last executing test programs: 7.272237701s ago: executing program 2 (id=5014): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffff0001, 0xfffffffc}, 0x0) r3 = socket(0x10, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/igmp6\x00') read$alg(r4, &(0x7f0000000e80)=""/4096, 0x1000) sendmsg$nl_route(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r5, &(0x7f0000000100)={0x1f, 0x0, @none}, 0xe) setsockopt$bt_BT_RCVMTU(r5, 0x112, 0xf, &(0x7f00000009c0), 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x22, 0x301, 0x270bd24, 0x25dfdbfd, {0x1}}, 0x14}}, 0x0) socket$alg(0x26, 0x5, 0x0) r6 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb0, 0x10, 0x51, 0x20, 0x1bc7, 0x1900, 0x4a5f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x81, 0x2, 0x2, 0xec, 0x81, 0x4c, 0x0, [], [{{0x9, 0x5, 0xf, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0xb}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, 0x0) r7 = syz_open_dev$video4linux(0x0, 0x2, 0x20) ioctl$VIDIOC_SUBDEV_S_FMT(r7, 0xc0585605, 0x0) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) 4.970196817s ago: executing program 0 (id=5022): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x4, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x2b, 0x83, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x7}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x804) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0x5b, 0x0}}], 0x581a58385c57f9f, 0x20000001) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000003e000701feffffff00000000017c0000040042800c00018006000600800a00000800028004001280da15ff25f0d8e4847c21a39e5b0ec321f1539cd0fc5520872624fbc3315b09df4a9ff11f75808c85f0894c0e8315363d0780cff1466ea03aff6fa958e7c38d5ff9ae42575237a20212f8467df08b67db2cc02dc94075a2699e1fe132b7bb405bbec22a32bb5085783d19b52645c4840c6ff426d5e4d3cac5ad50f709c18e015876b08aed035d0efe8b"], 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) openat$nullb(0xffffff9c, &(0x7f00000000c0), 0x224400, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0) pipe2$9p(&(0x7f0000000280), 0x84800) r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f00000000c0)="01", 0x24}]) 3.856510089s ago: executing program 2 (id=5024): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 3.72984834s ago: executing program 0 (id=5025): socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x60b03, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_NMI(r2, 0xae9a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x65, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000200)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x56555958}}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) rseq(0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000034c0), 0x0, 0x700, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000240)={0x10000001}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) 3.100780902s ago: executing program 3 (id=5026): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', 0x0}) 3.100447151s ago: executing program 3 (id=5027): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udplite(0x2, 0x2, 0x88) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x3, 0x0, 0x7fffffff}]}) syz_genetlink_get_family_id$nfc(&(0x7f0000001cc0), 0xffffffffffffffff) r2 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="c14a8cf012b79241197fa55c95cb78c868dc7f4065db6a1f55fdb9b3b620905db1150adbd5a48a5968dce0ca0c3b439a84136af4f91b835cf51a0b762c624ee970f63316960a1c5a1e36e766cf0fbb9676e41671fbe2c846cae88f54cd08de9d971d8205b0f52c3dc829935ceb9b6f73bf7cacade0e52ab90b160f562cc866b026c1261b336312bd662d41d1b80d8141466b9092866d89534e4425d9f046c0f047516825d6671ed32c121c5aa880c9759fb464a544c710dec4bd5b3663332c9310983127de7a7c3e9253a76a0a63a3c692fb2c07fdbae7c2", 0xd8}, {0x0}, {&(0x7f0000000180)}], 0x3, 0x0, 0x0, 0x4024814}}], 0x1, 0x48044) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r3, 0x800442d3, &(0x7f0000000340)={0xfff, 0x2, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 'batadv_slave_0\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r7, 0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4}) setsockopt$IP_VS_SO_SET_STARTDAEMON(r6, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'lo\x00', 0x5}, 0x18) close_range(r1, 0xffffffffffffffff, 0x100000000000000) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe050003000c"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 3.000637331s ago: executing program 1 (id=5028): socket(0x400000000010, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_bridge\x00'}) r1 = syz_open_dev$usbfs(0x0, 0x2, 0x20000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) write$bt_hci(r4, &(0x7f0000000140)=ANY=[@ANYRESOCT=r1, @ANYRES8=r3], 0xa) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r5, 0x107, 0x16, &(0x7f0000000000), 0x4) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) connect$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r6, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x40) recvfrom$inet6(r6, &(0x7f0000000280)=""/11, 0x1a000, 0x102, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f6000002", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f000000060027000000000008000a00a8"], 0x6c}}, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r7, &(0x7f0000000a40)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000ac0)="b13aa8a578174194bdd550f00483ae4e6e5e4ddbc6268e7b937c4b0751f0af94376ff596de5ec72f940cfbd8c191fa49e088f2984cf4e4e67dc39f2298740cded72fe78463a48adc058d56cd8bb979178e2d28d90c6a9dd4d26ef818196828882d128e9f3a74b7a3f9232ae63a368168d1f3f0a63f46a04824f23976855a1a7a6312aaafb7a42cdccded2b97d8aa33bee4347a353c028237a2d6a3ca76f2e1a331cce5f4a577be34ebda609d525b802e3fb226f8f2c3e7d2c9d31b5e2054d9de43bf77761bfb082ebf8af7762e4fb29079f6e30466c2371d24d2dd0e937d747f09907fcf380fe4392b6f034eb9a9878cc225d3a64bba63382a7a89af9265cd145ee26c8661534e8b35a75d98b19defce0cb99a2165e5d684106477a8086f3d5124d66b9cba5876d31d99d4d73164d2b174e3504fdc922d0ec70b0cb35be69d2529b8166b2423a8ed4dee11f597076dbba8100d32c058fcdb863a280d80111dbf48a2d809db078752d8a88d4f2cb7465506ddac6b15bc2ffb2a259ae14a8da7e0f155d35960adcb54e475259f579ae3999c52746d45322a98bb824798a50e22db4c073ace6e954fe6c715264189f425c0fd8e75e4789067ed95d96a6075f3f1be23669a79daa6776f3db5b6812fccf10234b3043ac867907c2ebbe4e31c438cef28c5d33986c469ec8484154ac3c4deaf683414d283928641467e1123169b98241204e1ed221734e77ac99ad92b9c24f50eeb84844e131de895d6ef69b9df34ab19fc3ad7b0f25a937528b4a44a72f77d1efb876d7445cad1d000a0b812cbdf898b56e292714ad3f621987c11fa76fd81703c7e5bf016945df26e89b2e38ab21ff651b6864a01ecbab1d72b2d912f5f8b1e957e9f2f69831ace24b0df40db4c7dc4fb738bcadcecc40825fd5c7345d78868e4ed1f4d449448188497be136378bac983d6d812cf0e2f25114fd3521f26b10975e147380c692254bf2d40a9b27c52d38c2daf5830346110c0bfa597f75bc3b2140ddabf7aee9b61772c3cdb4a475515df62bcdff5445d695a52bc8d50017024a3fb0f3c09fc0bc2274e8b3ca567107c4d29b94942c7711ca71b647f97c9d7d639fcd4b10aeafebb9627bb2e057b67b58561a0805642dc728d4c1db96b6faea1fc00a099e8107f6653374722bff1000d9ecac07d587ff541d34f5a629a57a1af5ffd2d4cd482fe70aa480f76c88a5c63ddc2e0ae3fa2c9044f063b50d359bfd990721b6b2185fc1f287f339ccf808462893238f7a63da1b4a3fbe143128dc061154b501ef8ebb3d014d95942106a00417f501243f631e1372a792fc5811f20cbd6b697300fab956a4e1fd0e46fde6f54e17ebc4fc05e41cae20f59f8ef07832f7ff7436c882b5e86aba109323fd74c19856d6d878bcfd310871683d6bee3e3a8894ca8ee098dffe0b1f2f8cbb02c4e785e7269a48befc420e969d8806265649ef132a24ab12f5c4a870791577055ed3e70b2d67a287928b4711756881f08af1bb9c02a0810d2719856706860455a98737535876503d594047b9dfb0c016e5a3521704e53039ac67352f766f5fabe6aa5914c1f4581bcfdc70b8474ac9abd9847e86110f3cc27379ff3b9c01b857e72bb1368220dc6b4fb25d3cdcaa5934c9e80eaf7a67ec2780ea2555b0dad229c191744a7bc9af1ee0c4b4c25d4d04091db3cc0db4028d753234fc0dd5db978a01572815c00981dca5c6c957bb0ff44fbfd04d280ad26d3db2d667bc15035446dcc7fa30bc21f584d33848407154f0ac7403107a4bab11bd3e858a74529e74f79ac677f625f77fc39b31030844517f16135c359a6ab750ead43844e29138bfdb439f0cca18ad27e123f1c0a2c9e88b23407014b4a725169c4db9fe0aef3a0cf751d8e7d75a01f4c6e3bcbeb12feb962b67e3c6e857190620f97bc5307daa07411eba85fdbb9911a75b66d8fb676fdbed294a3a265fe2a2f7f7793eec6b2792702721ea988e16636a899c4eb11732b8a33206fbcb4020b1e461a4f5d1bef899794593d4aaa74fefeb8b9e2f1afbea704c34b781472f4911def5fb7945c9c9c5a9df5b8ffa0897fcba0587356fc2d3012377aa5e49cc8221e19e985ecc8177f80c95d87360a7854647490d0615d0563c205cfe1caf329ba0a0b1d475dde4a26b90a08c08119e8b0e2fc0a13d1d70bab067044831d16926f2291a3012f0169b5f660b5164116f66bd450782594a721039281e4b8e80f0e13fddc99eabe145edd60ff4d8c6eb9d2fd203dd563b66484b184b21da7db2563a9ad4b4fedbee3deaee5b12eddaed82afd7f262f81262b873c06d9b0ddda01256bc076c03d75200ee752ab11055678e026a35733e9ab454ed281d71e2bded491f239a841f0355472b88623a696a5441a05e0b24a95ec5827f1f8f1ca7bad98fd7898c42b0bda58a4b8666f69ddc434b7754d1ab76a3b0908375af3e4dd1a109456a6023f4c2d1617b3ae85f38d0d07aa8ed61a3fbc52b76eabcc1f49477edd893acc7316e52c6f0a28ffdb1c1388878e1ba917576a6d32ae8bb89447c89bc141bf04064ccbf02e90834c1be2c6df1eafaf397ffe387de000aeb0f3658797ef3dc94701b6f3e6e4dd66715f0087c4aa2f666031601ef2d46369a4a0315431296aedd009957da9e04bd42b31199d093b9d60e3605c7f7204fbcf101b758784594e38aac2ab7eaa39b785f13fca7d7e65d4a47e0093ca6913a9c11c5aad5c4fc8ca4aeb7ef714979ee61e479f669ca17ef3dd6075742c03340ed56f045f151b17d47c14786f9d9dc7f99c02e3992957672a17ed4f32bbc25055638bfa130b43c35ee7f5c5aea531ed823039cd118e66fc77caff40c72b5ea041a2e6cff5b0421012c8d4f1699dd74240063f265c93f2f2dc87f285550895ea170fec4b5331857d18ab0b08ceecc609cf0928ae4d466925400c5f5d7aa2c81e5fa3bac6c0c662a740cdc92204ea01955f81770e7a9c921043a13dd8d11850ec479f6c4040cb7bed653a727e78befc3dfa1c73ad60b26e19da4deadb1c6754b48b51446fb437b39caac0f286628b80dbb9f230c531b69d7ac5228822e83f25cc3d4a06d5f8b38d8c78d28017eb52dec8f109c169e71c1522c5ea88c0e2ad781c506ad0654741c20428a129af623310e1e3f3869de20dee451454a344f995c92503ff75b3c0742b7dd2ea8ead8ca7dcd038a80f9cff698423e9023f28ae59ea80bf040758f9f062f7eeb0734030fd80d059c7c58d659af45c15f27b1f8755f5ff3339f809a20a2cef6a744c1e912f603aa37d7e552818653cf266c6c2730af5cf4029fc0c8b6757fd7be70f9faaa7b8dfd10d29ae53cecd0d3616e709de56a16f402ca0c056f9791b4a101454bdfe875b14467b8953c95309080e51cae9e6f0aac8b3b1bb76fc73b0d9de5337a70c96e437d76c26369355624be33ff0bedf6b81896ae5964dc9a6da430c233e16cf240233aea9075dbc5dbcf3d903e135dd26413196a9f2be1845801096f31d3d8b8ec4f07b9bea02507d5f650b01852fd4370bb1f30efb2467663c7dbf164ec2a4cf80aaf43e3f313fd9ff2150eb2177f6bb85925402bcf94f314e6ed581363d46f7d09e07a46df49a6f56d54f25e76d33328ea6c8cc25a380b2c8d82a6aebbc241dee9b351d9133f971560658c37eda5380b69e2f7891616bdbc424e72b7467a4f778ff7af60e9af263cec87a27d7cb0847fa82b8dd1e5e95dfe0d60b0851a6b598e2768052fd5448eb55a33d956a5d53e99f6a0092cfbad9466bb5131720b6b0efbfb3f061fe02df21b4bd383cced96f2af588f29d2dec993b9530150543dbc074cb0301786032e0d9ea7c81e4f55667bb6ba29feee9d2d8a9c3f765587c9f311b215da5430aa42c321fcdfb721085913f191534eb4f21b6ec272057916310b0b0f0fee1b940b2c2e12b5f05e1ff8ee8700ccab1ca36f2becc51d2a268d67356bfac8e53bee9d90f71f739f69563e4b562483b6e6cebafb69f97f7fefe881a7d1415822d65af3291c6c71c7b6f6481854921ee10e9dd055f77434195055026b624b85eadcb77fae68fc5c66310d9cd5224b67d06d2effffdea527e3bba57d54bd9a1c2474542b952f1f5d2522a8fa79cb5cb1b6e8af407813856caf05b279abd8d8c1de855bae8201538d27bd58a2aab7f30e9b0fded6559dc9d9bccd8e675924ffc03b2a0f1fcbaa672ac181ee39a7d30b5f7a4c1cf59acfb24fa91d5a2f4dec2cfb21e2842b325e2b1d1492f416290dce3d40f60ba0718dc0bfe2132191c1b7676f0825a21e37619380a5f4750427c313a5ae378070a599d25388344f8ceb2eba3ba73b927f3507bbf2bd5839eb49a97f14338457c021e8f828e2d14d3ee727953c3d7596f3c2c1604a3f8832e5c5189c50991288a1699cd438633c932085106f4152c501b1ddf5f98942cb67d47e13bb70d616ac4c72c34fd9b479a4d1fc523c2be2174c78a6e53bfa1a423278b07d97f698f6ce8c36c1bca1f3d3de6b4c48b50013800beee78d83fae8e6f357a1b742bbb957ab725c4e43a20fdef3d2e22247eabe0bf98dfc927a417c3a4a3eebd8cd1b4e0d1fe86db9a7d7eb469c5993260a6364aa1161745029f6190fc33f6dd7e2ccf44eee31bf99197c5e96ae6f151508fd3360d629928cc99443aef0b884710ff698eb047ba1f0c4a4d0fa32310b747353bd344aae7e44319a61d789a5f8a1e8e43a95d8cff9c147325835123cfcfbcf5978743eaa9353e5d7d003d9a652d8c8f87af267a262954365b355c94de0d4287a7c3d1db4df8c52c496832571a785dd0a6e06343d9e930313bfc032ad3078eca0acb4b43d438246ef430ab7e03820d5f312a0d247d29064abea02c3da5a01c5caccf3e9f7a893337458fa1bf6cfee57961eb16061d65bc1ad4b4df95ec9fd4d2d9870d759db489ab9d30d7bd9053d9a1857dd0be95ca1ba6e0d21b79eec85e4f19f9228a5178d06ccfa84410614efe7b14c03ea998509ccd8fbdb796f1836a9b1525ffd604303264139a73949270823940d02373bc76c568661c21659ed74314b1097fac016191b8626cf33da0406d3ed9fda29e57e3083eab7cc06d782159d0ad6ceb10b2e24ee5bc55c4b3b4acb29104f7414a0286403d7faf1a5ab5dca47d12e2d00af03f625e95a2869f1010479d6b1fcadc34ea1dfdb08d60010a061c18445f07579455a95b06bf9bb7c56bf8d10350474e6263bab29b090499f17dd5d1368a9a4951932daa4342ce888f2e6626edd559553847cdb96b0fc1aa1072f2fba6b20634e57cfe51478b3226772856e134434cd4a1d2b225f3377ef783b31597c3fa455a2de88abd4a03faa680c847c8de86e2e6f76c43f0aa0d8ff9d5ed9fffb4147e2d22718f4b5bfef332b265af263190dc249ae86b526202d8a2b7b6ef2d1aff68033ce31bdd2b0bc00f222ba9f8f4820706879bde0f6dcc318d6f00e7a3897a14bae45a8269cfa7afb64af74e29159b500609447913cf263bb505043c86c7125ada73cf2085776fbba3a1c6db0d0bc22a8b29fd89b06e38c5975758458270b0cab1c07804c41b2828bf8b289460c1a1ec07f4a8c8cfdf58e26a8781608f58473af183a1c138b3d9a469c77e0c5d805c05c073a5c988dfa0d7ac96d2b60de9bfb1a64dfd7417219e67dc236e4399db0af5df1e15ad3a4e4ab5052d06f361ac7f87200dc540a7559eb6817a911347c2d01ec2833433495d76419f469d24f4971c255c6f2aa4897f4cccfcf7ba6600eacb1a9c93de8b63ff3b94dfd2863888ad3f057ad9", 0x1000}, {&(0x7f0000000180)="8339c068f5905774", 0x8}, {&(0x7f0000000440)="fece5889fbb04684afd7817ac2f2170d587f5808aeb8b2dd93dc6d7cfb64c824ac0a81271227863ea139b492644f147154373ba88dae42bbce26873e7c57eb851750393786a198d4597be5da8d178b6e2becbab5ec1c627666d8c4971e80134e2295c8b6af41db96a1e1e5f941ccadb19ee9428e8424a30b9617391265879a913c77c4de40e7cd3359456cfb1e405166f600d5035f2b663fe7bddd6f212db49be5916bfb24a581a072e2408687f9e3618a35c771b4f9e9027a7026d7f6b1", 0xbe}, {&(0x7f0000000500)="84c878dcb15a37a8fe4f6249d25c1a6f55b1de778b2cffd1ceacc411caf1725ea43de30f9841f6dd6eeab50db2f000ff189230d2ee31610c0729686cccf914a74c8c4987400131431c0b271a6ff044ebe75816d4ffaaed05771f495848d5fd04c5c248b3bb47abb2807b6d3110e2f5461d9acc82111ab9f006e9dbc4f52b390b3da28e0a8f87e5728416b4587cc0eec2fa6b16639162a8f68424ddcf0f1f91f6c7caca23b94eefe666bf67209994ce337c17328557f191e098300e0edc1db3bbe263565dab6059109b53c0da77e274040c984956afa270d520217a07e16adc8ff38a857297f1fd964002", 0xea}, {&(0x7f0000000700)="f8665b5e9630174dcd412b9a77a04828e5ea5532fd96500cdb5489fcd1b5303dece6508b45002bb655c3ff260bade2a5d71d8d151f39be1762d995a384baaed07b98c05c195405ae001d194bb1839118a8d01e15c5cc7e1ca4378f12fa8a15eb5419216c8d339f25f683abd42f53eaeb8db2c81f1aa1744a404a34a39c14e1756e326d2e694bc7ff8844a26de77c58fc2a7e8925a8fdccbea6f98b773e718804faa61230d1ab114450efda02db8b5f423abebc1b8467c7aa16118078ffe6d0e61d78104ed07882d596e2cc54e3bacbe8bd", 0xd1}, {&(0x7f0000000600)="a32a590c9592cb952b945d234e71ebf78af005a0662e8097d9cf17c5fcf9c53d431eeaef83fcecbafbae91924f96c84aa976a2d40e57d55ad720e1f3201afb24154671f2e36e221093b96df5da84d498c182bbf417726bc30e363dcacf285e146a85e7f9e9af096b212aee340cce1d63197e6424574a967313a6e8626c61292b583ef9874e72005ad2397d747a3206e6877ac5681f1fa8b6e9f13c0ab93e9de9e46ae5f95d9e82fb3778254605fd0879fe922ca1", 0xb4}, {&(0x7f0000000240)="e067addfd2e8ccd6aa1279e409f665b28c22f52f48fd2a971b", 0x19}], 0x7, &(0x7f0000001ac0)=[@iv={0xd8, 0x117, 0x2, 0xc8, "15ad27e5f725b546fa5e660e3e18e5e7456cd449514080e018662af15b56492a88dedc50b672149d4ea42462dd4093c2c946979a2e1c3a0005d4a367d1d987d23ec1b693d655bf6cbbddcf21c6a9e8693cbd93aaa4382889eaf1b1222fedbcce1885058fb37fb526d5fac8ce5278b1e5b4903e8425a495930c2b9de1f0ab69e7b8a5fae9b02e6d684e4030a28f5b229fca9e400d07a0f3d47c1e06b65676c6cd197629b11b2bb41ba6e9c083f427bbe2fe489a05b3d9ad295c9b1b38b9b6acbb41ae5dadd1a5b045"}, @op={0x10, 0x117, 0x3, 0x1}, @iv={0x80, 0x117, 0x2, 0x70, "a93549155a3a151a19d3ca85b26b0b55239817f68f438173f8a4b95f646823fa0faf54ff07baeeb8aec5c3d4e2e568ed747b4e23eb13057e8a9cdaedac4d3f32522225ed3d11bfffb0222b590e72d1faff9aa1f32f3097ef3b32e5e7458b4b409ae7af7900372bec938ac96a27680d5e"}, @iv={0xa0, 0x117, 0x2, 0x8d, "814ebf129680d215929e18dedddb211c75d1e4eb03cbe3f67b303d2b7597ca3035cafce903995ccdfed73b61f00aae26885bb2492af48088dcf67cdebdbf1d74dbdecdea98d82c5465f19e8bb9b0ffd55761ca03c1728b986a17974b8ac321932c2f5c0b15e89f1753e6a84ce8595b0e5058bf65c91f8d3d201c2e73fe3bc244ffaa03051e692b8445f2db855b"}, @op={0x10}], 0x218, 0x4040800}, {0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000940)="0a5e15923bf63b508d0b5262176792f59daa6c3a1ca3e4319930e67875bb895ed8b6047c1f7d933d4c1edda84b3fc3d501d7626f2f4bf941e3c9ddc19c1275c7d84a114e3126db5fefa6f786b5", 0x4d}, {&(0x7f0000001d00)="95e86fae221848301a06298ef4c3431f131cfe823cef63a5173110ded306a865bc0400ee5814afefe00aec6fbb86117741499db22629d551aaf46d13cbe1623004adfba218819d08301839cb2ae87e92e6faee15742f2ffc1c6d3dd7509297121068cc7941e520620d44d7eb82d1f6b29956f6c3fa01ec6a35d19f3b", 0x7c}, {&(0x7f0000001e00)="a762ce7aefb46ebabc85d0f2556ab8ca80f50c956933a5d0767697b2e92b2ff71aaebf9141ae5c32bb0746dfbcada08e0c21b00d7e4b0d585f9e938791369cee8ed6979b7da75e820583cec01ca5a5ef6e0dc23a629ee6176d64709da1c7517b0ffcc85d0073968747d4382a92b7831c6f7d5eb5382070ef19973902ea64ec5043c231e09ee61e0366b818b1703df944cf7edac6b188873e42", 0x99}], 0x3, 0x0, 0x0, 0x841}], 0x2, 0x4000081) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000300)=@gcm_128={{0x304}, "45542f745866c700", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "faffffffffffffff"}, 0x28) sendto$inet6(r2, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) 2.942740874s ago: executing program 2 (id=5029): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x30}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x800, 0x0, 0x0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1}) r4 = socket(0x21, 0x2, 0x10000000000002) r5 = accept4$packet(r3, 0x0, &(0x7f00000000c0), 0x80800) recvmmsg(r5, &(0x7f0000002580)=[{{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000000380)=""/251, 0xfb}, {&(0x7f0000000480)=""/119, 0x77}, {&(0x7f00000005c0)=""/170, 0xaa}, {&(0x7f0000000680)=""/149, 0x95}, {&(0x7f0000001f40)=""/201, 0xc9}], 0x5, &(0x7f0000002680)=""/268, 0x10c}, 0x1}, {{&(0x7f0000000500)=@pptp={0x18, 0x2, {0x0, @dev}}, 0x80, &(0x7f0000001b40)=[{&(0x7f00000001c0)}, {&(0x7f0000000840)=""/92, 0x5c}, {&(0x7f00000008c0)=""/220, 0xdc}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/155, 0x9b}, {&(0x7f0000001a80)=""/145, 0x91}, {&(0x7f0000002980)=""/4096, 0x1000}], 0x7, &(0x7f0000001b80)=""/234, 0xea}, 0x2}, {{0x0, 0x0, 0x0}, 0x7ff}, {{&(0x7f0000001ec0)=@generic, 0x80, &(0x7f0000002200)=[{&(0x7f00000007c0)=""/101, 0x65}, {&(0x7f0000000740)=""/95, 0x5f}, {&(0x7f0000002040)=""/157, 0x9d}, {&(0x7f0000002100)=""/21, 0x15}, {&(0x7f0000002140)=""/53, 0x35}, {&(0x7f0000002180)=""/115, 0x73}, {0x0}, {&(0x7f0000007c40)=""/4096, 0x1000}], 0x8, &(0x7f0000002240)=""/74, 0x4a}, 0x2}, {{&(0x7f00000022c0)=@l2tp={0x2, 0x0, @private}, 0x80, &(0x7f00000024c0)=[{&(0x7f0000002340)=""/101, 0x65}, {&(0x7f00000023c0)=""/226, 0xe2}], 0x2, &(0x7f0000002500)=""/92, 0x5c}, 0x4}], 0x5, 0x10000, &(0x7f0000002640)={0x0, 0x989680}) connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="10000000100100000100000082cc0345fc428c5262f62fcec967bb98dc2d3e6ffc9f512f28ba50cd2cb3390e7ee3be1e3c0cbc889628fc768f11903271fab87de4c0b75c6d9e9c2de6da750865ff1048d182c4e5556a1fced7c10cc2dae28ddb3e827102f9d28be98137f1c44f7c848775acc24df0f3a30d6a29589887fe7724841ece487391f270a83391f964468b868a452bffe28101862d3da40937c74410e4f105"], 0x10, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)) r6 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000040000000400000004000000", @ANYBLOB="00002202f5355ac6cf2e5f"], 0x48) timer_create(0x0, 0x0, &(0x7f0000000180)) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='stack\x00') pread64(r7, &(0x7f0000000040)=""/7, 0x7, 0x0) syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) r8 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r8, 0x0, 0x0, 0x0, 0x0, 0x0) 2.372232554s ago: executing program 1 (id=5030): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udplite(0x2, 0x2, 0x88) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x3, 0x0, 0x7fffffff}]}) syz_genetlink_get_family_id$nfc(&(0x7f0000001cc0), 0xffffffffffffffff) r2 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="c14a8cf012b79241197fa55c95cb78c868dc7f4065db6a1f55fdb9b3b620905db1150adbd5a48a5968dce0ca0c3b439a84136af4f91b835cf51a0b762c624ee970f63316960a1c5a1e36e766cf0fbb9676e41671fbe2c846cae88f54cd08de9d971d8205b0f52c3dc829935ceb9b6f73bf7cacade0e52ab90b160f562cc866b026c1261b336312bd662d41d1b80d8141466b9092866d89534e4425d9f046c0f047516825d6671ed32c121c5aa880c9759fb464a544c710dec4bd5b3663332c9310983127de7a7c3e9253a76a0a63a3c692fb2c07fdbae7c2", 0xd8}, {0x0}, {&(0x7f0000000180)}], 0x3, 0x0, 0x0, 0x4024814}}], 0x1, 0x48044) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r3, 0x800442d3, &(0x7f0000000340)={0xfff, 0x2, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 'batadv_slave_0\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) setsockopt$IP_VS_SO_SET_STARTDAEMON(r6, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'lo\x00', 0x5}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r6, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'veth1_virt_wifi\x00'}, 0x18) close_range(r1, 0xffffffffffffffff, 0x100000000000000) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe050003000c"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 2.369468834s ago: executing program 0 (id=5031): openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) syz_io_uring_setup(0x49f, &(0x7f00000003c0)={0x0, 0xe7a8, 0x1, 0x7ffe, 0x253}, &(0x7f0000000340)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) eventfd2(0xff, 0x80001) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0xa010102}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000010010000010000008c0fbd205e6d3d2099cf0100000000000000c1d9e9e9215b"], 0x10}, 0x8000) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r5, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0) connect$inet6(r5, 0x0, 0x0) execve(&(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000004c0)={[&(0x7f0000000640)='.+-:\x00', &(0x7f0000000540)=' T\xfc\x81\x8e\x9f5\x0e \x043[B\xad\x13\x9f\xae\x8f\xbb\x9a\x0f\x9f\x13\xa5\xfc9\xbb\xa4.\xf4\xeb\x03\xf1\xb6\x8c\xc4E\x93\n&k\xec\xc8\\h\xd6\x1e\xcb\fA\\da/O\xdcn7\x1b@\xbf\xfb\x17J\xaaD\xe4\x01\xbc\xdc\n\x88\xfc\xcci\xc1\xe8\xf8\x1e6&\bE\x8f\x9b\xc6\x8d0\xa7 -\xecC8O*7\xfa&\xf9\aC\xab\x03g\x06\xda\x8c)\xae\xe3\x16\x9dz\x87\xd6OZX\xa4\xee\xa7\xebe\x14Qp\x96\x00\xd0VK\xe2$i\xd4\xcb-\xd4\x82w\x13\x98\xfcW\x9d\xff\xed\xd4\x14;]\xf8\xccS\xddl\x96v\x97\x988\xa7sQ\x1aN\xbdU.\x89\\\xfa\xc2\xcd\xde', &(0x7f0000000300)='urity.\x15\x00\x00_\x1b\xcf\xff\xf9G\x84\x87D\x91\xff\xe0\xf3b\xe2\x8di\xc8qk\x80F\x86F\x9a\xc7\xe9\xec?\b\xe5\x93\x0e!P$D?(C\xc4\x87_\x9d\xe2S1\x0fV\xab*\xe9\xdfu\x8e\x1d\xe3\x82R\x82\x0f\xd6\xadb\xd7\xad\n\t\xb2\x06\xa5UK\xaa\xdc<\xc8\xfa\x17t\x15 Ui\xd9\xfd\xd0\xe9\xe8\xcc7\x10Bf\xc2\x8f\x85\x04\x0f\xf9\xac\x0e\xce\x93mJU\x03\xef[d\xdf\xbd)\xc6T\xc1y\x03\xd8(H\xa2~aP\x98\x01\vpi\x03\xac\xdcj5a\xc9\ru\x19La\xe8Y\xc3\x85\x01\xc1G*8\x04\xc9\x11\xab\xbd\v\x9d\xbfy\xfd\xc55\t\x11', &(0x7f0000000440)='\x00', &(0x7f0000000680)='Y\xcc\xc5\xbb\x00\x00\x00\x00\xe6m\x05X.\x01', 0x0, &(0x7f0000000280)='ct\x00']}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) 1.540683443s ago: executing program 2 (id=5032): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x4, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x2b, 0x83, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x7}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x804) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0x5b, 0x0}}], 0x581a58385c57f9f, 0x20000001) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000003e000701feffffff00000000017c0000040042800c00018006000600800a00000800028004001280da15ff25f0d8e4847c21a39e5b0ec321f1539cd0fc5520872624fbc3315b09df4a9ff11f75808c85f0894c0e8315363d0780cff1466ea03aff6fa958e7c38d5ff9ae42575237a20212f8467df08b67db2cc02dc94075a2699e1fe132b7bb405bbec22a32bb5085783d19b52645c4840c6ff426d5e4d3cac5ad50f709c18e015876b08aed035d0efe8b"], 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) openat$nullb(0xffffff9c, &(0x7f00000000c0), 0x224400, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) io_setup(0x4007, &(0x7f0000000300)=0x0) pipe2$9p(&(0x7f0000000280), 0x84800) r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r5, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f00000000c0)="01", 0x24}]) 1.36300482s ago: executing program 3 (id=5033): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x0, 0x0, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.260310749s ago: executing program 3 (id=5034): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x4, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x2b, 0x83, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x7}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x804) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0) io_setup(0x4007, &(0x7f0000000300)=0x0) pipe2$9p(&(0x7f0000000280), 0x84800) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r3, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f00000000c0)="01", 0x24}]) 1.150714927s ago: executing program 1 (id=5035): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) io_setup(0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'}) 1.090387634s ago: executing program 1 (id=5036): r0 = openat$nvram(0xffffff9c, 0x0, 0x101000, 0x0) read$FUSE(r0, &(0x7f00000040c0)={0x2020}, 0x2020) 1.090235419s ago: executing program 1 (id=5037): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 942.136237ms ago: executing program 3 (id=5038): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', 0x0}) 850.505381ms ago: executing program 3 (id=5039): socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x60b03, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_NMI(r2, 0xae9a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x65, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000200)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x56555958}}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) rseq(0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000034c0), 0x0, 0x700, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000240)={0x10000001}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) 715.607757ms ago: executing program 0 (id=5040): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) io_setup(0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'}) 638.777175ms ago: executing program 0 (id=5041): syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="03c8004bc82090eb44c5950edbfe0228e5835f8ce3487eab4d3628f406a8f2f8eb5ec7a395ec5f23ea73271a4458416baace37b22f6181697ccc651ac488640e8d9556ba4b3decc0395dc8cd33988cae599b79962172006c7b5b8dbd710064aaaf2d4f63d5d57c5a333a5e56904d78c35ae75cab93f223ecc6110f52641f3f74f4c45605729f17f69709f38274745a00030a2cfa18d573ad59e2673e8c1368a1bb4f0d28b7e55e6bc3d6daf48ed258f6b0a9db789f7874bd9d3672b9f42d3842bf6d7c35551d7952c89d5ce9e96907b5fb00000000000000000000515b67e24d36e75acdbfe028bd7956494c093a4ccbae4d9ec5510d2090f7c92fcbc4b8ade5fd83171f3ee912d7a703dd890aed4e1b3455ec7dea524d0b98623ac8f5b2c8f332060169f050fac53b29083e6fa2a18723757216cacd057d0ad9350d52a7e78afdc5671058f306438a80f03e9e2cc6c611c7798781e69985a60b7a7bfc6f434e5249999f70e2b278c3979e32235fd251d9eae8a0646935bb6b6b85a600bf619f8c50c2ecb1aac0a54bc2b77de9175420a55aac5d9c3685e8d6fb386ba16edf98b55dc76e86ecd4ba1247d853b47c361d19980d5f1adfde566be25612197aa625ad7454ffa5"], 0x4f) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001500)=ANY=[], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x1, 0x5, 0x801, 0x0, 0x0, {0x3, 0x0, 0x5}}, 0x14}}, 0x8000) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000000)={0x20002015}) close_range(r6, r7, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000f00)={'wlan0\x00', &(0x7f0000000080)=@ethtool_perm_addr={0x4b}}) socket(0x10, 0x3, 0x0) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r8, &(0x7f0000000100)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x1401, 0x7fc32be5eb343aa7}, 0x5c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e23, @multicast1}, {0x0, @local}, 0x6, {0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 'lo\x00'}) r9 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r9, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e) 554.808994ms ago: executing program 0 (id=5042): socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x60b03, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_NMI(r2, 0xae9a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x65, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000200)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x56555958}}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) rseq(0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000034c0), 0x0, 0x700, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000240)={0x10000001}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) 170.413584ms ago: executing program 1 (id=5043): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udplite(0x2, 0x2, 0x88) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x3, 0x0, 0x7fffffff}]}) syz_genetlink_get_family_id$nfc(&(0x7f0000001cc0), 0xffffffffffffffff) r2 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="c14a8cf012b79241197fa55c95cb78c868dc7f4065db6a1f55fdb9b3b620905db1150adbd5a48a5968dce0ca0c3b439a84136af4f91b835cf51a0b762c624ee970f63316960a1c5a1e36e766cf0fbb9676e41671fbe2c846cae88f54cd08de9d971d8205b0f52c3dc829935ceb9b6f73bf7cacade0e52ab90b160f562cc866b026c1261b336312bd662d41d1b80d8141466b9092866d89534e4425d9f046c0f047516825d6671ed32c121c5aa880c9759fb464a544c710dec4bd5b3663332c9310983127de7a7c3e9253a76a0a63a3c692fb2c07fdbae7c2", 0xd8}, {0x0}, {&(0x7f0000000180)}], 0x3, 0x0, 0x0, 0x4024814}}], 0x1, 0x48044) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r3, 0x800442d3, &(0x7f0000000340)={0xfff, 0x2, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 'batadv_slave_0\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) setsockopt$IP_VS_SO_SET_STARTDAEMON(r6, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'lo\x00', 0x5}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r6, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'veth1_virt_wifi\x00'}, 0x18) close_range(r1, 0xffffffffffffffff, 0x100000000000000) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe050003000c"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 378.084µs ago: executing program 2 (id=5044): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) io_setup(0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'}) 0s ago: executing program 2 (id=5045): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES64, @ANYBLOB="44a837b4012918a47d0187", @ANYRES16, @ANYRESDEC=r1, @ANYRESOCT=r0], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) fsopen(0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x3, &(0x7f0000000100)=[{0x81, 0x6, 0x1, 0xe7}, {0x2, 0xcc, 0x5, 0xd}, {0x11c, 0xf, 0x9e, 0xffffffff}]}) r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r6, r5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r7, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) writev(r7, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) keyctl$instantiate(0xc, 0x0, &(0x7f00000004c0)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'GPL\x00', 0x20, 0x2, 0x20, [0x36, 0x66]}, 0x30, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x437, 0x2, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x3}]}}}]}, 0x3c}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) kernel console output (not intermixed with test programs): -1: new high-speed USB device number 61 using dummy_hcd [ 979.007945][ T72] usb 7-1: Using ep0 maxpacket: 16 [ 979.011268][ T72] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 979.015503][ T72] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 979.019859][ T72] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 979.022746][ T72] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 979.027014][ T72] usb 7-1: config 0 descriptor?? [ 979.134031][T30668] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4468'. [ 979.401943][ T72] usbhid 7-1:0.0: can't add hid device: -71 [ 979.404036][ T72] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 979.408152][ T72] usb 7-1: USB disconnect, device number 61 [ 980.079342][T30684] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 980.520050][T31012] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 980.787964][ T72] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 980.975280][T31119] FAULT_INJECTION: forcing a failure. [ 980.975280][T31119] name failslab, interval 1, probability 0, space 0, times 0 [ 980.979339][T31119] CPU: 3 UID: 0 PID: 31119 Comm: syz.3.4487 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 980.979354][T31119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 980.979361][T31119] Call Trace: [ 980.979373][T31119] [ 980.979378][T31119] dump_stack_lvl+0x16c/0x1f0 [ 980.979410][T31119] should_fail_ex+0x512/0x640 [ 980.979432][T31119] ? __kmalloc_noprof+0xbf/0x510 [ 980.979448][T31119] ? io_cache_alloc_new+0x45/0xf0 [ 980.979466][T31119] should_failslab+0xc2/0x120 [ 980.979482][T31119] __kmalloc_noprof+0xd2/0x510 [ 980.979500][T31119] io_cache_alloc_new+0x45/0xf0 [ 980.979518][T31119] io_rsrc_node_alloc+0x221/0x2b0 [ 980.979538][T31119] io_sqe_buffer_register+0xf1/0x1de0 [ 980.979558][T31119] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 980.979569][T31119] ? trace_kmalloc+0x2b/0xd0 [ 980.979584][T31119] ? __kvmalloc_node_noprof+0x296/0x620 [ 980.979600][T31119] ? iovec_from_user+0xbb/0x140 [ 980.979613][T31119] io_sqe_buffers_register+0x1ed/0x860 [ 980.979628][T31119] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 980.979644][T31119] ? __pfx___mutex_trylock_common+0x10/0x10 [ 980.979661][T31119] __io_uring_register+0x20e5/0x2320 [ 980.979678][T31119] ? trace_contention_end+0xdd/0x130 [ 980.979691][T31119] ? __pfx___io_uring_register+0x10/0x10 [ 980.979713][T31119] ? __ia32_sys_io_uring_register+0x159/0x280 [ 980.979732][T31119] ? __pfx___mutex_lock+0x10/0x10 [ 980.979752][T31119] ? __fget_files+0x20e/0x3c0 [ 980.979764][T31119] ? fput+0x10/0xf0 [ 980.979784][T31119] __ia32_sys_io_uring_register+0x169/0x280 [ 980.979804][T31119] __do_fast_syscall_32+0x7c/0x3a0 [ 980.979821][T31119] do_fast_syscall_32+0x32/0x80 [ 980.979837][T31119] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 980.979851][T31119] RIP: 0023:0xf7fe2579 [ 980.979861][T31119] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 980.979871][T31119] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 00000000000001ab [ 980.979882][T31119] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000 [ 980.979889][T31119] RDX: 0000000080000800 RSI: 0000000000000001 RDI: 0000000000000000 [ 980.979895][T31119] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 980.979902][T31119] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 980.979908][T31119] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 980.979922][T31119] [ 981.027931][ T72] usb 5-1: Using ep0 maxpacket: 16 [ 981.084416][ T72] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 981.089391][ T72] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 981.094748][ T72] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 981.098660][ T72] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 981.104695][ T72] usb 5-1: config 0 descriptor?? [ 981.255155][T31229] veth1_macvtap: left promiscuous mode [ 981.408556][ T72] usbhid 5-1:0.0: can't add hid device: -71 [ 981.420886][ T72] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 981.451445][ T72] usb 5-1: USB disconnect, device number 56 [ 982.223578][T31657] random: crng reseeded on system resumption [ 982.567449][T31771] loop9: detected capacity change from 0 to 8 [ 982.574336][T18389] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 982.576804][T18389] loop9: partition table partially beyond EOD, truncated [ 982.581246][T18389] loop9: p1 size 81768186 extends beyond EOD, truncated [ 982.592277][T31771] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 982.594576][T31771] loop9: partition table partially beyond EOD, truncated [ 982.597639][T31771] loop9: p1 size 81768186 extends beyond EOD, truncated [ 982.608984][T31771] FAULT_INJECTION: forcing a failure. [ 982.608984][T31771] name failslab, interval 1, probability 0, space 0, times 0 [ 982.613884][T31771] CPU: 2 UID: 0 PID: 31771 Comm: syz.0.4508 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 982.613909][T31771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 982.613934][T31771] Call Trace: [ 982.613942][T31771] [ 982.613950][T31771] dump_stack_lvl+0x16c/0x1f0 [ 982.613979][T31771] should_fail_ex+0x512/0x640 [ 982.614006][T31771] ? fs_reclaim_acquire+0xae/0x150 [ 982.614025][T31771] ? tomoyo_encode2+0x100/0x3e0 [ 982.614048][T31771] should_failslab+0xc2/0x120 [ 982.614073][T31771] __kmalloc_noprof+0xd2/0x510 [ 982.614095][T31771] ? d_absolute_path+0x136/0x1a0 [ 982.614127][T31771] tomoyo_encode2+0x100/0x3e0 [ 982.614155][T31771] tomoyo_encode+0x29/0x50 [ 982.614180][T31771] tomoyo_realpath_from_path+0x18f/0x6e0 [ 982.614214][T31771] tomoyo_path_number_perm+0x245/0x580 [ 982.614235][T31771] ? tomoyo_path_number_perm+0x237/0x580 [ 982.614260][T31771] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 982.614312][T31771] ? find_held_lock+0x2b/0x80 [ 982.614337][T31771] ? hook_file_ioctl_common+0x145/0x410 [ 982.614364][T31771] ? __fget_files+0x20e/0x3c0 [ 982.614383][T31771] ? fput+0x10/0xf0 [ 982.614412][T31771] security_file_ioctl_compat+0x9b/0x240 [ 982.614438][T31771] __ia32_compat_sys_ioctl+0xc3/0x370 [ 982.614483][T31771] __do_fast_syscall_32+0x7c/0x3a0 [ 982.614512][T31771] do_fast_syscall_32+0x32/0x80 [ 982.614536][T31771] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 982.614558][T31771] RIP: 0023:0xf7ff7579 [ 982.614573][T31771] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 982.614590][T31771] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 982.614607][T31771] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c06 [ 982.614619][T31771] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 982.614629][T31771] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 982.614639][T31771] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 982.614650][T31771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 982.614683][T31771] [ 982.614717][T31771] ERROR: Out of memory at tomoyo_realpath_from_path. [ 982.645303][T31773] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 982.670327][T18389] udevd[18389]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 982.838784][T31774] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 982.927997][ T72] usb 7-1: new high-speed USB device number 62 using dummy_hcd [ 983.087898][ T72] usb 7-1: Using ep0 maxpacket: 16 [ 983.091000][ T72] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 983.094508][ T72] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 983.100044][ T72] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 983.103008][ T72] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 983.107012][ T72] usb 7-1: config 0 descriptor?? [ 983.462600][ T72] usbhid 7-1:0.0: can't add hid device: -71 [ 983.471016][ T72] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 983.486248][ T72] usb 7-1: USB disconnect, device number 62 [ 983.579302][T31788] FAULT_INJECTION: forcing a failure. [ 983.579302][T31788] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 983.582292][T31789] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 983.583381][T31788] CPU: 3 UID: 0 PID: 31788 Comm: syz.0.4513 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 983.583398][T31788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 983.583405][T31788] Call Trace: [ 983.583409][T31788] [ 983.583414][T31788] dump_stack_lvl+0x16c/0x1f0 [ 983.583433][T31788] should_fail_ex+0x512/0x640 [ 983.583455][T31788] _copy_from_iter+0x29f/0x16f0 [ 983.583470][T31788] ? __pfx__copy_from_iter+0x10/0x10 [ 983.583481][T31788] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 983.583503][T31788] copy_page_from_iter+0xde/0x180 [ 983.583516][T31788] tun_build_skb.constprop.0+0x2e8/0x14f0 [ 983.583533][T31788] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 983.583547][T31788] ? __lock_acquire+0x622/0x1c90 [ 983.583567][T31788] ? find_held_lock+0x2b/0x80 [ 983.583585][T31788] tun_get_user+0x165f/0x3b80 [ 983.583601][T31788] ? __pfx_tun_get_user+0x10/0x10 [ 983.583612][T31788] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 983.583627][T31788] ? find_held_lock+0x2b/0x80 [ 983.583642][T31788] ? tun_get+0x191/0x370 [ 983.583662][T31788] tun_chr_write_iter+0xdc/0x210 [ 983.583674][T31788] vfs_write+0x6c7/0x1150 [ 983.583689][T31788] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 983.583702][T31788] ? __pfx_vfs_write+0x10/0x10 [ 983.583714][T31788] ? find_held_lock+0x2b/0x80 [ 983.583738][T31788] ksys_write+0x12a/0x250 [ 983.583751][T31788] ? __pfx_ksys_write+0x10/0x10 [ 983.583765][T31788] ? rcu_is_watching+0x12/0xc0 [ 983.583783][T31788] __do_fast_syscall_32+0x7c/0x3a0 [ 983.583800][T31788] do_fast_syscall_32+0x32/0x80 [ 983.583816][T31788] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 983.583831][T31788] RIP: 0023:0xf7ff7579 [ 983.583840][T31788] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 983.583851][T31788] RSP: 002b:00000000f5116520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 983.583872][T31788] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000240 [ 983.583883][T31788] RDX: 000000000000006a RSI: 00000000f7482ff4 RDI: 0000000000000000 [ 983.583890][T31788] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 983.583896][T31788] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 983.583903][T31788] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 983.583917][T31788] [ 983.759838][ T40] audit: type=1326 audit(1748846264.272:3550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 983.766431][ T40] audit: type=1326 audit(1748846264.272:3551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 983.778049][ T40] audit: type=1326 audit(1748846264.272:3552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7ff75a7 code=0x7ffc0000 [ 983.784933][ T40] audit: type=1326 audit(1748846264.272:3553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 983.794741][ T40] audit: type=1326 audit(1748846264.272:3554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 983.803171][ T40] audit: type=1326 audit(1748846264.272:3555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7ff75a7 code=0x7ffc0000 [ 983.811718][ T40] audit: type=1326 audit(1748846264.272:3556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 983.820182][ T40] audit: type=1326 audit(1748846264.272:3557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 983.828968][ T40] audit: type=1326 audit(1748846264.272:3558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 983.837352][ T40] audit: type=1326 audit(1748846264.272:3559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31793 comm="syz.0.4515" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 983.873257][T31794] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4515'. [ 984.970824][T32028] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 984.976751][T32027] IPVS: stopping backup sync thread 32028 ... [ 985.812254][ T5299] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 985.828420][ T5299] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 985.832617][ T5299] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 985.836530][ T5299] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 985.840383][ T5299] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 985.857423][T18457] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 985.860577][T18457] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 985.863766][T18457] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 985.866519][T18457] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 985.869236][T18457] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 985.891239][T32031] lo speed is unknown, defaulting to 1000 [ 986.197614][T32036] netlink: 'syz.3.4527': attribute type 1 has an invalid length. [ 986.564675][T32031] chnl_net:caif_netlink_parms(): no params data found [ 986.708756][T32045] FAULT_INJECTION: forcing a failure. [ 986.708756][T32045] name failslab, interval 1, probability 0, space 0, times 0 [ 986.713159][T32045] CPU: 0 UID: 0 PID: 32045 Comm: syz.3.4530 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 986.713175][T32045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 986.713182][T32045] Call Trace: [ 986.713187][T32045] [ 986.713191][T32045] dump_stack_lvl+0x16c/0x1f0 [ 986.713211][T32045] should_fail_ex+0x512/0x640 [ 986.713229][T32045] ? fs_reclaim_acquire+0xae/0x150 [ 986.713241][T32045] ? tomoyo_encode2+0x100/0x3e0 [ 986.713257][T32045] should_failslab+0xc2/0x120 [ 986.713273][T32045] __kmalloc_noprof+0xd2/0x510 [ 986.713287][T32045] ? d_absolute_path+0x136/0x1a0 [ 986.713306][T32045] tomoyo_encode2+0x100/0x3e0 [ 986.713324][T32045] tomoyo_encode+0x29/0x50 [ 986.713339][T32045] tomoyo_realpath_from_path+0x18f/0x6e0 [ 986.713360][T32045] tomoyo_path_number_perm+0x245/0x580 [ 986.713373][T32045] ? tomoyo_path_number_perm+0x237/0x580 [ 986.713388][T32045] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 986.713417][T32045] ? find_held_lock+0x2b/0x80 [ 986.713434][T32045] ? hook_file_ioctl_common+0x145/0x410 [ 986.713450][T32045] ? __fget_files+0x20e/0x3c0 [ 986.713462][T32045] ? fput+0x10/0xf0 [ 986.713480][T32045] security_file_ioctl_compat+0x9b/0x240 [ 986.713496][T32045] __ia32_compat_sys_ioctl+0xc3/0x370 [ 986.713509][T32045] __do_fast_syscall_32+0x7c/0x3a0 [ 986.713526][T32045] do_fast_syscall_32+0x32/0x80 [ 986.713542][T32045] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 986.713556][T32045] RIP: 0023:0xf7fe2579 [ 986.713565][T32045] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 986.713576][T32045] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 986.713587][T32045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c01064c7 [ 986.713593][T32045] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 986.713600][T32045] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 986.713606][T32045] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 986.713612][T32045] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 986.713626][T32045] [ 986.713636][T32045] ERROR: Out of memory at tomoyo_realpath_from_path. [ 986.852708][T32057] binder: BINDER_SET_CONTEXT_MGR already set [ 986.858339][T32057] binder: 32056:32057 ioctl 4018620d 80000040 returned -16 [ 986.861462][T32031] bridge0: port 1(bridge_slave_0) entered blocking state [ 986.863961][T32057] FAULT_INJECTION: forcing a failure. [ 986.863961][T32057] name failslab, interval 1, probability 0, space 0, times 0 [ 986.864337][T32031] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.869605][T32057] CPU: 0 UID: 0 PID: 32057 Comm: syz.0.4533 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 986.869633][T32057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 986.869644][T32057] Call Trace: [ 986.869652][T32057] [ 986.869660][T32057] dump_stack_lvl+0x16c/0x1f0 [ 986.869690][T32057] should_fail_ex+0x512/0x640 [ 986.869718][T32057] ? fs_reclaim_acquire+0xae/0x150 [ 986.869736][T32057] ? tomoyo_encode2+0x100/0x3e0 [ 986.869761][T32057] should_failslab+0xc2/0x120 [ 986.869786][T32057] __kmalloc_noprof+0xd2/0x510 [ 986.869808][T32057] ? d_absolute_path+0x136/0x1a0 [ 986.869838][T32057] tomoyo_encode2+0x100/0x3e0 [ 986.869866][T32057] tomoyo_encode+0x29/0x50 [ 986.869890][T32057] tomoyo_realpath_from_path+0x18f/0x6e0 [ 986.869924][T32057] tomoyo_path_number_perm+0x245/0x580 [ 986.869945][T32057] ? tomoyo_path_number_perm+0x237/0x580 [ 986.869974][T32057] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 986.870022][T32057] ? find_held_lock+0x2b/0x80 [ 986.870046][T32057] ? hook_file_ioctl_common+0x145/0x410 [ 986.870073][T32057] ? __fget_files+0x20e/0x3c0 [ 986.870108][T32057] ? fput+0x10/0xf0 [ 986.870136][T32057] security_file_ioctl_compat+0x9b/0x240 [ 986.870161][T32057] __ia32_compat_sys_ioctl+0xc3/0x370 [ 986.870184][T32057] __do_fast_syscall_32+0x7c/0x3a0 [ 986.870211][T32057] do_fast_syscall_32+0x32/0x80 [ 986.870235][T32057] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 986.870258][T32057] RIP: 0023:0xf7ff7579 [ 986.870273][T32057] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 986.870290][T32057] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 986.870308][T32057] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201 [ 986.870319][T32057] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 986.870329][T32057] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 986.870338][T32057] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 986.870349][T32057] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 986.870373][T32057] [ 986.871186][T32057] ERROR: Out of memory at tomoyo_realpath_from_path. [ 986.872646][T32031] bridge_slave_0: entered allmulticast mode [ 986.940495][T32060] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4534'. [ 986.970894][T32031] bridge_slave_0: entered promiscuous mode [ 986.994633][T32031] bridge0: port 2(bridge_slave_1) entered blocking state [ 986.996988][T32031] bridge0: port 2(bridge_slave_1) entered disabled state [ 987.005579][T32031] bridge_slave_1: entered allmulticast mode [ 987.011519][T32031] bridge_slave_1: entered promiscuous mode [ 987.037281][T32066] IPv6: NLM_F_CREATE should be specified when creating new route [ 987.055386][T32031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 987.063405][T32031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 987.143150][T21124] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.160038][T32031] team0: Port device team_slave_0 added [ 987.165889][T32031] team0: Port device team_slave_1 added [ 987.230556][T21124] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.238706][T32031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 987.243792][T32031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.255417][T32031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 987.262987][T32031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 987.265808][T32031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.276815][T32031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 987.286267][T32068] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4536'. [ 987.310541][T32063] hid-generic 0003:0627:0001.0001: pid 32063 passed too short report [ 987.330982][T32031] hsr_slave_0: entered promiscuous mode [ 987.333637][T32031] hsr_slave_1: entered promiscuous mode [ 987.336144][T32031] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 987.339206][T32031] Cannot create hsr debugfs directory [ 987.353224][T21124] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.455234][T21124] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.626378][T21124] bridge_slave_1: left allmulticast mode [ 987.630799][T21124] bridge_slave_1: left promiscuous mode [ 987.634118][T21124] bridge0: port 2(bridge_slave_1) entered disabled state [ 987.641092][T21124] bridge_slave_0: left allmulticast mode [ 987.643720][T21124] bridge_slave_0: left promiscuous mode [ 987.646223][T21124] bridge0: port 1(bridge_slave_0) entered disabled state [ 987.825895][T32070] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 987.928043][T18457] Bluetooth: hci2: command tx timeout [ 988.143352][T21124]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 988.149433][T21124]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 988.154097][T21124]  (unregistering): Released all slaves [ 988.161128][T21124] bond0 (unregistering): Released all slaves [ 988.169872][T21124] bond1 (unregistering): Released all slaves [ 988.187952][ T34] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 988.236730][T21124] tipc: Left network mode [ 988.357913][ T34] usb 5-1: Using ep0 maxpacket: 8 [ 988.365510][ T34] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 988.368339][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 988.371749][ T34] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 988.375378][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 988.381681][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 988.388146][ T34] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 988.390474][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 988.394437][ T34] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 988.402062][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 988.406671][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 988.412272][ T34] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 988.414965][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 988.419689][ T34] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 988.424403][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 988.429064][ T34] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 988.435573][ T34] usb 5-1: string descriptor 0 read error: -22 [ 988.438376][ T34] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 988.441566][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 988.448014][ T34] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 988.506658][T21124] hsr_slave_0: left promiscuous mode [ 988.509019][T21124] hsr_slave_1: left promiscuous mode [ 988.511381][T21124] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 988.513600][T21124] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 988.517229][T21124] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 988.519984][T21124] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 988.549348][T21124] veth1_macvtap: left promiscuous mode [ 988.551283][T21124] veth0_macvtap: left promiscuous mode [ 988.712345][ T34] usb 5-1: USB disconnect, device number 57 [ 988.789696][ T72] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 988.949451][ T72] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 988.952572][ T72] usb 6-1: config 0 interface 0 has no altsetting 0 [ 988.956335][ T72] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 988.959305][ T72] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 988.961876][ T72] usb 6-1: Product: syz [ 988.963235][ T72] usb 6-1: Manufacturer: syz [ 988.964729][ T72] usb 6-1: SerialNumber: syz [ 988.968523][ T72] usb 6-1: config 0 descriptor?? [ 988.998895][ T72] usb 6-1: selecting invalid altsetting 0 [ 989.252384][T21124] team0 (unregistering): Port device team_slave_1 removed [ 989.334797][T21124] team0 (unregistering): Port device team_slave_0 removed [ 989.473582][T32087] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4540'. [ 990.008101][T18457] Bluetooth: hci2: command tx timeout [ 990.325969][T32031] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 990.344444][T32031] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 990.350026][T32031] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 990.367785][T32031] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 990.459328][T32031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 990.470202][T32031] 8021q: adding VLAN 0 to HW filter on device team0 [ 990.479814][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 990.482352][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 990.503565][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 990.506475][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 990.542594][T32031] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 990.564897][T21124] IPVS: stop unused estimator thread 0... [ 990.588426][T32104] FAULT_INJECTION: forcing a failure. [ 990.588426][T32104] name failslab, interval 1, probability 0, space 0, times 0 [ 990.593634][T32104] CPU: 0 UID: 0 PID: 32104 Comm: syz.0.4541 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 990.593659][T32104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 990.593669][T32104] Call Trace: [ 990.593676][T32104] [ 990.593683][T32104] dump_stack_lvl+0x16c/0x1f0 [ 990.593712][T32104] should_fail_ex+0x512/0x640 [ 990.593738][T32104] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 990.593763][T32104] should_failslab+0xc2/0x120 [ 990.593788][T32104] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 990.593810][T32104] ? __alloc_skb+0x2b2/0x380 [ 990.593838][T32104] __alloc_skb+0x2b2/0x380 [ 990.593860][T32104] ? __pfx___alloc_skb+0x10/0x10 [ 990.593885][T32104] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 990.593925][T32104] netlink_alloc_large_skb+0x69/0x130 [ 990.593955][T32104] netlink_sendmsg+0x6a1/0xdd0 [ 990.593975][T32104] ? __pfx_netlink_sendmsg+0x10/0x10 [ 990.594001][T32104] ? __import_iovec+0x1dd/0x650 [ 990.594023][T32104] ____sys_sendmsg+0xa95/0xc70 [ 990.594043][T32104] ? __pfx_____sys_sendmsg+0x10/0x10 [ 990.594058][T32104] ? get_compat_msghdr+0x11a/0x170 [ 990.594093][T32104] ___sys_sendmsg+0x134/0x1d0 [ 990.594118][T32104] ? __pfx____sys_sendmsg+0x10/0x10 [ 990.594152][T32104] ? find_held_lock+0x2b/0x80 [ 990.594193][T32104] __sys_sendmsg+0x16d/0x220 [ 990.594215][T32104] ? __pfx___sys_sendmsg+0x10/0x10 [ 990.594249][T32104] ? rcu_is_watching+0x12/0xc0 [ 990.594277][T32104] __do_fast_syscall_32+0x7c/0x3a0 [ 990.594304][T32104] do_fast_syscall_32+0x32/0x80 [ 990.594329][T32104] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 990.594350][T32104] RIP: 0023:0xf7ff7579 [ 990.594364][T32104] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 990.594402][T32104] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 990.594420][T32104] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040 [ 990.594432][T32104] RDX: 0000000020001880 RSI: 0000000000000000 RDI: 0000000000000000 [ 990.594443][T32104] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 990.594453][T32104] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 990.594464][T32104] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 990.594489][T32104] [ 990.753934][T32031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 990.781240][T32031] veth0_vlan: entered promiscuous mode [ 990.789535][T32031] veth1_vlan: entered promiscuous mode [ 990.815865][T32031] veth0_macvtap: entered promiscuous mode [ 990.821798][T32031] veth1_macvtap: entered promiscuous mode [ 990.833372][T32109] FAULT_INJECTION: forcing a failure. [ 990.833372][T32109] name failslab, interval 1, probability 0, space 0, times 0 [ 990.833990][T32031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 990.839554][T32109] CPU: 1 UID: 0 PID: 32109 Comm: syz.0.4542 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 990.839583][T32109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 990.839594][T32109] Call Trace: [ 990.839602][T32109] [ 990.839609][T32109] dump_stack_lvl+0x16c/0x1f0 [ 990.839638][T32109] should_fail_ex+0x512/0x640 [ 990.839666][T32109] ? fs_reclaim_acquire+0xae/0x150 [ 990.839687][T32109] ? tomoyo_encode2+0x100/0x3e0 [ 990.839712][T32109] should_failslab+0xc2/0x120 [ 990.839739][T32109] __kmalloc_noprof+0xd2/0x510 [ 990.839762][T32109] ? d_absolute_path+0x136/0x1a0 [ 990.839795][T32109] tomoyo_encode2+0x100/0x3e0 [ 990.839825][T32109] tomoyo_encode+0x29/0x50 [ 990.839851][T32109] tomoyo_realpath_from_path+0x18f/0x6e0 [ 990.839894][T32109] tomoyo_path_number_perm+0x245/0x580 [ 990.839917][T32109] ? tomoyo_path_number_perm+0x237/0x580 [ 990.839943][T32109] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 990.840004][T32109] ? find_held_lock+0x2b/0x80 [ 990.840030][T32109] ? hook_file_ioctl_common+0x145/0x410 [ 990.840060][T32109] ? __fget_files+0x20e/0x3c0 [ 990.840081][T32109] ? fput+0x10/0xf0 [ 990.840112][T32109] security_file_ioctl_compat+0x9b/0x240 [ 990.840140][T32109] __ia32_compat_sys_ioctl+0xc3/0x370 [ 990.840163][T32109] __do_fast_syscall_32+0x7c/0x3a0 [ 990.840192][T32109] do_fast_syscall_32+0x32/0x80 [ 990.840218][T32109] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 990.840242][T32109] RIP: 0023:0xf7ff7579 [ 990.840257][T32109] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 990.840274][T32109] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 990.840292][T32109] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af00 [ 990.840304][T32109] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 990.840315][T32109] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 990.840325][T32109] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 990.840335][T32109] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 990.840359][T32109] [ 990.840378][T32109] ERROR: Out of memory at tomoyo_realpath_from_path. [ 990.850614][T32031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 990.939249][T32031] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 990.942104][T32031] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 990.944875][T32031] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 990.947703][T32031] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 990.995840][ T9959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 990.998816][ T9959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 991.019368][ T9959] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 991.022315][ T9959] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 991.134351][T32125] FAULT_INJECTION: forcing a failure. [ 991.134351][T32125] name failslab, interval 1, probability 0, space 0, times 0 [ 991.138363][T32125] CPU: 3 UID: 0 PID: 32125 Comm: syz.3.4545 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 991.138395][T32125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 991.138403][T32125] Call Trace: [ 991.138408][T32125] [ 991.138412][T32125] dump_stack_lvl+0x16c/0x1f0 [ 991.138433][T32125] should_fail_ex+0x512/0x640 [ 991.138452][T32125] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 991.138468][T32125] should_failslab+0xc2/0x120 [ 991.138485][T32125] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 991.138499][T32125] ? __io_alloc_req_refill+0x27d/0x500 [ 991.138513][T32125] ? getname_flags.part.0+0x4c/0x550 [ 991.138533][T32125] getname_flags.part.0+0x4c/0x550 [ 991.138556][T32125] ? build_open_how+0x6a/0xb0 [ 991.138574][T32125] getname_flags+0x93/0xf0 [ 991.138588][T32125] __io_openat_prep+0x16d/0x420 [ 991.138607][T32125] io_submit_sqes+0x835/0x2580 [ 991.138630][T32125] __do_sys_io_uring_enter+0xd6a/0x1630 [ 991.138648][T32125] ? __fget_files+0x20e/0x3c0 [ 991.138661][T32125] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 991.138678][T32125] ? fput+0x70/0xf0 [ 991.138694][T32125] ? ksys_write+0x1ac/0x250 [ 991.138707][T32125] ? __pfx_ksys_write+0x10/0x10 [ 991.138721][T32125] ? rcu_is_watching+0x12/0xc0 [ 991.138740][T32125] __do_fast_syscall_32+0x7c/0x3a0 [ 991.138757][T32125] do_fast_syscall_32+0x32/0x80 [ 991.138773][T32125] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 991.138786][T32125] RIP: 0023:0xf7fe2579 [ 991.138795][T32125] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 991.138806][T32125] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 991.138817][T32125] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000007277 [ 991.138823][T32125] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 0000000000000000 [ 991.138830][T32125] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 991.138836][T32125] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 991.138843][T32125] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 991.138856][T32125] [ 991.424172][ T29] usb 6-1: USB disconnect, device number 70 [ 992.109199][T18457] Bluetooth: hci2: command tx timeout [ 993.068981][T32148] netlink: 'syz.2.4550': attribute type 1 has an invalid length. [ 993.333875][T32157] FAULT_INJECTION: forcing a failure. [ 993.333875][T32157] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 993.340075][T32157] CPU: 3 UID: 0 PID: 32157 Comm: syz.2.4552 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 993.340104][T32157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 993.340116][T32157] Call Trace: [ 993.340123][T32157] [ 993.340131][T32157] dump_stack_lvl+0x16c/0x1f0 [ 993.340161][T32157] should_fail_ex+0x512/0x640 [ 993.340194][T32157] strncpy_from_user+0x3b/0x2e0 [ 993.340223][T32157] getname_flags.part.0+0x8f/0x550 [ 993.340256][T32157] getname_flags+0x93/0xf0 [ 993.340277][T32157] do_sys_openat2+0xb8/0x1d0 [ 993.340295][T32157] ? __pfx_do_sys_openat2+0x10/0x10 [ 993.340369][T32157] ? __fget_files+0x20e/0x3c0 [ 993.340388][T32157] ? handle_mm_fault+0x210/0xd10 [ 993.340415][T32157] __ia32_sys_creat+0xcb/0x120 [ 993.340434][T32157] ? __pfx___ia32_sys_creat+0x10/0x10 [ 993.340450][T32157] ? __pfx_ksys_write+0x10/0x10 [ 993.340474][T32157] ? rcu_is_watching+0x12/0xc0 [ 993.340499][T32157] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 993.340524][T32157] ? lockdep_hardirqs_on+0x7c/0x110 [ 993.340547][T32157] __do_fast_syscall_32+0x7c/0x3a0 [ 993.340574][T32157] do_fast_syscall_32+0x32/0x80 [ 993.340600][T32157] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 993.340631][T32157] RIP: 0023:0xf702e579 [ 993.340646][T32157] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 993.340663][T32157] RSP: 002b:00000000f4ffd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000008 [ 993.340680][T32157] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000000188 [ 993.340692][T32157] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 993.340703][T32157] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 993.340714][T32157] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 993.340724][T32157] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 993.340749][T32157] [ 993.424541][ C3] vkms_vblank_simulate: vblank timer overrun [ 994.168093][T18457] Bluetooth: hci2: command tx timeout [ 994.909649][T32196] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 996.940064][T32234] xt_limit: Overflow, try lower: 330673899/4200216962 [ 996.988873][T32229] cgroup: Bad value for 'name' [ 996.992217][T32234] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 997.498135][ T72] usb 7-1: new high-speed USB device number 63 using dummy_hcd [ 997.673186][T32252] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 997.683197][ T72] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 997.686463][ T72] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 997.697881][ T72] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 997.700725][ T72] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 997.759888][ T72] usb 7-1: config 0 descriptor?? [ 997.841756][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.042869][T32261] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4581'. [ 998.164632][ T72] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 998.167956][ T72] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 998.170610][ T72] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 998.173108][ T72] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 998.176076][ T72] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 998.179286][ T72] cm6533_jd 0003:0D8C:0022.000A: No inputs registered, leaving [ 998.185801][ T72] cm6533_jd 0003:0D8C:0022.000A: hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 998.188001][T32263] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 998.429691][ T5998] usb 7-1: USB disconnect, device number 63 [ 999.677059][T32292] FAULT_INJECTION: forcing a failure. [ 999.677059][T32292] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 999.684845][T32292] CPU: 2 UID: 0 PID: 32292 Comm: syz.1.4589 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 999.684862][T32292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 999.684880][T32292] Call Trace: [ 999.684886][T32292] [ 999.684891][T32292] dump_stack_lvl+0x16c/0x1f0 [ 999.684980][T32292] should_fail_ex+0x512/0x640 [ 999.685020][T32292] _copy_from_user+0x2e/0xd0 [ 999.685033][T32292] get_compat_msghdr+0xa7/0x170 [ 999.685049][T32292] ? __pfx_get_compat_msghdr+0x10/0x10 [ 999.685067][T32292] ? __lock_acquire+0x622/0x1c90 [ 999.685081][T32292] ___sys_recvmsg+0x191/0x1a0 [ 999.685097][T32292] ? __pfx____sys_recvmsg+0x10/0x10 [ 999.685120][T32292] ? task_work_run+0x140/0x240 [ 999.685137][T32292] do_recvmmsg+0x55d/0x750 [ 999.685154][T32292] ? __pfx_do_recvmmsg+0x10/0x10 [ 999.685172][T32292] ? __pfx_get_signal+0x10/0x10 [ 999.685194][T32292] ? arch_do_signal_or_restart+0x211/0x790 [ 999.685212][T32292] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 999.685231][T32292] __sys_recvmmsg+0x21c/0x280 [ 999.685247][T32292] ? __pfx___sys_recvmmsg+0x10/0x10 [ 999.685267][T32292] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 999.685284][T32292] ? do_int80_emulation+0xd4/0x460 [ 999.685300][T32292] ? lockdep_hardirqs_on+0x7c/0x110 [ 999.685319][T32292] do_int80_emulation+0x104/0x460 [ 999.685338][T32292] asm_int80_emulation+0x1a/0x20 [ 999.685349][T32292] RIP: 0023:0xf7f74579 [ 999.685358][T32292] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 999.685369][T32292] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 999.685380][T32292] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000140 [ 999.685387][T32292] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 999.685393][T32292] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 999.685399][T32292] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 999.685406][T32292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 999.685419][T32292] [ 1000.417581][T32313] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1000.424233][T32311] FAULT_INJECTION: forcing a failure. [ 1000.424233][T32311] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1000.438180][T32311] CPU: 3 UID: 0 PID: 32311 Comm: syz.2.4595 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1000.438207][T32311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1000.438219][T32311] Call Trace: [ 1000.438225][T32311] [ 1000.438233][T32311] dump_stack_lvl+0x16c/0x1f0 [ 1000.438261][T32311] should_fail_ex+0x512/0x640 [ 1000.438313][T32311] strncpy_from_user+0x3b/0x2e0 [ 1000.438342][T32311] getname_flags.part.0+0x8f/0x550 [ 1000.438371][T32311] getname_flags+0x93/0xf0 [ 1000.438390][T32311] __ia32_compat_sys_execve+0x72/0xc0 [ 1000.438411][T32311] __do_fast_syscall_32+0x7c/0x3a0 [ 1000.438437][T32311] do_fast_syscall_32+0x32/0x80 [ 1000.438460][T32311] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1000.438481][T32311] RIP: 0023:0xf702e579 [ 1000.438494][T32311] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1000.438511][T32311] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 000000000000000b [ 1000.438527][T32311] RAX: ffffffffffffffda RBX: 0000000080000300 RCX: 0000000080000840 [ 1000.438538][T32311] RDX: 00000000800008c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1000.438549][T32311] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1000.438559][T32311] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1000.438581][T32311] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1000.438603][T32311] [ 1001.816863][T32337] FAULT_INJECTION: forcing a failure. [ 1001.816863][T32337] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.822491][T32337] CPU: 2 UID: 0 PID: 32337 Comm: syz.2.4601 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1001.822516][T32337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1001.822527][T32337] Call Trace: [ 1001.822534][T32337] [ 1001.822541][T32337] dump_stack_lvl+0x16c/0x1f0 [ 1001.822576][T32337] should_fail_ex+0x512/0x640 [ 1001.822603][T32337] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1001.822628][T32337] should_failslab+0xc2/0x120 [ 1001.822652][T32337] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1001.822673][T32337] ? __alloc_skb+0x2b2/0x380 [ 1001.822699][T32337] __alloc_skb+0x2b2/0x380 [ 1001.822720][T32337] ? __pfx___alloc_skb+0x10/0x10 [ 1001.822743][T32337] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1001.822774][T32337] netlink_alloc_large_skb+0x69/0x130 [ 1001.822801][T32337] netlink_sendmsg+0x6a1/0xdd0 [ 1001.822821][T32337] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1001.822849][T32337] ? __import_iovec+0x1dd/0x650 [ 1001.822872][T32337] ____sys_sendmsg+0xa95/0xc70 [ 1001.822891][T32337] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1001.822907][T32337] ? get_compat_msghdr+0x11a/0x170 [ 1001.822941][T32337] ___sys_sendmsg+0x134/0x1d0 [ 1001.822966][T32337] ? __pfx____sys_sendmsg+0x10/0x10 [ 1001.822998][T32337] ? find_held_lock+0x2b/0x80 [ 1001.823038][T32337] __sys_sendmsg+0x16d/0x220 [ 1001.823061][T32337] ? __pfx___sys_sendmsg+0x10/0x10 [ 1001.823093][T32337] ? rcu_is_watching+0x12/0xc0 [ 1001.823120][T32337] __do_fast_syscall_32+0x7c/0x3a0 [ 1001.823145][T32337] do_fast_syscall_32+0x32/0x80 [ 1001.823168][T32337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1001.823188][T32337] RIP: 0023:0xf702e579 [ 1001.823201][T32337] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1001.823217][T32337] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1001.823233][T32337] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 1001.823244][T32337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1001.823254][T32337] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1001.823262][T32337] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1001.823272][T32337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1001.823295][T32337] [ 1002.465841][T32357] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4608'. [ 1002.469957][T32357] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4608'. [ 1002.473459][T32357] netlink: 'syz.1.4608': attribute type 12 has an invalid length. [ 1002.484658][T32359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4608'. [ 1002.487471][T32359] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4608'. [ 1002.493110][T32359] netlink: 'syz.1.4608': attribute type 12 has an invalid length. [ 1002.719717][ C0] vkms_vblank_simulate: vblank timer overrun [ 1003.774853][T32351] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1003.784639][T32364] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4609'. [ 1004.544543][T32382] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4612'. [ 1005.943737][T32411] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1006.614890][T32422] FAULT_INJECTION: forcing a failure. [ 1006.614890][T32422] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1006.619181][T32422] CPU: 3 UID: 0 PID: 32422 Comm: syz.1.4623 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1006.619206][T32422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1006.619218][T32422] Call Trace: [ 1006.619224][T32422] [ 1006.619232][T32422] dump_stack_lvl+0x16c/0x1f0 [ 1006.619260][T32422] should_fail_ex+0x512/0x640 [ 1006.619292][T32422] strncpy_from_user+0x3b/0x2e0 [ 1006.619320][T32422] getname_flags.part.0+0x8f/0x550 [ 1006.619352][T32422] getname_flags+0x93/0xf0 [ 1006.619372][T32422] user_path_at+0x24/0x60 [ 1006.619393][T32422] __ia32_compat_sys_truncate+0xf6/0x1e0 [ 1006.619420][T32422] ? __pfx___ia32_compat_sys_truncate+0x10/0x10 [ 1006.619447][T32422] ? rcu_is_watching+0x12/0xc0 [ 1006.619475][T32422] __do_fast_syscall_32+0x7c/0x3a0 [ 1006.619503][T32422] do_fast_syscall_32+0x32/0x80 [ 1006.619532][T32422] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1006.619554][T32422] RIP: 0023:0xf7f74579 [ 1006.619568][T32422] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1006.619585][T32422] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 000000000000005c [ 1006.619601][T32422] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 000000000000007b [ 1006.619613][T32422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1006.619624][T32422] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1006.619634][T32422] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1006.619644][T32422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1006.619668][T32422] [ 1006.952488][T32427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4625'. [ 1007.166196][T32430] FAULT_INJECTION: forcing a failure. [ 1007.166196][T32430] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1007.171065][T32430] CPU: 2 UID: 0 PID: 32430 Comm: syz.3.4626 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1007.171083][T32430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1007.171091][T32430] Call Trace: [ 1007.171095][T32430] [ 1007.171100][T32430] dump_stack_lvl+0x16c/0x1f0 [ 1007.171120][T32430] should_fail_ex+0x512/0x640 [ 1007.171141][T32430] strncpy_from_user+0x3b/0x2e0 [ 1007.171159][T32430] getname_flags.part.0+0x8f/0x550 [ 1007.171180][T32430] getname_flags+0x93/0xf0 [ 1007.171193][T32430] __ia32_sys_mkdir+0x51/0x80 [ 1007.171207][T32430] __do_fast_syscall_32+0x7c/0x3a0 [ 1007.171225][T32430] do_fast_syscall_32+0x32/0x80 [ 1007.171240][T32430] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1007.171254][T32430] RIP: 0023:0xf7fe2579 [ 1007.171263][T32430] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1007.171274][T32430] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000027 [ 1007.171288][T32430] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 0000000000000000 [ 1007.171295][T32430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1007.171301][T32430] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1007.171307][T32430] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1007.171314][T32430] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1007.171327][T32430] [ 1007.697605][T32436] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1008.128059][ T840] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1008.204768][T32446] FAULT_INJECTION: forcing a failure. [ 1008.204768][T32446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1008.209015][T32446] CPU: 3 UID: 0 PID: 32446 Comm: syz.1.4631 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1008.209031][T32446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1008.209038][T32446] Call Trace: [ 1008.209041][T32446] [ 1008.209046][T32446] dump_stack_lvl+0x16c/0x1f0 [ 1008.209065][T32446] should_fail_ex+0x512/0x640 [ 1008.209085][T32446] _copy_from_user+0x2e/0xd0 [ 1008.209097][T32446] load_msg+0x19e/0x4a0 [ 1008.209116][T32446] do_msgrcv+0x202/0x16c0 [ 1008.209125][T32446] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1008.209141][T32446] ? __pfx_compat_do_msg_fill+0x10/0x10 [ 1008.209159][T32446] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1008.209176][T32446] ? __fget_files+0x20e/0x3c0 [ 1008.209189][T32446] ? handle_mm_fault+0x210/0xd10 [ 1008.209201][T32446] ? __pfx_do_msgrcv+0x10/0x10 [ 1008.209212][T32446] ? fput+0x70/0xf0 [ 1008.209228][T32446] ? ksys_write+0x1ac/0x250 [ 1008.209241][T32446] ? __pfx_ksys_write+0x10/0x10 [ 1008.209258][T32446] ? __do_fast_syscall_32+0x7c/0x3a0 [ 1008.209273][T32446] __do_fast_syscall_32+0x7c/0x3a0 [ 1008.209289][T32446] do_fast_syscall_32+0x32/0x80 [ 1008.209305][T32446] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1008.209319][T32446] RIP: 0023:0xf7f74579 [ 1008.209328][T32446] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1008.209343][T32446] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000191 [ 1008.209360][T32446] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 1008.209371][T32446] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000058a7cb82 [ 1008.209381][T32446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1008.209390][T32446] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1008.209400][T32446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1008.209424][T32446] [ 1008.311158][ T840] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 1008.313738][ T840] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1008.323923][ T840] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1008.326688][ T840] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1008.329230][ T840] usb 5-1: Manufacturer: syz [ 1008.331796][ T840] usb 5-1: config 0 descriptor?? [ 1008.387970][ T840] rc_core: IR keymap rc-hauppauge not found [ 1008.390299][ T840] Registered IR keymap rc-empty [ 1008.393549][ T840] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 1008.400890][ T840] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input78 [ 1008.696802][T32454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4632'. [ 1008.875944][T32438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1008.879025][T32438] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1008.888936][ T840] usb 5-1: USB disconnect, device number 58 [ 1009.508593][T32466] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4637'. [ 1010.608003][T32484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4642'. [ 1011.156742][T32497] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1012.347343][T32518] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4651'. [ 1012.964180][T32528] XFS (nullb0): Invalid superblock magic number [ 1014.527313][T32560] FAULT_INJECTION: forcing a failure. [ 1014.527313][T32560] name failslab, interval 1, probability 0, space 0, times 0 [ 1014.537715][T32560] CPU: 3 UID: 0 PID: 32560 Comm: syz.2.4661 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1014.537744][T32560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1014.537757][T32560] Call Trace: [ 1014.537776][T32560] [ 1014.537783][T32560] dump_stack_lvl+0x16c/0x1f0 [ 1014.537847][T32560] should_fail_ex+0x512/0x640 [ 1014.537882][T32560] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1014.537910][T32560] should_failslab+0xc2/0x120 [ 1014.537937][T32560] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1014.537962][T32560] ? __alloc_skb+0x2b2/0x380 [ 1014.537994][T32560] __alloc_skb+0x2b2/0x380 [ 1014.538018][T32560] ? __pfx___alloc_skb+0x10/0x10 [ 1014.538046][T32560] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1014.538082][T32560] netlink_alloc_large_skb+0x69/0x130 [ 1014.538114][T32560] netlink_sendmsg+0x6a1/0xdd0 [ 1014.538138][T32560] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1014.538191][T32560] ? __import_iovec+0x1dd/0x650 [ 1014.538218][T32560] ____sys_sendmsg+0xa95/0xc70 [ 1014.538242][T32560] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1014.538259][T32560] ? get_compat_msghdr+0x11a/0x170 [ 1014.538300][T32560] ___sys_sendmsg+0x134/0x1d0 [ 1014.538328][T32560] ? __pfx____sys_sendmsg+0x10/0x10 [ 1014.538366][T32560] ? find_held_lock+0x2b/0x80 [ 1014.538411][T32560] __sys_sendmsg+0x16d/0x220 [ 1014.538436][T32560] ? __pfx___sys_sendmsg+0x10/0x10 [ 1014.538473][T32560] ? __secure_computing+0x21c/0x320 [ 1014.538507][T32560] __do_fast_syscall_32+0x7c/0x3a0 [ 1014.538535][T32560] do_fast_syscall_32+0x32/0x80 [ 1014.538560][T32560] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1014.538582][T32560] RIP: 0023:0xf702e579 [ 1014.538598][T32560] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1014.538616][T32560] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1014.538635][T32560] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180 [ 1014.538647][T32560] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1014.538659][T32560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1014.538669][T32560] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1014.538681][T32560] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1014.538711][T32560] [ 1014.606009][T32549] netlink: 'syz.0.4656': attribute type 32 has an invalid length. [ 1014.645933][T32549] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4656'. [ 1014.650337][T32549] (unnamed net_device) (uninitialized): option coupled_control: invalid value (47) [ 1014.838150][ C0] vkms_vblank_simulate: vblank timer overrun [ 1014.900781][ C0] vkms_vblank_simulate: vblank timer overrun [ 1014.957940][ C0] vkms_vblank_simulate: vblank timer overrun [ 1015.015116][ C0] vkms_vblank_simulate: vblank timer overrun [ 1015.815655][T32589] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4667'. [ 1016.097205][T32593] x_tables: ip6_tables: ipcomp match: only valid for protocol 108 [ 1016.255710][T32595] binder: 32594:32595 ioctl c0306201 0 returned -14 [ 1016.319583][ T40] kauditd_printk_skb: 211 callbacks suppressed [ 1016.319598][ T40] audit: type=1326 audit(1748846296.822:3771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32570 comm="syz.0.4664" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7fc00000 [ 1016.390442][T32599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4672'. [ 1018.178687][ T839] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 1018.338984][ T839] usb 6-1: Using ep0 maxpacket: 16 [ 1018.342482][ T839] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1018.346776][ T839] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1018.352985][ T839] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1018.356539][ T839] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1018.361238][ T839] usb 6-1: config 0 descriptor?? [ 1018.692806][ T839] usbhid 6-1:0.0: can't add hid device: -71 [ 1018.694801][ T839] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1018.707783][ T839] usb 6-1: USB disconnect, device number 71 [ 1018.735665][T32636] FAULT_INJECTION: forcing a failure. [ 1018.735665][T32636] name failslab, interval 1, probability 0, space 0, times 0 [ 1018.735825][ T40] audit: type=1326 audit(1748846299.242:3772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1018.748348][T32636] CPU: 0 UID: 0 PID: 32636 Comm: syz.3.4681 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1018.748371][T32636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1018.748381][T32636] Call Trace: [ 1018.748398][T32636] [ 1018.748416][T32636] dump_stack_lvl+0x16c/0x1f0 [ 1018.748456][T32636] should_fail_ex+0x512/0x640 [ 1018.748484][T32636] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1018.748506][T32636] should_failslab+0xc2/0x120 [ 1018.748526][T32636] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1018.748545][T32636] ? perf_event_alloc+0x122/0x52b0 [ 1018.748565][T32636] ? __pfx_ptrace_triggered+0x10/0x10 [ 1018.748582][T32636] perf_event_alloc+0x122/0x52b0 [ 1018.748596][T32636] ? __lock_acquire+0xb8a/0x1c90 [ 1018.748623][T32636] ? __pfx_perf_event_alloc+0x10/0x10 [ 1018.748647][T32636] ? __pfx_ptrace_triggered+0x10/0x10 [ 1018.748664][T32636] perf_event_create_kernel_counter+0x130/0x6b0 [ 1018.748688][T32636] ? perf_event_create_kernel_counter+0x111/0x6b0 [ 1018.748716][T32636] ptrace_register_breakpoint+0x1bb/0x1d0 [ 1018.748739][T32636] ? __pfx_ptrace_register_breakpoint+0x10/0x10 [ 1018.748775][T32636] ? do_raw_spin_lock+0x12c/0x2b0 [ 1018.748799][T32636] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1018.748827][T32636] ptrace_write_dr7+0x2b1/0x470 [ 1018.748852][T32636] ? __pfx_ptrace_write_dr7+0x10/0x10 [ 1018.748870][T32636] ? rcu_is_watching+0x12/0xc0 [ 1018.748895][T32636] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1018.748917][T32636] ? lockdep_hardirqs_on+0x7c/0x110 [ 1018.748939][T32636] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1018.748960][T32636] ? wait_task_inactive+0x46e/0x740 [ 1018.748978][T32636] putreg32+0x1d0/0x700 [ 1018.748993][T32636] compat_arch_ptrace+0x1e9/0x3a0 [ 1018.749007][T32636] ? __pfx_compat_arch_ptrace+0x10/0x10 [ 1018.749019][T32636] ? mark_held_locks+0x49/0x80 [ 1018.749035][T32636] __ia32_compat_sys_ptrace+0x269/0x2e0 [ 1018.749049][T32636] __do_fast_syscall_32+0x7c/0x3a0 [ 1018.749066][T32636] do_fast_syscall_32+0x32/0x80 [ 1018.749081][T32636] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1018.749095][T32636] RIP: 0023:0xf7fe2579 [ 1018.749105][T32636] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1018.749117][T32636] RSP: 002b:00000000f50e555c EFLAGS: 00000296 ORIG_RAX: 000000000000001a [ 1018.749129][T32636] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000075b [ 1018.749136][T32636] RDX: 0000000000000118 RSI: 0000000000000004 RDI: 0000000000000000 [ 1018.749143][T32636] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1018.749149][T32636] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1018.749155][T32636] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1018.749169][T32636] [ 1018.749728][ T40] audit: type=1326 audit(1748846299.262:3773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=314 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1018.749816][T32638] fuse: blksize only supported for fuseblk [ 1018.754360][ T40] audit: type=1326 audit(1748846299.262:3774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1018.874435][ T40] audit: type=1326 audit(1748846299.262:3775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1018.883368][ T40] audit: type=1326 audit(1748846299.262:3776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=108 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1018.892748][ T40] audit: type=1326 audit(1748846299.262:3777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1018.901614][ T40] audit: type=1326 audit(1748846299.262:3778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1018.910913][ T40] audit: type=1326 audit(1748846299.272:3779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1018.919964][ T40] audit: type=1326 audit(1748846299.272:3780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32633 comm="syz.0.4682" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 1020.204592][T32667] loop7: detected capacity change from 0 to 16384 [ 1020.224492][ T5349] udevd[5349]: worker [32408] terminated by signal 33 (Unknown signal 33) [ 1020.230217][ T5349] udevd[5349]: worker [32408] failed while handling '/devices/virtual/block/loop7' [ 1020.268315][T32667] I/O error, dev loop7, sector 1000 op 0x1:(WRITE) flags 0x8800 phys_seg 1 prio class 0 [ 1020.727980][T18202] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 1020.888010][T18202] usb 6-1: Using ep0 maxpacket: 16 [ 1020.891762][T18202] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1020.895704][T18202] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1020.900081][T18202] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1020.903151][T18202] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1020.907458][T18202] usb 6-1: config 0 descriptor?? [ 1021.205282][T18202] usbhid 6-1:0.0: can't add hid device: -71 [ 1021.207357][T18202] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1021.214358][T18202] usb 6-1: USB disconnect, device number 72 [ 1022.038166][T32695] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4701'. [ 1022.081818][T32697] FAULT_INJECTION: forcing a failure. [ 1022.081818][T32697] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.089021][T32697] CPU: 1 UID: 0 PID: 32697 Comm: syz.2.4702 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1022.089061][T32697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1022.089075][T32697] Call Trace: [ 1022.089082][T32697] [ 1022.089089][T32697] dump_stack_lvl+0x16c/0x1f0 [ 1022.089119][T32697] should_fail_ex+0x512/0x640 [ 1022.089146][T32697] ? fs_reclaim_acquire+0xae/0x150 [ 1022.089167][T32697] ? tomoyo_encode2+0x100/0x3e0 [ 1022.089191][T32697] should_failslab+0xc2/0x120 [ 1022.089218][T32697] __kmalloc_noprof+0xd2/0x510 [ 1022.089242][T32697] ? d_absolute_path+0x136/0x1a0 [ 1022.089272][T32697] tomoyo_encode2+0x100/0x3e0 [ 1022.089301][T32697] tomoyo_encode+0x29/0x50 [ 1022.089332][T32697] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1022.089366][T32697] tomoyo_path_number_perm+0x245/0x580 [ 1022.089387][T32697] ? tomoyo_path_number_perm+0x237/0x580 [ 1022.089413][T32697] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1022.089477][T32697] ? find_held_lock+0x2b/0x80 [ 1022.089503][T32697] ? hook_file_ioctl_common+0x145/0x410 [ 1022.089531][T32697] ? __fget_files+0x20e/0x3c0 [ 1022.089550][T32697] ? fput+0x10/0xf0 [ 1022.089580][T32697] security_file_ioctl_compat+0x9b/0x240 [ 1022.089607][T32697] __ia32_compat_sys_ioctl+0xc3/0x370 [ 1022.089631][T32697] __do_fast_syscall_32+0x7c/0x3a0 [ 1022.089659][T32697] do_fast_syscall_32+0x32/0x80 [ 1022.089683][T32697] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1022.089707][T32697] RIP: 0023:0xf702e579 [ 1022.089721][T32697] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1022.089740][T32697] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1022.089757][T32697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c04064a0 [ 1022.089769][T32697] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1022.089781][T32697] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1022.089791][T32697] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1022.089801][T32697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1022.089826][T32697] [ 1022.187923][T32697] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1023.143613][ C0] vkms_vblank_simulate: vblank timer overrun [ 1023.247903][ C0] vkms_vblank_simulate: vblank timer overrun [ 1023.385561][T32700] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 1023.477902][ C0] vkms_vblank_simulate: vblank timer overrun [ 1023.531192][ C0] vkms_vblank_simulate: vblank timer overrun [ 1024.486723][T32733] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4712'. [ 1024.825686][T32741] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1025.377779][ T29] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 1025.591381][ T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1025.611944][ T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1025.622712][ T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1025.639573][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1025.712743][T32745] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1025.728620][ T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1025.947377][T18202] usb 6-1: USB disconnect, device number 73 [ 1026.487303][ T301] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1027.626080][ T319] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4723'. [ 1028.588767][ T336] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.4728'. [ 1028.743990][ T325] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 1029.214768][ T336] team0 (unregistering): Port device team_slave_0 removed [ 1029.220817][ T336] team0 (unregistering): Port device team_slave_1 removed [ 1030.185295][ T358] random: crng reseeded on system resumption [ 1030.248166][ T358] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.389378][ T358] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.483432][ T358] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.564447][ T358] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1030.644635][ T358] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1030.652500][ T358] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1030.660205][ T358] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1030.667477][ T358] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1031.051464][ T374] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 1031.065516][ T374] fuseblk: Bad value for 'fd' [ 1031.444143][ T384] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4739'. [ 1032.346413][ T392] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1033.273824][ T410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4747'. [ 1033.276657][ T410] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4747'. [ 1036.512657][ T448] AppArmor: change_hat: Invalid input '0x' [ 1036.513639][ T448] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.4759' sets config #2147483646 [ 1036.561271][ T450] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 1037.557118][ T5998] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 1037.818076][ T5998] usb 6-1: Using ep0 maxpacket: 16 [ 1037.822359][ T5998] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1037.825630][ T5998] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1037.830998][ T5998] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1037.833724][ T5998] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1037.839779][ T5998] usb 6-1: config 0 descriptor?? [ 1038.142632][ T5998] usbhid 6-1:0.0: can't add hid device: -71 [ 1038.144594][ T5998] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1038.218331][ T5998] usb 6-1: USB disconnect, device number 74 [ 1039.913659][ T494] could not allocate digest TFM handle cbcmac-aes-neon [ 1039.917779][ T507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4783'. [ 1039.929710][ T509] veth1_macvtap: left promiscuous mode [ 1040.244487][ T501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4774'. [ 1040.384426][ T516] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 1042.256581][ T534] FAULT_INJECTION: forcing a failure. [ 1042.256581][ T534] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1042.262216][ T534] CPU: 0 UID: 0 PID: 534 Comm: syz.1.4782 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1042.262235][ T534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1042.262243][ T534] Call Trace: [ 1042.262247][ T534] [ 1042.262252][ T534] dump_stack_lvl+0x16c/0x1f0 [ 1042.262271][ T534] should_fail_ex+0x512/0x640 [ 1042.262291][ T534] _copy_from_iter+0x29f/0x16f0 [ 1042.262305][ T534] ? __alloc_skb+0x200/0x380 [ 1042.262320][ T534] ? __pfx__copy_from_iter+0x10/0x10 [ 1042.262333][ T534] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1042.262355][ T534] netlink_sendmsg+0x829/0xdd0 [ 1042.262368][ T534] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1042.262386][ T534] ? __import_iovec+0x1dd/0x650 [ 1042.262405][ T534] ____sys_sendmsg+0xa95/0xc70 [ 1042.262418][ T534] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1042.262428][ T534] ? get_compat_msghdr+0x11a/0x170 [ 1042.262451][ T534] ___sys_sendmsg+0x134/0x1d0 [ 1042.262467][ T534] ? __pfx____sys_sendmsg+0x10/0x10 [ 1042.262489][ T534] ? find_held_lock+0x2b/0x80 [ 1042.262515][ T534] __sys_sendmsg+0x16d/0x220 [ 1042.262530][ T534] ? __pfx___sys_sendmsg+0x10/0x10 [ 1042.262551][ T534] ? rcu_is_watching+0x12/0xc0 [ 1042.262569][ T534] __do_fast_syscall_32+0x7c/0x3a0 [ 1042.262586][ T534] do_fast_syscall_32+0x32/0x80 [ 1042.262602][ T534] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1042.262616][ T534] RIP: 0023:0xf7f74579 [ 1042.262625][ T534] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1042.262637][ T534] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1042.262648][ T534] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800012c0 [ 1042.262655][ T534] RDX: 000000002000c004 RSI: 0000000000000000 RDI: 0000000000000000 [ 1042.262662][ T534] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1042.262668][ T534] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1042.262686][ T534] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1042.262700][ T534] [ 1043.500481][ T550] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4788'. [ 1044.416934][ T556] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input79 [ 1044.731341][ T569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4792'. [ 1044.916288][ T572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4793'. [ 1046.548527][ T839] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1046.716734][ T599] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4801'. [ 1046.718248][ T839] usb 5-1: Using ep0 maxpacket: 16 [ 1046.724826][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1046.731316][ T839] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1046.736800][ T839] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1046.743704][ T839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1046.751000][ T839] usb 5-1: config 0 descriptor?? [ 1047.148992][ T839] usbhid 5-1:0.0: can't add hid device: -71 [ 1047.150970][ T839] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1047.169015][ T839] usb 5-1: USB disconnect, device number 59 [ 1048.548519][ T629] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 1048.730449][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1048.733374][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1048.755744][ T637] 9pnet: Unknown protocol version 9p20\++} [ 1049.188969][ T638] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 1049.191913][ T638] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1049.207173][ T638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1049.538906][ T652] lo speed is unknown, defaulting to 1000 [ 1049.553550][ T652] lo speed is unknown, defaulting to 1000 [ 1049.575799][ T652] lo speed is unknown, defaulting to 1000 [ 1049.740935][ T652] infiniband sÌR4: RDMA CMA: cma_listen_on_dev, error -98 [ 1050.131587][ T652] lo speed is unknown, defaulting to 1000 [ 1050.135422][ T652] lo speed is unknown, defaulting to 1000 [ 1050.270061][ T652] lo speed is unknown, defaulting to 1000 [ 1050.286011][ T652] lo speed is unknown, defaulting to 1000 [ 1050.345655][ T652] lo speed is unknown, defaulting to 1000 [ 1051.158144][ T675] FAULT_INJECTION: forcing a failure. [ 1051.158144][ T675] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1051.162779][ T675] CPU: 0 UID: 0 PID: 675 Comm: syz.1.4823 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1051.162806][ T675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1051.162814][ T675] Call Trace: [ 1051.162819][ T675] [ 1051.162824][ T675] dump_stack_lvl+0x16c/0x1f0 [ 1051.162845][ T675] should_fail_ex+0x512/0x640 [ 1051.162866][ T675] _copy_from_user+0x2e/0xd0 [ 1051.162878][ T675] vt_compat_ioctl+0x27c/0x4e0 [ 1051.162894][ T675] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 1051.162909][ T675] ? hook_file_ioctl_common+0x145/0x410 [ 1051.162926][ T675] ? __fget_files+0x20e/0x3c0 [ 1051.162938][ T675] ? fput+0x10/0xf0 [ 1051.162953][ T675] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 1051.162968][ T675] tty_compat_ioctl+0x2f1/0x4d0 [ 1051.162979][ T675] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 1051.162990][ T675] __ia32_compat_sys_ioctl+0x242/0x370 [ 1051.163003][ T675] __do_fast_syscall_32+0x7c/0x3a0 [ 1051.163021][ T675] do_fast_syscall_32+0x32/0x80 [ 1051.163036][ T675] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1051.163050][ T675] RIP: 0023:0xf7f74579 [ 1051.163059][ T675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1051.163070][ T675] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1051.163086][ T675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b66 [ 1051.163093][ T675] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000 [ 1051.163100][ T675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1051.163106][ T675] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1051.163112][ T675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1051.163126][ T675] [ 1051.382540][ T680] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4825'. [ 1053.199302][ T699] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 1054.049253][ T713] IPv6: NLM_F_CREATE should be specified when creating new route [ 1054.229193][ T718] FAULT_INJECTION: forcing a failure. [ 1054.229193][ T718] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1054.234714][ T718] CPU: 0 UID: 0 PID: 718 Comm: syz.3.4836 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1054.234739][ T718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1054.234750][ T718] Call Trace: [ 1054.234758][ T718] [ 1054.234765][ T718] dump_stack_lvl+0x16c/0x1f0 [ 1054.234797][ T718] should_fail_ex+0x512/0x640 [ 1054.234830][ T718] _copy_from_user+0x2e/0xd0 [ 1054.234876][ T718] get_compat_msghdr+0xa7/0x170 [ 1054.234903][ T718] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1054.234932][ T718] ? __lock_acquire+0x622/0x1c90 [ 1054.234957][ T718] ___sys_recvmsg+0x191/0x1a0 [ 1054.234983][ T718] ? __pfx____sys_recvmsg+0x10/0x10 [ 1054.235011][ T718] ? find_held_lock+0x2b/0x80 [ 1054.235050][ T718] ? __pfx___might_resched+0x10/0x10 [ 1054.235083][ T718] do_recvmmsg+0x55d/0x750 [ 1054.235111][ T718] ? __pfx_do_recvmmsg+0x10/0x10 [ 1054.235155][ T718] ? __fget_files+0x20e/0x3c0 [ 1054.235175][ T718] ? handle_mm_fault+0x210/0xd10 [ 1054.235198][ T718] __sys_recvmmsg+0x21c/0x280 [ 1054.235223][ T718] ? __pfx___sys_recvmmsg+0x10/0x10 [ 1054.235250][ T718] ? __pfx_ksys_write+0x10/0x10 [ 1054.235276][ T718] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 1054.235302][ T718] ? lockdep_hardirqs_on+0x7c/0x110 [ 1054.235326][ T718] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1054.235350][ T718] __do_fast_syscall_32+0x7c/0x3a0 [ 1054.235377][ T718] do_fast_syscall_32+0x32/0x80 [ 1054.235402][ T718] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1054.235424][ T718] RIP: 0023:0xf7fe2579 [ 1054.235439][ T718] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1054.235457][ T718] RSP: 002b:00000000f50e555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1054.235480][ T718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 1054.235492][ T718] RDX: 000000000291962b RSI: 000000002e4b39ff RDI: 0000000000000000 [ 1054.235503][ T718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1054.235514][ T718] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1054.235524][ T718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1054.235549][ T718] [ 1054.330389][ T721] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4837'. [ 1054.356290][ T710] hid-generic 0003:0627:0001.0001: pid 710 passed too short report [ 1054.998452][ T738] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4842'. [ 1055.159215][ T741] random: crng reseeded on system resumption [ 1055.242513][ T741] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1055.465456][ T741] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1055.488299][ T751] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 1055.845381][ T741] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1055.975879][ T741] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1056.053938][ T741] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.063578][ T741] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.070511][ T741] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.077697][ T741] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.368855][ T34] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1056.518831][ T34] usb 5-1: too many configurations: 83, using maximum allowed: 8 [ 1056.522866][ T34] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1056.525688][ T34] usb 5-1: can't read configurations, error -61 [ 1056.675635][ T762] hid-generic 0003:0627:0001.0001: pid 762 passed too short report [ 1056.908033][ T34] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1057.081373][ T34] usb 5-1: too many configurations: 83, using maximum allowed: 8 [ 1057.086176][ T34] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1057.089480][ T34] usb 5-1: can't read configurations, error -61 [ 1057.092457][ T34] usb usb5-port1: attempt power cycle [ 1057.237291][ T780] lo speed is unknown, defaulting to 1000 [ 1057.241450][ T780] lo speed is unknown, defaulting to 1000 [ 1057.437947][ T34] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1057.459698][ T34] usb 5-1: too many configurations: 83, using maximum allowed: 8 [ 1057.470972][ T34] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1057.474083][ T34] usb 5-1: can't read configurations, error -61 [ 1057.572685][ T781] block device autoloading is deprecated and will be removed. [ 1057.573976][ T795] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 1057.574148][ T794] IPVS: stopping backup sync thread 795 ... [ 1057.577074][ T781] syz.1.4855: attempt to access beyond end of device [ 1057.577074][ T781] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1057.597926][ T34] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1057.622815][ T34] usb 5-1: too many configurations: 83, using maximum allowed: 8 [ 1057.626509][ T34] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1057.632207][ T34] usb 5-1: can't read configurations, error -61 [ 1057.636318][ T34] usb usb5-port1: unable to enumerate USB device [ 1058.249015][ T807] IPv6: NLM_F_CREATE should be specified when creating new route [ 1058.516999][ T806] hid-generic 0003:0627:0001.0001: pid 806 passed too short report [ 1059.219482][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 1059.509304][ T831] fuse: Unknown parameter '0xffffffffffffffff' [ 1059.560872][ T834] IPVS: stopping backup sync thread 699 ... [ 1059.596849][ T836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4873'. [ 1059.761216][ T846] FAULT_INJECTION: forcing a failure. [ 1059.761216][ T846] name failslab, interval 1, probability 0, space 0, times 0 [ 1059.765122][ T846] CPU: 2 UID: 0 PID: 846 Comm: syz.1.4875 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1059.765138][ T846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1059.765145][ T846] Call Trace: [ 1059.765150][ T846] [ 1059.765154][ T846] dump_stack_lvl+0x16c/0x1f0 [ 1059.765173][ T846] should_fail_ex+0x512/0x640 [ 1059.765191][ T846] ? __kmalloc_noprof+0xbf/0x510 [ 1059.765206][ T846] ? input_ff_create+0x84/0x350 [ 1059.765224][ T846] should_failslab+0xc2/0x120 [ 1059.765240][ T846] __kmalloc_noprof+0xd2/0x510 [ 1059.765257][ T846] input_ff_create+0x84/0x350 [ 1059.765276][ T846] uinput_ioctl_handler.isra.0+0x1181/0x1df0 [ 1059.765300][ T846] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1059.765322][ T846] ? find_held_lock+0x2b/0x80 [ 1059.765342][ T846] ? __pfx___might_fault+0x10/0x10 [ 1059.765358][ T846] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1059.765374][ T846] ? __pfx_uinput_compat_ioctl+0x10/0x10 [ 1059.765392][ T846] __ia32_compat_sys_ioctl+0x242/0x370 [ 1059.765406][ T846] __do_fast_syscall_32+0x7c/0x3a0 [ 1059.765423][ T846] do_fast_syscall_32+0x32/0x80 [ 1059.765439][ T846] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1059.765453][ T846] RIP: 0023:0xf7f74579 [ 1059.765462][ T846] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1059.765473][ T846] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1059.765484][ T846] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000005501 [ 1059.765490][ T846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1059.765497][ T846] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1059.765503][ T846] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1059.765510][ T846] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1059.765524][ T846] [ 1059.821055][ T848] hid-generic 0003:0627:0001.0001: pid 848 passed too short report [ 1059.881669][ T850] 9pnet_fd: Insufficient options for proto=fd [ 1060.112747][ T859] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 1060.377902][ T5998] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1060.527919][ T5998] usb 5-1: Using ep0 maxpacket: 16 [ 1060.536275][ T5998] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1060.548480][ T5998] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1060.557519][ T5998] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1060.561451][ T5998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1060.567672][ T5998] usb 5-1: config 0 descriptor?? [ 1060.957147][ T5998] usbhid 5-1:0.0: can't add hid device: -71 [ 1060.960004][ T5998] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1060.976741][ T5998] usb 5-1: USB disconnect, device number 64 [ 1061.010532][ T863] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 1061.038527][ T862] IPVS: stopping backup sync thread 863 ... [ 1061.226639][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1061.232180][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1061.235702][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1061.242211][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1061.245321][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1061.259635][ T866] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1061.528116][ T5299] Bluetooth: hci2: command 0x0405 tx timeout [ 1062.448817][T18457] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1062.452574][T18457] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1062.454398][ T1140] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.455485][T18457] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1062.461938][T18457] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1062.465125][T18457] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1062.488361][ T892] lo speed is unknown, defaulting to 1000 [ 1062.491055][ T892] lo speed is unknown, defaulting to 1000 [ 1062.583001][ T1140] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.658089][ T840] usb 7-1: new high-speed USB device number 64 using dummy_hcd [ 1062.676318][ T1140] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.710136][ T892] chnl_net:caif_netlink_parms(): no params data found [ 1062.747115][ T903] input: syz1 as /devices/virtual/input/input83 [ 1062.786170][ T1140] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.830156][ T840] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1062.833160][ T840] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1062.837054][ T840] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 1062.843204][ T840] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1062.847006][ T840] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1062.851769][ T840] usb 7-1: Product: syz [ 1062.853780][ T840] usb 7-1: Manufacturer: syz [ 1062.855755][ T840] usb 7-1: SerialNumber: syz [ 1062.861579][ T891] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1063.051408][ T911] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.4893'. [ 1063.083463][ T840] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 64 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 1063.298765][ T53] usb 7-1: USB disconnect, device number 64 [ 1063.411464][ T53] usblp0: removed [ 1063.677386][ T892] bridge0: port 1(bridge_slave_0) entered blocking state [ 1063.688661][ T892] bridge0: port 1(bridge_slave_0) entered disabled state [ 1063.689521][ T917] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4895'. [ 1063.691070][ T892] bridge_slave_0: entered allmulticast mode [ 1063.700117][ T892] bridge_slave_0: entered promiscuous mode [ 1063.705110][ T892] bridge0: port 2(bridge_slave_1) entered blocking state [ 1063.708461][ T892] bridge0: port 2(bridge_slave_1) entered disabled state [ 1063.711750][ T892] bridge_slave_1: entered allmulticast mode [ 1063.716054][ T892] bridge_slave_1: entered promiscuous mode [ 1063.851477][ T892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1063.992640][ T928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4898'. [ 1064.001775][ T929] FAULT_INJECTION: forcing a failure. [ 1064.001775][ T929] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1064.007356][ T929] CPU: 3 UID: 0 PID: 929 Comm: syz.2.4897 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1064.007382][ T929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1064.007408][ T929] Call Trace: [ 1064.007416][ T929] [ 1064.007424][ T929] dump_stack_lvl+0x16c/0x1f0 [ 1064.007454][ T929] should_fail_ex+0x512/0x640 [ 1064.007485][ T929] _copy_from_iter+0x29f/0x16f0 [ 1064.007506][ T929] ? __alloc_skb+0x200/0x380 [ 1064.007531][ T929] ? __pfx__copy_from_iter+0x10/0x10 [ 1064.007551][ T929] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1064.007603][ T929] netlink_sendmsg+0x829/0xdd0 [ 1064.007625][ T929] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1064.007656][ T929] ? __import_iovec+0x1dd/0x650 [ 1064.007681][ T929] ____sys_sendmsg+0xa95/0xc70 [ 1064.007703][ T929] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1064.007720][ T929] ? get_compat_msghdr+0x11a/0x170 [ 1064.007758][ T929] ___sys_sendmsg+0x134/0x1d0 [ 1064.007784][ T929] ? __pfx____sys_sendmsg+0x10/0x10 [ 1064.007834][ T929] ? find_held_lock+0x2b/0x80 [ 1064.007878][ T929] __sys_sendmsg+0x16d/0x220 [ 1064.007902][ T929] ? __pfx___sys_sendmsg+0x10/0x10 [ 1064.007938][ T929] ? rcu_is_watching+0x12/0xc0 [ 1064.007967][ T929] __do_fast_syscall_32+0x7c/0x3a0 [ 1064.007994][ T929] do_fast_syscall_32+0x32/0x80 [ 1064.008019][ T929] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1064.008041][ T929] RIP: 0023:0xf702e579 [ 1064.008057][ T929] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1064.008074][ T929] RSP: 002b:00000000f4fdc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1064.008091][ T929] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000080 [ 1064.008102][ T929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1064.008113][ T929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1064.008124][ T929] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1064.008135][ T929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1064.008159][ T929] [ 1064.351772][ T1140] bond0 (unregistering): Released all slaves [ 1064.359249][ T892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1064.458629][ T892] team0: Port device team_slave_0 added [ 1064.463172][ T1140] tipc: Left network mode [ 1064.466798][ T892] team0: Port device team_slave_1 added [ 1064.488090][T18457] Bluetooth: hci3: command tx timeout [ 1064.517437][ T892] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1064.520071][ T892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1064.528415][ T892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1064.533308][ T892] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1064.536083][ T892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1064.548352][ T892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1064.598317][ T892] hsr_slave_0: entered promiscuous mode [ 1064.600881][ T892] hsr_slave_1: entered promiscuous mode [ 1064.603522][ T892] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1064.606759][ T892] Cannot create hsr debugfs directory [ 1064.629135][ T939] usb usb8: usbfs: process 939 (syz.0.4902) did not claim interface 0 before use [ 1065.090875][ T958] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1065.258701][ T1140] hsr_slave_0: left promiscuous mode [ 1065.261759][ T1140] hsr_slave_1: left promiscuous mode [ 1065.303134][ T1140] veth0_macvtap: left promiscuous mode [ 1065.304987][ T1140] veth1_vlan: left promiscuous mode [ 1066.107966][ T34] usb 7-1: new high-speed USB device number 65 using dummy_hcd [ 1066.567971][T18457] Bluetooth: hci3: command tx timeout [ 1066.878476][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1066.887945][ T34] usb 7-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 1066.890776][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1066.895746][ T34] usb 7-1: config 0 descriptor?? [ 1067.896089][ T892] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1067.911259][ T892] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1067.930175][ T892] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1067.938843][ T892] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1067.991535][ T892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1068.001984][ T892] 8021q: adding VLAN 0 to HW filter on device team0 [ 1068.009825][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.012165][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1068.030691][T21121] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.033292][T21121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1068.222078][ T892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1068.254358][ T892] veth0_vlan: entered promiscuous mode [ 1068.264111][ T892] veth1_vlan: entered promiscuous mode [ 1068.287205][ T892] veth0_macvtap: entered promiscuous mode [ 1068.294896][ T892] veth1_macvtap: entered promiscuous mode [ 1068.325592][ T892] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1068.335883][ T892] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1068.343165][ T892] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.346811][ T892] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.356969][ T892] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.363967][ T892] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.484210][T21123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1068.487193][T21123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1068.513050][T21121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1068.516459][T21121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1068.647938][ T5299] Bluetooth: hci3: command tx timeout [ 1069.341702][ T840] usb 7-1: USB disconnect, device number 65 [ 1069.509935][ T5947] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1069.518926][ T5947] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1069.529116][ T5947] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1069.535955][ T5947] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1069.540832][ T5947] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1069.599303][ T1041] lo speed is unknown, defaulting to 1000 [ 1069.603233][ T1041] lo speed is unknown, defaulting to 1000 [ 1069.961568][ T1041] chnl_net:caif_netlink_parms(): no params data found [ 1070.117199][ T1041] bridge0: port 1(bridge_slave_0) entered blocking state [ 1070.120242][ T1041] bridge0: port 1(bridge_slave_0) entered disabled state [ 1070.122600][ T1041] bridge_slave_0: entered allmulticast mode [ 1070.126212][ T1041] bridge_slave_0: entered promiscuous mode [ 1070.131998][ T1041] bridge0: port 2(bridge_slave_1) entered blocking state [ 1070.134299][ T1041] bridge0: port 2(bridge_slave_1) entered disabled state [ 1070.136688][ T1041] bridge_slave_1: entered allmulticast mode [ 1070.140447][ T1041] bridge_slave_1: entered promiscuous mode [ 1070.213245][ T1041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1070.222574][ T1041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1070.285475][ T1041] team0: Port device team_slave_0 added [ 1070.290520][ T1041] team0: Port device team_slave_1 added [ 1070.321179][ T1041] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1070.323336][ T1041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1070.332181][ T1041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1070.336637][ T1041] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1070.338991][ T1041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1070.346786][ T1041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1070.387536][ T1041] hsr_slave_0: entered promiscuous mode [ 1070.390073][ T1041] hsr_slave_1: entered promiscuous mode [ 1070.392154][ T1041] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1070.394539][ T1041] Cannot create hsr debugfs directory [ 1070.487132][ T1041] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.534618][ T1063] IPVS: stopping backup sync thread 1064 ... [ 1070.577425][ T1041] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.645067][ T1041] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.727986][ T5299] Bluetooth: hci3: command 0x0419 tx timeout [ 1070.832036][ T1041] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.059588][ T1041] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1071.070437][ T1041] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1071.077334][ T1041] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1071.084592][ T1080] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4926'. [ 1071.084924][ T1041] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1071.136261][ T1041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1071.149715][ T1041] 8021q: adding VLAN 0 to HW filter on device team0 [ 1071.159507][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.161766][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1071.172411][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.175194][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1071.341811][ T1041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1071.366215][ T1041] veth0_vlan: entered promiscuous mode [ 1071.373514][ T1041] veth1_vlan: entered promiscuous mode [ 1071.391078][ T1041] veth0_macvtap: entered promiscuous mode [ 1071.395968][ T1041] veth1_macvtap: entered promiscuous mode [ 1071.405701][ T1041] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1071.410611][ T1041] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1071.420778][ T1041] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1071.423548][ T1041] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1071.426936][ T1041] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1071.429728][ T1041] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1071.467198][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1071.469758][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1071.491947][T21121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1071.495266][T21121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1071.608085][ T5299] Bluetooth: hci4: command tx timeout [ 1072.808685][ T5299] Bluetooth: hci3: command 0x0419 tx timeout [ 1073.082362][ T1106] IPVS: stopping backup sync thread 751 ... [ 1073.453708][ T1135] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1073.631143][ T1141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4936'. [ 1073.688114][ T5299] Bluetooth: hci4: command tx timeout [ 1074.163951][ T5299] Bluetooth: hci2: unexpected event for opcode 0x080f [ 1074.414742][ T1155] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2157778563 (4315557126 ns) > initial count (1704523522 ns). Using initial count to start timer. [ 1075.372549][ T1184] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.4948'. [ 1075.588498][ T1184] team0 (unregistering): Port device team_slave_0 removed [ 1075.621926][ T1184] team0 (unregistering): Port device team_slave_1 removed [ 1075.769165][ T5299] Bluetooth: hci4: command tx timeout [ 1076.144331][ T5299] Bluetooth: hci3: unexpected event for opcode 0x080f [ 1076.679622][ T1200] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 1076.681183][ T1199] IPVS: stopping backup sync thread 1200 ... [ 1076.847979][ T72] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1076.954086][ T1203] IPv6: NLM_F_CREATE should be specified when creating new route [ 1077.020207][ T72] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1077.023553][ T72] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1077.027035][ T72] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 1077.032713][ T72] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1077.036151][ T72] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1077.039590][ T72] usb 5-1: Product: syz [ 1077.040950][ T72] usb 5-1: Manufacturer: syz [ 1077.042455][ T72] usb 5-1: SerialNumber: syz [ 1077.047590][ T1198] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1077.243915][ T1202] hid-generic 0003:0627:0001.0001: pid 1202 passed too short report [ 1077.256005][ T72] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 65 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 1077.459377][ C3] usblp0: nonzero read bulk status received: -71 [ 1077.461552][ T1198] usblp0: error -71 reading from printer [ 1077.463507][ C3] usblp0: nonzero read bulk status received: -71 [ 1077.467929][ T34] usb 5-1: USB disconnect, device number 65 [ 1077.477604][ T34] usblp0: removed [ 1077.847937][ T5299] Bluetooth: hci4: command tx timeout [ 1078.593914][ T1234] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.4960'. [ 1078.648847][ T5299] Bluetooth: hci2: unexpected event for opcode 0x080f [ 1079.375842][ T1253] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1079.683766][ T1266] FAULT_INJECTION: forcing a failure. [ 1079.683766][ T1266] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1079.690082][ T1266] CPU: 3 UID: 0 PID: 1266 Comm: syz.2.4971 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1079.690099][ T1266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1079.690108][ T1266] Call Trace: [ 1079.690112][ T1266] [ 1079.690117][ T1266] dump_stack_lvl+0x16c/0x1f0 [ 1079.690138][ T1266] should_fail_ex+0x512/0x640 [ 1079.690157][ T1266] _copy_to_user+0x32/0xd0 [ 1079.690170][ T1266] simple_read_from_buffer+0xcb/0x170 [ 1079.690184][ T1266] proc_fail_nth_read+0x197/0x270 [ 1079.690196][ T1266] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1079.690208][ T1266] ? rw_verify_area+0xcf/0x680 [ 1079.690220][ T1266] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1079.690231][ T1266] vfs_read+0x1e1/0xc60 [ 1079.690244][ T1266] ? fdget_pos+0x2a2/0x370 [ 1079.690260][ T1266] ? __pfx_vfs_read+0x10/0x10 [ 1079.690271][ T1266] ? find_held_lock+0x2b/0x80 [ 1079.690291][ T1266] ? __fget_files+0x20e/0x3c0 [ 1079.690308][ T1266] ksys_read+0x12a/0x250 [ 1079.690321][ T1266] ? __pfx_ksys_read+0x10/0x10 [ 1079.690335][ T1266] ? rcu_is_watching+0x12/0xc0 [ 1079.690353][ T1266] __do_fast_syscall_32+0x7c/0x3a0 [ 1079.690370][ T1266] do_fast_syscall_32+0x32/0x80 [ 1079.690386][ T1266] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1079.690399][ T1266] RIP: 0023:0xf702e579 [ 1079.690408][ T1266] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1079.690420][ T1266] RSP: 002b:00000000f501e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1079.690430][ T1266] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f501e620 [ 1079.690437][ T1266] RDX: 000000000000000f RSI: 00000000f7392ff4 RDI: 0000000000000000 [ 1079.690444][ T1266] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1079.690451][ T1266] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1079.690457][ T1266] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1079.690470][ T1266] [ 1079.762818][ C3] vkms_vblank_simulate: vblank timer overrun [ 1079.779217][ T1268] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in; [ 1079.779217][ T1268] program syz.3.4972 not setting count and/or reply_len properly [ 1079.787199][ T1268] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4972'. [ 1079.792039][ T1268] unsupported nla_type 52263 [ 1080.110745][ T1273] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 1080.112863][ T1273] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1080.115264][ T1273] vhci_hcd vhci_hcd.0: Device attached [ 1080.273821][ T1274] vhci_hcd: connection closed [ 1080.274049][T21123] vhci_hcd: stop threads [ 1080.277005][T21123] vhci_hcd: release socket [ 1080.309161][T21123] vhci_hcd: disconnect device [ 1080.367970][ T839] usb 41-1: new low-speed USB device number 10 using vhci_hcd [ 1080.371950][ T839] usb 41-1: enqueue for inactive port 0 [ 1080.438575][ T839] vhci_hcd: vhci_device speed not set [ 1080.983769][ T1292] FAULT_INJECTION: forcing a failure. [ 1080.983769][ T1292] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1080.989656][ T1292] CPU: 3 UID: 0 PID: 1292 Comm: syz.2.4979 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1080.989682][ T1292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1080.989693][ T1292] Call Trace: [ 1080.989699][ T1292] [ 1080.989707][ T1292] dump_stack_lvl+0x16c/0x1f0 [ 1080.989734][ T1292] should_fail_ex+0x512/0x640 [ 1080.989763][ T1292] _copy_from_iter+0x29f/0x16f0 [ 1080.989787][ T1292] ? __pfx__copy_from_iter+0x10/0x10 [ 1080.989804][ T1292] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1080.989838][ T1292] copy_page_from_iter+0xde/0x180 [ 1080.989858][ T1292] tun_build_skb.constprop.0+0x2e8/0x14f0 [ 1080.989886][ T1292] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 1080.989909][ T1292] ? __lock_acquire+0x622/0x1c90 [ 1080.989943][ T1292] ? find_held_lock+0x2b/0x80 [ 1080.989971][ T1292] tun_get_user+0x165f/0x3b80 [ 1080.990019][ T1292] ? __pfx_tun_get_user+0x10/0x10 [ 1080.990038][ T1292] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1080.990064][ T1292] ? find_held_lock+0x2b/0x80 [ 1080.990088][ T1292] ? tun_get+0x191/0x370 [ 1080.990121][ T1292] tun_chr_write_iter+0xdc/0x210 [ 1080.990140][ T1292] vfs_write+0x6c7/0x1150 [ 1080.990163][ T1292] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1080.990183][ T1292] ? __pfx_vfs_write+0x10/0x10 [ 1080.990201][ T1292] ? find_held_lock+0x2b/0x80 [ 1080.990243][ T1292] ksys_write+0x12a/0x250 [ 1080.990264][ T1292] ? __pfx_ksys_write+0x10/0x10 [ 1080.990288][ T1292] ? rcu_is_watching+0x12/0xc0 [ 1080.990318][ T1292] __do_fast_syscall_32+0x7c/0x3a0 [ 1080.990345][ T1292] do_fast_syscall_32+0x32/0x80 [ 1080.990368][ T1292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1080.990389][ T1292] RIP: 0023:0xf702e579 [ 1080.990403][ T1292] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1080.990420][ T1292] RSP: 002b:00000000f501e520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 1080.990438][ T1292] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000200 [ 1080.990449][ T1292] RDX: 000000000000005a RSI: 00000000f7392ff4 RDI: 0000000000000000 [ 1080.990460][ T1292] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1080.990470][ T1292] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1080.990480][ T1292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1080.990503][ T1292] [ 1081.666286][ T1313] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.4985'. [ 1081.825870][ T1313] team0 (unregistering): Port device team_slave_0 removed [ 1081.935895][ T1313] team0 (unregistering): Port device team_slave_1 removed [ 1084.763463][ T1360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4988'. [ 1084.767284][ T1360] netlink: 'syz.2.4988': attribute type 5 has an invalid length. [ 1084.769885][ T1360] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4988'. [ 1084.791176][ T1360] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 1084.794045][ T1360] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 1084.796874][ T1360] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 1084.799744][ T1360] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 1084.802676][ T1360] geneve2: entered promiscuous mode [ 1084.804466][ T1360] geneve2: entered allmulticast mode [ 1085.931070][ T1368] block nbd0: server does not support multiple connections per device. [ 1085.937083][ T1368] block nbd0: shutting down sockets [ 1089.018659][ T1410] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1089.549105][ T1423] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5011'. [ 1089.551291][ T1424] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 1089.553579][ T1422] IPVS: stopping backup sync thread 1424 ... [ 1091.338289][T20888] usb 7-1: new high-speed USB device number 66 using dummy_hcd [ 1091.508323][T20888] usb 7-1: Using ep0 maxpacket: 32 [ 1091.513018][T20888] usb 7-1: config 0 has an invalid interface number: 129 but max is 0 [ 1091.515589][T20888] usb 7-1: config 0 has no interface number 0 [ 1091.517539][T20888] usb 7-1: config 0 interface 129 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 32 [ 1091.521133][T20888] usb 7-1: config 0 interface 129 has no altsetting 0 [ 1091.526385][T20888] usb 7-1: New USB device found, idVendor=1bc7, idProduct=1900, bcdDevice=4a.5f [ 1091.529757][T20888] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1091.532309][T20888] usb 7-1: Product: syz [ 1091.533686][T20888] usb 7-1: Manufacturer: syz [ 1091.535153][T20888] usb 7-1: SerialNumber: syz [ 1091.543226][T20888] usb 7-1: config 0 descriptor?? [ 1091.545803][ T1450] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1091.554215][T20888] option 7-1:0.129: GSM modem (1-port) converter detected [ 1091.655063][T20888] usb 7-1: GSM modem (1-port) converter now attached to ttyUSB0 [ 1092.416646][T18457] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1092.442241][T18457] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1092.446905][T18457] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1092.451411][T18457] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1092.453938][T18457] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1092.507296][ T1464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5020'. [ 1092.521258][ T1461] lo speed is unknown, defaulting to 1000 [ 1092.523701][ T1461] lo speed is unknown, defaulting to 1000 [ 1092.623992][ T1461] chnl_net:caif_netlink_parms(): no params data found [ 1092.716581][ T1461] bridge0: port 1(bridge_slave_0) entered blocking state [ 1092.718948][ T1461] bridge0: port 1(bridge_slave_0) entered disabled state [ 1092.721281][ T1461] bridge_slave_0: entered allmulticast mode [ 1092.723981][ T1461] bridge_slave_0: entered promiscuous mode [ 1092.727122][ T1461] bridge0: port 2(bridge_slave_1) entered blocking state [ 1092.729400][ T1461] bridge0: port 2(bridge_slave_1) entered disabled state [ 1092.731636][ T1461] bridge_slave_1: entered allmulticast mode [ 1092.734337][ T1461] bridge_slave_1: entered promiscuous mode [ 1092.768939][ T1461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1092.774144][ T1461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1092.821800][ T1461] team0: Port device team_slave_0 added [ 1092.825229][ T1461] team0: Port device team_slave_1 added [ 1092.857219][ T1461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1092.859512][ T1461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1092.867405][ T1461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1092.871771][ T1461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1092.873959][ T1461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1092.882172][ T1461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1092.945229][ T1461] hsr_slave_0: entered promiscuous mode [ 1092.948556][ T1461] hsr_slave_1: entered promiscuous mode [ 1092.950627][ T1461] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1092.952968][ T1461] Cannot create hsr debugfs directory [ 1093.045255][ T1481] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 1093.078770][ T1482] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1093.121745][ T1461] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1093.206107][ T1461] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1093.283128][ T1461] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1093.366609][ T1461] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1093.508125][ T1461] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1093.512226][ T1461] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1093.519009][ T1461] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1093.526932][ T1461] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1093.553087][ T1461] bridge0: port 2(bridge_slave_1) entered blocking state [ 1093.555919][ T1461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1093.558453][ T1461] bridge0: port 1(bridge_slave_0) entered blocking state [ 1093.560684][ T1461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1093.605760][ T1461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1093.612499][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1093.618648][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1093.699895][ T1461] 8021q: adding VLAN 0 to HW filter on device team0 [ 1093.711066][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1093.713677][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1093.725633][T21124] bridge0: port 2(bridge_slave_1) entered blocking state [ 1093.728740][T21124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1093.769157][ T34] usb 7-1: USB disconnect, device number 66 [ 1093.775546][ T34] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0 [ 1093.779966][ T34] option 7-1:0.129: device disconnected [ 1093.921066][ T1461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1094.012266][ T1461] veth0_vlan: entered promiscuous mode [ 1094.016980][ T1461] veth1_vlan: entered promiscuous mode [ 1094.031725][ T1461] veth0_macvtap: entered promiscuous mode [ 1094.035519][ T1461] veth1_macvtap: entered promiscuous mode [ 1094.099364][ T1461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1094.252316][ T1461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1094.260304][ T1461] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1094.263194][ T1461] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1094.266052][ T1461] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1094.271467][ T1461] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1094.324485][T21124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1094.327247][T21124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1094.353655][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1094.356162][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1094.498042][T18457] Bluetooth: hci0: command tx timeout [ 1095.781769][ T1523] IPVS: stopping backup sync thread 1481 ... [ 1095.799825][ T1525] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 1096.551810][ T1539] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1096.573617][T18457] Bluetooth: hci0: command tx timeout [ 1098.298421][ T1573] ================================================================== [ 1098.300892][ T1573] BUG: KASAN: global-out-of-bounds in fib6_clean_node+0x51c/0x5b0 [ 1098.303289][ T1573] Read of size 8 at addr ffffffff9affabe8 by task syz.2.5045/1573 [ 1098.307023][ T1573] [ 1098.308117][ T1573] CPU: 1 UID: 0 PID: 1573 Comm: syz.2.5045 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1098.308134][ T1573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1098.308143][ T1573] Call Trace: [ 1098.308147][ T1573] [ 1098.308153][ T1573] dump_stack_lvl+0x116/0x1f0 [ 1098.308172][ T1573] print_report+0xcd/0x680 [ 1098.308188][ T1573] ? __virt_addr_valid+0x81/0x610 [ 1098.308206][ T1573] ? __phys_addr+0xe8/0x180 [ 1098.308224][ T1573] ? fib6_clean_node+0x51c/0x5b0 [ 1098.308240][ T1573] kasan_report+0xe0/0x110 [ 1098.308256][ T1573] ? fib6_clean_node+0x51c/0x5b0 [ 1098.308275][ T1573] fib6_clean_node+0x51c/0x5b0 [ 1098.308293][ T1573] ? __pfx_fib6_clean_node+0x10/0x10 [ 1098.308313][ T1573] fib6_walk_continue+0x452/0x8d0 [ 1098.308329][ T1573] fib6_walk+0x182/0x370 [ 1098.308343][ T1573] ? __pfx_fib6_ifdown+0x10/0x10 [ 1098.308360][ T1573] fib6_clean_tree+0xd4/0x110 [ 1098.308375][ T1573] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1098.308391][ T1573] ? __pfx_fib6_clean_node+0x10/0x10 [ 1098.308408][ T1573] ? __pfx_fib6_ifdown+0x10/0x10 [ 1098.308427][ T1573] ? __pfx_fib6_ifdown+0x10/0x10 [ 1098.308443][ T1573] __fib6_clean_all+0x107/0x2d0 [ 1098.308460][ T1573] rt6_disable_ip+0x2ec/0x990 [ 1098.308473][ T1573] ? __mutex_trylock_common+0xe9/0x250 [ 1098.308486][ T1573] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1098.308502][ T1573] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1098.308519][ T1573] ? rcu_is_watching+0x12/0xc0 [ 1098.308537][ T1573] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1098.308555][ T1573] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1098.308572][ T1573] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1098.308593][ T1573] addrconf_notify+0x220/0x19e0 [ 1098.308605][ T1573] ? ip6mr_device_event+0x1bc/0x230 [ 1098.308620][ T1573] notifier_call_chain+0xbc/0x410 [ 1098.308637][ T1573] ? __pfx_addrconf_notify+0x10/0x10 [ 1098.308650][ T1573] call_netdevice_notifiers_info+0xbe/0x140 [ 1098.308667][ T1573] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 1098.308688][ T1573] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1098.308709][ T1573] ? lockdep_hardirqs_on+0x7c/0x110 [ 1098.308726][ T1573] ? kernfs_put.part.0+0x18d/0x640 [ 1098.308742][ T1573] unregister_netdevice_queue+0x305/0x3f0 [ 1098.308761][ T1573] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1098.308778][ T1573] ? sysfs_remove_group+0xc6/0x180 [ 1098.308793][ T1573] ? br_dev_delete+0x116/0x1a0 [ 1098.308809][ T1573] br_dev_newlink+0x139/0x170 [ 1098.308823][ T1573] ? __pfx_br_dev_newlink+0x10/0x10 [ 1098.308838][ T1573] rtnl_newlink+0xc42/0x2000 [ 1098.308856][ T1573] ? __pfx_rtnl_newlink+0x10/0x10 [ 1098.308871][ T1573] ? __pfx___schedule+0x10/0x10 [ 1098.308889][ T1573] ? rcu_is_watching+0x12/0xc0 [ 1098.308904][ T1573] ? trace_cap_capable+0x18d/0x200 [ 1098.308918][ T1573] ? find_held_lock+0x2b/0x80 [ 1098.308933][ T1573] ? __pfx_rtnl_newlink+0x10/0x10 [ 1098.308948][ T1573] ? __pfx_rtnl_newlink+0x10/0x10 [ 1098.308963][ T1573] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 1098.308979][ T1573] ? __pfx_rtnl_newlink+0x10/0x10 [ 1098.308995][ T1573] rtnetlink_rcv_msg+0x95e/0xe90 [ 1098.309012][ T1573] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1098.309027][ T1573] ? __lock_acquire+0xb8a/0x1c90 [ 1098.309041][ T1573] netlink_rcv_skb+0x155/0x420 [ 1098.309052][ T1573] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1098.309068][ T1573] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1098.309078][ T1573] ? rcu_is_watching+0x12/0xc0 [ 1098.309097][ T1573] netlink_unicast+0x53a/0x7f0 [ 1098.309115][ T1573] ? __pfx_netlink_unicast+0x10/0x10 [ 1098.309137][ T1573] netlink_sendmsg+0x8d1/0xdd0 [ 1098.309150][ T1573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1098.309168][ T1573] ? __import_iovec+0x1dd/0x650 [ 1098.309181][ T1573] ____sys_sendmsg+0xa95/0xc70 [ 1098.309193][ T1573] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1098.309203][ T1573] ? get_compat_msghdr+0x11a/0x170 [ 1098.309220][ T1573] ? __pfx_futex_wake_mark+0x10/0x10 [ 1098.309235][ T1573] ___sys_sendmsg+0x134/0x1d0 [ 1098.309251][ T1573] ? __pfx____sys_sendmsg+0x10/0x10 [ 1098.309268][ T1573] ? find_held_lock+0x2b/0x80 [ 1098.309287][ T1573] __sys_sendmsg+0x16d/0x220 [ 1098.309301][ T1573] ? __pfx___sys_sendmsg+0x10/0x10 [ 1098.309316][ T1573] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 1098.309331][ T1573] ? rcu_is_watching+0x12/0xc0 [ 1098.309347][ T1573] __do_fast_syscall_32+0x7c/0x3a0 [ 1098.309363][ T1573] do_fast_syscall_32+0x32/0x80 [ 1098.309379][ T1573] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1098.309420][ T1573] RIP: 0023:0xf702e579 [ 1098.309431][ T1573] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1098.309444][ T1573] RSP: 002b:00000000f479655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1098.309459][ T1573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380 [ 1098.309470][ T1573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1098.309478][ T1573] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1098.309485][ T1573] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1098.309492][ T1573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1098.309504][ T1573] [ 1098.309508][ T1573] [ 1098.457662][ T1573] The buggy address belongs to the variable: [ 1098.459426][ T1573] binder_devices+0x8/0x40 [ 1098.460778][ T1573] [ 1098.461521][ T1573] The buggy address belongs to the physical page: [ 1098.463364][ T1573] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1affa [ 1098.465896][ T1573] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1098.468144][ T1573] raw: 00fff00000002000 ffffea00006bfe88 ffffea00006bfe88 0000000000000000 [ 1098.470686][ T1573] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1098.473208][ T1573] page dumped because: kasan: bad access detected [ 1098.475173][ T1573] page_owner info is not present (never set?) [ 1098.477034][ T1573] [ 1098.477787][ T1573] Memory state around the buggy address: [ 1098.479396][ T1573] ffffffff9affaa80: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1098.481756][ T1573] ffffffff9affab00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1098.484127][ T1573] >ffffffff9affab80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1098.486531][ T1573] ^ [ 1098.488774][ T1573] ffffffff9affac00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1098.491107][ T1573] ffffffff9affac80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1098.493466][ T1573] ================================================================== [ 1098.496008][ T1573] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1098.498221][ T1573] CPU: 1 UID: 0 PID: 1573 Comm: syz.2.5045 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 1098.501674][ T1573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1098.504939][ T1573] Call Trace: [ 1098.505988][ T1573] [ 1098.506899][ T1573] dump_stack_lvl+0x3d/0x1f0 [ 1098.508317][ T1573] panic+0x71c/0x800 [ 1098.509866][ T1573] ? __pfx_panic+0x10/0x10 [ 1098.511431][ T1573] ? mark_held_locks+0x49/0x80 [ 1098.512962][ T1573] ? fib6_clean_node+0x51c/0x5b0 [ 1098.514564][ T1573] ? fib6_clean_node+0x51c/0x5b0 [ 1098.516144][ T1573] check_panic_on_warn+0xab/0xb0 [ 1098.517859][ T1573] end_report+0x107/0x170 [ 1098.519177][ T1573] kasan_report+0xee/0x110 [ 1098.520609][ T1573] ? fib6_clean_node+0x51c/0x5b0 [ 1098.522205][ T1573] fib6_clean_node+0x51c/0x5b0 [ 1098.523730][ T1573] ? __pfx_fib6_clean_node+0x10/0x10 [ 1098.525464][ T1573] fib6_walk_continue+0x452/0x8d0 [ 1098.527004][ T1573] fib6_walk+0x182/0x370 [ 1098.528401][ T1573] ? __pfx_fib6_ifdown+0x10/0x10 [ 1098.530104][ T1573] fib6_clean_tree+0xd4/0x110 [ 1098.531636][ T1573] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1098.533277][ T1573] ? __pfx_fib6_clean_node+0x10/0x10 [ 1098.535091][ T1573] ? __pfx_fib6_ifdown+0x10/0x10 [ 1098.536816][ T1573] ? __pfx_fib6_ifdown+0x10/0x10 [ 1098.538652][ T1573] __fib6_clean_all+0x107/0x2d0 [ 1098.540343][ T1573] rt6_disable_ip+0x2ec/0x990 [ 1098.542087][ T1573] ? __mutex_trylock_common+0xe9/0x250 [ 1098.543979][ T1573] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1098.545858][ T1573] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1098.547502][ T1573] ? rcu_is_watching+0x12/0xc0 [ 1098.549003][ T1573] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1098.550668][ T1573] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1098.552364][ T1573] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1098.554229][ T1573] addrconf_notify+0x220/0x19e0 [ 1098.555800][ T1573] ? ip6mr_device_event+0x1bc/0x230 [ 1098.557505][ T1573] notifier_call_chain+0xbc/0x410 [ 1098.559532][ T1573] ? __pfx_addrconf_notify+0x10/0x10 [ 1098.561091][ T1573] call_netdevice_notifiers_info+0xbe/0x140 [ 1098.562841][ T1573] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 1098.564693][ T1573] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1098.566732][ T1573] ? lockdep_hardirqs_on+0x7c/0x110 [ 1098.568640][ T1573] ? kernfs_put.part.0+0x18d/0x640 [ 1098.570546][ T1573] unregister_netdevice_queue+0x305/0x3f0 [ 1098.572312][ T1573] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1098.574288][ T1573] ? sysfs_remove_group+0xc6/0x180 [ 1098.575927][ T1573] ? br_dev_delete+0x116/0x1a0 [ 1098.577483][ T1573] br_dev_newlink+0x139/0x170 [ 1098.579034][ T1573] ? __pfx_br_dev_newlink+0x10/0x10 [ 1098.580693][ T1573] rtnl_newlink+0xc42/0x2000 [ 1098.582246][ T1573] ? __pfx_rtnl_newlink+0x10/0x10 [ 1098.584035][ T1573] ? __pfx___schedule+0x10/0x10 [ 1098.585937][ T1573] ? rcu_is_watching+0x12/0xc0 [ 1098.587811][ T1573] ? trace_cap_capable+0x18d/0x200 [ 1098.589765][ T1573] ? find_held_lock+0x2b/0x80 [ 1098.591665][ T1573] ? __pfx_rtnl_newlink+0x10/0x10 [ 1098.593634][ T1573] ? __pfx_rtnl_newlink+0x10/0x10 [ 1098.595670][ T1573] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 1098.597721][ T1573] ? __pfx_rtnl_newlink+0x10/0x10 [ 1098.599542][ T1573] rtnetlink_rcv_msg+0x95e/0xe90 [ 1098.601556][ T1573] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1098.603769][ T1573] ? __lock_acquire+0xb8a/0x1c90 [ 1098.605791][ T1573] netlink_rcv_skb+0x155/0x420 [ 1098.607633][ T1573] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1098.609728][ T1573] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1098.611967][ T1573] ? rcu_is_watching+0x12/0xc0 [ 1098.613961][ T1573] netlink_unicast+0x53a/0x7f0 [ 1098.615939][ T1573] ? __pfx_netlink_unicast+0x10/0x10 [ 1098.618123][ T1573] netlink_sendmsg+0x8d1/0xdd0 [ 1098.620064][ T1573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1098.622210][ T1573] ? __import_iovec+0x1dd/0x650 [ 1098.624185][ T1573] ____sys_sendmsg+0xa95/0xc70 [ 1098.626167][ T1573] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1098.627850][ T1573] ? get_compat_msghdr+0x11a/0x170 [ 1098.629415][ T1573] ? __pfx_futex_wake_mark+0x10/0x10 [ 1098.631059][ T1573] ___sys_sendmsg+0x134/0x1d0 [ 1098.632534][ T1573] ? __pfx____sys_sendmsg+0x10/0x10 [ 1098.634159][ T1573] ? find_held_lock+0x2b/0x80 [ 1098.635603][ T1573] __sys_sendmsg+0x16d/0x220 [ 1098.636987][ T1573] ? __pfx___sys_sendmsg+0x10/0x10 [ 1098.638946][ T1573] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 1098.641142][ T1573] ? rcu_is_watching+0x12/0xc0 [ 1098.643129][ T1573] __do_fast_syscall_32+0x7c/0x3a0 [ 1098.645218][ T1573] do_fast_syscall_32+0x32/0x80 [ 1098.647467][ T1573] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1098.650008][ T1573] RIP: 0023:0xf702e579 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1098.651618][ T1573] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1098.659426][ T1573] RSP: 002b:00000000f479655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1098.662640][ T1573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380 [ 1098.665749][ T1573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1098.668826][ T1573] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1098.671610][ T1573] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1098.673945][ T1573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1098.676403][ T1573] [ 1098.678099][ T1573] Kernel Offset: disabled [ 1098.679376][ T1573] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:39:39 Registers: info registers vcpu 0 CPU#0 RAX=00000000015f25a9 RBX=0000000000000000 RCX=ffffffff8b799c79 RDX=0000000000000000 RSI=ffffffff8dc02c0a RDI=ffffffff8bf52ee0 RBP=fffffbfff1c12ef0 RSP=ffffffff8e007e08 R8 =0000000000000001 R9 =ffffed100564663d R10=ffff88802b2331eb R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e097780 R14=ffffffff9087ad50 R15=0000000000000000 RIP=ffffffff8b7987df RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] GS =0000 ffff888097775000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f516b765 CR3=00000000651bd000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85562565 RDI=ffffffff9ae599c0 RBP=ffffffff9ae59980 RSP=ffffc90003576630 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=000000000000000a R14=ffffffff9ae59980 R15=ffffffff85562500 RIP=ffffffff8556258f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097875000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080030000 CR3=00000000703c0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000600 RSI=0000000000000000 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffc9000318f890 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8b794360 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] FS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] GS =0000 ffff888097975000 ffffffff 00c09300 DPL=0 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000ffff IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006d615000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 EAX=f6b6d770 EBX=82058c79 ECX=00000000 EDX=82058c79 ESI=82058c79 EDI=f6b6c7d8 EBP=f6b6d2b0 ESP=ffcd8d80 EIP=f7147acf EFL=00000292 [--S-A--] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c01300 GS =0063 56859440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006d615000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000