last executing test programs: 4.371321527s ago: executing program 3 (id=399): syz_open_dev$hidraw(&(0x7f0000000080), 0x7750, 0x0) r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x24, &(0x7f0000000e40)=ANY=[], 0x0) 3.441554953s ago: executing program 0 (id=404): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x180) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@verity_on}]}) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') pread64(r2, &(0x7f0000001b80)=""/4084, 0xff4, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='cmdline\x00') prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x5, &(0x7f0000000000)) personality(0x4000000) ppoll(0x0, 0x0, &(0x7f0000000040)={0x0, 0x3938700}, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fsetxattr(r5, &(0x7f00000016c0)=@known='system.posix_acl_access\x00', &(0x7f0000001700)='*\x00', 0x2, 0x1) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) pread64(r4, 0x0, 0x0, 0x3) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @ib_path={0x0, r6, 0x1, 0x2}}, 0x20) splice(r1, &(0x7f0000000040)=0x7fff, r3, &(0x7f0000000080)=0x3ff, 0x0, 0x2) fcntl$lock(r0, 0x25, &(0x7f0000000000)={0x76531edec3d93c5e, 0x2, 0xa762}) 2.680956187s ago: executing program 0 (id=405): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002004000b7080000000000007b8af8ff00000000b7080000000200007b8af0ff0000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x1}, {0x5, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e0ff800100000000000000000000000000000000000000000a000040"], 0xb8}}, 0x804) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r7) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f00000004c0)="2c385aa3", 0x4) r9 = accept4(r8, 0x0, 0x0, 0x0) sendmmsg$alg(r9, &(0x7f0000005080)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="09de", 0x2}, {&(0x7f0000000680)="d5bb69fd2ec3a88c5df48b69469a", 0xe}], 0x2, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) 1.641389433s ago: executing program 0 (id=411): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x3d63, 0x7ff, 0x0, 0x17f, 0x0, r1}, &(0x7f0000000200)=0x0, 0x0) syz_io_uring_submit(r3, 0x0, 0x0) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x20000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r4 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000540)={0x8, {{0xa, 0x0, 0x0, @mcast2, 0x20400}}, {{0xa, 0x4e26, 0xb020, @mcast1}}}, 0x104) socket$kcm(0x10, 0x400000002, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r5, 0x541b, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r7, &(0x7f0000002100)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000000401010200000000000000000001000000e387424fd24121df4d00000077125c4d04a564aa69f044b6aef48e1c90d223c59f5293f92cb8efefc409947e8c580295f76e09a4b4775aae0216fd43e75df2d219de8b7527b71b5aebeb22f0157e10297400dcaf0277a9ebe0c349dc564cf3ab06ce4875aab7e6693c53be3df3dcf9f389be6f1d34680154511cc5e2614485bdf3ab059fbdc59b7aa9d80b9e7d1caad478c200d1e072e9c4b26c838dfb7f4585b4876a5b44ac40d18f3d833a4acd7a603737718504bd20992b0a20fbb892"], 0x14}}, 0x4040000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) iopl(0x3) r8 = socket(0x840000000002, 0x3, 0x100) connect$inet(r8, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) pwritev2(r8, &(0x7f00000000c0), 0x0, 0xa, 0x6e6f2b53, 0x10) r9 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341) ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 1.33125402s ago: executing program 3 (id=413): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000090a010400000000000000000000f50008000a40000000000900020073797a32000000000900010073797a3000000000080005400000002144000980400002800c0001"], 0xa8}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) 1.241440104s ago: executing program 3 (id=415): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x2000, @ipv4={'\x00', '\xff\xff', @remote}, 0xffffffff}, 0x1c) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x3, 0x0, 0x1}}, 0xb8}}, 0x1000000) 1.240462338s ago: executing program 2 (id=416): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fsopen(&(0x7f0000000100)='ntfs3\x00', 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000080)={0x3ff, 0x5}, 0x0, 0x0) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000b, 0x11, r1, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x800000) 1.180880039s ago: executing program 3 (id=417): r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) r4 = socket(0x1e, 0x3, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, 0x0, 0x0) recvmmsg$unix(r4, &(0x7f0000003100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000240), 0x208400, 0x0) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_wait(r5, &(0x7f0000000340)=[{}], 0x1, 0x1000) socket$tipc(0x1e, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, 0x0, 0x8, 0x401, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x890d}]}, 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x20000082) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r8 = dup(r7) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) r9 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x1, 0x0, 0x0, r8}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r9, 0x2ded, 0x4000, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)) 1.111331344s ago: executing program 1 (id=419): r0 = openat$drirender128(0xffffff9c, &(0x7f0000000040), 0x80082, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x74) r1 = syz_open_dev$dri(&(0x7f0000000040), 0xeea4, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000003c0)={0x0, 0xae, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r2, 0x0, 0x1000000, 0x0, 0x0, [0x0], [], [], [0x0, 0x0, 0x0, 0x5]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r3}) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000580)={r3}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000080000000a00000000000000", @ANYRES32, @ANYBLOB="000000000000eaffffffffffffff000009000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_clone(0x18800000, &(0x7f00000004c0)="7cf47846cc7beee19340aec5c3303beab5d72d7e07c6afdec2a4b1589694849b965c8bf11b3c2c15ff137d1f1df2efc98191986ca3de95a9c968ca3cd1f4fad3004946f0e3a2356fe2913e079a8826981bfc27d6d1f26316b6c181cfcda7046633ece959155f0d5c39fbc19d8b9f9f6a3291e81b4c9f90bc06e5a95deac79bbc7077f4add110b846e375f61e30ee4327acca3918f9f109", 0x97, &(0x7f0000000000), &(0x7f0000000040), 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000290000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000080)={0x0, 0x0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f00000000c0)={r7, 0x80000}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newtaction={0x74, 0x30, 0x9, 0x0, 0x0, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8}, @TCA_MPLS_TTL={0x5, 0x7, 0x8}, @TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x2}}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) 1.040908045s ago: executing program 1 (id=420): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000580)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socket$alg(0x26, 0x5, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x0, 0x8, 0x8, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xa}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x80, 0x7d28f54a, 0xfffffb18}}) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0xa, 0x4e22, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000040)="e8bcfeada9c69c540203b28ae62c1bbe071999e6732380563a9e212a451683f183f57f03f55cc58e2576c544621eec77625d2cb4faec81f40178146cd7b10525beb9395fd5cd4b9b7a", 0x49}], 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="2400000029000000360000006c01000000000000c204fffff5f30502000100000000000020000000290000003200000000000000000000000000ffffac1414bbe9d9537de089dd22ff6573f337", @ANYRES32=0x0, @ANYBLOB="200000002900000032000000ff020000000000000000000000000001", @ANYRES32=r1, @ANYBLOB="440000002900000037000000080500000000000001270af06c7580b944302156c3ea2f861f9fc5faee76145b9b02e715192d42ac343f734c47348a054904018101010000"], 0xa8}, 0x40091) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket(0x26, 0x805, 0x7fffffff) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x0}) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000100)={@local, 0x0, r3}) socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$uinput_user_dev(r6, &(0x7f0000000200)={'syz0\x00', {0x6, 0x0, 0x0, 0x5e6}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x24b2, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x2, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7800, 0x0, 0x0, 0x8, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0xd1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x100, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x3], [0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x0, 0x0, 0xfffffffc], [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x400000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) dup2(r5, r6) 1.040615758s ago: executing program 1 (id=421): r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @empty}, 0x10) (async, rerun: 64) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4) (rerun: 64) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={0x0, 0x4c, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x4bd, 0x7ec}) (async) setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f00000000c0), 0x4) (async) listen(r0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() r3 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x8002}, 0x1c) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='rxrpc_rx_icmp\x00', r4}, 0x10) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000006800010000000000000000000a000000000000000400040004000b0004000b000800010000000000b53cde9d5e9045a4489ad9e9b402d2b43edd32c3980fa0"], 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0x44080) socket$packet(0x11, 0x3, 0x300) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000010000000900010073797a300000000070000000090a010400000000000000000100000008000a40000000e90900020073797a31000000000900210073797a30000000000800054000000025340011800a0001006c696d6974000000240002800c000240000000000000000308000340000000200c000140ffffffffffffffff140000001000010000000000000000000000000a00"/184], 0xb8}, 0x1, 0x0, 0x0, 0x810}, 0xc4) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async, rerun: 64) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (rerun: 32) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x5, 0x34324152, 0x0, 0x0, [{}, {}, {}, {0x1}, {}, {0xfffffffa, 0x6}], 0x0, 0x0, 0x0, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) getrusage(0x1, &(0x7f0000000500)) syz_open_procfs(0x0, 0x0) 931.44138ms ago: executing program 1 (id=422): pipe(&(0x7f0000000580)) pipe(&(0x7f0000000080)) r0 = socket$inet6(0xa, 0x80803, 0x83) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@private1, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xff}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{0xfffffffc}, {}, {0x0, 0x3}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000007000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e06018000020000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb70067", 0x5c) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) 841.506388ms ago: executing program 0 (id=423): openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = socket(0x1d, 0x2, 0x6) (async) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {}, {}, {}, {0x7}]}}) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r2, 0x402, 0x25) (async) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f0000000240)={0x22, 0x3, 0x0, {0x0, 0x1, 0x0, '^'}}, 0x22) (async) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) (async) preadv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f00000004c0)=""/199, 0xc7}, {&(0x7f00000005c0)=""/219, 0xdb}], 0x2, 0x8, 0x500c) (async) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet(0x2, 0x4000000000000001, 0x0) (async) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="640000000206010800000000000000000000000014000780080012400003000008001140000000000500010006000000050005000a00000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e6574"], 0x64}}, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x11) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r6, 0x1}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[], 0x28}}, 0x0) (async) r7 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r8, r9, &(0x7f00000009c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}}) (async) io_uring_enter(r7, 0x7a98, 0x0, 0x0, 0x0, 0x0) r10 = socket$packet(0x11, 0x3, 0x300) (async) r11 = openat$dlm_control(0xffffff9c, &(0x7f0000000300), 0xd00, 0x0) (async) r12 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), r2) sendmsg$BATADV_CMD_GET_NEIGHBORS(r11, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r12, 0x0, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffff00}]}, 0x24}, 0x1, 0x0, 0x0, 0x3}, 0x4000000) (async) recvmmsg(r10, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000041, 0x0) 750.511193ms ago: executing program 0 (id=424): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000640)=0x4e8) close(0xffffffffffffffff) read$FUSE(r2, &(0x7f0000002b00)={0x2020}, 0x2020) ioctl$TCSETS2(r0, 0x402c542d, &(0x7f0000000040)={0xfffffffe, 0x0, 0xfffffdfd, 0x0, 0x0, "c72d2d0ba88d9c7adb20ba414aa9f05e61705d"}) 310.975839ms ago: executing program 2 (id=425): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x18, 0x1402, 0x1, 0x70bd2a, 0x25dfdc01, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) (fail_nth: 7) 251.401753ms ago: executing program 2 (id=426): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = epoll_create1(0x0) r2 = fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) r3 = fanotify_init(0x2, 0x0) fanotify_mark(r3, 0x1, 0x4000101b, r2, 0x0) fanotify_mark(r3, 0x1, 0x48001022, r2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000019280)=@ipv6_newrule={0x44, 0x1a, 0x1, 0x0, 0x0, {0x81, 0x80, 0x80}, [@FRA_SRC={0x14, 0x2, @remote}, @FRA_DST={0x14, 0x1, @private0}]}, 0x44}}, 0x0) 170.872837ms ago: executing program 2 (id=427): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c000000100003040000000000003f0000000000", @ANYRES32=0x0, @ANYBLOB="15020000000000001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x4c}, 0x1, 0xba01}, 0x8000) 170.290121ms ago: executing program 3 (id=428): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c11018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) 100.480239ms ago: executing program 3 (id=429): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x3}, @IFLA_BR_AGEING_TIME={0x8}]}}}]}, 0x44}}, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) r2 = gettid() ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000280)=0x3) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 51.398985ms ago: executing program 2 (id=430): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000580)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socket$alg(0x26, 0x5, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x0, 0x8, 0x8, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xa}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x80, 0x7d28f54a, 0xfffffb18}}) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0xa, 0x4e22, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000040)="e8bcfeada9c69c540203b28ae62c1bbe071999e6732380563a9e212a451683f183f57f03f55cc58e2576c544621eec77625d2cb4faec81f40178146cd7b10525beb9395fd5cd4b9b7a", 0x49}], 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="2400000029000000360000006c01000000000000c204fffff5f30502000100000000000020000000290000003200000000000000000000000000ffffac1414bbe9d9537de089dd22ff6573f337", @ANYRES32=0x0, @ANYBLOB="200000002900000032000000ff020000000000000000000000000001", @ANYRES32=r1, @ANYBLOB="440000002900000037000000080500000000000001270af06c7580b944302156c3ea2f861f9fc5faee76145b9b02e715192d42ac343f734c47348a054904018101010000"], 0xa8}, 0x40091) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket(0x26, 0x805, 0x7fffffff) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x0}) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000100)={@local, 0x0, r3}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$uinput_user_dev(r6, &(0x7f0000000200)={'syz0\x00', {0x6, 0x0, 0x0, 0x5e6}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x24b2, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x2, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7800, 0x0, 0x0, 0x8, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0xd1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x100, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x3], [0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x0, 0x0, 0xfffffffc], [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x400000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) dup2(r5, r6) 51.143466ms ago: executing program 2 (id=431): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000280)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17c) sendmsg$nl_route_sched(r0, &(0x7f0000008f40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14850}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_LK(r0, &(0x7f00000002c0)={0x28, 0x0, 0x0, {{0x0, 0x400000}}}, 0x28) (fail_nth: 9) 50.894128ms ago: executing program 1 (id=432): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="9feb010018000000000000910c0000000c000000020000000000000000000005"], 0x0, 0x26, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x1f) 432.909µs ago: executing program 1 (id=433): r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(0x0, 0x0) r4 = socket(0x1e, 0x3, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) recvmmsg$unix(r4, &(0x7f0000003100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000240), 0x208400, 0x0) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_wait(r5, &(0x7f0000000340)=[{}], 0x1, 0x1000) socket$tipc(0x1e, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, 0x0, 0x8, 0x401, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x890d}]}, 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x20000082) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r8 = dup(r7) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) r9 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x1, 0x0, 0x0, r8}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r9, 0x2ded, 0x4000, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)) 0s ago: executing program 0 (id=434): mkdir(&(0x7f00000009c0)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x1}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) syz_clone3(&(0x7f0000000200)={0x100000, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, 0x0}, 0x58) r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000340), 0xfffffffd, 0x780) signalfd4(r2, &(0x7f0000000040)={[0xfffff801, 0x4]}, 0x8, 0x80000) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000002c0)={0x0, &(0x7f0000000280)}) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r5, 0x800448d2, &(0x7f0000000100)) rmdir(&(0x7f0000000380)='./file0/../file0\x00') syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:59991' (ED25519) to the list of known hosts. [ 32.796129][ T5326] cgroup: Unknown subsys name 'net' [ 32.915806][ T5326] cgroup: Unknown subsys name 'cpuset' [ 32.918739][ T5326] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 33.714741][ T5326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 36.388006][ T5361] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 36.388201][ T5360] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 36.388433][ T5362] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 36.388684][ T5362] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 36.389761][ T5362] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 36.390886][ T5362] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 36.390953][ T5361] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 36.391351][ T5361] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 36.391545][ T5361] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 36.391733][ T5361] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 36.392603][ T5361] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 36.392729][ T5360] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 36.392923][ T5360] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 36.393098][ T5360] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 36.393947][ T5360] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 36.394153][ T5363] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 36.394678][ T5362] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 36.394953][ T5362] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 36.395075][ T5362] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 36.396829][ T5361] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 36.398610][ T5363] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 36.400637][ T5361] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 36.401507][ T5359] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 36.431245][ T5359] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 36.592325][ T5346] chnl_net:caif_netlink_parms(): no params data found [ 36.596912][ T5357] chnl_net:caif_netlink_parms(): no params data found [ 36.656107][ T5349] chnl_net:caif_netlink_parms(): no params data found [ 36.675550][ T5348] chnl_net:caif_netlink_parms(): no params data found [ 36.725849][ T5346] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.727769][ T5346] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.729753][ T5346] bridge_slave_0: entered allmulticast mode [ 36.731793][ T5346] bridge_slave_0: entered promiscuous mode [ 36.762114][ T5346] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.764063][ T5346] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.765999][ T5346] bridge_slave_1: entered allmulticast mode [ 36.767960][ T5346] bridge_slave_1: entered promiscuous mode [ 36.788785][ T5357] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.790674][ T5357] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.792569][ T5357] bridge_slave_0: entered allmulticast mode [ 36.794802][ T5357] bridge_slave_0: entered promiscuous mode [ 36.840161][ T5349] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.842048][ T5349] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.844053][ T5349] bridge_slave_0: entered allmulticast mode [ 36.846038][ T5349] bridge_slave_0: entered promiscuous mode [ 36.848407][ T5357] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.850250][ T5357] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.852246][ T5357] bridge_slave_1: entered allmulticast mode [ 36.855463][ T5357] bridge_slave_1: entered promiscuous mode [ 36.865743][ T5346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.868247][ T5349] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.870129][ T5349] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.871995][ T5349] bridge_slave_1: entered allmulticast mode [ 36.875203][ T5349] bridge_slave_1: entered promiscuous mode [ 36.891659][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.894126][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.895999][ T5348] bridge_slave_0: entered allmulticast mode [ 36.897985][ T5348] bridge_slave_0: entered promiscuous mode [ 36.900854][ T5346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.920750][ T5357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.923235][ T5348] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.925379][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.927240][ T5348] bridge_slave_1: entered allmulticast mode [ 36.929200][ T5348] bridge_slave_1: entered promiscuous mode [ 36.960365][ T5357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.978427][ T5346] team0: Port device team_slave_0 added [ 36.981156][ T5349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.992940][ T5348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.996765][ T5346] team0: Port device team_slave_1 added [ 37.009088][ T5349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.012685][ T5357] team0: Port device team_slave_0 added [ 37.015628][ T5348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.042932][ T5357] team0: Port device team_slave_1 added [ 37.060041][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.061892][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.068913][ T5346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.073815][ T5349] team0: Port device team_slave_0 added [ 37.089626][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.091453][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.098311][ T5346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.102552][ T5349] team0: Port device team_slave_1 added [ 37.106005][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.107791][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.115483][ T5357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.119724][ T5348] team0: Port device team_slave_0 added [ 37.130678][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.132458][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.138718][ T5357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.144895][ T5348] team0: Port device team_slave_1 added [ 37.176940][ T5349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.178771][ T5349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.186340][ T5349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.206842][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.208706][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.215859][ T5348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.219215][ T5349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.221042][ T5349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.227752][ T5349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.244072][ T5346] hsr_slave_0: entered promiscuous mode [ 37.246074][ T5346] hsr_slave_1: entered promiscuous mode [ 37.248567][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.250399][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.256766][ T5348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.263252][ T5357] hsr_slave_0: entered promiscuous mode [ 37.267923][ T5357] hsr_slave_1: entered promiscuous mode [ 37.269708][ T5357] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.271758][ T5357] Cannot create hsr debugfs directory [ 37.292997][ T5349] hsr_slave_0: entered promiscuous mode [ 37.295102][ T5349] hsr_slave_1: entered promiscuous mode [ 37.296839][ T5349] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.298702][ T5349] Cannot create hsr debugfs directory [ 37.359004][ T5348] hsr_slave_0: entered promiscuous mode [ 37.361005][ T5348] hsr_slave_1: entered promiscuous mode [ 37.362770][ T5348] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.364817][ T5348] Cannot create hsr debugfs directory [ 37.518660][ T5357] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.524655][ T5357] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.540806][ T5357] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.543767][ T5357] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.559881][ T5346] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 37.563060][ T5346] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 37.566290][ T5346] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 37.569242][ T5346] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 37.589870][ T5349] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 37.593153][ T5349] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 37.596803][ T5349] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 37.599712][ T5349] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 37.633202][ T5348] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 37.637219][ T5348] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 37.640470][ T5348] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 37.644142][ T5348] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 37.685064][ T5349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.696040][ T5357] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.708795][ T5346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.716899][ T5349] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.725229][ T5357] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.729019][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.730960][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.737343][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.739213][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.746470][ T5346] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.756741][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.758576][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.761262][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.763090][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.769867][ T5348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.776011][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.777853][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.782537][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.784430][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.814787][ T5348] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.822088][ T5349] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.830422][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.833001][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.850611][ T5346] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.857903][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.859771][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.906323][ T5349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.923148][ T5349] veth0_vlan: entered promiscuous mode [ 37.930146][ T5346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.937258][ T5349] veth1_vlan: entered promiscuous mode [ 37.955747][ T5348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.958427][ T5357] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.969239][ T5346] veth0_vlan: entered promiscuous mode [ 37.972230][ T5349] veth0_macvtap: entered promiscuous mode [ 37.977611][ T5346] veth1_vlan: entered promiscuous mode [ 37.980341][ T5349] veth1_macvtap: entered promiscuous mode [ 37.999127][ T5349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.011492][ T5346] veth0_macvtap: entered promiscuous mode [ 38.016513][ T5349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.021456][ T5349] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.024495][ T5349] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.026778][ T5349] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.029041][ T5349] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.037375][ T5346] veth1_macvtap: entered promiscuous mode [ 38.039580][ T5357] veth0_vlan: entered promiscuous mode [ 38.043695][ T5348] veth0_vlan: entered promiscuous mode [ 38.049690][ T5357] veth1_vlan: entered promiscuous mode [ 38.056613][ T5348] veth1_vlan: entered promiscuous mode [ 38.062787][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.066372][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.069500][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.082925][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.086541][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.089645][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.104330][ T5346] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.106653][ T5346] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.108950][ T5346] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.111234][ T5346] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.119700][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.122651][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.133835][ T5357] veth0_macvtap: entered promiscuous mode [ 38.136877][ T5357] veth1_macvtap: entered promiscuous mode [ 38.144538][ T5348] veth0_macvtap: entered promiscuous mode [ 38.157237][ T5348] veth1_macvtap: entered promiscuous mode [ 38.160437][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.163053][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.163110][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.165923][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.170385][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.173125][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.177874][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.186494][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.187411][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.189893][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.191555][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.195550][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.199137][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.202746][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.205355][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.208043][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.210670][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.214179][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.216702][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.219363][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.223007][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.228281][ T5349] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 38.233531][ T5348] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.236165][ T5348] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.238446][ T5348] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.240740][ T5348] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.251206][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.255051][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.257620][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.260307][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.262802][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.265645][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.268890][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.273643][ T5357] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.276496][ T5357] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.278766][ T5357] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.281056][ T5357] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.285157][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.287284][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.330033][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.331968][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.345726][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.348012][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.365130][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.367347][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.369613][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.371774][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.383615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 38.473880][ T5354] Bluetooth: hci2: command tx timeout [ 38.473889][ T4788] Bluetooth: hci3: command tx timeout [ 38.474057][ T5361] Bluetooth: hci0: command tx timeout [ 38.474087][ T5359] Bluetooth: hci1: command tx timeout [ 38.569052][ T5422] Zero length message leads to an empty skb [ 38.576769][ T5415] input: syz0 as /devices/virtual/input/input5 [ 38.793552][ T30] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 38.813472][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 38.943345][ T30] usb 5-1: Using ep0 maxpacket: 8 [ 38.946422][ T30] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 38.949031][ T30] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 38.951290][ T30] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 38.954510][ T30] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 38.957334][ T30] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 38.959644][ T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.975484][ T30] hub 5-1:1.0: bad descriptor, ignoring hub [ 38.977108][ T30] hub 5-1:1.0: probe with driver hub failed with error -5 [ 38.979166][ T30] cdc_wdm 5-1:1.0: skipping garbage [ 38.981370][ T30] cdc_wdm 5-1:1.0: skipping garbage [ 39.005468][ T5446] input: syz0 as /devices/virtual/input/input6 [ 39.010290][ T30] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 39.013382][ T30] cdc_wdm 5-1:1.0: Unknown control protocol [ 39.183726][ T5351] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 39.343708][ T5351] usb 8-1: Using ep0 maxpacket: 8 [ 39.348072][ T5351] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 39.350759][ T5351] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 39.353073][ T5351] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 39.356252][ T5351] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 39.359182][ T5351] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 39.361603][ T5351] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.372555][ T5351] hub 8-1:1.0: bad descriptor, ignoring hub [ 39.374570][ T5351] hub 8-1:1.0: probe with driver hub failed with error -5 [ 39.376620][ T5351] cdc_wdm 8-1:1.0: skipping garbage [ 39.378029][ T5351] cdc_wdm 8-1:1.0: skipping garbage [ 39.874949][ T5419] usb 5-1: reset high-speed USB device number 2 using dummy_hcd [ 40.099493][ T5351] cdc_wdm 8-1:1.0: cdc-wdm1: USB WDM device [ 40.113554][ T5351] cdc_wdm 8-1:1.0: Unknown control protocol [ 40.334479][ T5351] usb 8-1: reset high-speed USB device number 2 using dummy_hcd [ 40.394491][ T5390] usb 5-1: USB disconnect, device number 2 [ 40.553498][ T5361] Bluetooth: hci1: command tx timeout [ 40.553524][ T5359] Bluetooth: hci0: command tx timeout [ 40.554135][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 40.554886][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 40.556024][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 40.557324][ T5354] Bluetooth: hci3: command tx timeout [ 40.565305][ T5354] Bluetooth: hci2: command tx timeout [ 40.733848][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 40.736136][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 40.775528][ T5351] IPVS: starting estimator thread 0... [ 40.805413][ T5454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11'. [ 40.833514][ T5407] usb 8-1: USB disconnect, device number 2 [ 40.851625][ T5458] netlink: 36 bytes leftover after parsing attributes in process `syz.0.12'. [ 40.889962][ T5456] IPVS: using max 34 ests per chain, 81600 per kthread [ 40.894277][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 40.896879][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 40.905108][ T5467] netlink: 'syz.0.15': attribute type 11 has an invalid length. [ 40.922567][ T5467] capability: warning: `syz.0.15' uses deprecated v2 capabilities in a way that may be insecure [ 40.930831][ T5470] CIFS: iocharset name too long [ 40.932262][ T5469] CIFS: iocharset name too long [ 40.951965][ T5473] FAULT_INJECTION: forcing a failure. [ 40.951965][ T5473] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 40.955624][ T5473] CPU: 3 UID: 0 PID: 5473 Comm: syz.2.17 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 40.958550][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 40.961366][ T5473] Call Trace: [ 40.962261][ T5473] [ 40.963052][ T5473] dump_stack_lvl+0x16c/0x1f0 [ 40.964511][ T5473] should_fail_ex+0x497/0x5b0 [ 40.965755][ T5473] _copy_from_user+0x30/0xf0 [ 40.967087][ T5473] vt_compat_ioctl+0x308/0x4e0 [ 40.968363][ T5473] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 40.969756][ T5473] ? __fget_files+0x244/0x3f0 [ 40.971001][ T5473] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 40.972406][ T5473] tty_compat_ioctl+0x2ee/0x4d0 [ 40.973693][ T5473] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 40.975112][ T5473] __do_compat_sys_ioctl+0x259/0x2b0 [ 40.976517][ T5473] __do_fast_syscall_32+0x73/0x120 [ 40.977874][ T5473] do_fast_syscall_32+0x32/0x80 [ 40.979163][ T5473] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 40.980848][ T5473] RIP: 0023:0xf7fb4579 [ 40.981934][ T5473] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 40.986970][ T5473] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 40.989179][ T5473] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004b72 [ 40.991240][ T5473] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 40.993308][ T5473] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 40.995378][ T5473] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 40.997440][ T5473] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 40.999498][ T5473] [ 41.096723][ T5484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21'. [ 41.100917][ T5484] bridge_slave_1: left allmulticast mode [ 41.102493][ T5484] bridge_slave_1: left promiscuous mode [ 41.104829][ T5484] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.149025][ T5490] netlink: 4 bytes leftover after parsing attributes in process `syz.2.24'. [ 41.186092][ T5492] Bluetooth: MGMT ver 1.23 [ 41.198045][ T5486] 9pnet_virtio: no channels available for device syz [ 41.448907][ T5512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.27'. [ 42.190325][ T5526] input: syz0 as /devices/virtual/input/input7 [ 42.237837][ T5528] netlink: 'syz.0.35': attribute type 3 has an invalid length. [ 42.239521][ T1137] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.239827][ T5528] netlink: 'syz.0.35': attribute type 1 has an invalid length. [ 42.245772][ T5528] netlink: 130160 bytes leftover after parsing attributes in process `syz.0.35'. [ 42.310948][ T1137] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.365952][ T1137] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.400792][ T5359] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 42.408822][ T5361] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 42.411404][ T5361] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 42.416324][ T5361] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 42.418535][ T5361] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 42.421002][ T5361] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 42.443884][ T1137] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.449766][ T5536] netlink: 28 bytes leftover after parsing attributes in process `syz.0.38'. [ 42.529016][ T5532] chnl_net:caif_netlink_parms(): no params data found [ 42.591378][ T1137] bridge_slave_0: left allmulticast mode [ 42.592987][ T1137] bridge_slave_0: left promiscuous mode [ 42.598403][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.633473][ T5354] Bluetooth: hci0: command tx timeout [ 42.636698][ T5361] Bluetooth: hci3: command tx timeout [ 42.643735][ T5361] Bluetooth: hci1: command tx timeout [ 42.807603][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 42.901235][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 42.908118][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 42.915616][ T1137] bond0 (unregistering): Released all slaves [ 42.917732][ T5558] syz.1.42 uses obsolete (PF_INET,SOCK_PACKET) [ 42.971446][ T5556] netlink: 144 bytes leftover after parsing attributes in process `syz.1.42'. [ 42.978194][ T5556] netlink: 144 bytes leftover after parsing attributes in process `syz.1.42'. [ 42.978242][ T5532] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.983452][ T5532] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.999015][ T5532] bridge_slave_0: entered allmulticast mode [ 43.002685][ T5532] bridge_slave_0: entered promiscuous mode [ 43.011872][ T5532] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.014007][ T5532] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.016029][ T5532] bridge_slave_1: entered allmulticast mode [ 43.018068][ T5532] bridge_slave_1: entered promiscuous mode [ 43.051556][ T5532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.120922][ T5532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.155732][ T5532] team0: Port device team_slave_0 added [ 43.158666][ T5532] team0: Port device team_slave_1 added [ 43.186093][ T5532] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.187951][ T5532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.197506][ T5563] netlink: 48 bytes leftover after parsing attributes in process `syz.1.43'. [ 43.206129][ T5532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.209707][ T5532] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.212031][ T5532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.228071][ T5532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.301154][ T5532] hsr_slave_0: entered promiscuous mode [ 43.303165][ T5532] hsr_slave_1: entered promiscuous mode [ 43.310072][ T5532] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.312072][ T5532] Cannot create hsr debugfs directory [ 43.429287][ T1137] hsr_slave_0: left promiscuous mode [ 43.431282][ T1137] hsr_slave_1: left promiscuous mode [ 43.433180][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.435294][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 43.441231][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.443225][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 43.466432][ T1137] veth1_macvtap: left promiscuous mode [ 43.468105][ T1137] veth0_macvtap: left promiscuous mode [ 43.470044][ T1137] veth1_vlan: left promiscuous mode [ 43.471542][ T1137] veth0_vlan: left promiscuous mode [ 44.450580][ T1137] team0 (unregistering): Port device team_slave_1 removed [ 44.484090][ T5361] Bluetooth: hci2: command tx timeout [ 44.499917][ T1137] team0 (unregistering): Port device team_slave_0 removed [ 44.714093][ T5361] Bluetooth: hci1: command tx timeout [ 44.714797][ T5354] Bluetooth: hci3: command tx timeout [ 44.714827][ T5359] Bluetooth: hci0: command tx timeout [ 44.891678][ T5582] macsec0: entered promiscuous mode [ 44.973547][ T5594] netlink: 'syz.0.49': attribute type 1 has an invalid length. [ 45.181736][ T5607] @: renamed from veth0_vlan (while UP) [ 45.366663][ T5532] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 45.370189][ T5532] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 45.383392][ T5532] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 45.387479][ T5532] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 45.431079][ T5532] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.454617][ T5532] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.461555][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.463571][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.477145][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.479049][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.504231][ T4806] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 45.622524][ T5532] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.633431][ T4806] usb 8-1: device descriptor read/64, error -71 [ 45.658869][ T5532] veth0_vlan: entered promiscuous mode [ 45.666245][ T5532] veth1_vlan: entered promiscuous mode [ 45.689248][ T5532] veth0_macvtap: entered promiscuous mode [ 45.700670][ T5532] veth1_macvtap: entered promiscuous mode [ 45.731854][ T5532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.735600][ T5532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.738789][ T5532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.743482][ T5532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.747300][ T5532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.751716][ T5532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.759121][ T5532] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.763239][ T5532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.767116][ T5532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.770451][ T5532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.774120][ T5532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.777504][ T5532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.781095][ T5532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.785926][ T5532] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.789686][ T5532] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.792507][ T5532] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.795456][ T5532] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.798289][ T5532] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.856571][ T95] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.859180][ T95] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.866962][ T5597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 45.882222][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.884442][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.933330][ T4806] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 45.948837][ T5639] __nla_validate_parse: 4 callbacks suppressed [ 45.948847][ T5639] netlink: 12 bytes leftover after parsing attributes in process `syz.2.37'. [ 45.955385][ T5639] netlink: 8 bytes leftover after parsing attributes in process `syz.2.37'. [ 46.037302][ T5641] bridge_slave_1: left allmulticast mode [ 46.039233][ T5641] bridge_slave_1: left promiscuous mode [ 46.041374][ T5641] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.048889][ T5641] bridge_slave_0: left allmulticast mode [ 46.050789][ T5641] bridge_slave_0: left promiscuous mode [ 46.052767][ T5641] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.065575][ T4806] usb 8-1: device descriptor read/64, error -71 [ 46.107036][ T5642] input: syz0 as /devices/virtual/input/input8 [ 46.174439][ T4806] usb usb8-port1: attempt power cycle [ 46.513789][ T4806] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 46.533942][ T4806] usb 8-1: device descriptor read/8, error -71 [ 46.553699][ T5354] Bluetooth: hci2: command tx timeout [ 46.773435][ T4806] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 46.793952][ T4806] usb 8-1: device descriptor read/8, error -71 [ 46.825035][ T5655] syz.1.58: attempt to access beyond end of device [ 46.825035][ T5655] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 46.830050][ T5655] syz.1.58: attempt to access beyond end of device [ 46.830050][ T5655] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 46.835287][ T5655] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 46.838538][ T5655] syz.1.58: attempt to access beyond end of device [ 46.838538][ T5655] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 46.842748][ T5655] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 46.848163][ T5655] syz.1.58: attempt to access beyond end of device [ 46.848163][ T5655] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 46.853050][ T5655] syz.1.58: attempt to access beyond end of device [ 46.853050][ T5655] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 46.857876][ T5655] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 46.861886][ T5655] syz.1.58: attempt to access beyond end of device [ 46.861886][ T5655] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 46.870375][ T5655] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 46.878002][ T5655] syz.1.58: attempt to access beyond end of device [ 46.878002][ T5655] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 46.882782][ T5655] syz.1.58: attempt to access beyond end of device [ 46.882782][ T5655] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 46.889375][ T5655] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 46.894248][ T5655] syz.1.58: attempt to access beyond end of device [ 46.894248][ T5655] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 46.898950][ T5655] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 46.904563][ T4806] usb usb8-port1: unable to enumerate USB device [ 46.912157][ T5655] syz.1.58: attempt to access beyond end of device [ 46.912157][ T5655] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 46.922400][ T5655] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 46.930949][ T5655] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 46.936189][ T5655] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 47.508224][ T5658] netlink: 'syz.1.59': attribute type 10 has an invalid length. [ 47.899779][ T5676] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 48.150961][ T5689] FAULT_INJECTION: forcing a failure. [ 48.150961][ T5689] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 48.155051][ T5689] CPU: 3 UID: 0 PID: 5689 Comm: syz.1.70 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 48.157801][ T5689] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.160589][ T5689] Call Trace: [ 48.161471][ T5689] [ 48.162248][ T5689] dump_stack_lvl+0x16c/0x1f0 [ 48.163601][ T5689] should_fail_ex+0x497/0x5b0 [ 48.164832][ T5689] _copy_to_user+0x30/0xc0 [ 48.166004][ T5689] simple_read_from_buffer+0xd0/0x160 [ 48.167394][ T5689] proc_fail_nth_read+0x198/0x270 [ 48.168776][ T5689] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 48.170245][ T5689] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 48.171682][ T5689] vfs_read+0x1ce/0xbd0 [ 48.172860][ T5689] ? __fget_files+0x23a/0x3f0 [ 48.174102][ T5689] ? fdget_pos+0x24c/0x360 [ 48.175272][ T5689] ? __pfx_lock_release+0x10/0x10 [ 48.176598][ T5689] ? trace_lock_acquire+0x14a/0x1d0 [ 48.177962][ T5689] ? __pfx_vfs_read+0x10/0x10 [ 48.179196][ T5689] ? __pfx___mutex_lock+0x10/0x10 [ 48.180549][ T5689] ? __fget_files+0x244/0x3f0 [ 48.181787][ T5689] ksys_read+0x12f/0x260 [ 48.182928][ T5689] ? __pfx_ksys_read+0x10/0x10 [ 48.184188][ T5689] __do_fast_syscall_32+0x73/0x120 [ 48.185532][ T5689] do_fast_syscall_32+0x32/0x80 [ 48.186807][ T5689] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.188464][ T5689] RIP: 0023:0xf7f36579 [ 48.189540][ T5689] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.194519][ T5689] RSP: 002b:00000000f56b65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 48.196678][ T5689] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f56b6620 [ 48.198723][ T5689] RDX: 000000000000000f RSI: 00000000f73bbff4 RDI: 0000000000000000 [ 48.200788][ T5689] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 48.202856][ T5689] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 48.204894][ T5689] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.206926][ T5689] [ 48.445782][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x4 [ 48.448050][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.450287][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.452208][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x2 [ 48.454247][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.456396][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.458324][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.460252][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.462074][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.466434][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.468437][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.470463][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.472416][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.475015][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.477407][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.479339][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.481301][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.483221][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.485254][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.487196][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.489204][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.492390][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.494612][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.496617][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.498586][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.500576][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.502531][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.504507][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.506487][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.508340][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.510340][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.512270][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.515028][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.517019][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.518964][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.520934][ T4806] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.526398][ T4806] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz0] on syz0 [ 48.594763][ T5708] FAULT_INJECTION: forcing a failure. [ 48.594763][ T5708] name failslab, interval 1, probability 0, space 0, times 1 [ 48.598181][ T5708] CPU: 2 UID: 0 PID: 5708 Comm: syz.2.75 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 48.600912][ T5708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 48.603698][ T5708] Call Trace: [ 48.604587][ T5708] [ 48.605438][ T5708] dump_stack_lvl+0x16c/0x1f0 [ 48.606686][ T5708] should_fail_ex+0x497/0x5b0 [ 48.607931][ T5708] ? fs_reclaim_acquire+0xae/0x150 [ 48.609310][ T5708] should_failslab+0xc2/0x120 [ 48.610550][ T5708] __kmalloc_noprof+0xcb/0x410 [ 48.611810][ T5708] ? arch_stack_walk+0xa7/0x100 [ 48.613107][ T5708] constrain_params_by_rules+0x176/0xca0 [ 48.614576][ T5708] ? stack_trace_save+0x95/0xd0 [ 48.615855][ T5708] ? stack_depot_save_flags+0x28/0x900 [ 48.617298][ T5708] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 48.618911][ T5708] ? __kasan_kmalloc+0xaa/0xb0 [ 48.620200][ T5708] ? snd_pcm_oss_get_formats+0x16f/0x350 [ 48.621671][ T5708] ? snd_pcm_oss_ioctl+0x2ee1/0x3780 [ 48.623059][ T5708] ? __do_compat_sys_ioctl+0x259/0x2b0 [ 48.624494][ T5708] ? rcu_is_watching+0x12/0xc0 [ 48.625749][ T5708] ? snd_interval_refine+0x2fa/0x580 [ 48.627131][ T5708] snd_pcm_hw_refine+0x7ef/0xad0 [ 48.628448][ T5708] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 48.629877][ T5708] ? _snd_pcm_hw_params_any+0x1da/0x2a0 [ 48.631322][ T5708] snd_pcm_oss_get_formats+0x198/0x350 [ 48.632751][ T5708] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 48.634321][ T5708] ? lock_acquire+0x2f/0xb0 [ 48.634609][ T5354] Bluetooth: hci2: command tx timeout [ 48.635507][ T5708] ? __might_fault+0xe3/0x190 [ 48.638216][ T5708] snd_pcm_oss_ioctl+0x2ee1/0x3780 [ 48.639576][ T5708] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 48.641052][ T5708] ? __fget_files+0x244/0x3f0 [ 48.642302][ T5708] ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10 [ 48.643870][ T5708] __do_compat_sys_ioctl+0x259/0x2b0 [ 48.645250][ T5708] __do_fast_syscall_32+0x73/0x120 [ 48.646580][ T5708] do_fast_syscall_32+0x32/0x80 [ 48.647844][ T5708] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 48.649480][ T5708] RIP: 0023:0xf744e579 [ 48.650541][ T5708] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 48.655461][ T5708] RSP: 002b:00000000f571556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 48.657596][ T5708] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0045005 [ 48.659622][ T5708] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 48.661876][ T5708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 48.663970][ T5708] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 48.666151][ T5708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.668255][ T5708] [ 48.700502][ T5712] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 48.703806][ T5712] macvlan2: entered promiscuous mode [ 48.705717][ T5712] macvlan2: entered allmulticast mode [ 48.707490][ T5712] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 48.710843][ T5712] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 48.712686][ T5712] mac80211_hwsim hwsim5 wlan1: left promiscuous mode [ 48.798688][ T5715] netlink: 4 bytes leftover after parsing attributes in process `syz.1.79'. [ 48.830954][ T5717] netlink: 'syz.1.80': attribute type 1 has an invalid length. [ 48.833953][ T5717] netlink: 157116 bytes leftover after parsing attributes in process `syz.1.80'. [ 49.413452][ T5730] batman_adv: batadv0: Adding interface: dummy0 [ 49.415310][ T5730] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.422191][ T5730] batman_adv: batadv0: Interface activated: dummy0 [ 49.429683][ T5730] batadv0: mtu less than device minimum [ 49.432191][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.435906][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.439321][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.442731][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.446233][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.449655][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.453068][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.456455][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.459871][ T5730] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 49.729957][ T5739] netlink: 'syz.0.87': attribute type 10 has an invalid length. [ 49.731981][ T5739] netlink: 40 bytes leftover after parsing attributes in process `syz.0.87'. [ 49.897829][ T5744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.89'. [ 49.936833][ T5746] netlink: 'syz.0.90': attribute type 4 has an invalid length. [ 49.938899][ T5746] netlink: 'syz.0.90': attribute type 4 has an invalid length. [ 49.940985][ T5746] netlink: 126012 bytes leftover after parsing attributes in process `syz.0.90'. [ 50.650635][ T5770] netlink: 4 bytes leftover after parsing attributes in process `syz.1.93'. [ 50.683492][ T4806] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 50.703840][ T1291] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 50.714351][ T5354] Bluetooth: hci2: command tx timeout [ 50.799069][ T5775] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.833407][ T4806] usb 8-1: Using ep0 maxpacket: 8 [ 50.837069][ T4806] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 50.839664][ T4806] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 50.842092][ T4806] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 50.846753][ T4806] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 50.849893][ T4806] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 50.852722][ T4806] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.860403][ T4806] hub 8-1:1.0: bad descriptor, ignoring hub [ 50.861970][ T4806] hub 8-1:1.0: probe with driver hub failed with error -5 [ 50.869282][ T4806] cdc_wdm 8-1:1.0: skipping garbage [ 50.870678][ T4806] cdc_wdm 8-1:1.0: skipping garbage [ 50.876159][ T4806] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 50.877712][ T4806] cdc_wdm 8-1:1.0: Unknown control protocol [ 50.883427][ T1291] usb 7-1: Using ep0 maxpacket: 8 [ 50.886361][ T1291] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 50.889044][ T1291] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 50.891444][ T1291] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 50.894546][ T1291] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 50.899276][ T1291] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 50.901739][ T1291] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.905947][ T1291] hub 7-1:1.0: bad descriptor, ignoring hub [ 50.907502][ T1291] hub 7-1:1.0: probe with driver hub failed with error -5 [ 50.909769][ T1291] cdc_wdm 7-1:1.0: skipping garbage [ 50.911476][ T1291] cdc_wdm 7-1:1.0: skipping garbage [ 50.914176][ T1291] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 50.916212][ T1291] cdc_wdm 7-1:1.0: Unknown control protocol [ 51.313513][ T1291] usb 7-1: USB disconnect, device number 2 [ 51.340279][ T5786] netlink: 144 bytes leftover after parsing attributes in process `syz.1.103'. [ 51.342686][ T5786] netlink: 144 bytes leftover after parsing attributes in process `syz.1.103'. [ 51.486619][ T5765] usb 8-1: reset high-speed USB device number 7 using dummy_hcd [ 51.954085][ T1291] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 51.956613][ T30] usb 8-1: USB disconnect, device number 7 [ 52.123398][ T1291] usb 7-1: Using ep0 maxpacket: 8 [ 52.127143][ T1291] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 52.130546][ T1291] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 52.133057][ T1291] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 52.137013][ T1291] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 52.140833][ T1291] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 52.144458][ T1291] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.151571][ T1291] hub 7-1:1.0: bad descriptor, ignoring hub [ 52.154097][ T1291] hub 7-1:1.0: probe with driver hub failed with error -5 [ 52.156881][ T1291] cdc_wdm 7-1:1.0: skipping garbage [ 52.158695][ T1291] cdc_wdm 7-1:1.0: skipping garbage [ 52.161858][ T1291] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 52.164759][ T1291] cdc_wdm 7-1:1.0: Unknown control protocol [ 52.383697][ T39] audit: type=1326 audit(1729478612.213:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.390937][ T39] audit: type=1326 audit(1729478612.223:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.396381][ T39] audit: type=1326 audit(1729478612.223:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.402091][ T39] audit: type=1326 audit(1729478612.233:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.408297][ T39] audit: type=1326 audit(1729478612.233:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.414941][ T39] audit: type=1326 audit(1729478612.233:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.420905][ T39] audit: type=1326 audit(1729478612.233:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.420925][ T39] audit: type=1326 audit(1729478612.233:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.420941][ T39] audit: type=1326 audit(1729478612.243:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.420956][ T39] audit: type=1326 audit(1729478612.243:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5816 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x7ffc0000 [ 52.489267][ T5824] netlink: 108 bytes leftover after parsing attributes in process `syz.3.112'. [ 52.504952][ T56] usb 7-1: USB disconnect, device number 3 [ 52.556811][ T5826] netlink: 8 bytes leftover after parsing attributes in process `syz.3.113'. [ 52.649836][ T5829] binder_alloc: binder_alloc_mmap_handler: 5827 200a0000-200a2000 already mapped failed -16 [ 52.991211][ T5838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.116'. [ 53.099896][ T5816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 53.133716][ T5843] block nbd1: Device being setup by another task [ 53.189350][ T5849] block nbd1: shutting down sockets [ 53.265378][ T5861] vlan2: entered allmulticast mode [ 53.267020][ T5861] vlan1: entered allmulticast mode [ 53.268382][ T5861] @: entered allmulticast mode [ 53.271208][ T5861] vlan1: left allmulticast mode [ 53.272582][ T5861] @: left allmulticast mode [ 53.385770][ T5872] netlink: 8 bytes leftover after parsing attributes in process `syz.1.121'. [ 53.389776][ T5872] macsec0: entered promiscuous mode [ 54.046730][ T5946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.128'. [ 54.129327][ T8] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 54.145097][ T5949] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 54.146830][ T5949] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 54.150016][ T5949] vhci_hcd vhci_hcd.0: Device attached [ 54.523044][ T8] usb 8-1: Using ep0 maxpacket: 32 [ 54.544007][ T5390] vhci_hcd: vhci_device speed not set [ 54.686850][ T5390] usb 17-1: new full-speed USB device number 2 using vhci_hcd [ 54.691100][ T8] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 54.693373][ T8] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 54.695560][ T8] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 54.697844][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 54.700309][ T8] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 54.703024][ T8] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 54.707837][ T8] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 54.752821][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.756128][ T8] usb 8-1: config 0 descriptor?? [ 54.966402][ T8] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 54.970336][ T8] usb 8-1: USB disconnect, device number 8 [ 54.976452][ T8] usblp0: removed [ 55.220012][ T5954] netfs: Couldn't get user pages (rc=-14) [ 55.268316][ T5950] vhci_hcd: connection reset by peer [ 55.271414][ T5908] vhci_hcd: stop threads [ 55.272921][ T5908] vhci_hcd: release socket [ 55.275584][ T5908] vhci_hcd: disconnect device [ 55.299941][ T5957] netlink: 'syz.0.133': attribute type 10 has an invalid length. [ 55.403481][ T1291] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 55.553392][ T1291] usb 8-1: Using ep0 maxpacket: 32 [ 55.558396][ T1291] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 55.566705][ T1291] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 55.569203][ T1291] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 55.571533][ T1291] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 55.574019][ T1291] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 55.576536][ T1291] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 55.579871][ T1291] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 55.582213][ T1291] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.588654][ T5986] netlink: 4 bytes leftover after parsing attributes in process `syz.2.144'. [ 55.589333][ T1291] usb 8-1: config 0 descriptor?? [ 55.801663][ T1291] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 56.157178][ C1] usblp0: nonzero read bulk status received: -71 [ 56.162605][ T1291] usb 8-1: USB disconnect, device number 9 [ 56.223069][ T5999] netlink: 'syz.1.149': attribute type 58 has an invalid length. [ 56.225793][ T5999] netlink: 20 bytes leftover after parsing attributes in process `syz.1.149'. [ 56.369669][ T5940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.126'. [ 56.373807][ T5938] usblp0: removed [ 56.377352][ T6004] FAULT_INJECTION: forcing a failure. [ 56.377352][ T6004] name failslab, interval 1, probability 0, space 0, times 0 [ 56.381864][ T6004] CPU: 2 UID: 0 PID: 6004 Comm: syz.1.150 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 56.385452][ T6004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.389100][ T6004] Call Trace: [ 56.390259][ T6004] [ 56.391292][ T6004] dump_stack_lvl+0x16c/0x1f0 [ 56.392995][ T6004] should_fail_ex+0x497/0x5b0 [ 56.394655][ T6004] ? fs_reclaim_acquire+0xae/0x150 [ 56.396457][ T6004] should_failslab+0xc2/0x120 [ 56.398108][ T6004] __kmalloc_cache_noprof+0x6b/0x310 [ 56.400084][ T6004] ? snd_pcm_oss_change_params_locked+0x1d6/0x3a50 [ 56.402534][ T6004] snd_pcm_oss_change_params_locked+0x1d6/0x3a50 [ 56.404789][ T6004] ? snd_pcm_oss_get_active_substream+0x117/0x1d0 [ 56.406999][ T6004] ? rcu_is_watching+0x12/0xc0 [ 56.408628][ T6004] ? trace_contention_end+0xea/0x140 [ 56.410461][ T6004] ? __mutex_lock+0x1a6/0x9c0 [ 56.412208][ T6004] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 56.414543][ T6004] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 56.416771][ T6004] ? __mutex_lock+0x1a6/0x9c0 [ 56.418414][ T6004] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 56.420508][ T6004] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 56.422665][ T6004] snd_pcm_oss_ioctl+0x3194/0x3780 [ 56.424650][ T6004] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 56.426489][ T6004] ? __fget_files+0x244/0x3f0 [ 56.428140][ T6004] ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10 [ 56.430194][ T6004] __do_compat_sys_ioctl+0x259/0x2b0 [ 56.431994][ T6004] __do_fast_syscall_32+0x73/0x120 [ 56.433753][ T6004] do_fast_syscall_32+0x32/0x80 [ 56.435415][ T6004] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 56.437566][ T6004] RIP: 0023:0xf7f36579 [ 56.438939][ T6004] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 56.445431][ T6004] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 56.448232][ T6004] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0045005 [ 56.450882][ T6004] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.453564][ T6004] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 56.456344][ T6004] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 56.458993][ T6004] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 56.461693][ T6004] [ 56.473408][ T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 56.623609][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 56.626789][ T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 56.629734][ T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 56.632204][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 56.635284][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 56.638382][ T8] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 56.640865][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.647271][ T8] hub 5-1:1.0: bad descriptor, ignoring hub [ 56.649079][ T8] hub 5-1:1.0: probe with driver hub failed with error -5 [ 56.651144][ T8] cdc_wdm 5-1:1.0: skipping garbage [ 56.652519][ T8] cdc_wdm 5-1:1.0: skipping garbage [ 56.654408][ T8] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 56.655911][ T8] cdc_wdm 5-1:1.0: Unknown control protocol [ 57.186554][ T6018] netlink: 'syz.1.154': attribute type 10 has an invalid length. [ 57.188712][ T6018] netlink: 40 bytes leftover after parsing attributes in process `syz.1.154'. [ 57.544004][ T6000] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 57.586102][ T6028] FAULT_INJECTION: forcing a failure. [ 57.586102][ T6028] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 57.589834][ T6028] CPU: 2 UID: 0 PID: 6028 Comm: syz.2.157 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 57.593526][ T6028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.597305][ T6028] Call Trace: [ 57.598486][ T6028] [ 57.599469][ T6028] dump_stack_lvl+0x16c/0x1f0 [ 57.601066][ T6028] should_fail_ex+0x497/0x5b0 [ 57.602737][ T6028] _copy_from_iter+0x29b/0x13e0 [ 57.604401][ T6028] ? __pfx__copy_from_iter+0x10/0x10 [ 57.606173][ T6028] ? __virt_addr_valid+0x1a4/0x590 [ 57.607983][ T6028] ? __virt_addr_valid+0x5e/0x590 [ 57.609676][ T6028] ? __phys_addr_symbol+0x30/0x80 [ 57.611225][ T6028] ? __check_object_size+0x488/0x710 [ 57.612997][ T6028] netlink_sendmsg+0x813/0xd70 [ 57.614715][ T6028] ? __pfx_netlink_sendmsg+0x10/0x10 [ 57.616447][ T6028] ? lock_acquire+0x2f/0xb0 [ 57.618044][ T6028] ____sys_sendmsg+0x9ae/0xb40 [ 57.619740][ T6028] ? __pfx_____sys_sendmsg+0x10/0x10 [ 57.621543][ T6028] ? get_compat_msghdr+0x11b/0x170 [ 57.623351][ T6028] ? __pfx___lock_acquire+0x10/0x10 [ 57.625377][ T6028] ___sys_sendmsg+0x135/0x1e0 [ 57.626993][ T6028] ? __pfx____sys_sendmsg+0x10/0x10 [ 57.628817][ T6028] ? lock_acquire+0x2f/0xb0 [ 57.630054][ T6028] ? __fget_files+0x40/0x3f0 [ 57.631249][ T6028] ? fdget+0x176/0x210 [ 57.632337][ T6028] __sys_sendmsg+0x117/0x1f0 [ 57.633539][ T6028] ? __pfx___sys_sendmsg+0x10/0x10 [ 57.634868][ T6028] ? __fget_files+0x244/0x3f0 [ 57.636123][ T6028] __do_fast_syscall_32+0x73/0x120 [ 57.637539][ T6028] do_fast_syscall_32+0x32/0x80 [ 57.638842][ T6028] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 57.640492][ T6028] RIP: 0023:0xf744e579 [ 57.641720][ T6028] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 57.647286][ T6028] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 57.649521][ T6028] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000380 [ 57.651476][ T6028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 57.653496][ T6028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 57.655618][ T6028] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 57.658409][ T6028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 57.661061][ T6028] [ 57.750501][ T6034] 9pnet_virtio: no channels available for device [ 57.792684][ T6036] fuse: Bad value for 'fd' [ 58.013741][ T979] usb 5-1: USB disconnect, device number 3 [ 58.540127][ T6054] netlink: 180 bytes leftover after parsing attributes in process `syz.2.166'. [ 58.728768][ T6060] netlink: 144 bytes leftover after parsing attributes in process `syz.2.168'. [ 58.731233][ T6060] netlink: 144 bytes leftover after parsing attributes in process `syz.2.168'. [ 59.067570][ T6071] tmpfs: Bad value for 'mpol' [ 59.074147][ T6071] ntfs3(nullb0): Primary boot signature is not NTFS. [ 59.076494][ T6071] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 59.224112][ T6076] netlink: 4 bytes leftover after parsing attributes in process `syz.3.172'. [ 59.239889][ T6078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.173'. [ 59.242516][ T6078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.173'. [ 59.273900][ T6080] netlink: 8 bytes leftover after parsing attributes in process `syz.3.174'. [ 59.823461][ T5390] vhci_hcd: vhci_device speed not set [ 60.227503][ T6110] ======================================================= [ 60.227503][ T6110] WARNING: The mand mount option has been deprecated and [ 60.227503][ T6110] and is ignored by this kernel. Remove the mand [ 60.227503][ T6110] option from the mount to silence this warning. [ 60.227503][ T6110] ======================================================= [ 60.352161][ T6114] netlink: 20 bytes leftover after parsing attributes in process `syz.2.181'. [ 60.388520][ T6116] macsec0: entered promiscuous mode [ 61.083625][ T6130] can0: slcan on ptm0. [ 61.325115][ T6129] can0 (unregistered): slcan off ptm0. [ 61.497535][ T5361] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.500907][ T5361] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.503184][ T5361] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.504353][ T5361] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.504667][ T5361] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 61.505114][ T5361] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.648372][ T5898] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.660920][ T6148] chnl_net:caif_netlink_parms(): no params data found [ 61.739549][ T5898] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.784684][ T6182] __nla_validate_parse: 1 callbacks suppressed [ 61.784694][ T6182] netlink: 4 bytes leftover after parsing attributes in process `syz.1.200'. [ 61.793432][ T6148] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.795167][ T6148] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.796883][ T6148] bridge_slave_0: entered allmulticast mode [ 61.798693][ T6148] bridge_slave_0: entered promiscuous mode [ 61.801145][ T6148] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.802800][ T6148] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.804585][ T6148] bridge_slave_1: entered allmulticast mode [ 61.806405][ T6148] bridge_slave_1: entered promiscuous mode [ 61.849398][ T6148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.853509][ T6148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.882181][ T5898] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.904162][ T6148] team0: Port device team_slave_0 added [ 61.908507][ T6148] team0: Port device team_slave_1 added [ 61.929979][ T6148] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.931807][ T6148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.938975][ T6148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.943127][ T6148] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.946342][ T6148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.953608][ T6148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.996898][ T5898] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.112479][ T6148] hsr_slave_0: entered promiscuous mode [ 62.115220][ T6148] hsr_slave_1: entered promiscuous mode [ 62.117634][ T6148] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.120163][ T6148] Cannot create hsr debugfs directory [ 62.122460][ T6190] netlink: 'syz.0.197': attribute type 10 has an invalid length. [ 62.129343][ T6190] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.134240][ T6190] team0: Port device batadv0 added [ 62.206774][ T5898] bridge_slave_1: left allmulticast mode [ 62.208435][ T5898] bridge_slave_1: left promiscuous mode [ 62.209975][ T5898] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.213492][ T5898] bridge_slave_0: left allmulticast mode [ 62.215484][ T5898] bridge_slave_0: left promiscuous mode [ 62.217075][ T5898] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.316900][ T6189] input: syz0 as /devices/virtual/input/input9 [ 62.490547][ T5898] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 62.495496][ T5898] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 62.500070][ T5898] bond0 (unregistering): Released all slaves [ 62.898084][ T5898] hsr_slave_0: left promiscuous mode [ 62.900744][ T5898] hsr_slave_1: left promiscuous mode [ 62.907561][ T5898] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 62.910353][ T5898] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 62.913398][ T5898] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 62.915423][ T5898] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 62.932412][ T5898] veth1_macvtap: left promiscuous mode [ 62.935450][ T5898] veth0_macvtap: left promiscuous mode [ 62.937029][ T5898] veth1_vlan: left promiscuous mode [ 62.938728][ T5898] veth0_vlan: left promiscuous mode [ 62.965738][ T56] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 63.126239][ T56] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 63.139100][ T56] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 63.141561][ T56] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 63.144862][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.147521][ T56] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 63.149842][ T56] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 63.152773][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.158411][ T56] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 63.160842][ T56] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 63.164849][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.196159][ T56] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 63.198555][ T56] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 63.201647][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.215553][ T56] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 63.218064][ T56] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 63.230909][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.243678][ T56] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 63.246002][ T56] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 63.248744][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.261461][ T56] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 63.265659][ T56] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 63.269527][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.277871][ T56] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 63.281335][ T56] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 63.287929][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 63.292512][ T56] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 63.297104][ T56] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 63.300044][ T56] usb 5-1: Product: syz [ 63.301730][ T56] usb 5-1: Manufacturer: syz [ 63.304138][ T56] usb 5-1: SerialNumber: syz [ 63.312998][ T56] usb 5-1: config 0 descriptor?? [ 63.315503][ T6214] net_ratelimit: 11 callbacks suppressed [ 63.315512][ T6214] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: ba:00:00:40:00:00 [ 63.329139][ T56] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 63.515470][ T5361] Bluetooth: hci1: command tx timeout [ 63.635926][ C2] usb 5-1: yurex_control_callback - control failed: -71 [ 63.640206][ T56] usb 5-1: USB disconnect, device number 4 [ 63.652267][ T56] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 63.750700][ T5898] team0 (unregistering): Port device team_slave_1 removed [ 63.815854][ T5898] team0 (unregistering): Port device team_slave_0 removed [ 64.525367][ T6228] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 64.532795][ T6228] input: syz0 as /devices/virtual/input/input10 [ 64.578326][ T6148] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.584465][ T6148] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.602297][ T6148] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.605641][ T6148] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.661129][ T6236] FAULT_INJECTION: forcing a failure. [ 64.661129][ T6236] name failslab, interval 1, probability 0, space 0, times 0 [ 64.665909][ T6236] CPU: 3 UID: 0 PID: 6236 Comm: syz.2.209 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 64.669390][ T6236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.672975][ T6236] Call Trace: [ 64.674125][ T6236] [ 64.675132][ T6236] dump_stack_lvl+0x16c/0x1f0 [ 64.676729][ T6236] should_fail_ex+0x497/0x5b0 [ 64.678323][ T6236] ? fs_reclaim_acquire+0xae/0x150 [ 64.680004][ T6236] should_failslab+0xc2/0x120 [ 64.680392][ T6148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.681604][ T6236] __kmalloc_cache_noprof+0x6b/0x310 [ 64.685808][ T6236] ? snd_pcm_oss_change_params_locked+0x20c/0x3a50 [ 64.688009][ T6236] ? kasan_save_track+0x14/0x30 [ 64.689666][ T6236] snd_pcm_oss_change_params_locked+0x20c/0x3a50 [ 64.691912][ T6236] ? snd_pcm_oss_get_active_substream+0x117/0x1d0 [ 64.693169][ T6148] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.694069][ T6236] ? rcu_is_watching+0x12/0xc0 [ 64.694088][ T6236] ? trace_contention_end+0xea/0x140 [ 64.694111][ T6236] ? __mutex_lock+0x1a6/0x9c0 [ 64.694134][ T6236] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 64.703087][ T6236] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 64.704148][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.705107][ T6236] ? __mutex_lock+0x1a6/0x9c0 [ 64.707659][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.709332][ T6236] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 64.712285][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.713238][ T6236] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 64.715112][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.717265][ T6236] snd_pcm_oss_ioctl+0x3194/0x3780 [ 64.720933][ T6236] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 64.722776][ T6236] ? __fget_files+0x244/0x3f0 [ 64.724403][ T6236] ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10 [ 64.726460][ T6236] __do_compat_sys_ioctl+0x259/0x2b0 [ 64.728288][ T6236] __do_fast_syscall_32+0x73/0x120 [ 64.730048][ T6236] do_fast_syscall_32+0x32/0x80 [ 64.731729][ T6236] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 64.733994][ T6236] RIP: 0023:0xf744e579 [ 64.735446][ T6236] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 64.741964][ T6236] RSP: 002b:00000000f571556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 64.744808][ T6236] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0045005 [ 64.747373][ T6236] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 64.750024][ T6236] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 64.752689][ T6236] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 64.755355][ T6236] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 64.758033][ T6236] [ 64.859741][ T6148] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.878796][ T6148] veth0_vlan: entered promiscuous mode [ 64.885375][ T6148] veth1_vlan: entered promiscuous mode [ 64.900756][ T6148] veth0_macvtap: entered promiscuous mode [ 64.906685][ T6148] veth1_macvtap: entered promiscuous mode [ 64.916178][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.919673][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.923028][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.931584][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.934661][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.937422][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.941018][ T6148] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.957042][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.959789][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.962499][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.967155][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.969719][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.972402][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.976951][ T6148] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.989999][ T6148] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.992485][ T6148] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.994869][ T6148] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.997237][ T6148] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.061201][ T5898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.064951][ T5898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.083720][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.085865][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.479552][ T6275] binder: BINDER_SET_CONTEXT_MGR already set [ 65.482487][ T6275] binder: 6274:6275 ioctl 4018620d 200001c0 returned -16 [ 65.593490][ T5361] Bluetooth: hci1: command 0x041b tx timeout [ 65.646251][ T6280] bridge2: entered promiscuous mode [ 65.681301][ T6287] netlink: 4 bytes leftover after parsing attributes in process `syz.0.218'. [ 65.704994][ T6289] bio_check_eod: 2 callbacks suppressed [ 65.705005][ T6289] syz.2.215: attempt to access beyond end of device [ 65.705005][ T6289] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 65.710245][ T6289] XFS (nbd2): SB validate failed with error -5. [ 65.716973][ T6297] netlink: 8 bytes leftover after parsing attributes in process `syz.0.220'. [ 65.724341][ T6297] netlink: 8 bytes leftover after parsing attributes in process `syz.0.220'. [ 65.808894][ T6299] input: syz0 as /devices/virtual/input/input11 [ 65.978306][ T6312] vlan2: entered allmulticast mode [ 65.979733][ T6312] vlan1: entered allmulticast mode [ 65.981105][ T6312] veth0_vlan: entered allmulticast mode [ 65.986489][ T6312] vlan1: left allmulticast mode [ 65.987795][ T6312] veth0_vlan: left allmulticast mode [ 66.157366][ T5407] libceph: connect (1)[c::]:6789 error -101 [ 66.159202][ T5407] libceph: mon0 (1)[c::]:6789 connect error [ 66.275754][ T6324] netlink: 'syz.0.222': attribute type 10 has an invalid length. [ 66.415461][ T5407] libceph: connect (1)[c::]:6789 error -101 [ 66.420874][ T5407] libceph: mon0 (1)[c::]:6789 connect error [ 66.815860][ T6329] input: syz0 as /devices/virtual/input/input12 [ 66.941465][ T6317] ceph: No mds server is up or the cluster is laggy [ 66.952782][ T6332] netlink: 144 bytes leftover after parsing attributes in process `syz.0.229'. [ 66.957415][ T6332] netlink: 144 bytes leftover after parsing attributes in process `syz.0.229'. [ 66.983656][ T5407] libceph: connect (1)[c::]:6789 error -101 [ 66.993447][ T5407] libceph: mon0 (1)[c::]:6789 connect error [ 67.087896][ T6337] netlink: 8 bytes leftover after parsing attributes in process `syz.3.230'. [ 67.133363][ T6339] netlink: 8 bytes leftover after parsing attributes in process `syz.3.232'. [ 67.138466][ T6339] macsec0: entered promiscuous mode [ 67.168361][ T6342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.233'. [ 67.173218][ T30] hid (null): invalid report_size -877985641 [ 67.175013][ T30] hid (null): invalid report_size -1637124597 [ 67.181255][ T30] hid (null): invalid report_count -1370598098 [ 67.182882][ T30] hid (null): unknown global tag 0xd [ 67.191192][ T30] hid-generic D97E:FFFFFFF8:0000.0003: unknown main item tag 0x4 [ 67.193798][ T30] hid-generic D97E:FFFFFFF8:0000.0003: unknown main item tag 0x6 [ 67.195807][ T30] hid-generic D97E:FFFFFFF8:0000.0003: invalid report_size -877985641 [ 67.197953][ T30] hid-generic D97E:FFFFFFF8:0000.0003: item 0 4 1 7 parsing failed [ 67.200188][ T30] hid-generic D97E:FFFFFFF8:0000.0003: probe with driver hid-generic failed with error -22 [ 67.683364][ T5354] Bluetooth: hci1: command 0x041b tx timeout [ 68.035598][ T6365] ipvlan1: entered promiscuous mode [ 68.037075][ T6365] ipvlan1: entered allmulticast mode [ 68.038532][ T6365] veth0_vlan: entered allmulticast mode [ 68.224921][ T6386] libceph: resolve '. [ 68.224921][ T6386] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 68.224921][ T6386] ' (ret=-3): failed [ 68.301740][ T6394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.245'. [ 68.424473][ T6398] 9pnet_fd: Insufficient options for proto=fd [ 69.285688][ T6426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.293153][ T6426] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.370205][ T6431] EXT4-fs (nullb0): VFS: Can't find ext4 filesystem [ 69.581865][ T6439] netlink: 'syz.3.258': attribute type 1 has an invalid length. [ 69.736300][ T6457] FAULT_INJECTION: forcing a failure. [ 69.736300][ T6457] name failslab, interval 1, probability 0, space 0, times 0 [ 69.745594][ T6457] CPU: 0 UID: 0 PID: 6457 Comm: syz.0.261 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 69.748413][ T6457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.751241][ T6457] Call Trace: [ 69.752137][ T6457] [ 69.752930][ T6457] dump_stack_lvl+0x16c/0x1f0 [ 69.753392][ T5354] Bluetooth: hci1: command 0x041b tx timeout [ 69.754164][ T6457] should_fail_ex+0x497/0x5b0 [ 69.757515][ T6457] ? fs_reclaim_acquire+0xae/0x150 [ 69.758854][ T6457] should_failslab+0xc2/0x120 [ 69.760120][ T6457] __kmalloc_cache_noprof+0x6b/0x310 [ 69.761600][ T6457] ? snd_pcm_oss_change_params_locked+0x242/0x3a50 [ 69.763285][ T6457] ? kasan_save_track+0x14/0x30 [ 69.764747][ T6457] snd_pcm_oss_change_params_locked+0x242/0x3a50 [ 69.766416][ T6457] ? snd_pcm_oss_get_active_substream+0x117/0x1d0 [ 69.768142][ T6457] ? rcu_is_watching+0x12/0xc0 [ 69.769394][ T6457] ? trace_contention_end+0xea/0x140 [ 69.770771][ T6457] ? __mutex_lock+0x1a6/0x9c0 [ 69.772060][ T6457] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 69.773888][ T6457] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 69.775657][ T6457] ? __mutex_lock+0x1a6/0x9c0 [ 69.776910][ T6457] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 69.778494][ T6457] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 69.780152][ T6457] snd_pcm_oss_ioctl+0x3194/0x3780 [ 69.781543][ T6457] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 69.782968][ T6457] ? __fget_files+0x244/0x3f0 [ 69.784228][ T6457] ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10 [ 69.785807][ T6457] __do_compat_sys_ioctl+0x259/0x2b0 [ 69.785859][ T6461] bridge_slave_0: left allmulticast mode [ 69.787185][ T6457] __do_fast_syscall_32+0x73/0x120 [ 69.788682][ T6461] bridge_slave_0: left promiscuous mode [ 69.790016][ T6457] do_fast_syscall_32+0x32/0x80 [ 69.790033][ T6457] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 69.790048][ T6457] RIP: 0023:0xf7fa4579 [ 69.791643][ T6461] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.792776][ T6457] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 69.792788][ T6457] RSP: 002b:00000000f570556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 69.792799][ T6457] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0045005 [ 69.806508][ T6457] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.808551][ T6457] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 69.810573][ T6457] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 69.812647][ T6457] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 69.814682][ T6457] [ 69.820180][ T6461] bridge_slave_1: left allmulticast mode [ 69.821712][ T6461] bridge_slave_1: left promiscuous mode [ 69.823309][ T6461] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.830216][ T6461] bond0: (slave bond_slave_0): Releasing backup interface [ 69.837464][ T6461] bond0: (slave bond_slave_1): Releasing backup interface [ 69.851374][ T6469] random: crng reseeded on system resumption [ 69.851653][ T6461] team0: Port device team_slave_0 removed [ 69.857367][ T6461] team0: Port device team_slave_1 removed [ 69.859245][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.861261][ T6461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.864460][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.868177][ T6461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.901258][ T6461] bond0: entered promiscuous mode [ 69.902801][ T6461] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 69.908149][ T6461] bond0: left promiscuous mode [ 70.283526][ T6480] usb 2-1: USB disconnect, device number 2 [ 70.513436][ T6483] bridge0: entered promiscuous mode [ 70.537063][ T6485] netlink: 4 bytes leftover after parsing attributes in process `syz.0.270'. [ 70.637875][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.639686][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.714828][ T6481] hub 2-0:1.0: USB hub found [ 70.722527][ T6481] hub 2-0:1.0: 6 ports detected [ 70.825911][ T6494] netlink: 144 bytes leftover after parsing attributes in process `syz.0.272'. [ 70.834261][ T6494] netlink: 144 bytes leftover after parsing attributes in process `syz.0.272'. [ 70.895262][ T6498] netlink: 8 bytes leftover after parsing attributes in process `syz.3.274'. [ 70.913385][ T5407] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 71.003002][ T6503] netlink: 'syz.3.276': attribute type 1 has an invalid length. [ 71.005534][ T6504] netlink: 'syz.3.276': attribute type 1 has an invalid length. [ 71.146660][ T5407] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 71.149090][ T5407] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 71.151301][ T5407] usb 2-1: Product: QEMU USB Tablet [ 71.152888][ T5407] usb 2-1: Manufacturer: QEMU [ 71.156473][ T5407] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 71.158841][ T6508] fuse: Unknown parameter '' [ 71.178567][ T5407] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0004/input/input13 [ 71.324955][ T5407] hid-generic 0003:0627:0001.0004: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 71.843358][ T5354] Bluetooth: hci1: command 0x041b tx timeout [ 71.968409][ T6522] __nla_validate_parse: 5 callbacks suppressed [ 71.968420][ T6522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'. [ 73.163062][ T6542] input: syz0 as /devices/virtual/input/input14 [ 73.169261][ T6541] x_tables: duplicate underflow at hook 2 [ 73.207079][ T6541] No control pipe specified [ 73.307434][ T6547] overlay: ./file1 is not a directory [ 73.696421][ T6527] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 73.788562][ T6559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.291'. [ 73.913449][ T5354] Bluetooth: hci1: command 0x041b tx timeout [ 74.411337][ T6568] netlink: 4 bytes leftover after parsing attributes in process `syz.0.296'. [ 74.603454][ T6573] netfs: Couldn't get user pages (rc=-14) [ 74.752427][ T6581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.300'. [ 74.814376][ T6582] mmap: syz.0.299 (6582) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 74.993316][ T6610] nvme_fabrics: missing parameter 'transport=%s' [ 74.995655][ T6610] nvme_fabrics: missing parameter 'nqn=%s' [ 75.100843][ T6615] input: syz0 as /devices/virtual/input/input15 [ 75.178750][ T6619] netlink: 48 bytes leftover after parsing attributes in process `syz.1.314'. [ 75.298099][ T39] kauditd_printk_skb: 31 callbacks suppressed [ 75.298110][ T39] audit: type=1326 audit(1729478635.133:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6618 comm="syz.1.314" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x0 [ 75.755750][ T62] cfg80211: failed to load regulatory.db [ 75.824893][ T6627] batman_adv: batadv0: Adding interface: dummy0 [ 75.831901][ T6627] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.842036][ T6627] batman_adv: batadv0: Interface activated: dummy0 [ 75.853957][ T6627] batadv0: mtu less than device minimum [ 75.856341][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.859865][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.863347][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.866774][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.870214][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.873686][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.877124][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.880564][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.884078][ T6627] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 76.023772][ T6636] binder: 6635:6636 ioctl c0405627 20000040 returned -22 [ 76.096761][ T6646] bridge3: entered promiscuous mode [ 76.117123][ T6648] FAULT_INJECTION: forcing a failure. [ 76.117123][ T6648] name failslab, interval 1, probability 0, space 0, times 0 [ 76.120432][ T6648] CPU: 1 UID: 0 PID: 6648 Comm: syz.1.320 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 76.123177][ T6648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.125997][ T6648] Call Trace: [ 76.126885][ T6648] [ 76.127676][ T6648] dump_stack_lvl+0x16c/0x1f0 [ 76.128936][ T6648] should_fail_ex+0x497/0x5b0 [ 76.130181][ T6648] ? fs_reclaim_acquire+0xae/0x150 [ 76.131519][ T6648] should_failslab+0xc2/0x120 [ 76.132766][ T6648] __kmalloc_noprof+0xcb/0x410 [ 76.134008][ T6648] constrain_params_by_rules+0x176/0xca0 [ 76.135355][ T6648] ? stack_trace_save+0x95/0xd0 [ 76.136570][ T6648] ? stack_depot_save_flags+0x28/0x900 [ 76.137960][ T6648] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 76.139452][ T6648] ? __kasan_kmalloc+0xaa/0xb0 [ 76.140728][ T6648] ? snd_pcm_oss_change_params_locked+0x242/0x3a50 [ 76.142388][ T6648] ? snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 76.143991][ T6648] ? snd_pcm_oss_ioctl+0x3194/0x3780 [ 76.145380][ T6648] ? rcu_is_watching+0x12/0xc0 [ 76.146633][ T6648] ? snd_interval_refine+0x2fa/0x580 [ 76.148026][ T6648] snd_pcm_hw_refine+0x7ef/0xad0 [ 76.149330][ T6648] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 76.150768][ T6648] ? _snd_pcm_hw_param_min+0x259/0x630 [ 76.152255][ T6648] snd_pcm_oss_change_params_locked+0x651/0x3a50 [ 76.153908][ T6648] ? __mutex_lock+0x1a6/0x9c0 [ 76.155097][ T6648] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 76.156863][ T6648] ? snd_pcm_oss_get_active_substream+0x146/0x1d0 [ 76.158552][ T6648] ? __mutex_lock+0x1a6/0x9c0 [ 76.159930][ T6648] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 76.161596][ T6648] snd_pcm_oss_ioctl+0x3194/0x3780 [ 76.162945][ T6648] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 76.164378][ T6648] ? __fget_files+0x244/0x3f0 [ 76.165626][ T6648] ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10 [ 76.167140][ T6648] __do_compat_sys_ioctl+0x259/0x2b0 [ 76.168491][ T6648] __do_fast_syscall_32+0x73/0x120 [ 76.169713][ T6648] do_fast_syscall_32+0x32/0x80 [ 76.170912][ T6648] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 76.172560][ T6648] RIP: 0023:0xf7f36579 [ 76.173622][ T6648] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 76.178775][ T6648] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 76.180940][ T6648] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0045005 [ 76.183061][ T6648] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.185075][ T6648] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 76.187140][ T6648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 76.189321][ T6648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.191530][ T6648] [ 76.233202][ T6651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.324'. [ 76.237013][ T6651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.324'. [ 76.347459][ T6656] netlink: 'syz.0.326': attribute type 4 has an invalid length. [ 76.397187][ T6656] netlink: 'syz.0.326': attribute type 4 has an invalid length. [ 76.972580][ T6669] netlink: 144 bytes leftover after parsing attributes in process `syz.1.329'. [ 76.975372][ T6669] netlink: 144 bytes leftover after parsing attributes in process `syz.1.329'. [ 77.097551][ T6670] netlink: 64 bytes leftover after parsing attributes in process `syz.3.328'. [ 77.411256][ T6657] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 77.696213][ T6670] syz.3.328 (6670) used greatest stack depth: 20768 bytes left [ 77.724756][ T6681] binder: BINDER_SET_CONTEXT_MGR already set [ 77.727541][ T6681] binder: 6680:6681 ioctl 4018620d 200001c0 returned -16 [ 78.012378][ T39] audit: type=1326 audit(1729478637.843:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.017985][ T39] audit: type=1326 audit(1729478637.843:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.025337][ T39] audit: type=1326 audit(1729478637.843:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.031143][ T39] audit: type=1326 audit(1729478637.843:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.037497][ T39] audit: type=1326 audit(1729478637.843:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.044089][ T39] audit: type=1326 audit(1729478637.843:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.051313][ T39] audit: type=1326 audit(1729478637.843:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.062451][ T39] audit: type=1326 audit(1729478637.843:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.069893][ T39] audit: type=1326 audit(1729478637.843:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6688 comm="syz.3.335" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 78.223518][ T5390] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 78.373385][ T5390] usb 7-1: Using ep0 maxpacket: 8 [ 78.376313][ T5390] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 78.378967][ T5390] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 78.381324][ T5390] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 78.394552][ T5390] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 78.397573][ T5390] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.434627][ T5390] hub 7-1:1.0: bad descriptor, ignoring hub [ 78.436283][ T5390] hub 7-1:1.0: probe with driver hub failed with error -5 [ 78.438944][ T5390] cdc_wdm 7-1:1.0: skipping garbage [ 78.440511][ T5390] cdc_wdm 7-1:1.0: skipping garbage [ 78.442104][ T5390] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 78.447602][ T6708] delete_channel: no stack [ 78.754023][ T5390] usb 7-1: USB disconnect, device number 4 [ 79.024643][ T6717] netlink: 72 bytes leftover after parsing attributes in process `syz.3.340'. [ 79.149260][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.3.342'. [ 79.203373][ T5390] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 79.230223][ T6705] delete_channel: no stack [ 79.374120][ T5390] usb 7-1: Using ep0 maxpacket: 8 [ 79.382455][ T6750] vlan2: entered allmulticast mode [ 79.384418][ T6750] vlan1: entered allmulticast mode [ 79.385824][ T6750] veth0_vlan: entered allmulticast mode [ 79.388220][ T5390] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 79.392029][ T6750] vlan1: left allmulticast mode [ 79.393650][ T6750] veth0_vlan: left allmulticast mode [ 79.399402][ T5390] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 79.409525][ T5390] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.428606][ T5390] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 79.433726][ T5390] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.459030][ T5390] hub 7-1:1.0: bad descriptor, ignoring hub [ 79.489254][ T5390] hub 7-1:1.0: probe with driver hub failed with error -5 [ 79.505186][ T5390] cdc_wdm 7-1:1.0: skipping garbage [ 79.506674][ T5390] cdc_wdm 7-1:1.0: skipping garbage [ 79.510129][ T5390] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 79.763666][ T62] usb 7-1: USB disconnect, device number 5 [ 79.789217][ T6761] 9pnet_fd: Insufficient options for proto=fd [ 79.864212][ T5390] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 80.016270][ T5390] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 80.018948][ T5390] usb 5-1: config 0 has no interfaces? [ 80.020419][ T5390] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 80.022757][ T5390] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.030537][ T5390] usb 5-1: config 0 descriptor?? [ 80.311038][ T5390] usb 5-1: string descriptor 0 read error: -71 [ 80.321669][ T5390] usb 5-1: USB disconnect, device number 5 [ 83.012066][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 83.012077][ T39] audit: type=1326 audit(1729478642.843:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.020411][ T39] audit: type=1326 audit(1729478642.843:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.030723][ T39] audit: type=1326 audit(1729478642.853:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.036474][ T39] audit: type=1326 audit(1729478642.853:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.042153][ T39] audit: type=1326 audit(1729478642.853:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.047658][ T39] audit: type=1326 audit(1729478642.853:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.053512][ T39] audit: type=1326 audit(1729478642.853:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.058925][ T39] audit: type=1326 audit(1729478642.853:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.064441][ T39] audit: type=1326 audit(1729478642.853:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.069839][ T39] audit: type=1326 audit(1729478642.853:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6865 comm="syz.2.378" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x7ffc0000 [ 83.485011][ T6891] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'. [ 83.489649][ T6891] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'. [ 83.641964][ T6899] mkiss: ax0: crc mode is auto. [ 83.757114][ T6903] mkiss: ax0: crc mode is auto. [ 83.761503][ T6899] overlayfs: missing 'lowerdir' [ 84.261649][ T6912] fuse: Bad value for 'rootmode' [ 84.269710][ T6912] netlink: 596 bytes leftover after parsing attributes in process `syz.2.389'. [ 84.752645][ T6924] binder: BINDER_SET_CONTEXT_MGR already set [ 84.754896][ T6924] binder: 6923:6924 ioctl 4018620d 200001c0 returned -16 [ 84.774131][ T5390] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 84.863368][ T5351] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 84.903548][ T5390] usb 7-1: device descriptor read/64, error -71 [ 85.023424][ T5351] usb 6-1: Using ep0 maxpacket: 8 [ 85.027133][ T5351] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 85.029661][ T5351] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 85.032701][ T5351] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 85.035407][ T5351] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 85.038724][ T5351] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 85.041285][ T5351] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.153376][ T5390] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 85.256963][ T5351] usb 6-1: usb_control_msg returned -32 [ 85.258862][ T5351] usbtmc 6-1:16.0: can't read capabilities [ 85.293336][ T5390] usb 7-1: device descriptor read/64, error -71 [ 85.342311][ T6932] netlink: 188 bytes leftover after parsing attributes in process `syz.3.396'. [ 85.346732][ T6932] netlink: 'syz.3.396': attribute type 1 has an invalid length. [ 85.349288][ T6932] netlink: 20 bytes leftover after parsing attributes in process `syz.3.396'. [ 85.405508][ T5390] usb usb7-port1: attempt power cycle [ 85.693348][ T5407] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 85.753757][ T5390] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 85.774801][ T5390] usb 7-1: device descriptor read/8, error -71 [ 85.835375][ T5407] usb 8-1: device descriptor read/64, error -71 [ 86.013465][ T5390] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 86.034018][ T5390] usb 7-1: device descriptor read/8, error -71 [ 86.083511][ T5407] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 86.144133][ T5390] usb usb7-port1: unable to enumerate USB device [ 86.213383][ T5407] usb 8-1: device descriptor read/64, error -71 [ 86.323524][ T5407] usb usb8-port1: attempt power cycle [ 86.663350][ T5407] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 86.684092][ T5407] usb 8-1: device descriptor read/8, error -71 [ 86.923397][ T5407] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 86.944041][ T5407] usb 8-1: device descriptor read/8, error -71 [ 87.053492][ T5407] usb usb8-port1: unable to enumerate USB device [ 87.381749][ T6963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.407'. [ 87.506370][ T6967] netlink: 4 bytes leftover after parsing attributes in process `syz.0.405'. [ 87.625711][ T5407] usb 6-1: USB disconnect, device number 2 [ 88.408018][ T6983] usb 2-1: USB disconnect, device number 3 [ 88.468826][ T6985] hub 2-0:1.0: USB hub found [ 88.470317][ T6985] hub 2-0:1.0: 6 ports detected [ 88.496438][ T6987] netlink: 'syz.2.412': attribute type 10 has an invalid length. [ 88.502086][ T6987] net_ratelimit: 10 callbacks suppressed [ 88.502096][ T6987] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 88.504227][ T6989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.413'. [ 88.508364][ T6987] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 88.513385][ T6989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.413'. [ 88.516239][ T6987] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.518071][ T6987] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 88.525473][ T6987] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 88.600870][ T6991] sp0: Synchronizing with TNC [ 88.608031][ T6993] netlink: 4 bytes leftover after parsing attributes in process `syz.3.415'. [ 88.635043][ T5351] usb 2-1: new high-speed USB device number 4 using ehci-pci [ 88.818621][ T5351] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 88.823557][ T5351] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 88.830035][ T5351] usb 2-1: Product: QEMU USB Tablet [ 88.831570][ T5351] usb 2-1: Manufacturer: QEMU [ 88.832927][ T5351] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 88.858252][ T5351] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0005/input/input17 [ 88.928659][ T5351] hid-generic 0003:0627:0001.0005: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 89.486279][ T7028] FAULT_INJECTION: forcing a failure. [ 89.486279][ T7028] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.489899][ T7028] CPU: 0 UID: 0 PID: 7028 Comm: syz.2.425 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 89.492630][ T7028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.495403][ T7028] Call Trace: [ 89.496285][ T7028] [ 89.497065][ T7028] dump_stack_lvl+0x16c/0x1f0 [ 89.498304][ T7028] should_fail_ex+0x497/0x5b0 [ 89.499556][ T7028] _copy_to_user+0x30/0xc0 [ 89.500734][ T7028] simple_read_from_buffer+0xd0/0x160 [ 89.502134][ T7028] proc_fail_nth_read+0x198/0x270 [ 89.503455][ T7028] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 89.504909][ T7028] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 89.506340][ T7028] vfs_read+0x1ce/0xbd0 [ 89.507432][ T7028] ? __fget_files+0x23a/0x3f0 [ 89.508670][ T7028] ? fdget_pos+0x24c/0x360 [ 89.509847][ T7028] ? __pfx_lock_release+0x10/0x10 [ 89.511165][ T7028] ? trace_lock_acquire+0x14a/0x1d0 [ 89.512562][ T7028] ? __pfx_vfs_read+0x10/0x10 [ 89.513793][ T7028] ? __pfx___mutex_lock+0x10/0x10 [ 89.515122][ T7028] ? __fget_files+0x244/0x3f0 [ 89.516372][ T7028] ksys_read+0x12f/0x260 [ 89.517490][ T7028] ? __pfx_ksys_read+0x10/0x10 [ 89.518747][ T7028] __do_fast_syscall_32+0x73/0x120 [ 89.520111][ T7028] do_fast_syscall_32+0x32/0x80 [ 89.521387][ T7028] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 89.523046][ T7028] RIP: 0023:0xf744e579 [ 89.524121][ T7028] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 89.529056][ T7028] RSP: 002b:00000000f57365a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 89.531219][ T7028] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5736620 [ 89.533278][ T7028] RDX: 000000000000000f RSI: 00000000f743bff4 RDI: 0000000000000000 [ 89.535333][ T7028] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 89.537372][ T7028] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 89.539334][ T7028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 89.541407][ T7028] [ 89.640209][ T7032] vlan2: entered allmulticast mode [ 89.641624][ T7032] vlan1: entered allmulticast mode [ 89.644379][ T7032] vlan1: left allmulticast mode [ 89.690993][ T7034] netlink: 4 bytes leftover after parsing attributes in process `syz.3.428'. [ 89.693454][ T7034] netlink: 56 bytes leftover after parsing attributes in process `syz.3.428'. [ 89.822704][ T7041] FAULT_INJECTION: forcing a failure. [ 89.822704][ T7041] name failslab, interval 1, probability 0, space 0, times 0 [ 89.837631][ T7041] CPU: 0 UID: 0 PID: 7041 Comm: syz.2.431 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 89.840405][ T7041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.843163][ T7041] Call Trace: [ 89.844063][ T7041] [ 89.844836][ T7041] dump_stack_lvl+0x16c/0x1f0 [ 89.846070][ T7041] should_fail_ex+0x497/0x5b0 [ 89.847302][ T7041] ? fs_reclaim_acquire+0xae/0x150 [ 89.848659][ T7041] should_failslab+0xc2/0x120 [ 89.849890][ T7041] __kmalloc_cache_noprof+0x6b/0x310 [ 89.851265][ T7041] ? __pfx___folio_start_writeback+0x10/0x10 [ 89.852834][ T7041] ? netfs_buffer_make_space+0x432/0x6b0 [ 89.854270][ T7041] netfs_buffer_make_space+0x432/0x6b0 [ 89.855922][ T7041] netfs_buffer_append_folio+0x9d/0x360 [ 89.857391][ T7041] netfs_write_folio+0x540/0x1930 [ 89.858724][ T7041] netfs_writepages+0x29a/0x9d0 [ 89.860018][ T7041] ? __pfx_netfs_writepages+0x10/0x10 [ 89.861418][ T7041] ? __pfx___lock_acquire+0x10/0x10 [ 89.862789][ T7041] ? __pfx_netfs_writepages+0x10/0x10 [ 89.864195][ T7041] do_writepages+0x1a3/0x7f0 [ 89.865400][ T7041] ? __pfx_do_writepages+0x10/0x10 [ 89.866728][ T7041] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 89.868193][ T7041] ? do_raw_spin_lock+0x12d/0x2c0 [ 89.869520][ T7041] ? do_raw_spin_unlock+0x172/0x230 [ 89.870880][ T7041] ? _raw_spin_unlock+0x28/0x50 [ 89.872165][ T7041] ? wbc_attach_and_unlock_inode+0x597/0x940 [ 89.873735][ T7041] filemap_fdatawrite_wbc+0x148/0x1c0 [ 89.875137][ T7041] __filemap_fdatawrite_range+0xb3/0xf0 [ 89.876664][ T7041] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 89.878306][ T7041] ? __pfx_inode_needs_update_time+0x10/0x10 [ 89.879892][ T7041] ? __pfx_generic_write_checks+0x10/0x10 [ 89.881375][ T7041] filemap_write_and_wait_range+0xa3/0x130 [ 89.882908][ T7041] netfs_unbuffered_write_iter+0x272/0x6d0 [ 89.884438][ T7041] v9fs_file_write_iter+0xbf/0x100 [ 89.885778][ T7041] vfs_write+0x6b5/0x1140 [ 89.886908][ T7041] ? __pfx_v9fs_file_write_iter+0x10/0x10 [ 89.888396][ T7041] ? trace_lock_acquire+0x14a/0x1d0 [ 89.889758][ T7041] ? __pfx_vfs_write+0x10/0x10 [ 89.891004][ T7041] ? __pfx___mutex_lock+0x10/0x10 [ 89.892346][ T7041] ksys_write+0x12f/0x260 [ 89.893498][ T7041] ? __pfx_ksys_write+0x10/0x10 [ 89.894783][ T7041] __do_fast_syscall_32+0x73/0x120 [ 89.896143][ T7041] do_fast_syscall_32+0x32/0x80 [ 89.897424][ T7041] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 89.899049][ T7041] RIP: 0023:0xf744e579 [ 89.900148][ T7041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 89.905141][ T7041] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 89.907200][ T7041] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0 [ 89.909259][ T7041] RDX: 0000000000000028 RSI: 0000000000000000 RDI: 0000000000000000 [ 89.911319][ T7041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 89.913347][ T7041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 89.915363][ T7041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 89.917432][ T7041] [ 89.934033][ T5895] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 89.937464][ T5895] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 89.940336][ T5895] CPU: 3 UID: 0 PID: 5895 Comm: kworker/u32:36 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0 [ 89.944609][ T5895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.947780][ T5895] Workqueue: events_unbound netfs_write_collection_worker [ 89.949604][ T5895] RIP: 0010:netfs_write_collection_worker+0x1c97/0x4780 [ 89.951380][ T5895] Code: 4c 39 fb 0f 83 25 04 00 00 e8 45 4b 55 ff 44 8b 2c 24 41 83 fd 1e 0f 87 77 23 00 00 4a 8d 44 ed 08 48 89 44 24 30 48 c1 e8 03 <42> 80 3c 30 00 0f 85 4f 23 00 00 4a 8b 5c ed 08 48 89 df e8 d1 da [ 89.956594][ T5895] RSP: 0018:ffffc90004d7faf0 EFLAGS: 00010202 [ 89.958139][ T5895] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff82376a65 [ 89.960181][ T5895] RDX: ffff888024edc880 RSI: ffffffff82376d0b RDI: 0000000000000005 [ 89.962410][ T5895] RBP: 0000000000000000 R08: ffff888062acf380 R09: 000000000000001e [ 89.965188][ T5895] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000002c [ 89.967444][ T5895] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888062acf37a [ 89.969513][ T5895] FS: 0000000000000000(0000) GS:ffff88802b700000(0000) knlGS:0000000000000000 [ 89.971947][ T5895] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.973813][ T5895] CR2: 00000000f5705da4 CR3: 000000006764e000 CR4: 0000000000352ef0 [ 89.975864][ T5895] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.977894][ T5895] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.979828][ T5895] Call Trace: [ 89.980657][ T5895] [ 89.981427][ T5895] ? die_addr+0x3b/0xa0 [ 89.982509][ T5895] ? exc_general_protection+0x155/0x230 [ 89.984424][ T5895] ? asm_exc_general_protection+0x26/0x30 [ 89.986100][ T5895] ? netfs_write_collection_worker+0x19d5/0x4780 [ 89.987730][ T5895] ? netfs_write_collection_worker+0x1c7b/0x4780 [ 89.989334][ T5895] ? netfs_write_collection_worker+0x1c97/0x4780 [ 89.990923][ T5895] ? __pfx_netfs_write_collection_worker+0x10/0x10 [ 89.992565][ T5895] ? rcu_is_watching+0x12/0xc0 [ 89.993919][ T5895] ? trace_lock_acquire+0x14a/0x1d0 [ 89.995266][ T5895] ? process_one_work+0x8bb/0x1b30 [ 89.996606][ T5895] ? lock_acquire+0x2f/0xb0 [ 89.997789][ T5895] ? process_one_work+0x8bb/0x1b30 [ 89.999114][ T5895] process_one_work+0x958/0x1b30 [ 90.000418][ T5895] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 90.001869][ T5895] ? __pfx_process_one_work+0x10/0x10 [ 90.003346][ T5895] ? assign_work+0x1a0/0x250 [ 90.004576][ T5895] worker_thread+0x6c8/0xf00 [ 90.005781][ T5895] ? __pfx_worker_thread+0x10/0x10 [ 90.007121][ T5895] kthread+0x2c1/0x3a0 [ 90.008190][ T5895] ? _raw_spin_unlock_irq+0x23/0x50 [ 90.009540][ T5895] ? __pfx_kthread+0x10/0x10 [ 90.010739][ T5895] ret_from_fork+0x45/0x80 [ 90.011904][ T5895] ? __pfx_kthread+0x10/0x10 [ 90.013201][ T5895] ret_from_fork_asm+0x1a/0x30 [ 90.014439][ T5895] [ 90.015244][ T5895] Modules linked in: [ 90.016475][ T5895] ---[ end trace 0000000000000000 ]--- [ 90.017979][ T5895] RIP: 0010:netfs_write_collection_worker+0x1c97/0x4780 [ 90.019874][ T5895] Code: 4c 39 fb 0f 83 25 04 00 00 e8 45 4b 55 ff 44 8b 2c 24 41 83 fd 1e 0f 87 77 23 00 00 4a 8d 44 ed 08 48 89 44 24 30 48 c1 e8 03 <42> 80 3c 30 00 0f 85 4f 23 00 00 4a 8b 5c ed 08 48 89 df e8 d1 da [ 90.024997][ T5895] RSP: 0018:ffffc90004d7faf0 EFLAGS: 00010202 [ 90.026603][ T5895] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff82376a65 [ 90.028689][ T5895] RDX: ffff888024edc880 RSI: ffffffff82376d0b RDI: 0000000000000005 [ 90.030750][ T5895] RBP: 0000000000000000 R08: ffff888062acf380 R09: 000000000000001e [ 90.032858][ T5895] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000002c [ 90.035019][ T5895] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888062acf37a [ 90.037138][ T5895] FS: 0000000000000000(0000) GS:ffff88802b500000(0000) knlGS:0000000000000000 [ 90.039495][ T5895] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.041241][ T5895] CR2: 00007fccbac87e20 CR3: 000000001e89c000 CR4: 0000000000352ef0 [ 90.044175][ T5895] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.046830][ T5895] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.049524][ T5895] Kernel panic - not syncing: Fatal exception [ 90.052141][ T5895] Kernel Offset: disabled [ 90.053590][ T5895] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:44:09 Registers: info registers vcpu 0 CPU#0 RAX=00000000003673c4 RBX=0000000000000000 RCX=ffffffff8b139ef9 RDX=ffffed1005687026 RSI=ffffffff8bb12d20 RDI=ffffffff8164177c RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20 R8 =0000000000000000 R9 =ffffed1005687025 R10=ffff88802b43812b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff901ce5c8 R15=0000000000000000 RIP=ffffffff8b13b2df RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020533fa0 CR3=000000005b6ee000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff90b1ac7e RDX=1ffff920007c7dee RSI=0000000000000001 RDI=0000000000000001 RBP=ffffc90003e3ef80 RSP=ffffc90003e3eec8 R8 =ffffc90003e3ef6c R9 =ffffffff90b1ac82 R10=ffffc90003e3ef38 R11=00000000000078a5 R12=ffffc90003e3ef88 R13=ffffc90003e3ef38 R14=ffffc90003e3f068 R15=ffffc90003e3f060 RIP=ffffffff813d0aaa RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020bbdffc CR3=000000004c2ae000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000016317c RBX=0000000000000002 RCX=ffffffff8b139ef9 RDX=ffffed10056c7026 RSI=ffffffff8bb12d20 RDI=ffffffff8164177c RBP=ffffed10036ec000 RSP=ffffc90000487e08 R8 =0000000000000000 R9 =ffffed10056c7025 R10=ffff88802b63812b R11=0000000000000001 R12=0000000000000002 R13=ffff88801b760000 R14=ffffffff901ce5c8 R15=0000000000000000 RIP=ffffffff8b13b2df RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000003200aff8 CR3=000000006764e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000055 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8503ecc5 RDI=ffffffff9a640260 RBP=ffffffff9a640220 RSP=ffffc90004d7f450 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=000000003a555043 R12=0000000000000000 R13=0000000000000055 R14=ffffffff8503ec60 R15=0000000000000000 RIP=ffffffff8503ecef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5705da4 CR3=000000006764e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000