.314493][T23293] ? __pfx_vfs_read+0x10/0x10 [ 1152.314505][T23293] ? __pfx___mutex_lock+0x10/0x10 [ 1152.314521][T23293] ? __fget_files+0x256/0x400 [ 1152.316812][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1152.319053][T23293] ksys_read+0x12f/0x260 [ 1152.319077][T23293] ? __pfx_ksys_read+0x10/0x10 [ 1152.319094][T23293] __do_fast_syscall_32+0x73/0x120 [ 1152.319111][T23293] do_fast_syscall_32+0x32/0x80 [ 1152.319125][T23293] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1152.319138][T23293] RIP: 0023:0xf73fa579 [ 1152.319149][T23293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1152.319160][T23293] RSP: 002b:00000000f5d1257c EFLAGS: 00000292 ORIG_RAX: 0000000000000003 [ 1152.319171][T23293] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180 [ 1152.319178][T23293] RDX: 00000000000000e6 RSI: 0000000000000000 RDI: 0000000000000000 [ 1152.319185][T23293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1152.319191][T23293] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1152.319198][T23293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1152.319212][T23293] [ 1152.394538][ T56] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1152.398463][ T56] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1152.402374][ T56] usb 6-1: Product: syz [ 1152.404211][ T56] usb 6-1: Manufacturer: syz [ 1152.406287][ T56] usb 6-1: SerialNumber: syz [ 1152.410010][ T56] usb 6-1: config 0 descriptor?? [ 1152.415741][ T56] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1152.423300][ T56] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1152.643063][ T56] usb 6-1: USB disconnect, device number 91 [ 1152.647761][ T56] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 1153.584835][T23303] FAULT_INJECTION: forcing a failure. [ 1153.584835][T23303] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1153.594298][T23303] CPU: 3 PID: 23303 Comm: syz.1.5116 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1153.598796][T23303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1153.603619][T23303] Call Trace: [ 1153.605113][T23303] [ 1153.606444][T23303] dump_stack_lvl+0x16c/0x1f0 [ 1153.608559][T23303] should_fail_ex+0x497/0x5b0 [ 1153.610666][T23303] _copy_from_iter+0x27a/0xfb0 [ 1153.612837][T23303] ? __alloc_skb+0x200/0x380 [ 1153.614972][T23303] ? __pfx__copy_from_iter+0x10/0x10 [ 1153.617342][T23303] ? __virt_addr_valid+0x5e/0x580 [ 1153.619680][T23303] ? __phys_addr_symbol+0x30/0x80 [ 1153.622039][T23303] ? __check_object_size+0x48e/0x720 [ 1153.624428][T23303] netlink_sendmsg+0x813/0xd70 [ 1153.626574][T23303] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1153.628966][T23303] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1153.631353][T23303] ____sys_sendmsg+0x9b4/0xb50 [ 1153.633534][T23303] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1153.635934][T23303] ? get_compat_msghdr+0x11b/0x170 [ 1153.638256][T23303] ? __pfx___lock_acquire+0x10/0x10 [ 1153.640575][T23303] ___sys_sendmsg+0x135/0x1e0 [ 1153.642714][T23303] ? __pfx____sys_sendmsg+0x10/0x10 [ 1153.645087][T23303] ? ksys_write+0x21c/0x260 [ 1153.647182][T23303] ? __fget_light+0x173/0x210 [ 1153.649293][T23303] __sys_sendmsg+0x117/0x1f0 [ 1153.651383][T23303] ? __pfx___sys_sendmsg+0x10/0x10 [ 1153.653678][T23303] __do_fast_syscall_32+0x73/0x120 [ 1153.655942][T23303] do_fast_syscall_32+0x32/0x80 [ 1153.658150][T23303] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1153.660950][T23303] RIP: 0023:0xf7437579 [ 1153.662798][T23303] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1153.670800][T23303] RSP: 002b:00000000f5d4f57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1153.674500][T23303] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000940 [ 1153.677993][T23303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1153.681077][T23303] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1153.684652][T23303] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1153.688092][T23303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1153.691563][T23303] [ 1156.394438][T23348] FAULT_INJECTION: forcing a failure. [ 1156.394438][T23348] name failslab, interval 1, probability 0, space 0, times 0 [ 1156.400274][T23348] CPU: 0 PID: 23348 Comm: syz.0.5128 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1156.404643][T23348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1156.409263][T23348] Call Trace: [ 1156.410696][T23348] [ 1156.411968][T23348] dump_stack_lvl+0x16c/0x1f0 [ 1156.414171][T23348] should_fail_ex+0x497/0x5b0 [ 1156.415933][T23348] should_failslab+0x9/0x20 [ 1156.417536][T23348] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 1156.419422][T23348] ? security_file_alloc+0x41/0x260 [ 1156.421208][T23348] security_file_alloc+0x41/0x260 [ 1156.423079][T23348] init_file+0x99/0x260 [ 1156.424660][T23348] alloc_empty_file+0x91/0x1e0 [ 1156.426431][T23348] path_openat+0xe0/0x2e50 [ 1156.428281][T23348] ? hlock_class+0x4e/0x130 [ 1156.430024][T23348] ? __lock_acquire+0x14f4/0x3b30 [ 1156.432065][T23348] ? __pfx_path_openat+0x10/0x10 [ 1156.433954][T23348] ? __pfx___lock_acquire+0x10/0x10 [ 1156.436139][T23348] ? find_held_lock+0x2d/0x110 [ 1156.438167][T23348] do_filp_open+0x1dc/0x430 [ 1156.440131][T23348] ? __pfx_do_filp_open+0x10/0x10 [ 1156.442333][T23348] ? find_held_lock+0x2d/0x110 [ 1156.444390][T23348] ? _raw_spin_unlock+0x28/0x50 [ 1156.446484][T23348] ? alloc_fd+0x2d7/0x6c0 [ 1156.448389][T23348] do_sys_openat2+0x17a/0x1e0 [ 1156.450452][T23348] ? __pfx_do_sys_openat2+0x10/0x10 [ 1156.452726][T23348] __ia32_compat_sys_openat+0x16e/0x210 [ 1156.455127][T23348] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 1156.457379][T23348] ? ksys_write+0x1ab/0x260 [ 1156.459082][T23348] __do_fast_syscall_32+0x73/0x120 [ 1156.460928][T23348] do_fast_syscall_32+0x32/0x80 [ 1156.462635][T23348] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1156.464891][T23348] RIP: 0023:0xf7473579 [ 1156.466731][T23348] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1156.473818][T23348] RSP: 002b:00000000f5d8b57c EFLAGS: 00000292 ORIG_RAX: 0000000000000127 [ 1156.476841][T23348] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020001740 [ 1156.479695][T23348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1156.482541][T23348] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1156.485541][T23348] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1156.488878][T23348] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1156.491718][T23348] [ 1157.010213][T23365] openvswitch: netlink: Key type 16156 is out of range max 32 [ 1157.075190][T23362] overlay: Bad value for 'redirect_dir' [ 1158.004161][T23361] team0: entered promiscuous mode [ 1158.006378][T23361] team_slave_0: entered promiscuous mode [ 1158.008753][T23361] team_slave_1: entered promiscuous mode [ 1158.011130][T23361] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 1158.014340][T23361] team0: left promiscuous mode [ 1158.016423][T23361] team_slave_0: left promiscuous mode [ 1158.021050][T23361] team_slave_1: left promiscuous mode [ 1158.023653][T23361] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 1158.214258][T23377] tipc: Enabling of bearer rejected, already enabled [ 1158.932149][T23388] FAULT_INJECTION: forcing a failure. [ 1158.932149][T23388] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1158.937448][T23388] CPU: 3 PID: 23388 Comm: syz.2.5139 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1158.941599][T23388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1158.945564][T23388] Call Trace: [ 1158.946910][T23388] [ 1158.948163][T23388] dump_stack_lvl+0x16c/0x1f0 [ 1158.950200][T23388] should_fail_ex+0x497/0x5b0 [ 1158.952607][T23388] _copy_from_iter+0x27a/0xfb0 [ 1158.954681][T23388] ? __alloc_skb+0x200/0x380 [ 1158.956682][T23388] ? __pfx__copy_from_iter+0x10/0x10 [ 1158.958948][T23388] ? __virt_addr_valid+0x5e/0x580 [ 1158.960996][T23388] ? __phys_addr_symbol+0x30/0x80 [ 1158.962973][T23388] ? __check_object_size+0x48e/0x720 [ 1158.965055][T23388] netlink_sendmsg+0x813/0xd70 [ 1158.967119][T23388] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1158.969328][T23388] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1158.971345][T23388] ____sys_sendmsg+0x9b4/0xb50 [ 1158.973179][T23388] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1158.975306][T23388] ? get_compat_msghdr+0x11b/0x170 [ 1158.977501][T23388] ? __pfx___lock_acquire+0x10/0x10 [ 1158.979754][T23388] ___sys_sendmsg+0x135/0x1e0 [ 1158.981499][T23388] ? __pfx____sys_sendmsg+0x10/0x10 [ 1158.983208][T23388] ? ksys_write+0x21c/0x260 [ 1158.984794][T23388] ? __fget_light+0x173/0x210 [ 1158.986665][T23388] __sys_sendmsg+0x117/0x1f0 [ 1158.988556][T23388] ? __pfx___sys_sendmsg+0x10/0x10 [ 1158.990569][T23388] __do_fast_syscall_32+0x73/0x120 [ 1158.992474][T23388] do_fast_syscall_32+0x32/0x80 [ 1158.994271][T23388] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1158.996701][T23388] RIP: 0023:0xf747d579 [ 1158.998321][T23388] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1159.006374][T23388] RSP: 002b:00000000f5d9557c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1159.009795][T23388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 1159.012813][T23388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1159.016258][T23388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1159.019475][T23388] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1159.022639][T23388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1159.026051][T23388] [ 1159.134825][ T39] audit: type=1326 audit(1720375056.070:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23389 comm="syz.2.5140" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf747d579 code=0x0 [ 1159.368579][T23401] team0: entered promiscuous mode [ 1159.370958][T23401] team_slave_0: entered promiscuous mode [ 1159.373667][T23401] team_slave_1: entered promiscuous mode [ 1159.376306][T23401] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 1159.558927][ T55] usb 7-1: new high-speed USB device number 85 using dummy_hcd [ 1159.594453][T23400] team0: left promiscuous mode [ 1159.596471][T23400] team_slave_0: left promiscuous mode [ 1159.598447][T23400] team_slave_1: left promiscuous mode [ 1159.600659][T23400] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 1159.700588][T23404] FAULT_INJECTION: forcing a failure. [ 1159.700588][T23404] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1159.706555][T23404] CPU: 0 PID: 23404 Comm: syz.0.5144 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1159.710894][T23404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1159.715356][T23404] Call Trace: [ 1159.716729][T23404] [ 1159.717952][T23404] dump_stack_lvl+0x16c/0x1f0 [ 1159.719990][T23404] should_fail_ex+0x497/0x5b0 [ 1159.722110][T23404] _copy_from_user+0x30/0xf0 [ 1159.724140][T23404] get_compat_msghdr+0xa8/0x170 [ 1159.726122][T23404] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1159.728570][T23404] ? __pfx___lock_acquire+0x10/0x10 [ 1159.730854][T23404] ___sys_sendmsg+0x1b0/0x1e0 [ 1159.732849][T23404] ? __pfx____sys_sendmsg+0x10/0x10 [ 1159.735016][T23404] ? __pfx_lock_release+0x10/0x10 [ 1159.736983][T23404] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1159.739530][T23404] ? __fget_light+0x173/0x210 [ 1159.740363][ T55] usb 7-1: config 0 has no interfaces? [ 1159.741639][T23404] __sys_sendmmsg+0x2a5/0x450 [ 1159.741670][T23404] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1159.743840][ T55] usb 7-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1159.745728][T23404] ? vfs_write+0x14d/0x1140 [ 1159.748006][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1159.751688][T23404] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1159.751714][T23404] ? fput+0x32/0x390 [ 1159.751725][T23404] ? ksys_write+0x1ab/0x260 [ 1159.751738][T23404] ? __pfx_ksys_write+0x10/0x10 [ 1159.751753][T23404] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 1159.751772][T23404] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1159.751786][T23404] __do_fast_syscall_32+0x73/0x120 [ 1159.751802][T23404] do_fast_syscall_32+0x32/0x80 [ 1159.751816][T23404] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1159.756161][ T55] usb 7-1: config 0 descriptor?? [ 1159.757231][T23404] RIP: 0023:0xf7473579 [ 1159.757245][T23404] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1159.757256][T23404] RSP: 002b:00000000f5d8b57c EFLAGS: 00000292 ORIG_RAX: 0000000000000159 [ 1159.757267][T23404] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000480 [ 1159.757274][T23404] RDX: 00000000000002e9 RSI: 0000000000000000 RDI: 0000000000000000 [ 1159.757281][T23404] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1159.803966][T23404] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1159.807261][T23404] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1159.810053][T23404] [ 1160.244745][T23420] FAULT_INJECTION: forcing a failure. [ 1160.244745][T23420] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1160.250678][T23420] CPU: 1 PID: 23420 Comm: syz.3.5148 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1160.254987][T23420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1160.259395][T23420] Call Trace: [ 1160.260845][T23420] [ 1160.262189][T23420] dump_stack_lvl+0x16c/0x1f0 [ 1160.264135][T23420] should_fail_ex+0x497/0x5b0 [ 1160.266106][T23420] _copy_from_user+0x30/0xf0 [ 1160.268075][T23420] get_compat_msghdr+0xa8/0x170 [ 1160.270192][T23420] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1160.272312][T23420] ? __pfx___lock_acquire+0x10/0x10 [ 1160.274298][T23420] ___sys_sendmsg+0x1b0/0x1e0 [ 1160.276232][T23420] ? __pfx____sys_sendmsg+0x10/0x10 [ 1160.278277][T23420] ? ksys_write+0x21c/0x260 [ 1160.279892][T23420] ? __fget_light+0x173/0x210 [ 1160.281602][T23420] __sys_sendmsg+0x117/0x1f0 [ 1160.283204][T23420] ? __pfx___sys_sendmsg+0x10/0x10 [ 1160.284941][T23420] __do_fast_syscall_32+0x73/0x120 [ 1160.286806][T23420] do_fast_syscall_32+0x32/0x80 [ 1160.288504][T23420] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1160.290902][T23420] RIP: 0023:0xf73fa579 [ 1160.292590][T23420] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1160.300612][T23420] RSP: 002b:00000000f5d1257c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1160.303941][T23420] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 1160.306868][T23420] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1160.309721][T23420] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1160.313131][T23420] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1160.316591][T23420] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1160.319650][T23420] [ 1160.398875][ T35] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 1160.599003][ T35] usb 5-1: Using ep0 maxpacket: 32 [ 1160.603672][ T35] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 1160.607409][ T35] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1160.612837][ T35] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1160.617796][ T35] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1160.623877][ T35] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1160.629959][ T35] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1160.634192][ T35] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1160.637915][ T35] usb 5-1: Product: syz [ 1160.639839][ T35] usb 5-1: Manufacturer: syz [ 1160.641829][ T35] usb 5-1: SerialNumber: syz [ 1160.646443][ T35] usb 5-1: config 0 descriptor?? [ 1160.651677][ T35] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1160.657174][ T35] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1160.861178][ T35] usb 5-1: USB disconnect, device number 106 [ 1160.864504][ T35] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 1160.933063][T23425] tipc: Started in network mode [ 1160.934913][T23425] tipc: Node identity 5267fb4b06f4, cluster identity 4711 [ 1160.937867][T23425] tipc: Enabled bearer , priority 10 [ 1161.668630][T23438] FAULT_INJECTION: forcing a failure. [ 1161.668630][T23438] name failslab, interval 1, probability 0, space 0, times 0 [ 1161.677789][T23438] CPU: 3 PID: 23438 Comm: syz.0.5154 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1161.682357][T23438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1161.687172][T23438] Call Trace: [ 1161.688683][T23438] [ 1161.690035][T23438] dump_stack_lvl+0x16c/0x1f0 [ 1161.692226][T23438] should_fail_ex+0x497/0x5b0 [ 1161.694364][T23438] should_failslab+0x9/0x20 [ 1161.696377][T23438] __kmalloc_noprof+0xcf/0x420 [ 1161.698527][T23438] ? __pfx_lock_acquire+0x10/0x10 [ 1161.700819][T23438] tomoyo_realpath_from_path+0xbf/0x710 [ 1161.703296][T23438] ? tomoyo_profile+0x47/0x60 [ 1161.705428][T23438] tomoyo_path_number_perm+0x245/0x5b0 [ 1161.707830][T23438] ? tomoyo_path_number_perm+0x232/0x5b0 [ 1161.710379][T23438] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1161.713037][T23438] ? __pfx_lock_release+0x10/0x10 [ 1161.715220][T23438] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1161.717893][T23438] ? __fget_files+0x256/0x400 [ 1161.720049][T23438] security_file_ioctl_compat+0x75/0xc0 [ 1161.722490][T23438] __do_compat_sys_ioctl+0x5d/0x330 [ 1161.724782][T23438] __do_fast_syscall_32+0x73/0x120 [ 1161.726954][T23438] do_fast_syscall_32+0x32/0x80 [ 1161.729078][T23438] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1161.731839][T23438] RIP: 0023:0xf7473579 [ 1161.733663][T23438] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1161.742202][T23438] RSP: 002b:00000000f5d8b57c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 1161.745874][T23438] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040049325 [ 1161.749388][T23438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1161.752912][T23438] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1161.756488][T23438] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1161.759969][T23438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1161.763561][T23438] [ 1161.765816][T23438] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1162.051404][ T35] tipc: Node number set to 1418984267 [ 1162.117819][T16879] usb 7-1: USB disconnect, device number 85 [ 1162.376119][T23457] FAULT_INJECTION: forcing a failure. [ 1162.376119][T23457] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1162.382594][T23457] CPU: 2 PID: 23457 Comm: syz.3.5160 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1162.387644][T23457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1162.392348][T23457] Call Trace: [ 1162.393838][T23457] [ 1162.395138][T23457] dump_stack_lvl+0x16c/0x1f0 [ 1162.397216][T23457] should_fail_ex+0x497/0x5b0 [ 1162.399308][T23457] _copy_from_user+0x30/0xf0 [ 1162.401321][T23457] get_compat_msghdr+0xa8/0x170 [ 1162.403503][T23457] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1162.405889][T23457] ? __pfx___lock_acquire+0x10/0x10 [ 1162.408136][T23457] ___sys_sendmsg+0x1b0/0x1e0 [ 1162.410183][T23457] ? __pfx____sys_sendmsg+0x10/0x10 [ 1162.412460][T23457] ? ksys_write+0x21c/0x260 [ 1162.414443][T23457] ? __fget_light+0x173/0x210 [ 1162.416480][T23457] __sys_sendmsg+0x117/0x1f0 [ 1162.418535][T23457] ? __pfx___sys_sendmsg+0x10/0x10 [ 1162.418575][T23457] __do_fast_syscall_32+0x73/0x120 [ 1162.423270][T23457] do_fast_syscall_32+0x32/0x80 [ 1162.425444][T23457] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1162.428212][T23457] RIP: 0023:0xf73fa579 [ 1162.428231][T23457] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1162.428247][T23457] RSP: 002b:00000000f5d1257c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1162.441196][T23457] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 1162.444761][T23457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1162.448211][T23457] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1162.451714][T23457] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1162.455173][T23457] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1162.458672][T23457] [ 1162.798904][ T55] usb 8-1: new high-speed USB device number 80 using dummy_hcd [ 1162.898193][ T39] audit: type=1326 audit(1720375059.830:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23488 comm="syz.0.5167" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7473579 code=0x0 [ 1162.978949][ T55] usb 8-1: Using ep0 maxpacket: 32 [ 1162.983424][ T55] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 1162.987188][ T55] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1162.992553][ T55] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1162.997212][ T55] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1163.002780][ T55] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1163.012152][ T55] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1163.016544][ T55] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1163.020301][ T55] usb 8-1: Product: syz [ 1163.022164][ T55] usb 8-1: Manufacturer: syz [ 1163.024232][ T55] usb 8-1: SerialNumber: syz [ 1163.034526][ T55] usb 8-1: config 0 descriptor?? [ 1163.038665][ T55] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1163.043975][ T55] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1163.228928][ T5241] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 1163.283546][T14667] usb 8-1: USB disconnect, device number 80 [ 1163.293911][T14667] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 1163.433686][ T5241] usb 5-1: config 0 has no interfaces? [ 1163.436231][ T5241] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1163.440381][ T5241] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1163.451528][ T5241] usb 5-1: config 0 descriptor?? [ 1165.186296][T23532] nft_compat: unsupported protocol 0 [ 1165.529103][T19863] usb 6-1: new high-speed USB device number 92 using dummy_hcd [ 1165.679778][T23540] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 1165.708952][T19863] usb 6-1: Using ep0 maxpacket: 32 [ 1165.713731][T19863] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 1165.716655][T19863] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1165.721742][T19863] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1165.728033][T19863] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1165.738854][T19863] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1165.750125][T19863] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1165.753786][T19863] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1165.757162][T19863] usb 6-1: Product: syz [ 1165.759010][T19863] usb 6-1: Manufacturer: syz [ 1165.761047][T19863] usb 6-1: SerialNumber: syz [ 1165.765810][T19863] usb 6-1: config 0 descriptor?? [ 1165.770826][T19863] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1165.779066][T19863] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1165.819012][ T56] usb 7-1: new high-speed USB device number 86 using dummy_hcd [ 1165.884139][ T35] usb 5-1: USB disconnect, device number 107 [ 1165.998960][ T56] usb 7-1: Using ep0 maxpacket: 32 [ 1166.005216][ T56] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 1166.010348][ T56] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1166.014929][ T56] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1166.019382][ T56] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1166.024600][ T56] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1166.027968][ T6144] usb 6-1: USB disconnect, device number 92 [ 1166.034685][ T6144] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 1166.038176][ T56] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1166.044218][ T56] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1166.047768][ T56] usb 7-1: Product: syz [ 1166.058842][ T56] usb 7-1: Manufacturer: syz [ 1166.060994][ T56] usb 7-1: SerialNumber: syz [ 1166.070292][ T56] usb 7-1: config 0 descriptor?? [ 1166.073940][ T56] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1166.090203][ T56] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1166.228969][T15343] usb 8-1: new high-speed USB device number 81 using dummy_hcd [ 1166.315508][ T55] usb 7-1: USB disconnect, device number 86 [ 1166.322995][ T55] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 1166.408874][T15343] usb 8-1: Using ep0 maxpacket: 32 [ 1166.412676][T15343] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1166.416136][T15343] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1166.420207][T15343] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1166.424527][T15343] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1166.428511][T15343] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1166.432615][T15343] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1166.439158][T15343] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1166.442855][T15343] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1166.446241][T15343] usb 8-1: Product: syz [ 1166.448066][T15343] usb 8-1: Manufacturer: syz [ 1166.450118][T15343] usb 8-1: SerialNumber: syz [ 1166.689858][T15343] cdc_ncm 8-1:1.0: bind() failure [ 1166.695563][T15343] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found [ 1166.698259][T15343] cdc_ncm 8-1:1.1: bind() failure [ 1166.702045][T15343] usb 8-1: USB disconnect, device number 81 [ 1167.717957][T23580] FAULT_INJECTION: forcing a failure. [ 1167.717957][T23580] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1167.730067][T23580] CPU: 1 PID: 23580 Comm: syz.0.5193 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1167.734230][T23580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1167.738321][T23580] Call Trace: [ 1167.739607][T23580] [ 1167.740834][T23580] dump_stack_lvl+0x16c/0x1f0 [ 1167.742578][T23580] should_fail_ex+0x497/0x5b0 [ 1167.744566][T23580] _copy_to_user+0x30/0xc0 [ 1167.746516][T23580] simple_read_from_buffer+0xd0/0x160 [ 1167.748793][T23580] proc_fail_nth_read+0x1b0/0x290 [ 1167.751008][T23580] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1167.753428][T23580] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1167.755853][T23580] vfs_read+0x1d4/0xbd0 [ 1167.757672][T23580] ? __fdget_pos+0xeb/0x180 [ 1167.759676][T23580] ? __pfx_vfs_read+0x10/0x10 [ 1167.761681][T23580] ? __pfx___mutex_lock+0x10/0x10 [ 1167.763854][T23580] ? __fget_files+0x256/0x400 [ 1167.765914][T23580] ksys_read+0x12f/0x260 [ 1167.767756][T23580] ? __pfx_ksys_read+0x10/0x10 [ 1167.769872][T23580] __do_fast_syscall_32+0x73/0x120 [ 1167.771722][T23580] do_fast_syscall_32+0x32/0x80 [ 1167.773740][T23580] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1167.776372][T23580] RIP: 0023:0xf7473579 [ 1167.778112][T23580] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1167.786298][T23580] RSP: 002b:00000000f5d8b5b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1167.789798][T23580] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5d8b630 [ 1167.792886][T23580] RDX: 000000000000000f RSI: 00000000f745dff4 RDI: 0000000000000000 [ 1167.796011][T23580] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1167.799171][T23580] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 1167.801745][T23580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1167.804365][T23580] [ 1168.869574][T23606] tipc: Enabling of bearer rejected, already enabled [ 1169.389239][T23612] input: syz1 as /devices/virtual/input/input151 [ 1169.438528][T23613] FAULT_INJECTION: forcing a failure. [ 1169.438528][T23613] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.449470][T23613] CPU: 2 PID: 23613 Comm: syz.2.5201 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1169.454282][T23613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1169.458954][T23613] Call Trace: [ 1169.460435][T23613] [ 1169.461754][T23613] dump_stack_lvl+0x16c/0x1f0 [ 1169.463833][T23613] should_fail_ex+0x497/0x5b0 [ 1169.465927][T23613] should_failslab+0x9/0x20 [ 1169.467858][T23613] __kmalloc_noprof+0xcf/0x420 [ 1169.470160][T23613] ? __pfx_lock_acquire+0x10/0x10 [ 1169.472351][T23613] tomoyo_realpath_from_path+0xbf/0x710 [ 1169.474762][T23613] ? tomoyo_profile+0x47/0x60 [ 1169.476813][T23613] tomoyo_path_number_perm+0x245/0x5b0 [ 1169.479168][T23613] ? tomoyo_path_number_perm+0x232/0x5b0 [ 1169.481637][T23613] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1169.484281][T23613] ? __pfx_lock_release+0x10/0x10 [ 1169.486744][T23613] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1169.489470][T23613] ? __fget_files+0x256/0x400 [ 1169.491554][T23613] security_file_ioctl_compat+0x75/0xc0 [ 1169.493951][T23613] __do_compat_sys_ioctl+0x5d/0x330 [ 1169.496224][T23613] __do_fast_syscall_32+0x73/0x120 [ 1169.498527][T23613] do_fast_syscall_32+0x32/0x80 [ 1169.500682][T23613] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1169.503506][T23613] RIP: 0023:0xf747d579 [ 1169.505585][T23613] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1169.514040][T23613] RSP: 002b:00000000f5d5357c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 1169.517571][T23613] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000005502 [ 1169.520467][T23613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1169.523309][T23613] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1169.526258][T23613] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1169.529687][T23613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1169.533258][T23613] [ 1169.578994][T23613] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1169.777379][T23629] netlink: 'syz.1.5207': attribute type 23 has an invalid length. [ 1169.911511][ T39] audit: type=1326 audit(1720375066.850:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1169.936889][ T39] audit: type=1326 audit(1720375066.850:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1169.950985][ T39] audit: type=1326 audit(1720375066.860:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=274 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1169.961317][ T39] audit: type=1326 audit(1720375066.860:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1169.971477][ T39] audit: type=1326 audit(1720375066.860:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=450 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1169.983746][ T39] audit: type=1326 audit(1720375066.860:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1169.999283][ T39] audit: type=1326 audit(1720375066.860:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1170.011283][ T39] audit: type=1326 audit(1720375066.860:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1170.023836][ T39] audit: type=1326 audit(1720375066.860:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1170.038084][ T39] audit: type=1326 audit(1720375066.860:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23642 comm="syz.0.5210" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7473579 code=0x7ffc0000 [ 1170.380034][T23664] nbd: must specify a device to reconfigure [ 1170.444459][T23674] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5222'. [ 1170.859674][T19863] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 1171.054138][T19863] usb 5-1: config 0 has no interfaces? [ 1171.056363][T19863] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1171.061026][T19863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1171.068997][T19863] usb 5-1: config 0 descriptor?? [ 1171.277914][T19863] usb 5-1: USB disconnect, device number 108 [ 1171.480669][T23690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1171.486416][T23690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1171.769618][T14667] usb 8-1: new high-speed USB device number 82 using dummy_hcd [ 1171.957881][T14667] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1171.962241][T14667] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1171.970311][T14667] usb 8-1: config 0 descriptor?? [ 1171.974924][T14667] cp210x 8-1:0.0: cp210x converter detected [ 1172.245313][T14667] cp210x 8-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 1172.248213][T14667] cp210x 8-1:0.0: querying part number failed [ 1172.254327][T14667] usb 8-1: cp210x converter now attached to ttyUSB0 [ 1172.268970][T16879] usb 6-1: new high-speed USB device number 93 using dummy_hcd [ 1172.452219][T14667] usb 8-1: USB disconnect, device number 82 [ 1172.471482][T14667] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1172.475011][T14667] cp210x 8-1:0.0: device disconnected [ 1172.476884][T16879] usb 6-1: config 0 has no interfaces? [ 1172.479653][T16879] usb 6-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1172.483656][T16879] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1172.490240][T16879] usb 6-1: config 0 descriptor?? [ 1172.859036][ T5241] usb 7-1: new high-speed USB device number 87 using dummy_hcd [ 1173.048952][ T5241] usb 7-1: config 0 has no interfaces? [ 1173.051137][ T5241] usb 7-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1173.054494][ T5241] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1173.062981][ T5241] usb 7-1: config 0 descriptor?? [ 1173.385517][T23729] tipc: Enabling of bearer rejected, already enabled [ 1174.238475][T23747] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5239'. [ 1174.932507][T16879] usb 6-1: USB disconnect, device number 93 [ 1175.155182][T23759] FAULT_INJECTION: forcing a failure. [ 1175.155182][T23759] name failslab, interval 1, probability 0, space 0, times 0 [ 1175.161282][T23759] CPU: 0 PID: 23759 Comm: syz.1.5242 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1175.166047][T23759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1175.170899][T23759] Call Trace: [ 1175.172431][T23759] [ 1175.173776][T23759] dump_stack_lvl+0x16c/0x1f0 [ 1175.175991][T23759] should_fail_ex+0x497/0x5b0 [ 1175.178019][T23759] should_failslab+0x9/0x20 [ 1175.180257][T23759] __kmalloc_noprof+0xcf/0x420 [ 1175.182584][T23759] ? __pfx_lock_acquire+0x10/0x10 [ 1175.184888][T23759] tomoyo_realpath_from_path+0xbf/0x710 [ 1175.187403][T23759] ? tomoyo_profile+0x47/0x60 [ 1175.189580][T23759] tomoyo_path_number_perm+0x245/0x5b0 [ 1175.192413][T23759] ? tomoyo_path_number_perm+0x232/0x5b0 [ 1175.195286][T23759] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1175.198019][T23759] ? __pfx_lock_release+0x10/0x10 [ 1175.200283][T23759] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1175.203031][T23759] ? __fget_files+0x256/0x400 [ 1175.205190][T23759] security_file_ioctl_compat+0x75/0xc0 [ 1175.207671][T23759] __do_compat_sys_ioctl+0x5d/0x330 [ 1175.209974][T23759] __do_fast_syscall_32+0x73/0x120 [ 1175.212288][T23759] do_fast_syscall_32+0x32/0x80 [ 1175.214489][T23759] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1175.217298][T23759] RIP: 0023:0xf7437579 [ 1175.219111][T23759] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1175.227396][T23759] RSP: 002b:00000000f5d4f57c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 1175.231311][T23759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 1175.234556][T23759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1175.238052][T23759] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1175.241349][T23759] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1175.245070][T23759] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1175.248841][T23759] [ 1175.250413][ C0] vkms_vblank_simulate: vblank timer overrun [ 1175.253735][T23759] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1175.260443][T23759] input: syz1 as /devices/virtual/input/input152 [ 1175.421254][T14667] usb 7-1: USB disconnect, device number 87 [ 1176.078924][T16879] usb 6-1: new high-speed USB device number 94 using dummy_hcd [ 1176.288887][T16879] usb 6-1: Using ep0 maxpacket: 32 [ 1176.297564][T16879] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 1176.302154][T16879] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1176.307026][T16879] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1176.314297][T16879] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1176.320572][T16879] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1176.329162][T16879] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1176.333146][T16879] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1176.337302][T16879] usb 6-1: Product: syz [ 1176.341369][T16879] usb 6-1: Manufacturer: syz [ 1176.343498][T16879] usb 6-1: SerialNumber: syz [ 1176.354005][T16879] usb 6-1: config 0 descriptor?? [ 1176.362501][T16879] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1176.371585][T16879] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1176.582327][T16879] usb 6-1: USB disconnect, device number 94 [ 1176.593523][T16879] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 1176.724227][ T39] kauditd_printk_skb: 120 callbacks suppressed [ 1176.724329][ T39] audit: type=1326 audit(1720375073.660:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23786 comm="syz.2.5250" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf747d579 code=0x0 [ 1177.048960][ T25] usb 7-1: new high-speed USB device number 88 using dummy_hcd [ 1177.076521][T23797] 9p: Unknown Cache mode or invalid value fscach [ 1177.253205][ T25] usb 7-1: config 0 has no interfaces? [ 1177.255663][ T25] usb 7-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1177.259637][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1177.274411][ T25] usb 7-1: config 0 descriptor?? [ 1177.627642][T23811] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5257'. [ 1179.309044][ T35] usb 6-1: new high-speed USB device number 95 using dummy_hcd [ 1179.493695][ T35] usb 6-1: config 0 has no interfaces? [ 1179.496764][ T35] usb 6-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1179.501719][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1179.507517][ T35] usb 6-1: config 0 descriptor?? [ 1179.694303][T14667] usb 7-1: USB disconnect, device number 88 [ 1179.764012][T19685] usb 6-1: USB disconnect, device number 95 [ 1180.298964][T14667] usb 7-1: new high-speed USB device number 89 using dummy_hcd [ 1180.422627][T23863] netlink: 168 bytes leftover after parsing attributes in process `syz.1.5273'. [ 1180.498936][T14667] usb 7-1: Using ep0 maxpacket: 32 [ 1180.503480][T14667] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 1180.507144][T14667] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1180.512650][T14667] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1180.517519][T14667] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1180.523956][T14667] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1180.529934][T14667] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1180.534353][T14667] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1180.536433][ T39] audit: type=1326 audit(1720375077.470:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23866 comm="syz.0.5274" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7473579 code=0x0 [ 1180.538215][T14667] usb 7-1: Product: syz [ 1180.538234][T14667] usb 7-1: Manufacturer: syz [ 1180.538248][T14667] usb 7-1: SerialNumber: syz [ 1180.540277][T14667] usb 7-1: config 0 descriptor?? [ 1180.557944][T14667] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1180.563392][T14667] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1180.775868][T14667] usb 7-1: USB disconnect, device number 89 [ 1180.785466][T14667] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 1180.869018][T16879] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1181.050820][T16879] usb 5-1: config 0 has no interfaces? [ 1181.052887][T16879] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1181.056750][T16879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1181.061508][T16879] usb 5-1: config 0 descriptor?? [ 1181.119219][T19685] usb 6-1: new high-speed USB device number 96 using dummy_hcd [ 1181.308878][T19685] usb 6-1: Using ep0 maxpacket: 32 [ 1181.314181][T19685] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1181.324005][T19685] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1181.328963][T19685] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1181.333266][T19685] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1181.337493][T19685] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1181.341924][T19685] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1181.347853][T19685] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1181.352972][T19685] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1181.356200][T19685] usb 6-1: Product: syz [ 1181.358357][T19685] usb 6-1: Manufacturer: syz [ 1181.360894][T19685] usb 6-1: SerialNumber: syz [ 1181.586898][T19685] cdc_ncm 6-1:1.0: bind() failure [ 1181.593044][T19685] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 1181.595616][T19685] cdc_ncm 6-1:1.1: bind() failure [ 1181.600240][T19685] usb 6-1: USB disconnect, device number 96 [ 1182.093143][ T1089] ------------[ cut here ]------------ [ 1182.096236][ T1089] WARNING: CPU: 0 PID: 1089 at net/wireless/nl80211.c:19473 cfg80211_bss_color_notify+0x60b/0x7d0 [ 1182.101157][ T1089] Modules linked in: [ 1182.103124][ T1089] CPU: 0 PID: 1089 Comm: kworker/u32:7 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1182.109832][ T1089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1182.114728][ T1089] Workqueue: phy28 ieee80211_color_collision_detection_work [ 1182.118067][ T1089] RIP: 0010:cfg80211_bss_color_notify+0x60b/0x7d0 [ 1182.121414][ T1089] Code: be 5b f7 49 8d 7f 68 be ff ff ff ff e8 0e 3d a9 00 31 ff 89 c3 89 c6 e8 43 b9 5b f7 85 db 0f 85 16 fb ff ff e8 36 be 5b f7 90 <0f> 0b 90 e9 08 fb ff ff e8 28 be 5b f7 0f b6 44 24 1c ba 01 00 00 [ 1182.130341][ T1089] RSP: 0018:ffffc90006e8fbf8 EFLAGS: 00010293 [ 1182.132997][ T1089] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8a32d04d [ 1182.136541][ T1089] RDX: ffff888020a34880 RSI: ffffffff8a32d05a RDI: 0000000000000005 [ 1182.140151][ T1089] RBP: 000000000000008d R08: 0000000000000005 R09: 0000000000000000 [ 1182.143762][ T1089] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802a0a8000 [ 1182.147213][ T1089] R13: ffff8880154b0000 R14: ffff88802a0a8cb0 R15: ffff888026aa8700 [ 1182.151302][ T1089] FS: 0000000000000000(0000) GS:ffff88802c000000(0000) knlGS:0000000000000000 [ 1182.155527][ T1089] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 1182.158729][ T1089] CR2: 0000000020002000 CR3: 0000000052588000 CR4: 0000000000352ef0 [ 1182.162891][ T1089] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1182.166712][ T1089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1182.170502][ T1089] Call Trace: [ 1182.172019][ T1089] [ 1182.173355][ T1089] ? show_regs+0x8c/0xa0 [ 1182.175279][ T1089] ? __warn+0xe5/0x3c0 [ 1182.177113][ T1089] ? cfg80211_bss_color_notify+0x60b/0x7d0 [ 1182.179879][ T1089] ? report_bug+0x3c0/0x580 [ 1182.181674][ T1089] ? handle_bug+0x3d/0x70 [ 1182.183607][ T1089] ? exc_invalid_op+0x17/0x50 [ 1182.185744][ T1089] ? asm_exc_invalid_op+0x1a/0x20 [ 1182.188108][ T1089] ? cfg80211_bss_color_notify+0x5fd/0x7d0 [ 1182.191213][ T1089] ? cfg80211_bss_color_notify+0x60a/0x7d0 [ 1182.193883][ T1089] ? cfg80211_bss_color_notify+0x60b/0x7d0 [ 1182.196461][ T1089] ? cfg80211_bss_color_notify+0x60a/0x7d0 [ 1182.199301][ T1089] ? __pfx_lock_acquire+0x10/0x10 [ 1182.201536][ T1089] ? __pfx_cfg80211_bss_color_notify+0x10/0x10 [ 1182.204451][ T1089] process_one_work+0x958/0x1ad0 [ 1182.206554][ T1089] ? __pfx_lock_acquire+0x10/0x10 [ 1182.208692][ T1089] ? __pfx_process_one_work+0x10/0x10 [ 1182.211285][ T1089] ? assign_work+0x1a0/0x250 [ 1182.213055][ T1089] worker_thread+0x6c8/0xf30 [ 1182.214523][ T1089] ? __pfx_worker_thread+0x10/0x10 [ 1182.216485][ T1089] kthread+0x2c1/0x3a0 [ 1182.218433][ T1089] ? _raw_spin_unlock_irq+0x23/0x50 [ 1182.221034][ T1089] ? __pfx_kthread+0x10/0x10 [ 1182.223259][ T1089] ret_from_fork+0x45/0x80 [ 1182.225567][ T1089] ? __pfx_kthread+0x10/0x10 [ 1182.228107][ T1089] ret_from_fork_asm+0x1a/0x30 [ 1182.230605][ T1089] [ 1182.232361][ T1089] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1182.236112][ T1089] CPU: 0 PID: 1089 Comm: kworker/u32:7 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1182.241043][ T1089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1182.246512][ T1089] Workqueue: phy28 ieee80211_color_collision_detection_work [ 1182.250091][ T1089] Call Trace: [ 1182.251779][ T1089] [ 1182.253214][ T1089] dump_stack_lvl+0x3d/0x1f0 [ 1182.255566][ T1089] panic+0x6f5/0x7a0 [ 1182.257781][ T1089] ? __pfx_panic+0x10/0x10 [ 1182.260706][ T1089] ? show_trace_log_lvl+0x363/0x500 [ 1182.263302][ T1089] ? check_panic_on_warn+0x1f/0xb0 [ 1182.266139][ T1089] ? cfg80211_bss_color_notify+0x60b/0x7d0 [ 1182.268947][ T1089] check_panic_on_warn+0xab/0xb0 [ 1182.271486][ T1089] __warn+0xf1/0x3c0 [ 1182.273499][ T1089] ? cfg80211_bss_color_notify+0x60b/0x7d0 [ 1182.276482][ T1089] report_bug+0x3c0/0x580 [ 1182.278961][ T1089] handle_bug+0x3d/0x70 [ 1182.281187][ T1089] exc_invalid_op+0x17/0x50 [ 1182.283338][ T1089] asm_exc_invalid_op+0x1a/0x20 [ 1182.285576][ T1089] RIP: 0010:cfg80211_bss_color_notify+0x60b/0x7d0 [ 1182.288505][ T1089] Code: be 5b f7 49 8d 7f 68 be ff ff ff ff e8 0e 3d a9 00 31 ff 89 c3 89 c6 e8 43 b9 5b f7 85 db 0f 85 16 fb ff ff e8 36 be 5b f7 90 <0f> 0b 90 e9 08 fb ff ff e8 28 be 5b f7 0f b6 44 24 1c ba 01 00 00 [ 1182.297098][ T1089] RSP: 0018:ffffc90006e8fbf8 EFLAGS: 00010293 [ 1182.299838][ T1089] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8a32d04d [ 1182.303394][ T1089] RDX: ffff888020a34880 RSI: ffffffff8a32d05a RDI: 0000000000000005 [ 1182.306941][ T1089] RBP: 000000000000008d R08: 0000000000000005 R09: 0000000000000000 [ 1182.310483][ T1089] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802a0a8000 [ 1182.314015][ T1089] R13: ffff8880154b0000 R14: ffff88802a0a8cb0 R15: ffff888026aa8700 [ 1182.317589][ T1089] ? cfg80211_bss_color_notify+0x5fd/0x7d0 [ 1182.320062][ T1089] ? cfg80211_bss_color_notify+0x60a/0x7d0 [ 1182.322558][ T1089] ? cfg80211_bss_color_notify+0x60a/0x7d0 [ 1182.324634][ T1089] ? __pfx_lock_acquire+0x10/0x10 [ 1182.326323][ T1089] ? __pfx_cfg80211_bss_color_notify+0x10/0x10 [ 1182.328174][ T1089] process_one_work+0x958/0x1ad0 [ 1182.329810][ T1089] ? __pfx_lock_acquire+0x10/0x10 [ 1182.331964][ T1089] ? __pfx_process_one_work+0x10/0x10 [ 1182.334275][ T1089] ? assign_work+0x1a0/0x250 [ 1182.336246][ T1089] worker_thread+0x6c8/0xf30 [ 1182.338242][ T1089] ? __pfx_worker_thread+0x10/0x10 [ 1182.340428][ T1089] kthread+0x2c1/0x3a0 [ 1182.342194][ T1089] ? _raw_spin_unlock_irq+0x23/0x50 [ 1182.344419][ T1089] ? __pfx_kthread+0x10/0x10 [ 1182.346415][ T1089] ret_from_fork+0x45/0x80 [ 1182.348355][ T1089] ? __pfx_kthread+0x10/0x10 [ 1182.350490][ T1089] ret_from_fork_asm+0x1a/0x30 [ 1182.352768][ T1089] [ 1182.355039][ T1089] Kernel Offset: disabled [ 1182.357182][ T1089] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:57:59 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f94295 RDI=ffffffff94d59e00 RBP=ffffffff94d59dc0 RSP=ffffc90006e8f5e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005 R12=0000000000000000 R13=0000000000000038 R14=ffffffff84f94230 R15=0000000000000000 RIP=ffffffff84f942bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020002000 CR3=0000000052588000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000038d903f RBX=0000000000000001 RCX=ffffffff8adc1c19 RDX=0000000000000000 RSI=ffffffff8b2cb9e0 RDI=ffffffff8b8fb5e0 RBP=ffffed1002ce9910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed1005826fdd R10=ffff88802c137eeb R11=0000000000000000 R12=0000000000000001 R13=ffff88801674c880 R14=ffffffff8fe29410 R15=0000000000000000 RIP=ffffffff8adc300f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f74a30e8 CR3=0000000029e44000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffffea000065c440 RCX=ffffffff81d3daff RDX=ffff88801c6f4880 RSI=ffffffff81d3db19 RDI=0000000000000007 RBP=0000000000000000 RSP=ffffc90002b3f660 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000003 R12=0000000000000000 R13=dffffc0000000000 R14=0000000000000001 R15=00000000f6b7d000 RIP=ffffffff818e8ee8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000557f0156c000 CR3=000000001e09c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=1bee1dae1bee1dae 1bee1dae1bee1dae 1bee1dae1bee1dae 1bee1dae1bee1dae 1bee1dae1bee1dae 1bee1dae1bee1dae 1bee1dae1bee1dae 1bee1dae1bee1dae ZMM22=64e0498264e04982 64e0498264e04982 64e0498264e04982 64e0498264e04982 64e0498264e04982 64e0498264e04982 64e0498264e04982 64e0498264e04982 ZMM23=3a963e9f3a963e9f 3a963e9f3a963e9f 3a963e9f3a963e9f 3a963e9f3a963e9f 3a963e9f3a963e9f 3a963e9f3a963e9f 3a963e9f3a963e9f 3a963e9f3a963e9f ZMM24=52f9673752f96737 52f9673752f96737 52f9673752f96737 52f9673752f96737 52f9673752f96737 52f9673752f96737 52f9673752f96737 52f9673752f96737 ZMM25=3781526437815264 3781526437815264 3781526437815264 3781526437815264 3781526437815264 3781526437815264 3781526437815264 3781526437815264 ZMM26=8a1c4c4d8a1c4c4d 8a1c4c4d8a1c4c4d 8a1c4c4d8a1c4c4d 8a1c4c4d8a1c4c4d 8a1c4c4d8a1c4c4d 8a1c4c4d8a1c4c4d 8a1c4c4d8a1c4c4d 8a1c4c4d8a1c4c4d ZMM27=927b193c927b193c 927b193c927b193c 927b193c927b193c 927b193c927b193c 927b193c927b193c 927b193c927b193c 927b193c927b193c 927b193c927b193c ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=f6260000f6260000 f6260000f6260000 f6260000f6260000 f6260000f6260000 f6260000f6260000 f6260000f6260000 f6260000f6260000 f6260000f6260000 info registers vcpu 3 CPU#3 RAX=0000000001636565 RBX=0000000000000003 RCX=ffffffff8adc1c19 RDX=0000000000000000 RSI=ffffffff8b2cb9e0 RDI=ffffffff8b8fb5e0 RBP=ffffed1002cec488 RSP=ffffc90000497e08 R8 =0000000000000001 R9 =ffffed1005866fdd R10=ffff88802c337eeb R11=0000000000000000 R12=0000000000000003 R13=ffff888016762440 R14=ffffffff8fe29410 R15=0000000000000000 RIP=ffffffff8adc300f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002000a000 CR3=0000000029e44000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000